1. Patchew
  2. linux
  3. View series

[PATCH v2] mtd: ubi: eba.c: fix return value overwrite issue in try_write_vid_and_data()

Wang YanQing posted 1 patch 2 years, 5 months ago 
drivers/mtd/ubi/eba.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
[PATCH v2] mtd: ubi: eba.c: fix return value overwrite issue in try_write_vid_and_data()
Posted by Wang YanQing 2 years, 5 months ago 
The commit 2d78aee426d8 ("UBI: simplify LEB write and atomic LEB change code")
adds helper function, try_write_vid_and_data(), to simplify the code, but this
helper function has bug, it will return 0 (success) when ubi_io_write_vid_hdr()
or the ubi_io_write_data() return error number (-EIO, etc), because the return
value of ubi_wl_put_peb() will overwrite the original return value.

This issue will cause unexpected data loss issue, because the caller of this
function and UBIFS willn't know the data is lost.

Fixes: 2d78aee426d8 ("UBI: simplify LEB write and atomic LEB change code")

Signed-off-by: Wang YanQing <udknight@gmail.com>
---
 Changes v1-v2:
 1: add error code in warning message, suggested by Zhihao Cheng
 
 drivers/mtd/ubi/eba.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c
index 09c408c..4e1d807 100644
--- a/drivers/mtd/ubi/eba.c
+++ b/drivers/mtd/ubi/eba.c
@@ -946,7 +946,7 @@ static int try_write_vid_and_data(struct ubi_volume *vol, int lnum,
 				  int offset, int len)
 {
 	struct ubi_device *ubi = vol->ubi;
-	int pnum, opnum, err, vol_id = vol->vol_id;
+	int pnum, opnum, err, err2, vol_id = vol->vol_id;
 
 	pnum = ubi_wl_get_peb(ubi);
 	if (pnum < 0) {
@@ -981,10 +981,19 @@ static int try_write_vid_and_data(struct ubi_volume *vol, int lnum,
 out_put:
 	up_read(&ubi->fm_eba_sem);
 
-	if (err && pnum >= 0)
-		err = ubi_wl_put_peb(ubi, vol_id, lnum, pnum, 1);
-	else if (!err && opnum >= 0)
-		err = ubi_wl_put_peb(ubi, vol_id, lnum, opnum, 0);
+	if (err && pnum >= 0) {
+		err2 = ubi_wl_put_peb(ubi, vol_id, lnum, pnum, 1);
+		if (err2) {
+			ubi_warn(ubi, "failed to return physical eraseblock %d, error %d",
+				 pnum, err2);
+		}
+	} else if (!err && opnum >= 0) {
+		err2 = ubi_wl_put_peb(ubi, vol_id, lnum, opnum, 0);
+		if (err2) {
+			ubi_warn(ubi, "failed to return physical eraseblock %d, error %d",
+				 opnum, err2);
+		}
+	}
 
 	return err;
 }
-- 
1.8.5.6.2.g3d8a54e.dirty
Re: [PATCH v2] mtd: ubi: eba.c: fix return value overwrite issue in try_write_vid_and_data()
Posted by Zhihao Cheng 2 years, 5 months ago 
> The commit 2d78aee426d8 ("UBI: simplify LEB write and atomic LEB change code")
> adds helper function, try_write_vid_and_data(), to simplify the code, but this
> helper function has bug, it will return 0 (success) when ubi_io_write_vid_hdr()
> or the ubi_io_write_data() return error number (-EIO, etc), because the return
> value of ubi_wl_put_peb() will overwrite the original return value.
> 
> This issue will cause unexpected data loss issue, because the caller of this
> function and UBIFS willn't know the data is lost.
> 
> Fixes: 2d78aee426d8 ("UBI: simplify LEB write and atomic LEB change code")
> 
> Signed-off-by: Wang YanQing <udknight@gmail.com>
> ---
>   Changes v1-v2:
>   1: add error code in warning message, suggested by Zhihao Cheng
>   
>   drivers/mtd/ubi/eba.c | 19 ++++++++++++++-----
>   1 file changed, 14 insertions(+), 5 deletions(-)
> 

Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>

> diff --git a/drivers/mtd/ubi/eba.c b/drivers/mtd/ubi/eba.c
> index 09c408c..4e1d807 100644
> --- a/drivers/mtd/ubi/eba.c
> +++ b/drivers/mtd/ubi/eba.c
> @@ -946,7 +946,7 @@ static int try_write_vid_and_data(struct ubi_volume *vol, int lnum,
>   				  int offset, int len)
>   {
>   	struct ubi_device *ubi = vol->ubi;
> -	int pnum, opnum, err, vol_id = vol->vol_id;
> +	int pnum, opnum, err, err2, vol_id = vol->vol_id;
>   
>   	pnum = ubi_wl_get_peb(ubi);
>   	if (pnum < 0) {
> @@ -981,10 +981,19 @@ static int try_write_vid_and_data(struct ubi_volume *vol, int lnum,
>   out_put:
>   	up_read(&ubi->fm_eba_sem);
>   
> -	if (err && pnum >= 0)
> -		err = ubi_wl_put_peb(ubi, vol_id, lnum, pnum, 1);
> -	else if (!err && opnum >= 0)
> -		err = ubi_wl_put_peb(ubi, vol_id, lnum, opnum, 0);
> +	if (err && pnum >= 0) {
> +		err2 = ubi_wl_put_peb(ubi, vol_id, lnum, pnum, 1);
> +		if (err2) {
> +			ubi_warn(ubi, "failed to return physical eraseblock %d, error %d",
> +				 pnum, err2);
> +		}
> +	} else if (!err && opnum >= 0) {
> +		err2 = ubi_wl_put_peb(ubi, vol_id, lnum, opnum, 0);
> +		if (err2) {
> +			ubi_warn(ubi, "failed to return physical eraseblock %d, error %d",
> +				 opnum, err2);
> +		}
> +	}
>   
>   	return err;
>   }
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.