lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 17 Feb 2020 11:19:25 +0000
From:   Schrempf Frieder <frieder.schrempf@...tron.de>
To:     Miquel Raynal <miquel.raynal@...tlin.com>
CC:     Boris Brezillon <bbrezillon@...nel.org>,
        Jeff Kletsky <git-commits@...ycomm.com>,
        liaoweixiong <liaoweixiong@...winnertech.com>,
        Peter Pan <peterpandong@...ron.com>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-mtd@...ts.infradead.org" <linux-mtd@...ts.infradead.org>,
        Richard Weinberger <richard@....at>
Subject: Re: [PATCH 3/3] mtd: spinand: Wait for the erase op to finish before
 writing a bad block marker

Hi Miquel,

On 17.02.20 11:39, Miquel Raynal wrote:
> Hi Frieder,
> 
> Schrempf Frieder <frieder.schrempf@...tron.de> wrote on Tue, 11 Feb
> 2020 16:35:53 +0000:
> 
>> From: Frieder Schrempf <frieder.schrempf@...tron.de>
>>
>> Currently when marking a block, we use spinand_erase_op() to erase
>> the block before writing the marker to the OOB area without waiting
>> for the operation to succeed. This can lead to the marking failing
>> silently and no bad block marker being written to the flash.
>>
>> To fix this we reuse the spinand_erase() function, that already does
>> everything we need to do before actually writing the marker.
>>
> 
> Thanks a lot for this series!
> 
> Yet I don't really understand the point of waiting for the erasure if
> it failed: we don't really care as programming (1 -> 0) cells is always
> possible. Are you sure this lead to an error?

We don't care about the result of the erase operation, but I think we 
still need to wait for it to be done and the STATUS_BUSY bit to be 
cleared. Otherwise it seems like the program operation to set the marker 
can get ignored by the chip. At least that's my explanation for the 
behavior I was observing.

> 
> Also, why just not calling spinand_erase() instead of
> spinand_erase_op() from spinand_markbad()?

Yeah, that's wrong. I was thinking, that spinand_erase_op() would return 
an error if the erase failed on the flash level (which should have been 
ignored in this case). The current code suggested this as it doesn't 
handle the return value of spinand_erase_op().

But in fact the success of the erase operation is only checked in 
spinand_erase() after waiting for the flash to be ready. So I think we 
can use spinand_erase(), but instead of ignoring the return value of 
spinand_erase_op(), we need to ignore the 'status & STATUS_ERASE_FAILED' 
check.

Thanks,
Frieder

> 
>> Fixes: 7529df465248 ("mtd: nand: Add core infrastructure to support SPI NANDs")
>> Cc: stable@...r.kernel.org
>> Signed-off-by: Frieder Schrempf <frieder.schrempf@...tron.de>
>> ---
>>   drivers/mtd/nand/spi/core.c | 56 ++++++++++++++++++-------------------
>>   1 file changed, 28 insertions(+), 28 deletions(-)
>>
>> diff --git a/drivers/mtd/nand/spi/core.c b/drivers/mtd/nand/spi/core.c
>> index 925db6269861..8a69d13639e2 100644
>> --- a/drivers/mtd/nand/spi/core.c
>> +++ b/drivers/mtd/nand/spi/core.c
>> @@ -600,6 +600,32 @@ static int spinand_mtd_block_isbad(struct mtd_info *mtd, loff_t offs)
>>   	return ret;
>>   }
>>   
>> +static int __spinand_erase(struct nand_device *nand, const struct nand_pos *pos,
>> +			   bool hard_fail)
>> +{
>> +	struct spinand_device *spinand = nand_to_spinand(nand);
>> +	u8 status;
>> +	int ret;
>> +
>> +	ret = spinand_select_target(spinand, pos->target);
>> +	if (ret)
>> +		return ret;
>> +
>> +	ret = spinand_write_enable_op(spinand);
>> +	if (ret)
>> +		return ret;
>> +
>> +	ret = spinand_erase_op(spinand, pos);
>> +	if (ret && hard_fail)
>> +		return ret;
>> +
>> +	ret = spinand_wait(spinand, &status);
>> +	if (!ret && (status & STATUS_ERASE_FAILED))
>> +		ret = -EIO;
>> +
>> +	return ret;
>> +}
>> +
>>   static int spinand_markbad(struct nand_device *nand, const struct nand_pos *pos)
>>   {
>>   	struct spinand_device *spinand = nand_to_spinand(nand);
>> @@ -614,16 +640,10 @@ static int spinand_markbad(struct nand_device *nand, const struct nand_pos *pos)
>>   	int ret;
>>   
>>   	/* Erase block before marking it bad. */
>> -	ret = spinand_select_target(spinand, pos->target);
>> -	if (ret)
>> -		return ret;
>> -
>> -	ret = spinand_write_enable_op(spinand);
>> +	ret = __spinand_erase(nand, pos, false);
>>   	if (ret)
>>   		return ret;
>>   
>> -	spinand_erase_op(spinand, pos);
>> -
>>   	return spinand_write_page(spinand, &req);
>>   }
>>   
>> @@ -644,27 +664,7 @@ static int spinand_mtd_block_markbad(struct mtd_info *mtd, loff_t offs)
>>   
>>   static int spinand_erase(struct nand_device *nand, const struct nand_pos *pos)
>>   {
>> -	struct spinand_device *spinand = nand_to_spinand(nand);
>> -	u8 status;
>> -	int ret;
>> -
>> -	ret = spinand_select_target(spinand, pos->target);
>> -	if (ret)
>> -		return ret;
>> -
>> -	ret = spinand_write_enable_op(spinand);
>> -	if (ret)
>> -		return ret;
>> -
>> -	ret = spinand_erase_op(spinand, pos);
>> -	if (ret)
>> -		return ret;
>> -
>> -	ret = spinand_wait(spinand, &status);
>> -	if (!ret && (status & STATUS_ERASE_FAILED))
>> -		ret = -EIO;
>> -
>> -	return ret;
>> +	return __spinand_erase(nand, pos, true);
>>   }
>>   
>>   static int spinand_mtd_erase(struct mtd_info *mtd,
> 
> Thanks,
> Miquèl
> 

Powered by blists - more mailing lists