From 0697f206dfbbb5821fbf03283dce0b96515167cf Mon Sep 17 00:00:00 2001
From: Przemyslaw Marczak
Date: Wed, 23 Oct 2013 14:30:44 +0200
Subject: [PATCH] usb: ums: fix disk capacity miscalculation and code cleanup
This patch prevents:
- ums disk capacity miscalculation because of integer overflow
Changes v2:
- Prevents passing zero size disk capacity to ums gadget driver
- Change function ums_get_capacity() to ums_disk_init() and do ums disk
initialization before gadget init
- Remove unnecessary code from mass storage driver
Signed-off-by: Przemyslaw Marczak
Cc: Marek Vasut
---
board/samsung/trats/trats.c | 49 +++++++++++++++++++----------
drivers/usb/gadget/storage_common.c | 26 ++-------------
include/usb_mass_storage.h | 6 ++--
3 files changed, 37 insertions(+), 44 deletions(-)
diff --git a/board/samsung/trats/trats.c b/board/samsung/trats/trats.c
index 7d91d88879..dab790fab0 100644
--- a/board/samsung/trats/trats.c
+++ b/board/samsung/trats/trats.c
@@ -778,7 +778,7 @@ static int ums_read_sector(struct ums *ums_dev,
ulong start, lbaint_t blkcnt, void *buf)
{
block_dev_desc_t *block_dev = &ums_dev->mmc->block_dev;
- lbaint_t blkstart = start + ums_dev->offset;
+ lbaint_t blkstart = start + ums_dev->start_sector;
int dev_num = block_dev->dev;
return block_dev->block_read(dev_num, blkstart, blkcnt, buf);
@@ -788,30 +788,47 @@ static int ums_write_sector(struct ums *ums_dev,
ulong start, lbaint_t blkcnt, const void *buf)
{
block_dev_desc_t *block_dev = &ums_dev->mmc->block_dev;
- lbaint_t blkstart = start + ums_dev->offset;
+ lbaint_t blkstart = start + ums_dev->start_sector;
int dev_num = block_dev->dev;
return block_dev->block_write(dev_num, blkstart, blkcnt, buf);
}
-static void ums_get_capacity(struct ums *ums_dev, long long int *capacity)
-{
- long long int tmp_capacity;
-
- tmp_capacity = (long long int)((ums_dev->offset + ums_dev->part_size)
- * SECTOR_SIZE);
- *capacity = ums_dev->mmc->capacity - tmp_capacity;
-}
-
static struct ums ums_dev = {
.read_sector = ums_read_sector,
.write_sector = ums_write_sector,
- .get_capacity = ums_get_capacity,
.name = "UMS disk",
- .offset = UMS_START_SECTOR,
- .part_size = UMS_NUM_SECTORS,
};
+static struct ums *ums_disk_init(struct mmc *mmc)
+{
+ uint64_t mmc_end_sector = mmc->capacity / SECTOR_SIZE;
+ uint64_t ums_end_sector = UMS_NUM_SECTORS + UMS_START_SECTOR;
+
+ if (!mmc_end_sector) {
+ error("MMC capacity is not valid");
+ return NULL;
+ }
+
+ ums_dev.mmc = mmc;
+
+ if (ums_end_sector <= mmc_end_sector) {
+ ums_dev.start_sector = UMS_START_SECTOR;
+ if (UMS_NUM_SECTORS)
+ ums_dev.num_sectors = UMS_NUM_SECTORS;
+ else
+ ums_dev.num_sectors = mmc_end_sector - UMS_START_SECTOR;
+ } else {
+ ums_dev.num_sectors = mmc_end_sector;
+ puts("UMS: defined bad disk parameters. Using default.\n");
+ }
+
+ printf("UMS: disk start sector: %#x, count: %#x\n",
+ ums_dev.start_sector, ums_dev.num_sectors);
+
+ return &ums_dev;
+}
+
struct ums *ums_init(unsigned int dev_num)
{
struct mmc *mmc = NULL;
@@ -820,8 +837,6 @@ struct ums *ums_init(unsigned int dev_num)
if (!mmc)
return NULL;
- ums_dev.mmc = mmc;
-
- return &ums_dev;
+ return ums_disk_init(mmc);
}
#endif
diff --git a/drivers/usb/gadget/storage_common.c b/drivers/usb/gadget/storage_common.c
index c2c5424f51..02803df23c 100644
--- a/drivers/usb/gadget/storage_common.c
+++ b/drivers/usb/gadget/storage_common.c
@@ -572,36 +572,16 @@ static struct usb_gadget_strings fsg_stringtab = {
static int fsg_lun_open(struct fsg_lun *curlun, const char *filename)
{
int ro;
- int rc = -EINVAL;
- loff_t size;
- loff_t num_sectors;
- loff_t min_sectors;
/* R/W if we can, R/O if we must */
ro = curlun->initially_ro;
- ums->get_capacity(ums, &size);
- if (size < 0) {
- printf("unable to find file size: %s\n", filename);
- rc = (int) size;
- goto out;
- }
- num_sectors = size >> 9; /* File size in 512-byte blocks */
- min_sectors = 1;
- if (num_sectors < min_sectors) {
- printf("file too small: %s\n", filename);
- rc = -ETOOSMALL;
- goto out;
- }
-
curlun->ro = ro;
- curlun->file_length = size;
- curlun->num_sectors = num_sectors;
+ curlun->file_length = ums->num_sectors << 9;
+ curlun->num_sectors = ums->num_sectors;
debug("open backing file: %s\n", filename);
- rc = 0;
-out:
- return rc;
+ return 0;
}
static void fsg_lun_close(struct fsg_lun *curlun)
diff --git a/include/usb_mass_storage.h b/include/usb_mass_storage.h
index 674ca70c59..9df3adcf2a 100644
--- a/include/usb_mass_storage.h
+++ b/include/usb_mass_storage.h
@@ -25,12 +25,10 @@ struct ums {
ulong start, lbaint_t blkcnt, void *buf);
int (*write_sector)(struct ums *ums_dev,
ulong start, lbaint_t blkcnt, const void *buf);
- void (*get_capacity)(struct ums *ums_dev,
- long long int *capacity);
+ unsigned int start_sector;
+ unsigned int num_sectors;
const char *name;
struct mmc *mmc;
- int offset;
- int part_size;
};
extern struct ums *ums;
--
2.39.5