From: Roland Hieber <rhi@pengutronix.de>
To: Barebox Mailing List <barebox@lists.infradead.org>
Cc: Roland Hieber <rhi@pengutronix.de>
Subject: [PATCH] ubi: prevent null pointer reference
Date: Mon, 21 Jan 2019 17:29:26 +0100 [thread overview]
Message-ID: <20190121162926.26051-1-rhi@pengutronix.de> (raw)
After flashing a bogus UBI image, e.g. an image that is larger than the
available flash size, it can happen that barebox hangs itself with a
stacktrace when the board code or the environment does a ubi_attach() on
boot:
ERROR: ubi0 error: init_volumes: not enough PEBs, required 7478, available 4024
<NULL>: destroying fastmap 0: 0x14972004
<NULL>: destroying fastmap 1: 0x14972218
<NULL>: destroying fastmap 2: 0x1497242c
<NULL>: destroying fastmap 3: 0x14970004
<NULL>: destroying fastmap 4: 0x14970218
<NULL>: destroying fastmap 5: 0x0
unable to handle NULL pointer dereference at address 0x00000204
pc : [<1fd1eaf2>] lr : [<1fd15aad>]
sp : 1feefd30 ip : 0000000a fp : 1fd5d1d7
r10: 00001d34 r9 : 00000000 r8 : 1fd5d540
r7 : 14983148 r6 : 00000006 r5 : ffffffe4 r4 : 14983004
r3 : 1fd82bfc r2 : 021f0000 r1 : 0000000a r0 : 00000000
Flags: nzcv IRQs off FIQs off Mode SVC_32
[<1fd1eaf2>] (ubi_fastmap_destroy_checkmap+0x8/0xa) from [<1fd15aad>] (ubi_read_volume_table+0x4d9/0x71c)
[<1fd15aad>] (ubi_read_volume_table+0x4d9/0x71c) from [<1fd1cbf7>] (ubi_attach+0x157/0x1f8)
[<1fd1cbf7>] (ubi_attach+0x157/0x1f8) from [<1fd16ec3>] (ubi_attach_mtd_dev+0x4a3/0x954)
[<1fd16ec3>] (ubi_attach_mtd_dev+0x4a3/0x954) from [<1fd3dca1>] (bosch_common_ubiattach.constprop.11+0x51/0x7c)
[<1fd3dca1>] (bosch_common_ubiattach.constprop.11+0x51/0x7c) from [<1fd3e79f>] (bosch_common_postenv_init+0x3cf/0x444)
[<1fd3e79f>] (bosch_common_postenv_init+0x3cf/0x444) from [<1fd00ba5>] (start_barebox+0x45/0x98)
[<1fd00ba5>] (start_barebox+0x45/0x98) from [<1fd529df>] (barebox_non_pbl_start+0xbb/0xf4)
[<1fd529df>] (barebox_non_pbl_start+0xbb/0xf4) from [<1fd00005>] (__bare_init_start+0x1/0xc)
[<1fd54191>] (unwind_backtrace+0x1/0x64) from [<1fd00e4d>] (panic+0x1d/0x34)
[<1fd00e4d>] (panic+0x1d/0x34) from [<1fd523fd>] (do_exception+0xd/0x10)
[<1fd523fd>] (do_exception+0xd/0x10) from [<1fd5245d>] (do_data_abort+0x21/0x2c)
[<1fd5245d>] (do_data_abort+0x21/0x2c) from [<1fd52074>] (do_abort_6+0x48/0x54)
With this patch, barebox at least boots to a prompt where the faulty
flash can be repaired:
ERROR: ubi0 error: init_volumes: not enough PEBs, required 7478, available 4024
<NULL>: destroying fastmap 0: 0x14972004
<NULL>: destroying fastmap 1: 0x14972218
<NULL>: destroying fastmap 2: 0x1497242c
<NULL>: destroying fastmap 3: 0x14970004
<NULL>: destroying fastmap 4: 0x14970218
<NULL>: destroying fastmap 5: 0x0
<NULL>: destroying fastmap 6: 0x0
<NULL>: destroying fastmap 7: 0x0
<NULL>: destroying fastmap 8: 0x0
<NULL>: destroying fastmap 9: 0x0
[... more 0x0 ...]
<NULL>: destroying fastmap 125: 0x0
<NULL>: destroying fastmap 126: 0x0
<NULL>: destroying fastmap 127: 0x0
<NULL>: destroying fastmap 128: 0x1497042c
ERROR: ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -28
[...]
running /env/bin/init...
barebox@boardname:/
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
drivers/mtd/ubi/vtbl.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/mtd/ubi/vtbl.c b/drivers/mtd/ubi/vtbl.c
index 6959564a13..68302f4a33 100644
--- a/drivers/mtd/ubi/vtbl.c
+++ b/drivers/mtd/ubi/vtbl.c
@@ -850,6 +850,12 @@ int ubi_read_volume_table(struct ubi_device *ubi, struct ubi_attach_info *ai)
out_free:
vfree(ubi->vtbl);
for (i = 0; i < ubi->vtbl_slots + UBI_INT_VOL_COUNT; i++) {
+
+ dev_vdbg(&ubi->dev, "destroying fastmap %d: 0x%x\n", i, ubi->volumes[i]);
+
+ if (!ubi->volumes[i])
+ continue;
+
ubi_fastmap_destroy_checkmap(ubi->volumes[i]);
kfree(ubi->volumes[i]);
ubi->volumes[i] = NULL;
--
2.20.1
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next reply other threads:[~2019-01-21 16:29 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-21 16:29 Roland Hieber [this message]
2019-01-21 16:55 ` Roland Hieber
2019-01-21 16:56 ` [PATCH v2] " Roland Hieber
2019-01-22 7:12 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190121162926.26051-1-rhi@pengutronix.de \
--to=rhi@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox