| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210301161212.995927005@linuxfoundation.org>
Date: Mon, 1 Mar 2021 17:06:38 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, yangerkun <yangerkun@...wei.com>,
Miquel Raynal <miquel.raynal@...tlin.com>,
Sasha Levin <sashal@...nel.org>
Subject: [PATCH 5.11 230/775] mtd: phram: use div_u64_rem to stop overwrite len in phram_setup
From: yangerkun <yangerkun@...wei.com>
[ Upstream commit dc2b3e5cbc8087224fcd8698b0dc56131e0bf37d ]
We now support user to set erase page size, and use do_div between len
and erase size to determine the reasonableness for the erase size.
However, do_div is a macro and will overwrite the value of len. Which
results a mtd device with unexcepted size. Fix it by use div_u64_rem.
Fixes: ffad560394de ("mtd: phram: Allow the user to set the erase page size.")
Signed-off-by: yangerkun <yangerkun@...wei.com>
Signed-off-by: Miquel Raynal <miquel.raynal@...tlin.com>
Link: https://lore.kernel.org/linux-mtd/20210125124936.651812-1-yangerkun@huawei.com
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
drivers/mtd/devices/phram.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/devices/phram.c b/drivers/mtd/devices/phram.c
index cfd170946ba48..5b04ae6c30573 100644
--- a/drivers/mtd/devices/phram.c
+++ b/drivers/mtd/devices/phram.c
@@ -222,6 +222,7 @@ static int phram_setup(const char *val)
uint64_t start;
uint64_t len;
uint64_t erasesize = PAGE_SIZE;
+ uint32_t rem;
int i, ret;
if (strnlen(val, sizeof(buf)) >= sizeof(buf))
@@ -263,8 +264,11 @@ static int phram_setup(const char *val)
}
}
+ if (erasesize)
+ div_u64_rem(len, (uint32_t)erasesize, &rem);
+
if (len == 0 || erasesize == 0 || erasesize > len
- || erasesize > UINT_MAX || do_div(len, (uint32_t)erasesize) != 0) {
+ || erasesize > UINT_MAX || rem) {
parse_err("illegal erasesize or len\n");
goto error;
}
--
2.27.0
Powered by blists - more mailing lists