| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 May 2020 18:43:33 +0200
From: Miquel Raynal <miquel.raynal@...tlin.com>
To: Álvaro Fernández Rojas <noltari@...il.com>
Cc: computersforpeace@...il.com, kdasu.kdev@...il.com, richard@....at,
vigneshr@...com, sumit.semwal@...aro.org,
linux-mtd@...ts.infradead.org,
bcm-kernel-feedback-list@...adcom.com,
linux-kernel@...r.kernel.org, linux-media@...r.kernel.org,
dri-devel@...ts.freedesktop.org, linaro-mm-sig@...ts.linaro.org
Subject: Re: [PATCH v2] nand: brcmnand: correctly verify erased pages
Hi Álvaro,
Álvaro Fernández Rojas <noltari@...il.com> wrote on Tue, 5 May 2020
10:20:55 +0200:
> The current code checks that the whole OOB area is erased.
> This is a problem when JFFS2 cleanmarkers are added to the OOB, since it will
> fail due to the usable OOB bytes not being 0xff.
> Correct this by only checking that the ECC aren't 0xff.
>
> Fixes: 02b88eea9f9c ("mtd: brcmnand: Add check for erased page bitflips")
>
This extra space between the Fixes tag and your SoB should be removed
> Signed-off-by: Álvaro Fernández Rojas <noltari@...il.com>
> ---
> v2: Add Fixes tag
>
> drivers/mtd/nand/raw/brcmnand/brcmnand.c | 22 ++++++++++++++++++----
> 1 file changed, 18 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/mtd/nand/raw/brcmnand/brcmnand.c b/drivers/mtd/nand/raw/brcmnand/brcmnand.c
> index e4e3ceeac38f..546f0807b887 100644
> --- a/drivers/mtd/nand/raw/brcmnand/brcmnand.c
> +++ b/drivers/mtd/nand/raw/brcmnand/brcmnand.c
> @@ -2018,6 +2018,7 @@ static int brcmnand_read_by_pio(struct mtd_info *mtd, struct nand_chip *chip,
> static int brcmstb_nand_verify_erased_page(struct mtd_info *mtd,
> struct nand_chip *chip, void *buf, u64 addr)
> {
> + struct mtd_oob_region oobecc;
> int i, sas;
> void *oob = chip->oob_poi;
> int bitflips = 0;
> @@ -2035,11 +2036,24 @@ static int brcmstb_nand_verify_erased_page(struct mtd_info *mtd,
> if (ret)
> return ret;
>
> - for (i = 0; i < chip->ecc.steps; i++, oob += sas) {
> + for (i = 0; i < chip->ecc.steps; i++) {
> ecc_chunk = buf + chip->ecc.size * i;
> - ret = nand_check_erased_ecc_chunk(ecc_chunk,
> - chip->ecc.size,
> - oob, sas, NULL, 0,
> +
> + ret = nand_check_erased_ecc_chunk(ecc_chunk, chip->ecc.size,
> + NULL, 0, NULL, 0,
> + chip->ecc.strength);
> + if (ret < 0)
> + return ret;
> +
> + bitflips = max(bitflips, ret);
> + }
> +
> + for (i = 0; mtd->ooblayout->ecc(mtd, i, &oobecc) != -ERANGE; i++)
> + {
> + ret = nand_check_erased_ecc_chunk(NULL, 0,
> + oob + oobecc.offset,
> + oobecc.length,
> + NULL, 0,
> chip->ecc.strength);
> if (ret < 0)
> return
If I understand correctly, the cleanmarker is in the "available OOB
area", which is somewhere in the OOB area between the bad block marker
and the ECC bytes. I think that checking the data buffer and the ECC
area only is enough and we can probably leave the remaining spare OOB
area.
But instead of calling nand_check_erased_ecc_chunk twice, just call:
nand_check_erased_ecc_chunk(data, datalen, ecc, ecclen, NULL, 0,
strength);
And also please clarify your commit log: you are not "just checking the
ECC bytes" but you are checking both the main area and the ECC bytes.
Thanks,
Miquèl
Powered by blists - more mailing lists