| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Mar 2020 23:32:24 +0300
From: Mikhail Kshevetskiy <mikhail.kshevetskiy@...etlabs.ru>
To: miquel.raynal@...tlin.com, richard@....at
Cc: linux-mtd@...ts.infradead.org, linux-kernel@...r.kernel.org,
Mikhail Kshevetskiy <mikhail.kshevetskiy@...etlabs.ru>
Subject: [PATCH 2/2] mtd: spinand: fix bad block marker writing
In spinand_markbad() we use spinand->oobbuf as a bad block marker, fill
it with zeroes and issue spinand_write_page() operation:
struct nand_page_io_req req = {
.pos = *pos,
.ooboffs = 0,
.ooblen = 2,
.oobbuf.out = spinand->oobbuf,
};
...
memset(spinand->oobbuf, 0, 2);
return spinand_write_page(spinand, &req);
spinand_write_page() will call spinand_write_to_cache_op() at some
moment. In spinand_write_to_cache_op() we have:
nbytes = nanddev_page_size(nand) + nanddev_per_page_oobsize(nand);
memset(spinand->databuf, 0xff, nbytes);
This will fill spinand->databuf with 0xff, but spinand->oobbuf is the
part of spinand->databuf (see spinand_init()):
spinand->oobbuf = spinand->databuf + nanddev_page_size(nand);
As result bad block marker will be overwrited by 0xff values, hence
bad block will NOT be marked.
A separate buffer for bad block marker used to fix this issue.
Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevetskiy@...etlabs.ru>
---
drivers/mtd/nand/spi/core.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/mtd/nand/spi/core.c b/drivers/mtd/nand/spi/core.c
index bb4eac400b0f..d1355773d484 100644
--- a/drivers/mtd/nand/spi/core.c
+++ b/drivers/mtd/nand/spi/core.c
@@ -603,11 +603,12 @@ static int spinand_mtd_block_isbad(struct mtd_info *mtd, loff_t offs)
static int spinand_markbad(struct nand_device *nand, const struct nand_pos *pos)
{
struct spinand_device *spinand = nand_to_spinand(nand);
+ char bad_block_marker[2] = {0, 0};
struct nand_page_io_req req = {
.pos = *pos,
.ooboffs = 0,
- .ooblen = 2,
- .oobbuf.out = spinand->oobbuf,
+ .ooblen = sizeof(bad_block_marker),
+ .oobbuf.out = bad_block_marker,
};
int ret;
u8 status;
@@ -630,7 +631,6 @@ static int spinand_markbad(struct nand_device *nand, const struct nand_pos *pos)
if (ret)
return ret;
- memset(spinand->oobbuf, 0, 2);
return spinand_write_page(spinand, &req);
}
--
2.25.0
Powered by blists - more mailing lists