lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20201120115109.198d0e5d@xps13>
Date:   Fri, 20 Nov 2020 11:51:09 +0100
From:   Miquel Raynal <miquel.raynal@...tlin.com>
To:     Sascha Hauer <s.hauer@...gutronix.de>
Cc:     Juergen Borleis <jbe@...gutronix.de>, linux-kernel@...r.kernel.org,
        linux-mtd@...ts.infradead.org, Richard Weinberger <richard@....at>,
        Vignesh Raghavendra <vigneshr@...com>, kernel@...gutronix.de,
        Han Xu <han.xu@....com>
Subject: Re: mtd: rawnand: gpmi: regression since
 e5e5631cc88987a6f3cd8304660bd9190da95916

Hi,

Sascha Hauer <s.hauer@...gutronix.de> wrote on Tue, 17 Nov 2020
13:30:01 +0100:

> On Tue, Nov 17, 2020 at 11:16:26AM +0100, Juergen Borleis wrote:
> > Hi,
> > 
> > reading a NAND page in raw mode is required to check the consistence of the so-
> > called FCBs (used to boot the SoC from NAND content).
> > 
> > Before e5e5631cc88987a6f3cd8304660bd9190da95916 ("mtd: rawnand: gpmi: Use
> > nand_extract_bits()") it reads the first page of the NAND correctly as:
> > 
> > 00000000  00 00 88 fb ff ff 46 43  42 20 00 00 00 01 50 3c  |......FCB ....P<|
> > 00000010  19 06 00 00 00 00 00 08  00 00 80 08 00 00 40 00  |..............@.|
> > 00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 09 00  |................|
> > 00000030  00 00 00 02 00 00 00 02  00 00 09 00 00 00 0a 00  |................|
> > 00000040  00 00 03 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> > 00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> > 00000060  00 00 00 00 00 00 00 00  00 00 00 01 00 00 80 10  |................|
> > 00000070  00 00 55 01 00 00 55 01  00 00 01 00 00 00 9e 07  |..U...U.........|
> > 00000080  00 00 02 00 00 00 00 08  00 00 00 00 00 00 00 00  |................|
> > 00000090  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> > *
> > 00000200  40 05 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |@...............|
> > 00000210  40 01 00 00 00 80 05 00  00 80 05 00 40 01 00 00  |@...........@...|
> > 00000220  c0 03 00 00 80 02 00 00  00 00 00 00 00 00 00 00  |................|
> > 00000230  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> > 00000240  00 00 00 00 00 00 00 00  00 00 00 00 00 00 07 00  |................|
> > 00000250  80 83 06 00 00 00 07 00  00 00 07 00 00 07 00 00  |................|
> > 00000260  00 42 06 00 80 05 00 00  00 40 06 00 00 00 00 00  |.B.......@......|
> > 00000270  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> > *
> > 00000790  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 fc  |................|
> > 000007a0  03 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> > 000007b0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> > *
> > 00000800  ff 00 00 00 00 00 00 00  00 00 00 00 17 15 06 06  |................|
> > 00000810  10 1f 03 07 00 00 00 1c  0f 17 1f 05 00 00 00 00  |................|
> > 00000820  00 19 00 00 0e 19 00 00  00 00 00 00 00 00 00 00  |................|
> > 00000830  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> > *
> > 00000880
> > 
> > After applying e5e5631cc88987a6f3cd8304660bd9190da95916 reading the same page
> > the reported content is broken (the NAND page still contains correct data):
> > 
> > 00000000  00 00 88 fb ff ff 46 43  42 20 00 00 00 01 50 3c  |......FCB ....P<|
> > 00000010  19 06 00 00 00 00 00 08  00 00 80 08 00 00 40 00  |..............@.|
> > 00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 09 00  |................|
> > 00000030  00 00 00 02 00 00 00 02  00 00 09 00 00 00 0a 00  |................|
> > 00000040  40 05 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |@...............|
> > 00000050  40 01 00 00 00 80 05 00  00 80 05 00 40 01 00 00  |@...........@...|
> > 00000060  c0 03 00 00 80 02 00 00  00 00 00 00 00 00 00 00  |................|
> > 00000070  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> > *
> > 00000250  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 fc  |................|
> > 00000260  03 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> > 00000270  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
> > *
> > 000002c0  06 70 c0 a8 00 00 00 00  00 00 00 00 40 00 00 00  |.p..........@...|  
> 
> Note beginning from offset 0x2c0 we get some uninitialized data. Among
> other things we saw systemd unit files there.

Indeed, this unitialized data makes me thing that it is not fully
related to this patch. Honestly this is super weird.

Juergen would you have the time to debug it further? I don't have the
necessary hardware to investigate this right now.

Thanks,
Miquèl

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ