lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1607570529-22341-2-git-send-email-ycllin@mxic.com.tw>
Date:   Thu, 10 Dec 2020 11:22:08 +0800
From:   YouChing Lin <ycllin@...c.com.tw>
To:     miquel.raynal@...tlin.com, vigneshr@...com
Cc:     juliensu@...c.com.tw, linux-mtd@...ts.infradead.org,
        linux-kernel@...r.kernel.org, ycllin@...c.com.tw
Subject: [PATCH 1/2] mtd: nand: ecc-bch: Fix the size of calc_buf/code_buf of the BCH

If eccbyte exceeds 64 bytes, the read operation will get wrong results.
For example: Flash with a page size of 4096 bytes (eccbyte: 104 bytes).
During the read operation, after executing nand_ecc_sw_bch_calculate(),
since the calc_buf/code_buf ranges overlap each other, the last three
steps of ecc_code (read from oob) will be changed.

The root cause is that the size of calc_buf/code_buf is limited to 64
bytes, although sizeof(mtd->oobsize) returns 4, kzalloc() will allocate
64 bytes (cache size alignment).

So we correct the size of calc_buf/code_buf to mtd->oobsize.

Signed-off-by: YouChing Lin <ycllin@...c.com.tw>
---
 drivers/mtd/nand/ecc-sw-bch.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/mtd/nand/ecc-sw-bch.c b/drivers/mtd/nand/ecc-sw-bch.c
index 4d8a979..0a0ac11 100644
--- a/drivers/mtd/nand/ecc-sw-bch.c
+++ b/drivers/mtd/nand/ecc-sw-bch.c
@@ -237,8 +237,8 @@ int nand_ecc_sw_bch_init_ctx(struct nand_device *nand)
 
 	engine_conf->code_size = code_size;
 	engine_conf->nsteps = nsteps;
-	engine_conf->calc_buf = kzalloc(sizeof(mtd->oobsize), GFP_KERNEL);
-	engine_conf->code_buf = kzalloc(sizeof(mtd->oobsize), GFP_KERNEL);
+	engine_conf->calc_buf = kzalloc(mtd->oobsize, GFP_KERNEL);
+	engine_conf->code_buf = kzalloc(mtd->oobsize, GFP_KERNEL);
 	if (!engine_conf->calc_buf || !engine_conf->code_buf) {
 		ret = -ENOMEM;
 		goto free_bufs;
-- 
1.9.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ