| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 12 Jun 2023 19:26:40 +0200
From: Miquel Raynal <miquel.raynal@...tlin.com>
To: Johan Jonker <jbx6244@...il.com>
Cc: richard@....at, vigneshr@...com, heiko@...ech.de,
linux-mtd@...ts.infradead.org, linux-kernel@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org,
linux-rockchip@...ts.infradead.org, yifeng.zhao@...k-chips.com
Subject: Re: [PATCH v2 3/5] mtd: nand: raw: rockchip-nand-controller: fix
oobfree offset and description
Hi Johan,
jbx6244@...il.com wrote on Mon, 12 Jun 2023 17:03:18 +0200:
> The MTD framework reserves 1 or 2 bytes for the bad block marker
> depending on the bus size. The rockchip-nand-controller driver
> currently only supports a 8 bit bus, but reserves standard 2 bytes
> for the BBM.
We always reserve 2 bytes, no?
> The first free OOB byte is therefore OOB2 at offset 2.
> Page address(PA) bytes are moved to the last 4 positions before
> ECC. Update the description for Linux.
The description should just be:
Move Page Address (PA) bytes to the last 4 positions before ECC.
And then you should justify why this is needed. Also, this would break
all existing jffs2 users, right?
>
> Signed-off-by: Johan Jonker <jbx6244@...il.com>
> ---
> drivers/mtd/nand/raw/rockchip-nand-controller.c | 11 ++++-------
> 1 file changed, 4 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/mtd/nand/raw/rockchip-nand-controller.c b/drivers/mtd/nand/raw/rockchip-nand-controller.c
> index 31d8c7a87..fcda4c760 100644
> --- a/drivers/mtd/nand/raw/rockchip-nand-controller.c
> +++ b/drivers/mtd/nand/raw/rockchip-nand-controller.c
> @@ -566,9 +566,10 @@ static int rk_nfc_write_page_raw(struct nand_chip *chip, const u8 *buf,
> * BBM OOB1 OOB2 OOB3 |......| PA0 PA1 PA2 PA3
> *
> * The rk_nfc_ooblayout_free() function already has reserved
> - * these 4 bytes with:
> + * these 4 bytes together with 2 bytes for BBM
> + * by reducing it's length:
> *
> - * oob_region->offset = NFC_SYS_DATA_SIZE + 2;
> + * oob_region->length = rknand->metadata_size - NFC_SYS_DATA_SIZE - 2;
> */
> if (!i)
> memcpy(rk_nfc_oob_ptr(chip, i),
> @@ -945,12 +946,8 @@ static int rk_nfc_ooblayout_free(struct mtd_info *mtd, int section,
> if (section)
> return -ERANGE;
>
> - /*
> - * The beginning of the OOB area stores the reserved data for the NFC,
> - * the size of the reserved data is NFC_SYS_DATA_SIZE bytes.
> - */
> oob_region->length = rknand->metadata_size - NFC_SYS_DATA_SIZE - 2;
> - oob_region->offset = NFC_SYS_DATA_SIZE + 2;
> + oob_region->offset = 2;
>
> return 0;
> }
> --
> 2.30.2
>
Thanks,
Miquèl
Powered by blists - more mailing lists