| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 May 2018 11:08:58 +0200
From: Boris Brezillon <boris.brezillon@...tlin.com>
To: Jane Wan <Jane.Wan@...ia.com>
Cc: miquel.raynal@...tlin.com, dwmw2@...radead.org,
computersforpeace@...il.com, richard@....at, marek.vasut@...il.com,
yamada.masahiro@...ionext.com, prabhakar.kushwaha@....com,
shawnguo@...nel.org, jagdish.gediya@....com,
shreeya.patel23498@...il.com, linux-mtd@...ts.infradead.org,
linux-kernel@...r.kernel.org, ties.bos@...ia.com
Subject: Re: [PATCH v3 2/2] mtd: rawnand: fsl_ifc: use bit-wise majority to
recover the contents of ONFI parameter
On Mon, 7 May 2018 09:34:15 -0700
Jane Wan <Jane.Wan@...ia.com> wrote:
> Per ONFI specification (Rev. 4.0), if all parameter pages have invalid
> CRC values, the bit-wise majority may be used to recover the contents of
> the parameter pages from the parameter page copies present.
>
> Signed-off-by: Jane Wan <Jane.Wan@...ia.com>
I never received patch 1 of this series. When you fix something in a
commit, please resend the whole patchset, even if other patches haven't
changed.
> ---
> drivers/mtd/nand/raw/nand_base.c | 41 ++++++++++++++++++++++++++++++--------
> 1 file changed, 33 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c
> index 72f3a89..48f2dec 100644
> --- a/drivers/mtd/nand/raw/nand_base.c
> +++ b/drivers/mtd/nand/raw/nand_base.c
> @@ -5086,15 +5086,18 @@ static int nand_flash_detect_ext_param_page(struct nand_chip *chip,
> return ret;
> }
>
> +#define GET_BIT(bit, val) (((val) >> (bit)) & 0x01)
> +
> /*
> * Check if the NAND chip is ONFI compliant, returns 1 if it is, 0 otherwise.
> */
> static int nand_flash_detect_onfi(struct nand_chip *chip)
> {
> struct mtd_info *mtd = nand_to_mtd(chip);
> - struct nand_onfi_params *p;
> + struct nand_onfi_params *p = NULL;
> char id[4];
> - int i, ret, val;
> + int i, ret, val, pagesize;
> + u8 *buf = NULL;
>
> /* Try ONFI for unknown chip or LP */
> ret = nand_readid_op(chip, 0x20, id, sizeof(id));
> @@ -5102,8 +5105,9 @@ static int nand_flash_detect_onfi(struct nand_chip *chip)
> return 0;
>
> /* ONFI chip: allocate a buffer to hold its parameter page */
> - p = kzalloc(sizeof(*p), GFP_KERNEL);
> - if (!p)
> + pagesize = sizeof(*p);
> + buf = kzalloc((pagesize * 3), GFP_KERNEL);
Not sure why you have to add a new buf variable here, and pagesize is
not needed either, just use sizeof(*p) directly.
> + if (!buf)
> return -ENOMEM;
>
> ret = nand_read_param_page_op(chip, 0, NULL, 0);
> @@ -5113,7 +5117,8 @@ static int nand_flash_detect_onfi(struct nand_chip *chip)
> }
>
> for (i = 0; i < 3; i++) {
> - ret = nand_read_data_op(chip, p, sizeof(*p), true);
> + p = (struct nand_onfi_params *)&buf[i*pagesize];
> + ret = nand_read_data_op(chip, p, pagesize, true);
> if (ret) {
> ret = 0;
> goto free_onfi_param_page;
> @@ -5126,8 +5131,27 @@ static int nand_flash_detect_onfi(struct nand_chip *chip)
> }
>
> if (i == 3) {
> - pr_err("Could not find valid ONFI parameter page; aborting\n");
> - goto free_onfi_param_page;
> + int j, k, l;
> + u8 v, m;
> +
> + pr_err("Could not find valid ONFI parameter page\n");
> + pr_info("Recover ONFI params with bit-wise majority\n");
> + for (j = 0; j < pagesize; j++) {
> + v = 0;
> + for (k = 0; k < 8; k++) {
> + m = 0;
> + for (l = 0; l < 3; l++)
> + m += GET_BIT(k, buf[l*pagesize + j]);
> + if (m > 1)
> + v |= BIT(k);
> + }
> + ((u8 *)p)[j] = v;
> + }
Can you move the bit-wise majority code in a separate function?
> + if (onfi_crc16(ONFI_CRC_BASE, (uint8_t *)p, 254) !=
> + le16_to_cpu(p->crc)) {
> + pr_err("ONFI parameter recovery failed, aborting\n");
> + goto free_onfi_param_page;
> + }
> }
>
> /* Check version */
> @@ -5220,7 +5244,8 @@ static int nand_flash_detect_onfi(struct nand_chip *chip)
> sizeof(p->vendor));
>
> free_onfi_param_page:
> - kfree(p);
> + if (buf != NULL)
> + kfree(buf);
kfree() already handles the buf == NULL case, no need to check it here.
> return ret;
> }
>
Powered by blists - more mailing lists