From patchwork Thu May 25 04:50:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahiro Yamada X-Patchwork-Id: 100458 Delivered-To: patch@linaro.org Received: by 10.140.96.100 with SMTP id j91csp599828qge; Wed, 24 May 2017 21:51:32 -0700 (PDT) X-Received: by 10.99.116.7 with SMTP id p7mr42525323pgc.162.1495687892080; Wed, 24 May 2017 21:51:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1495687892; cv=none; d=google.com; s=arc-20160816; b=RDtbdmlANzHy5pIfPc3QqZC29FaUD9rEi0ypFqEuvtnqgMCNiwAx1ocY/IG+fHRoW4 o4E9guLyEjd2pD+Ig+4S7Y5Hbe/XGEb/JMWHAW7aGOJY0iK2wp8XFe/PpUFYSsKqhnaU UhY01wrj+Z8wMj6E+B6jlvtGnxNBssOUh4CQ0KQ8JovVwaPL+TScLrSC5PKdRx+oWttW DbYho44A5BRgXaaNrRdOPAr4QX9z/H/ykUocZOyIjvjDztOxHo9r3evS+sOBvJe6Gxff SX2EmXV5E0DmjkaS8tmjudcwBDcDl5DQU/UV2tUfBF8ZcweKzK7+PE8Zs2eed9KzQWFw jmsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:message-id:date:subject:to:from:dkim-signature :dkim-filter:dkim-signature:arc-authentication-results; bh=E6MGpADLNjIL52Yfft71gP83UFmutOEg0a2fkoYoSC0=; b=NB70bd9AA7uJhtiuxpDrLttlFUMrMUpDB18dtcqHxTqS7n2s3FKpdf3UD5y7C0ONDd M2bIGFhkMZQJLkLVqU/i1Wo1rH62A3VxAHVCjoqTwvG3cun9rOdiucKr/qF67O/W/Eqo LLg0QyNFMFOvQFnaaQE9p/Yy0IT/LxM+mGryklI/owp4zL8btaMt1f5YvxnKaIUuUSXC mTPybM6wViQehvFSHSoF7+a0lxUW6R8zziBg+T3uVV8ifbjpt99MmByLMkG+dFLCfCdp FErAKjB1BUSo1IzhJq9oKj0FjNEEtr9Z874/0yDb/kZkG039xQdp9xy0rp59iBxVtkkJ kLqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.infradead.org; dkim=neutral (body hash did not verify) header.i=@nifty.com; spf=pass (google.com: best guess record for domain of linux-mtd-bounces+patch=linaro.org@lists.infradead.org designates 65.50.211.133 as permitted sender) smtp.mailfrom=linux-mtd-bounces+patch=linaro.org@lists.infradead.org Return-Path: Received: from bombadil.infradead.org (bombadil.infradead.org. [65.50.211.133]) by mx.google.com with ESMTPS id a8si22854395ple.184.2017.05.24.21.51.31 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 May 2017 21:51:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-mtd-bounces+patch=linaro.org@lists.infradead.org designates 65.50.211.133 as permitted sender) client-ip=65.50.211.133; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.infradead.org; dkim=neutral (body hash did not verify) header.i=@nifty.com; spf=pass (google.com: best guess record for domain of linux-mtd-bounces+patch=linaro.org@lists.infradead.org designates 65.50.211.133 as permitted sender) smtp.mailfrom=linux-mtd-bounces+patch=linaro.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=E6MGpADLNjIL52Yfft71gP83UFmutOEg0a2fkoYoSC0=; b=B9g SpPj5Klyd92KKlInljx2Cy+nRJzzN5S5+b09VtwZ7B4XWT2BFZn/7jEsSwlJJMnjPIyMQiCXpa0J4 eHgwCoA5Nl2UB6n3gRQRbP/A2Lb3732Gh0M6G2Erbgw54WqZWdVbDJxEn23FuC9rIS4snuZOlWHy+ nyqqj02v5xL7c6drKFhoeiYSTJ6eVZ4S4U+MjjqA9GCaEQU9WLfJbi+cZ9caaH2pb2/LGuyj1imUB BgolyKW2OjSK2lLT2qRUMA99YrL8Tf9G8FguE5duzoDP5zpqXWxUUObs3GkMS6ZHfjVd9S68wxLA+ O842tqYuh528DByhCJE7/Xl24WPlVZQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1dDkjz-0004DQ-HS; Thu, 25 May 2017 04:51:15 +0000 Received: from conuserg-07.nifty.com ([210.131.2.74]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1dDkjw-0004C1-4u for linux-mtd@lists.infradead.org; Thu, 25 May 2017 04:51:14 +0000 Received: from pug.e01.socionext.com (p14092-ipngnfx01kyoto.kyoto.ocn.ne.jp [153.142.97.92]) (authenticated) by conuserg-07.nifty.com with ESMTP id v4P4oL2A024821; Thu, 25 May 2017 13:50:22 +0900 DKIM-Filter: OpenDKIM Filter v2.10.3 conuserg-07.nifty.com v4P4oL2A024821 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com; s=dec2015msa; t=1495687822; bh=8SIoQQv6i2jLG/UqUswFymzbm/OGvXaUfwrUvqunNcU=; h=From:To:Cc:Subject:Date:From; b=2RDo0Ns47/cXm7StcGSUdkWzzqVIg0vjUfxzlyca8lrfnvB0hLAEO4kUYRmpwfKJc gf7ab9h7zfledAu8j0LmyMJ/uWvYxLEt7dU2fra+iznF/3OlpUca3tZfp1/SK53tCi UMVuUR1Uby3XMEyEru5hvWCDxsQaBIeuQCQ3v2HtD3VRSZpWfiiuRtyWBc9AFpmvgy 4g5dWGlRmdZeFjmap2ZEEculxgJKE1L+m9Swh+RNjbSr7AJeqCoJTnvGVsRyd6vUi7 1FDvHDefC1N+bpu3u1l4lgfkBVW+HMFoHCl7nMm33RRjxUGOp8xcVVihCOt4qshgso epkejhkIZFuYA== X-Nifty-SrcIP: [153.142.97.92] From: Masahiro Yamada To: linux-mtd@lists.infradead.org Subject: [PATCH] mtd: nand: check ecc->total sanity in nand_scan_tail Date: Thu, 25 May 2017 13:50:20 +0900 Message-Id: <1495687820-30692-1-git-send-email-yamada.masahiro@socionext.com> X-Mailer: git-send-email 2.7.4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20170524_215112_571143_8A317F4E X-CRM114-Status: UNSURE ( 9.24 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -1.2 (-) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-1.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Boris Brezillon , Marek Vasut , Richard Weinberger , linux-kernel@vger.kernel.org, Masahiro Yamada , Cyrille Pitchen , Brian Norris , David Woodhouse MIME-Version: 1.0 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+patch=linaro.org@lists.infradead.org Drivers are supposed to set correct ecc->{size,strength,bytes} before calling nand_scan_tail(), but it does not complain about ecc->total bigger than oobsize. In this case, chip->scan_bbt() crashes due to memory corruption, but it is hard to debug. It would be kind to fail it earlier with a clear message. Signed-off-by: Masahiro Yamada --- I was actually hit by this case. I wasted half a day until I figured out my coding mistake in my Denali driver. It will be helpful to check this in NAND core. drivers/mtd/nand/nand_base.c | 5 +++++ 1 file changed, 5 insertions(+) -- 2.7.4 ______________________________________________________ Linux MTD discussion mailing list http://lists.infradead.org/mailman/listinfo/linux-mtd/ diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c index f4d686192717..14d6a5aa3ee8 100644 --- a/drivers/mtd/nand/nand_base.c +++ b/drivers/mtd/nand/nand_base.c @@ -4970,6 +4970,11 @@ int nand_scan_tail(struct mtd_info *mtd) goto err_free; } ecc->total = ecc->steps * ecc->bytes; + if (ecc->total > mtd->oobsize) { + WARN(1, "Total number of ECC bytes exceeded oobsize\n"); + ret = -EINVAL; + goto err_free; + } /* * The number of bytes available for a client to place data into