lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20200310203224.410198-2-mikhail.kshevetskiy@oktetlabs.ru>
Date:   Tue, 10 Mar 2020 23:32:24 +0300
From:   Mikhail Kshevetskiy <mikhail.kshevetskiy@...etlabs.ru>
To:     miquel.raynal@...tlin.com, richard@....at
Cc:     linux-mtd@...ts.infradead.org, linux-kernel@...r.kernel.org,
        Mikhail Kshevetskiy <mikhail.kshevetskiy@...etlabs.ru>
Subject: [PATCH 2/2] mtd: spinand: fix bad block marker writing

In spinand_markbad() we use spinand->oobbuf as a bad block marker, fill
it with zeroes and issue spinand_write_page() operation:

        struct nand_page_io_req req = {
                .pos = *pos,
                .ooboffs = 0,
                .ooblen = 2,
                .oobbuf.out = spinand->oobbuf,
        };
        ...
        memset(spinand->oobbuf, 0, 2);
        return spinand_write_page(spinand, &req);

spinand_write_page() will call spinand_write_to_cache_op() at some
moment. In spinand_write_to_cache_op() we have:

        nbytes = nanddev_page_size(nand) + nanddev_per_page_oobsize(nand);
        memset(spinand->databuf, 0xff, nbytes);

This will fill spinand->databuf with 0xff, but spinand->oobbuf is the
part of spinand->databuf (see spinand_init()):

        spinand->oobbuf = spinand->databuf + nanddev_page_size(nand);

As result bad block marker will be overwrited by 0xff values, hence
bad block will NOT be marked.

A separate buffer for bad block marker used to fix this issue.

Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevetskiy@...etlabs.ru>
---
 drivers/mtd/nand/spi/core.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/mtd/nand/spi/core.c b/drivers/mtd/nand/spi/core.c
index bb4eac400b0f..d1355773d484 100644
--- a/drivers/mtd/nand/spi/core.c
+++ b/drivers/mtd/nand/spi/core.c
@@ -603,11 +603,12 @@ static int spinand_mtd_block_isbad(struct mtd_info *mtd, loff_t offs)
 static int spinand_markbad(struct nand_device *nand, const struct nand_pos *pos)
 {
 	struct spinand_device *spinand = nand_to_spinand(nand);
+	char bad_block_marker[2] = {0, 0};
 	struct nand_page_io_req req = {
 		.pos = *pos,
 		.ooboffs = 0,
-		.ooblen = 2,
-		.oobbuf.out = spinand->oobbuf,
+		.ooblen = sizeof(bad_block_marker),
+		.oobbuf.out = bad_block_marker,
 	};
 	int ret;
 	u8 status;
@@ -630,7 +631,6 @@ static int spinand_markbad(struct nand_device *nand, const struct nand_pos *pos)
 	if (ret)
 		return ret;
 
-	memset(spinand->oobbuf, 0, 2);
 	return spinand_write_page(spinand, &req);
 }
 
-- 
2.25.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ