lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-id: <26017351.61791396316965998.JavaMail.weblogic@epv6ml06>
Date:	Tue, 01 Apr 2014 01:49:27 +0000 (GMT)
From:	Eunbong Song <eunb.song@...sung.com>
To:	computersforpeace@...il.com, artem.bityutskiy@...ux.intel.com
Cc:	linux-kernel@...r.kernel.org, linux-mtd@...ts.infradead.org
Subject: [PATCH] mtd: fsl_ifc_nand: Recover corrupted empty page for preventing
 read-only mount in UBIFS

Even if the meaning of EUCLEAN was changed by commit edbc4540.
There is still possibility of read-only mount in UBIFS with ubifs_scan() "corrupt empty space at LEB".
So i made this patch for fix that problem.
This patch do as follow.
 - If there are ecc errors which is equal to or less than chip->ecc.strength in page.
 - Check that page has how many zero bits, and if zero bits are equal to or less than
   chip->ecc.strength then overwrite 1 to zero bits in buf.

ubifs_scan() cannot detect corrupted empty space because buf is recovered by this patch.
And this is safe because ecc controller can correct up to chip->ecc.strength bits.

Signed-off-by: Eunbong Song <eunb.song@...sung.com>
---
 drivers/mtd/nand/fsl_ifc_nand.c |   41 +++++++++++++++++++++++++++++++++++++++
 1 files changed, 41 insertions(+), 0 deletions(-)

diff --git a/drivers/mtd/nand/fsl_ifc_nand.c b/drivers/mtd/nand/fsl_ifc_nand.c
index 90ca7e7..2129c39 100644
--- a/drivers/mtd/nand/fsl_ifc_nand.c
+++ b/drivers/mtd/nand/fsl_ifc_nand.c
@@ -277,6 +277,42 @@ static int is_blank(struct mtd_info *mtd, unsigned int bufnum)
 	return 1;
 }
 
+static int num_zero_bits(uint8_t val)
+{
+	int i, ret=0;
+
+	for(i=7; i>=0 ; i--)
+		if(!(0x1 & (val >> i)))
+			ret++;
+
+	return ret;
+}
+
+static int is_corrupted_blank(struct mtd_info *mtd, uint8_t * buf)
+{
+	struct nand_chip *chip = mtd->priv;
+	int i;
+	int zero_bits = 0;
+
+	for (i = 0; i < mtd->writesize ; i++) {
+		if(buf[i] != 0xff) {
+			zero_bits += num_zero_bits(buf[i]);	
+		}
+	}
+
+	if(zero_bits && (zero_bits <= chip->ecc.strength)){
+		return 1;
+	}
+
+	return 0;
+}
+
+static void recover_corrupted_blank(struct mtd_info *mtd, uint8_t * buf)
+{
+	memset(buf, 0xff, mtd->writesize);
+	return;
+}
+
 /* returns nonzero if entire page is blank */
 static int check_read_ecc(struct mtd_info *mtd, struct fsl_ifc_ctrl *ctrl,
 			  u32 *eccstat, unsigned int bufnum)
@@ -760,6 +796,11 @@ static int fsl_ifc_read_page(struct mtd_info *mtd, struct nand_chip *chip,
 	if (ctrl->nand_stat != IFC_NAND_EVTER_STAT_OPC)
 		mtd->ecc_stats.failed++;
 
+	if(nctrl->max_bitflips && (nctrl->max_bitflips <= chip->ecc.strength)){
+		if(is_corrupted_blank(mtd, buf))
+			recover_corrupted_blank(mtd, buf);
+	}
+
 	return nctrl->max_bitflips;
 }
 
-- 
1.7.0.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ