lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 17 Nov 2020 13:30:01 +0100
From:   Sascha Hauer <s.hauer@...gutronix.de>
To:     Juergen Borleis <jbe@...gutronix.de>
Cc:     Miquel Raynal <miquel.raynal@...tlin.com>,
        linux-kernel@...r.kernel.org, linux-mtd@...ts.infradead.org,
        Richard Weinberger <richard@....at>,
        Vignesh Raghavendra <vigneshr@...com>, kernel@...gutronix.de,
        Han Xu <han.xu@....com>
Subject: Re: mtd: rawnand: gpmi: regression since
 e5e5631cc88987a6f3cd8304660bd9190da95916

On Tue, Nov 17, 2020 at 11:16:26AM +0100, Juergen Borleis wrote:
> Hi,
> 
> reading a NAND page in raw mode is required to check the consistence of the so-
> called FCBs (used to boot the SoC from NAND content).
> 
> Before e5e5631cc88987a6f3cd8304660bd9190da95916 ("mtd: rawnand: gpmi: Use
> nand_extract_bits()") it reads the first page of the NAND correctly as:
> 
> 00000000  00 00 88 fb ff ff 46 43  42 20 00 00 00 01 50 3c  |......FCB ....P<|
> 00000010  19 06 00 00 00 00 00 08  00 00 80 08 00 00 40 00  |..............@.|
> 00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 09 00  |................|
> 00000030  00 00 00 02 00 00 00 02  00 00 09 00 00 00 0a 00  |................|
> 00000040  00 00 03 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> 00000060  00 00 00 00 00 00 00 00  00 00 00 01 00 00 80 10  |................|
> 00000070  00 00 55 01 00 00 55 01  00 00 01 00 00 00 9e 07  |..U...U.........|
> 00000080  00 00 02 00 00 00 00 08  00 00 00 00 00 00 00 00  |................|
> 00000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> *
> 00000200  40 05 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |@...............|
> 00000210  40 01 00 00 00 80 05 00  00 80 05 00 40 01 00 00  |@...........@...|
> 00000220  c0 03 00 00 80 02 00 00  00 00 00 00 00 00 00 00  |................|
> 00000230  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> 00000240  00 00 00 00 00 00 00 00  00 00 00 00 00 00 07 00  |................|
> 00000250  80 83 06 00 00 00 07 00  00 00 07 00 00 07 00 00  |................|
> 00000260  00 42 06 00 80 05 00 00  00 40 06 00 00 00 00 00  |.B.......@......|
> 00000270  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> *
> 00000790  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 fc  |................|
> 000007a0  03 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> 000007b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> *
> 00000800  ff 00 00 00 00 00 00 00  00 00 00 00 17 15 06 06  |................|
> 00000810  10 1f 03 07 00 00 00 1c  0f 17 1f 05 00 00 00 00  |................|
> 00000820  00 19 00 00 0e 19 00 00  00 00 00 00 00 00 00 00  |................|
> 00000830  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> *
> 00000880
> 
> After applying e5e5631cc88987a6f3cd8304660bd9190da95916 reading the same page
> the reported content is broken (the NAND page still contains correct data):
> 
> 00000000  00 00 88 fb ff ff 46 43  42 20 00 00 00 01 50 3c  |......FCB ....P<|
> 00000010  19 06 00 00 00 00 00 08  00 00 80 08 00 00 40 00  |..............@.|
> 00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 09 00  |................|
> 00000030  00 00 00 02 00 00 00 02  00 00 09 00 00 00 0a 00  |................|
> 00000040  40 05 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |@...............|
> 00000050  40 01 00 00 00 80 05 00  00 80 05 00 40 01 00 00  |@...........@...|
> 00000060  c0 03 00 00 80 02 00 00  00 00 00 00 00 00 00 00  |................|
> 00000070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> *
> 00000250  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 fc  |................|
> 00000260  03 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> 00000270  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> *
> 000002c0  06 70 c0 a8 00 00 00 00  00 00 00 00 40 00 00 00  |.p..........@...|

Note beginning from offset 0x2c0 we get some uninitialized data. Among
other things we saw systemd unit files there.

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

Powered by blists - more mailing lists