lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200511184333.20d5a560@xps13>
Date:   Mon, 11 May 2020 18:43:33 +0200
From:   Miquel Raynal <miquel.raynal@...tlin.com>
To:     Álvaro Fernández Rojas <noltari@...il.com>
Cc:     computersforpeace@...il.com, kdasu.kdev@...il.com, richard@....at,
        vigneshr@...com, sumit.semwal@...aro.org,
        linux-mtd@...ts.infradead.org,
        bcm-kernel-feedback-list@...adcom.com,
        linux-kernel@...r.kernel.org, linux-media@...r.kernel.org,
        dri-devel@...ts.freedesktop.org, linaro-mm-sig@...ts.linaro.org
Subject: Re: [PATCH v2] nand: brcmnand: correctly verify erased pages

Hi Álvaro,

Álvaro Fernández Rojas <noltari@...il.com> wrote on Tue,  5 May 2020
10:20:55 +0200:

> The current code checks that the whole OOB area is erased.
> This is a problem when JFFS2 cleanmarkers are added to the OOB, since it will
> fail due to the usable OOB bytes not being 0xff.
> Correct this by only checking that the ECC aren't 0xff.
> 
> Fixes: 02b88eea9f9c ("mtd: brcmnand: Add check for erased page bitflips")
> 

This extra space between the Fixes tag and your SoB should be removed

> Signed-off-by: Álvaro Fernández Rojas <noltari@...il.com>
> ---
>  v2: Add Fixes tag
> 
>  drivers/mtd/nand/raw/brcmnand/brcmnand.c | 22 ++++++++++++++++++----
>  1 file changed, 18 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/mtd/nand/raw/brcmnand/brcmnand.c b/drivers/mtd/nand/raw/brcmnand/brcmnand.c
> index e4e3ceeac38f..546f0807b887 100644
> --- a/drivers/mtd/nand/raw/brcmnand/brcmnand.c
> +++ b/drivers/mtd/nand/raw/brcmnand/brcmnand.c
> @@ -2018,6 +2018,7 @@ static int brcmnand_read_by_pio(struct mtd_info *mtd, struct nand_chip *chip,
>  static int brcmstb_nand_verify_erased_page(struct mtd_info *mtd,
>  		  struct nand_chip *chip, void *buf, u64 addr)
>  {
> +	struct mtd_oob_region oobecc;
>  	int i, sas;
>  	void *oob = chip->oob_poi;
>  	int bitflips = 0;
> @@ -2035,11 +2036,24 @@ static int brcmstb_nand_verify_erased_page(struct mtd_info *mtd,
>  	if (ret)
>  		return ret;
>  
> -	for (i = 0; i < chip->ecc.steps; i++, oob += sas) {
> +	for (i = 0; i < chip->ecc.steps; i++) {
>  		ecc_chunk = buf + chip->ecc.size * i;
> -		ret = nand_check_erased_ecc_chunk(ecc_chunk,
> -						  chip->ecc.size,
> -						  oob, sas, NULL, 0,
> +
> +		ret = nand_check_erased_ecc_chunk(ecc_chunk, chip->ecc.size,
> +						  NULL, 0, NULL, 0,
> +						  chip->ecc.strength);
> +		if (ret < 0)
> +			return ret;
> +
> +		bitflips = max(bitflips, ret);
> +	}
> +
> +	for (i = 0; mtd->ooblayout->ecc(mtd, i, &oobecc) != -ERANGE; i++)
> +	{
> +		ret = nand_check_erased_ecc_chunk(NULL, 0,
> +						  oob + oobecc.offset,
> +						  oobecc.length,
> +						  NULL, 0,
>  						  chip->ecc.strength);
>  		if (ret < 0)
>  			return 

If I understand correctly, the cleanmarker is in the "available OOB
area", which is somewhere in the OOB area between the bad block marker
and the ECC bytes. I think that checking the data buffer and the ECC
area only is enough and we can probably leave the remaining spare OOB
area.

But instead of calling nand_check_erased_ecc_chunk twice, just call:

    nand_check_erased_ecc_chunk(data, datalen, ecc, ecclen, NULL, 0,
                                strength); 

And also please clarify your commit log: you are not "just checking the
ECC bytes" but you are checking both the main area and the ECC bytes.


Thanks,
Miquèl

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ