çå: [PATCH] ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps

From: chengzhihao
Date: Fri Aug 16 2019 - 04:01:33 EST

Next message: Alexandre Belloni: "Re: [v2] rtc: pcf85363/pcf85263: fix error that failed to run hwclock -w"
Previous message: Tony Chuang: "RE: [PATCH] rtw88: pci: Move a mass of jobs in hw IRQ to soft IRQ"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> ubifs_assert(c, p < c->gap_lebs + c->lst.idx_lebs);

I've done 50 problem reproduces on different flash devices and made sure that the assertion was not triggered. See record.txt for details.

-----éäåä-----
åää: chengzhihao
åéæé: 2019å8æ14æ 9:20
æää: 'Richard Weinberger' <richard.weinberger@xxxxxxxxx>
æé: Richard Weinberger <richard@xxxxxx>; Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>; Artem Bityutskiy <dedekind1@xxxxxxxxx>; zhangyi (F) <yi.zhang@xxxxxxxxxx>; linux-mtd@xxxxxxxxxxxxxxxxxxx; LKML <linux-kernel@xxxxxxxxxxxxxxx>
äé: çå: [PATCH] ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps

Sure, I'll do more tests on different machines to check the assertion. I'm trying to understand when this assertion will be triggered. Although I haven't found this assertion be triggered so far in several tests on x86_64(qemu).

-----éäåä-----
åää: Richard Weinberger [mailto:richard.weinberger@xxxxxxxxx]
åéæé: 2019å8æ14æ 5:44
æää: chengzhihao <chengzhihao1@xxxxxxxxxx>
æé: Richard Weinberger <richard@xxxxxx>; Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>; Artem Bityutskiy <dedekind1@xxxxxxxxx>; zhangyi (F) <yi.zhang@xxxxxxxxxx>; linux-mtd@xxxxxxxxxxxxxxxxxxx; LKML <linux-kernel@xxxxxxxxxxxxxxx>
äé: Re: [PATCH] ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps

On Tue, Jul 30, 2019 at 3:21 AM chengzhihao <chengzhihao1@xxxxxxxxxx> wrote:
>
> OK, that's fine, and I will continue to understand more implementation code related to this part.

I think we can go with the realloc() approach for now.
Can you please check whether the assert() triggers?

--
Thanks,
//richard
No Log Config
1 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
2 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 9 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
3 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 9 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
4 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
5 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
6 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
7 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
8 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
9 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
10 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
11 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
12 c->lst.idx_lebs[origin] = 3, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 10 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
13 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
14 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
15 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
16 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
17 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
18 c->lst.idx_lebs[origin] = 6, c->lst.idx_lebs[curr] = 13, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
19 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
20 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 9 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
21 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
22 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
23 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
24 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
25 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
26 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
27 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
28 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
29 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
30 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
31 c->lst.idx_lebs[origin] = 6, c->lst.idx_lebs[curr] = 13, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
32 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
33 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 9 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
34 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
35 c->lst.idx_lebs[origin] = 15, c->lst.idx_lebs[curr] = 19, p - c->gap_lebs = 16 ==== mtdram: 32MiB, PEB size 16KiB, fastmap enabled, volume size 22MiB
36 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
37 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 9 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
38 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
39 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
40 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
41 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
42 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
43 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
44 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB
45 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
46 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
47 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
48 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
49 c->lst.idx_lebs[origin] = 5, c->lst.idx_lebs[curr] = 12, p - c->gap_lebs = 8 ==== nandsim: 16MiB, PEB size 16KiB, page size 512KiB, VID offset 0, fastmap enabled, volume size 11MiB
50 c->lst.idx_lebs[origin] = 4, c->lst.idx_lebs[curr] = 11, p - c->gap_lebs = 8 ==== mtdram: 16MiB, PEB size 16KiB, fastmap enabled, volume size 11MiB

Next message: Alexandre Belloni: "Re: [v2] rtc: pcf85363/pcf85263: fix error that failed to run hwclock -w"
Previous message: Tony Chuang: "RE: [PATCH] rtw88: pci: Move a mass of jobs in hw IRQ to soft IRQ"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]