| Message ID | 1265326257-4446-12-git-send-email-maximlevitsky@gmail.com |
|---|---|
| State | New, archived |
| Headers | show |
ops->ooblen is the oob bytes to write, you add a argument for nand_fill_oob to do this, it is redundant. I know the bug you want to fix, the ops->ooblen may be illegal. But this patch can't this problem. If (ops->offset + ops->ooblen) > mtd->oobsize, it still will write beyond a page. I think the right method is that nand_do_write_ops do the check like nand_do_write_oob, I have the patch yesterday. http://patchwork.ozlabs.org/patch/44450/ Stanley. Maxim Levitsky wrote: > Although nand_do_write_ops intends to allow such mode, it fails do do so > Probably this was never tested > > Signed-off-by: Maxim Levitsky <maximlevitsky@gmail.com> > --- > drivers/mtd/nand/nand_base.c | 16 +++++++++------- > 1 files changed, 9 insertions(+), 7 deletions(-) > > diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c > index 8ff36be..29e986e 100644 > --- a/drivers/mtd/nand/nand_base.c > +++ b/drivers/mtd/nand/nand_base.c > @@ -1879,11 +1879,9 @@ static int nand_write_page(struct mtd_info *mtd, struct nand_chip *chip, > * @oob: oob data buffer > * @ops: oob ops structure > */ > -static uint8_t *nand_fill_oob(struct nand_chip *chip, uint8_t *oob, > - struct mtd_oob_ops *ops) > +static uint8_t *nand_fill_oob(struct nand_chip *chip, uint8_t *oob, size_t len, > + struct mtd_oob_ops *ops) > ops->ooblen is the oob bytes to write, you add a prara > { > - size_t len = ops->ooblen; > - > switch(ops->mode) { > > case MTD_OOB_PLACE: > @@ -1938,6 +1936,7 @@ static int nand_do_write_ops(struct mtd_info *mtd, loff_t to, > int chipnr, realpage, page, blockmask, column; > struct nand_chip *chip = mtd->priv; > uint32_t writelen = ops->len; > + uint32_t oobwritelen = ops->ooblen; > uint8_t *oob = ops->oobbuf; > uint8_t *buf = ops->datbuf; > int ret, subpage; > @@ -1994,8 +1993,11 @@ static int nand_do_write_ops(struct mtd_info *mtd, loff_t to, > wbuf = chip->buffers->databuf; > } > > - if (unlikely(oob)) > - oob = nand_fill_oob(chip, oob, ops); > + if (unlikely(oob)) { > + size_t len = min(oobwritelen, mtd->oobsize); > + oob = nand_fill_oob(chip, oob, len, ops); > + oobwritelen -= len; > + } > > ret = chip->write_page(mtd, chip, wbuf, page, cached, > (ops->mode == MTD_OOB_RAW)); > @@ -2169,7 +2171,7 @@ static int nand_do_write_oob(struct mtd_info *mtd, loff_t to, > chip->pagebuf = -1; > > memset(chip->oob_poi, 0xff, mtd->oobsize); > - nand_fill_oob(chip, ops->oobbuf, ops); > + nand_fill_oob(chip, ops->oobbuf, ops->ooblen, ops); > status = chip->ecc.write_oob(mtd, chip, page & chip->pagemask); > memset(chip->oob_poi, 0xff, mtd->oobsize); > >
ops->ooblen is the oob bytes to write, you add a argument for nand_fill_oob to do this, it is redundant. I know the bug you want to fix, the ops->ooblen may be illegal. But this patch can't solve this problem. If (ops->offset + ops->ooblen) > mtd->oobsize, it still will write beyond one page. I think the right method to solve it is that nand_do_write_ops do the check like nand_do_write_oob. I have sent the patch yesterday. http://patchwork.ozlabs.org/patch/44450/ Stanley. Maxim Levitsky wrote: > Although nand_do_write_ops intends to allow such mode, it fails do do so > Probably this was never tested > > Signed-off-by: Maxim Levitsky <maximlevitsky@gmail.com> > --- > drivers/mtd/nand/nand_base.c | 16 +++++++++------- > 1 files changed, 9 insertions(+), 7 deletions(-) > > diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c > index 8ff36be..29e986e 100644 > --- a/drivers/mtd/nand/nand_base.c > +++ b/drivers/mtd/nand/nand_base.c > @@ -1879,11 +1879,9 @@ static int nand_write_page(struct mtd_info *mtd, struct nand_chip *chip, > * @oob: oob data buffer > * @ops: oob ops structure > */ > -static uint8_t *nand_fill_oob(struct nand_chip *chip, uint8_t *oob, > - struct mtd_oob_ops *ops) > +static uint8_t *nand_fill_oob(struct nand_chip *chip, uint8_t *oob, size_t len, > + struct mtd_oob_ops *ops) > ops->ooblen is the oob bytes to write, you add a prara > { > - size_t len = ops->ooblen; > - > switch(ops->mode) { > > case MTD_OOB_PLACE: > @@ -1938,6 +1936,7 @@ static int nand_do_write_ops(struct mtd_info *mtd, loff_t to, > int chipnr, realpage, page, blockmask, column; > struct nand_chip *chip = mtd->priv; > uint32_t writelen = ops->len; > + uint32_t oobwritelen = ops->ooblen; > uint8_t *oob = ops->oobbuf; > uint8_t *buf = ops->datbuf; > int ret, subpage; > @@ -1994,8 +1993,11 @@ static int nand_do_write_ops(struct mtd_info *mtd, loff_t to, > wbuf = chip->buffers->databuf; > } > > - if (unlikely(oob)) > - oob = nand_fill_oob(chip, oob, ops); > + if (unlikely(oob)) { > + size_t len = min(oobwritelen, mtd->oobsize); > + oob = nand_fill_oob(chip, oob, len, ops); > + oobwritelen -= len; > + } > > ret = chip->write_page(mtd, chip, wbuf, page, cached, > (ops->mode == MTD_OOB_RAW)); > @@ -2169,7 +2171,7 @@ static int nand_do_write_oob(struct mtd_info *mtd, loff_t to, > chip->pagebuf = -1; > > memset(chip->oob_poi, 0xff, mtd->oobsize); > - nand_fill_oob(chip, ops->oobbuf, ops); > + nand_fill_oob(chip, ops->oobbuf, ops->ooblen, ops); > status = chip->ecc.write_oob(mtd, chip, page & chip->pagemask); > memset(chip->oob_poi, 0xff, mtd->oobsize); > >
On Fri, 2010-02-05 at 10:25 +0800, stanley.miao wrote: > ops->ooblen is the oob bytes to write, you add a argument for > nand_fill_oob to do this, > it is redundant. No its not. ops->ooblen can be legitimately larger that mtd->oobsize because user might want to write two or more pages in a row. I want to be able to write two pages + two oobs in same time. > > I know the bug you want to fix, the ops->ooblen may be illegal. But this > patch can't this > problem. If (ops->offset + ops->ooblen) > mtd->oobsize, it still will > write beyond a page. This is true, I just didn't use the ops->offset.... > > I think the right method is that nand_do_write_ops do the check like > nand_do_write_oob, > I have the patch yesterday. > > http://patchwork.ozlabs.org/patch/44450/ This again won't work for multipage writes I have in mind. However if ops->ooboffs is set, I think multipage write shouldn't be allowed This is: if (ops->ooboffs && (ops->ooboffs + ops->ooblen) > len)) Also check for 'ops->ooboffs >= len' is almost redundant. Only case it would trigger is when 'ops->ooblen == 0' But this probably can be dealt with, without error. Best regards, Maxim Levitsky > > Stanley. > > Maxim Levitsky wrote: > > Although nand_do_write_ops intends to allow such mode, it fails do do so > > Probably this was never tested > > > > Signed-off-by: Maxim Levitsky <maximlevitsky@gmail.com> > > --- > > drivers/mtd/nand/nand_base.c | 16 +++++++++------- > > 1 files changed, 9 insertions(+), 7 deletions(-) > > > > diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c > > index 8ff36be..29e986e 100644 > > --- a/drivers/mtd/nand/nand_base.c > > +++ b/drivers/mtd/nand/nand_base.c > > @@ -1879,11 +1879,9 @@ static int nand_write_page(struct mtd_info *mtd, struct nand_chip *chip, > > * @oob: oob data buffer > > * @ops: oob ops structure > > */ > > -static uint8_t *nand_fill_oob(struct nand_chip *chip, uint8_t *oob, > > - struct mtd_oob_ops *ops) > > +static uint8_t *nand_fill_oob(struct nand_chip *chip, uint8_t *oob, size_t len, > > + struct mtd_oob_ops *ops) > > > > ops->ooblen is the oob bytes to write, you add a prara > > > { > > - size_t len = ops->ooblen; > > - > > switch(ops->mode) { > > > > case MTD_OOB_PLACE: > > @@ -1938,6 +1936,7 @@ static int nand_do_write_ops(struct mtd_info *mtd, loff_t to, > > int chipnr, realpage, page, blockmask, column; > > struct nand_chip *chip = mtd->priv; > > uint32_t writelen = ops->len; > > + uint32_t oobwritelen = ops->ooblen; > > uint8_t *oob = ops->oobbuf; > > uint8_t *buf = ops->datbuf; > > int ret, subpage; > > @@ -1994,8 +1993,11 @@ static int nand_do_write_ops(struct mtd_info *mtd, loff_t to, > > wbuf = chip->buffers->databuf; > > } > > > > - if (unlikely(oob)) > > - oob = nand_fill_oob(chip, oob, ops); > > + if (unlikely(oob)) { > > + size_t len = min(oobwritelen, mtd->oobsize); > > + oob = nand_fill_oob(chip, oob, len, ops); > > + oobwritelen -= len; > > + } > > > > ret = chip->write_page(mtd, chip, wbuf, page, cached, > > (ops->mode == MTD_OOB_RAW)); > > @@ -2169,7 +2171,7 @@ static int nand_do_write_oob(struct mtd_info *mtd, loff_t to, > > chip->pagebuf = -1; > > > > memset(chip->oob_poi, 0xff, mtd->oobsize); > > - nand_fill_oob(chip, ops->oobbuf, ops); > > + nand_fill_oob(chip, ops->oobbuf, ops->ooblen, ops); > > status = chip->ecc.write_oob(mtd, chip, page & chip->pagemask); > > memset(chip->oob_poi, 0xff, mtd->oobsize); > > > > >
diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c index 8ff36be..29e986e 100644 --- a/drivers/mtd/nand/nand_base.c +++ b/drivers/mtd/nand/nand_base.c @@ -1879,11 +1879,9 @@ static int nand_write_page(struct mtd_info *mtd, struct nand_chip *chip, * @oob: oob data buffer * @ops: oob ops structure */ -static uint8_t *nand_fill_oob(struct nand_chip *chip, uint8_t *oob, - struct mtd_oob_ops *ops) +static uint8_t *nand_fill_oob(struct nand_chip *chip, uint8_t *oob, size_t len, + struct mtd_oob_ops *ops) { - size_t len = ops->ooblen; - switch(ops->mode) { case MTD_OOB_PLACE: @@ -1938,6 +1936,7 @@ static int nand_do_write_ops(struct mtd_info *mtd, loff_t to, int chipnr, realpage, page, blockmask, column; struct nand_chip *chip = mtd->priv; uint32_t writelen = ops->len; + uint32_t oobwritelen = ops->ooblen; uint8_t *oob = ops->oobbuf; uint8_t *buf = ops->datbuf; int ret, subpage; @@ -1994,8 +1993,11 @@ static int nand_do_write_ops(struct mtd_info *mtd, loff_t to, wbuf = chip->buffers->databuf; } - if (unlikely(oob)) - oob = nand_fill_oob(chip, oob, ops); + if (unlikely(oob)) { + size_t len = min(oobwritelen, mtd->oobsize); + oob = nand_fill_oob(chip, oob, len, ops); + oobwritelen -= len; + } ret = chip->write_page(mtd, chip, wbuf, page, cached, (ops->mode == MTD_OOB_RAW)); @@ -2169,7 +2171,7 @@ static int nand_do_write_oob(struct mtd_info *mtd, loff_t to, chip->pagebuf = -1; memset(chip->oob_poi, 0xff, mtd->oobsize); - nand_fill_oob(chip, ops->oobbuf, ops); + nand_fill_oob(chip, ops->oobbuf, ops->ooblen, ops); status = chip->ecc.write_oob(mtd, chip, page & chip->pagemask); memset(chip->oob_poi, 0xff, mtd->oobsize);
Although nand_do_write_ops intends to allow such mode, it fails do do so Probably this was never tested Signed-off-by: Maxim Levitsky <maximlevitsky@gmail.com> --- drivers/mtd/nand/nand_base.c | 16 +++++++++------- 1 files changed, 9 insertions(+), 7 deletions(-)