| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20211101083824.236b9983@collabora.com>
Date: Mon, 1 Nov 2021 08:38:24 +0100
From: Boris Brezillon <boris.brezillon@...labora.com>
To: Sean Nyekjaer <sean@...nix.com>
Cc: Miquel Raynal <miquel.raynal@...tlin.com>,
Richard Weinberger <richard@....at>,
Vignesh Raghavendra <vigneshr@...com>,
Boris Brezillon <bbrezillon@...nel.org>,
linux-mtd@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 1/4] mtd: rawnand: nand_bbt: hide suspend/resume
hooks while scanning bbt
On Tue, 26 Oct 2021 07:55:48 +0200
Sean Nyekjaer <sean@...nix.com> wrote:
> From: Boris Brezillon <boris.brezillon@...labora.com>
>
> The BBT scan logic use the MTD helpers before the MTD layer had a
> chance to initialize the device, and that leads to issues when
> accessing the uninitialized suspend lock. Let's temporarily set the
> suspend/resume hooks to NULL to skip the lock acquire/release step.
>
> Fixes: 013e6292aaf5 ("mtd: rawnand: Simplify the locking")
I think I already mentioned this Fixes tag should not be there.
> Tested-by: Sean Nyekjaer <sean@...nix.com>
> Signed-off-by: Boris Brezillon <boris.brezillon@...labora.com>
> Signed-off-by: Sean Nyekjaer <sean@...nix.com>
> ---
> drivers/mtd/nand/raw/nand_bbt.c | 28 +++++++++++++++++++++++++++-
> 1 file changed, 27 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/mtd/nand/raw/nand_bbt.c b/drivers/mtd/nand/raw/nand_bbt.c
> index b7ad030225f8..93d385703469 100644
> --- a/drivers/mtd/nand/raw/nand_bbt.c
> +++ b/drivers/mtd/nand/raw/nand_bbt.c
> @@ -1397,8 +1397,28 @@ static int nand_create_badblock_pattern(struct nand_chip *this)
> */
> int nand_create_bbt(struct nand_chip *this)
> {
> + struct mtd_info *mtd = nand_to_mtd(this);
> + int (*suspend) (struct mtd_info *) = mtd->_suspend;
> + void (*resume) (struct mtd_info *) = mtd->_resume;
> int ret;
>
> + /*
> + * The BBT scan logic use the MTD helpers before the MTD layer had a
> + * chance to initialize the device, and that leads to issues when
> + * accessing the uninitialized suspend lock. Let's temporarily set the
> + * suspend/resume hooks to NULL to skip the lock acquire/release step.
> + *
> + * FIXME: This is an ugly hack, so please don't copy this pattern to
> + * other MTD implementations. The proper fix would be to implement a
> + * generic BBT scan logic at the NAND level that's not using any of the
> + * MTD helpers to access pages. We also might consider doing a two
> + * step initialization at the MTD level (mtd_device_init() +
> + * mtd_device_register()) so some of the fields are initialized
> + * early.
> + */
> + mtd->_suspend = NULL;
> + mtd->_resume = NULL;
> +
> /* Is a flash based bad block table requested? */
> if (this->bbt_options & NAND_BBT_USE_FLASH) {
> /* Use the default pattern descriptors */
> @@ -1422,7 +1442,13 @@ int nand_create_bbt(struct nand_chip *this)
> return ret;
> }
>
> - return nand_scan_bbt(this, this->badblock_pattern);
> + ret = nand_scan_bbt(this, this->badblock_pattern);
> +
> + /* Restore the suspend/resume hooks. */
> + mtd->_suspend = suspend;
> + mtd->_resume = resume;
> +
> + return ret;
> }
> EXPORT_SYMBOL(nand_create_bbt);
>
Powered by blists - more mailing lists