Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 27ab41e2 authored by Kees Cook's avatar Kees Cook Committed by Boris Brezillon
Browse files

mtd: nftl: Remove VLA usage 

On the quest to remove all stack VLAs from the kernel[1] this changes
the check_free_sectors() routine to use a kmalloc()ed buffer instead
of a large VLA stack buffer.

[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com



Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarBoris Brezillon <boris.brezillon@bootlin.com>
parent 7cc9aa66

drivers/mtd/inftlmount.c

+16 −7
Original line number Original line Diff line number Diff line
@@ -334,28 +334,37 @@ static int memcmpb(void *a, int c, int n) 
static int check_free_sectors(struct INFTLrecord *inftl, unsigned int address,

static int check_free_sectors(struct INFTLrecord *inftl, unsigned int address,

	int len, int check_oob)

	int len, int check_oob)

{

{

	u8 buf[SECTORSIZE + inftl->mbd.mtd->oobsize];

	struct mtd_info *mtd = inftl->mbd.mtd;

	struct mtd_info *mtd = inftl->mbd.mtd;

	size_t retlen;

	size_t retlen;

	int i;

	int i, ret;

	u8 *buf;



	buf = kmalloc(SECTORSIZE + mtd->oobsize, GFP_KERNEL);

	if (!buf)

		return -1;





	ret = -1;

	for (i = 0; i < len; i += SECTORSIZE) {

	for (i = 0; i < len; i += SECTORSIZE) {

		if (mtd_read(mtd, address, SECTORSIZE, &retlen, buf))

		if (mtd_read(mtd, address, SECTORSIZE, &retlen, buf))

			return -1;

			goto out;

		if (memcmpb(buf, 0xff, SECTORSIZE) != 0)

		if (memcmpb(buf, 0xff, SECTORSIZE) != 0)

			return -1;

			goto out;





		if (check_oob) {

		if (check_oob) {

			if(inftl_read_oob(mtd, address, mtd->oobsize,

			if(inftl_read_oob(mtd, address, mtd->oobsize,

					  &retlen, &buf[SECTORSIZE]) < 0)

					  &retlen, &buf[SECTORSIZE]) < 0)

				return -1;

				goto out;

			if (memcmpb(buf + SECTORSIZE, 0xff, mtd->oobsize) != 0)

			if (memcmpb(buf + SECTORSIZE, 0xff, mtd->oobsize) != 0)

				return -1;

				goto out;

		}

		}

		address += SECTORSIZE;

		address += SECTORSIZE;

	}

	}





	return 0;

	ret = 0;



out:

	kfree(buf);

	return ret;

}

}





/*

/*

drivers/mtd/nftlmount.c

+16 −7
Original line number Original line Diff line number Diff line
@@ -272,28 +272,37 @@ static int memcmpb(void *a, int c, int n) 
static int check_free_sectors(struct NFTLrecord *nftl, unsigned int address, int len,

static int check_free_sectors(struct NFTLrecord *nftl, unsigned int address, int len,

			      int check_oob)

			      int check_oob)

{

{

	u8 buf[SECTORSIZE + nftl->mbd.mtd->oobsize];

	struct mtd_info *mtd = nftl->mbd.mtd;

	struct mtd_info *mtd = nftl->mbd.mtd;

	size_t retlen;

	size_t retlen;

	int i;

	int i, ret;

	u8 *buf;



	buf = kmalloc(SECTORSIZE + mtd->oobsize, GFP_KERNEL);

	if (!buf)

		return -1;





	ret = -1;

	for (i = 0; i < len; i += SECTORSIZE) {

	for (i = 0; i < len; i += SECTORSIZE) {

		if (mtd_read(mtd, address, SECTORSIZE, &retlen, buf))

		if (mtd_read(mtd, address, SECTORSIZE, &retlen, buf))

			return -1;

			goto out;

		if (memcmpb(buf, 0xff, SECTORSIZE) != 0)

		if (memcmpb(buf, 0xff, SECTORSIZE) != 0)

			return -1;

			goto out;





		if (check_oob) {

		if (check_oob) {

			if(nftl_read_oob(mtd, address, mtd->oobsize,

			if(nftl_read_oob(mtd, address, mtd->oobsize,

					 &retlen, &buf[SECTORSIZE]) < 0)

					 &retlen, &buf[SECTORSIZE]) < 0)

				return -1;

				goto out;

			if (memcmpb(buf + SECTORSIZE, 0xff, mtd->oobsize) != 0)

			if (memcmpb(buf + SECTORSIZE, 0xff, mtd->oobsize) != 0)

				return -1;

				goto out;

		}

		}

		address += SECTORSIZE;

		address += SECTORSIZE;

	}

	}





	return 0;

	ret = 0;



out:

	kfree(buf);

	return ret;

}

}





/* NFTL_format: format a Erase Unit by erasing ALL Erase Zones in the Erase Unit and

/* NFTL_format: format a Erase Unit by erasing ALL Erase Zones in the Erase Unit and