lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170602110406.49eda282@bbrezillon>
Date:   Fri, 2 Jun 2017 11:04:06 +0200
From:   Boris Brezillon <boris.brezillon@...e-electrons.com>
To:     Brian Norris <computersforpeace@...il.com>
Cc:     Chris Packham <chris.packham@...iedtelesis.co.nz>,
        dwmw2@...radead.org, andrew@...n.ch, linux-mtd@...ts.infradead.org,
        linux-kernel@...r.kernel.org, Marek Vasut <marek.vasut@...il.com>,
        Richard Weinberger <richard@....at>,
        Cyrille Pitchen <cyrille.pitchen@...ev4u.fr>
Subject: Re: [PATCH 3/4] mtd: mchp23k256: add partitioning support

On Thu, 1 Jun 2017 15:01:56 -0700
Brian Norris <computersforpeace@...il.com> wrote:

> On Thu, Jun 01, 2017 at 10:47:12PM +0200, Boris Brezillon wrote:
> > Le Thu, 1 Jun 2017 11:43:40 -0700,
> > Brian Norris <computersforpeace@...il.com> a écrit :  
> > > On Wed, May 17, 2017 at 05:29:11PM +0200, Boris Brezillon wrote:  
> > > > On Wed, 17 May 2017 17:39:07 +1200
> > > > Chris Packham <chris.packham@...iedtelesis.co.nz> wrote:  
> > > > > @@ -151,6 +152,10 @@ static int mchp23k256_probe(struct spi_device *spi)
> > > > >  	flash->mtd._read	= mchp23k256_read;
> > > > >  	flash->mtd._write	= mchp23k256_write;
> > > > >  
> > > > > +	flash->mtd.erasesize = PAGE_SIZE;
> > > > > +	while (flash->mtd.size & (flash->mtd.erasesize - 1))
> > > > > +		flash->mtd.erasesize >>= 1;
> > > > > +    
> > > > 
> > > > Can we fix allocate_partition() to properly handle the
> > > > master->erasesize == 0 case instead of doing that?    
> > > 
> > > Is everything actually ready for the eraseblock size to be 0? That would
> > > seem surprising to many applications, I would think. Can you, for
> > > instance, even use UBI on such a device?  
> > 
> > Well, I think it's already broken. AFAICT this driver does not
> > implement ->_erase(), and mtd_erase() does not check if MTD_NO_ERASE is
> > set before calling mtd->_erase(), neither UBI does before calling
> > mtd_erase().  
> 
> Sure.
> 
> > Between a NULL pointer exception and a div-by-zero exception, I can't
> > decide what is better :-).  
> 
> Well, there are other potential problems than that. What if someone was
> iterating over the device size, by increments of erasesize? Infinite
> loop! Or what about anything that might have assumed
> 'writesize < erasesize'?

Absolutely, div-by-zero is not the only problem we can face.

> 
> I'm mostly thinking out loud, because I'm not sure there's a really good
> way to handle this, other than stop making those assumptions.
> 
> (A *possible* solution would be to have MTD enforce a fake erasesize for
> NO_ERASE flash, instead of making drivers do it, like Chris was trying.
> But I'm not sure that's a good one.)

Actually, by doing that we keep encouraging people to not do the right
thing :-).

> 
> > IMO, we'd better add a check in UBI to refuse to attach a device with
> > MTD_NO_ERASE or mtd->erasesize == 0, and fix other places that don't
> > check erasesize value instead of putting a fake erasesize and using a
> > dummy ->_erase() implementation for those devices that simply can't be
> > erased.  
> 
> That's probably a good idea.

I'll try to post patches soon, but they definitely won't fix all
problems. For example, we just can't catch the infinite loop issue you
are mentioning above.

> 
> > We should also probably complain with -ENOTSUPP when someone calls
> > mtd_erase() on a device with MTD_NO_ERASE and add more checks in the
> > add_mtd_device() to detect drivers that don't have MTD_NO_ERASE set
> > and do not implement ->_erase() or leave ->erasesize to 0.   
> 
> Yep.
> 
> > > BTW, I feel like this check is a little more natural to do with
> > > 'mtd->flags & MTD_NO_ERASE', rather than checking the (apparently
> > > meaningless) erasesize.  
> > 
> > Fair enough.  
> 
> OK, well I'll take another look at v4, but that might be my only
> criticism then.
> 
> Overall though, a "NO_ERASE" MTD makes me wonder why it's an MTD in the
> first place. I guess we're kinda the wild west of things that don't fit
> into the block subsystem...

Yes, that's exactly what the MTD subsystem is: a place where you can
put drivers for memory devices that are not block devices :-). Don't
know if it's a good thing or not, but it definitely makes MTD users
life harder.

BTW, MTD_NO_ERASE is not the only problem we have with UBI or JFFS2.
Are we guaranteed that an erase operation fills an eraseblock with
ones? Don't we have mem technologies that are filling them with zeros?
Note that mtdram is artificially setting the mem-region to 0xff in its
dummy erase operation, so maybe it's a implicit rule that ->_erase() is
supposed to fill eraseblocks with 0xff.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ