lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230612192640.63baf3e8@xps-13>
Date:   Mon, 12 Jun 2023 19:26:40 +0200
From:   Miquel Raynal <miquel.raynal@...tlin.com>
To:     Johan Jonker <jbx6244@...il.com>
Cc:     richard@....at, vigneshr@...com, heiko@...ech.de,
        linux-mtd@...ts.infradead.org, linux-kernel@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org,
        linux-rockchip@...ts.infradead.org, yifeng.zhao@...k-chips.com
Subject: Re: [PATCH v2 3/5] mtd: nand: raw: rockchip-nand-controller: fix
 oobfree offset and description

Hi Johan,

jbx6244@...il.com wrote on Mon, 12 Jun 2023 17:03:18 +0200:

> The MTD framework reserves 1 or 2 bytes for the bad block marker
> depending on the bus size. The rockchip-nand-controller driver
> currently only supports a 8 bit bus, but reserves standard 2 bytes
> for the BBM.

We always reserve 2 bytes, no?

> The first free OOB byte is therefore OOB2 at offset 2.
> Page address(PA) bytes are moved to the last 4 positions before
> ECC. Update the description for Linux.

The description should just be:

Move Page Address (PA) bytes to the last 4 positions before ECC.

And then you should justify why this is needed. Also, this would break
all existing jffs2 users, right?

> 
> Signed-off-by: Johan Jonker <jbx6244@...il.com>
> ---
>  drivers/mtd/nand/raw/rockchip-nand-controller.c | 11 ++++-------
>  1 file changed, 4 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/mtd/nand/raw/rockchip-nand-controller.c b/drivers/mtd/nand/raw/rockchip-nand-controller.c
> index 31d8c7a87..fcda4c760 100644
> --- a/drivers/mtd/nand/raw/rockchip-nand-controller.c
> +++ b/drivers/mtd/nand/raw/rockchip-nand-controller.c
> @@ -566,9 +566,10 @@ static int rk_nfc_write_page_raw(struct nand_chip *chip, const u8 *buf,
>  		 *    BBM  OOB1 OOB2 OOB3 |......|  PA0  PA1  PA2  PA3
>  		 *
>  		 * The rk_nfc_ooblayout_free() function already has reserved
> -		 * these 4 bytes with:
> +		 * these 4 bytes together with 2 bytes for BBM
> +		 * by reducing it's length:
>  		 *
> -		 * oob_region->offset = NFC_SYS_DATA_SIZE + 2;
> +		 * oob_region->length = rknand->metadata_size - NFC_SYS_DATA_SIZE - 2;
>  		 */
>  		if (!i)
>  			memcpy(rk_nfc_oob_ptr(chip, i),
> @@ -945,12 +946,8 @@ static int rk_nfc_ooblayout_free(struct mtd_info *mtd, int section,
>  	if (section)
>  		return -ERANGE;
> 
> -	/*
> -	 * The beginning of the OOB area stores the reserved data for the NFC,
> -	 * the size of the reserved data is NFC_SYS_DATA_SIZE bytes.
> -	 */
>  	oob_region->length = rknand->metadata_size - NFC_SYS_DATA_SIZE - 2;
> -	oob_region->offset = NFC_SYS_DATA_SIZE + 2;
> +	oob_region->offset = 2;
> 
>  	return 0;
>  }
> --
> 2.30.2
> 


Thanks,
Miquèl

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ