update kernel to 5.10.198

hc

2024-01-03 2f7c68cb55ecb7331f2381deb497c27155f32faf

 kernel/drivers/mtd/ubi/build.c
..
..
@@ -467,6 +467,7 @@
467
467
 			err = ubi_add_volume(ubi, ubi->volumes[i]);
468
468
 			if (err) {
469
469
 				ubi_err(ubi, "cannot add volume %d", i);
470
+				ubi->volumes[i] = NULL;
470
471
 				goto out_volumes;
471
472
 			}
472
473
 		}
..
..
@@ -681,6 +682,21 @@
681
682
 						ubi->vid_hdr_aloffset;
682
683
 	}
683
684
 
685
+	/*
686
+	 * Memory allocation for VID header is ubi->vid_hdr_alsize
687
+	 * which is described in comments in io.c.
688
+	 * Make sure VID header shift + UBI_VID_HDR_SIZE not exceeds
689
+	 * ubi->vid_hdr_alsize, so that all vid header operations
690
+	 * won't access memory out of bounds.
691
+	 */
692
+	if ((ubi->vid_hdr_shift + UBI_VID_HDR_SIZE) > ubi->vid_hdr_alsize) {
693
+		ubi_err(ubi, "Invalid VID header offset %d, VID header shift(%d)"
694
+			" + VID header size(%zu) > VID header aligned size(%d).",
695
+			ubi->vid_hdr_offset, ubi->vid_hdr_shift,
696
+			UBI_VID_HDR_SIZE, ubi->vid_hdr_alsize);
697
+		return -EINVAL;
698
+	}
699
+
684
700
 	/* Similar for the data offset */
685
701
 	ubi->leb_start = ubi->vid_hdr_offset + UBI_VID_HDR_SIZE;
686
702
 	ubi->leb_start = ALIGN(ubi->leb_start, ubi->min_io_size);
..
..
@@ -873,6 +889,13 @@
873
889
 		return -EINVAL;
874
890
 	}
875
891
 
892
+	/* UBI cannot work on flashes with zero erasesize. */
893
+	if (!mtd->erasesize) {
894
+		pr_err("ubi: refuse attaching mtd%d - zero erasesize flash is not supported\n",
895
+			mtd->index);
896
+		return -EINVAL;
897
+	}
898
+
876
899
 	if (ubi_num == UBI_DEV_NUM_AUTO) {
877
900
 		/* Search for an empty slot in the @ubi_devices array */
878
901
 		for (ubi_num = 0; ubi_num < UBI_MAX_DEVICES; ubi_num++)