lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 16 Apr 2019 12:18:24 +0000
From:   Avri Altman <Avri.Altman@....com>
To:     Raul E Rangel <rrangel@...omium.org>,
        "linux-mmc@...r.kernel.org" <linux-mmc@...r.kernel.org>
CC:     "djkurtz@...omium.org" <djkurtz@...omium.org>,
        "zwisler@...omium.org" <zwisler@...omium.org>,
        hongjiefang <hongjiefang@...micro.com>,
        Jennifer Dahm <jennifer.dahm@...com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Kyle Roeschley <kyle.roeschley@...com>,
        Ulf Hansson <ulf.hansson@...aro.org>
Subject: RE: [PATCH v1] mmc: core: Verify SD bus width

> 
> The SD Physical Layer Spec says the following: Since the SD Memory Card
> shall support at least the two bus modes 1-bit or 4-bit width, then any SD
> Card shall set at least bits 0 and 2 (SD_BUS_WIDTH="0101").
> 
> This change verifies the card has specified a bus width.
> 
> verified it didn't mount.
> 
> Signed-off-by: Raul E Rangel <rrangel@...omium.org>
Acked-by: Avri Altman <avri.altman@....com>

> ---
> AMD SDHC Device 7806 can get into a bad state after a card disconnect
> where anything transferred via the DATA lines will always result in a
> zero filled buffer. Currently the driver will continue without error if
> the HC is in this condition. A block device will be created, but reading
> from it will result in a zero buffer. This makes it seem like the SD
> device has been erased, when in actuality the data is never getting
> copied from the DATA lines to the data buffer.
> 
> SCR is the first command in the SD initialization sequence that uses the
> DATA lines. By checking that the response was invalid, we can abort
> mounting the card.
> 
> Here is an example of a bad trace: https://pastebin.com/TY2cF9n0
> Look for sd_scr and sd_ssr.
> 
>  drivers/mmc/core/sd.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c
> index 265e1aeeb9d8..f6481f8e9fe7 100644
> --- a/drivers/mmc/core/sd.c
> +++ b/drivers/mmc/core/sd.c
> @@ -205,6 +205,13 @@ static int mmc_decode_scr(struct mmc_card *card)
> 
>  	scr->sda_vsn = UNSTUFF_BITS(resp, 56, 4);
>  	scr->bus_widths = UNSTUFF_BITS(resp, 48, 4);
> +
> +	/* SD Spec says: any SD Card shall set at least bits 0 and 2 */
> +	if (!scr->bus_widths) {
So why not testing that exact mask?
you have SD_SCR_BUS_WIDTH_1 and SD_SCR_BUS_WIDTH_4 already defined...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ