From patchwork Fri Aug 10 22:48:34 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabio Estevam X-Patchwork-Id: 176647 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from merlin.infradead.org (unknown [IPv6:2001:4978:20e::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 0C02C2C00D0 for ; Sat, 11 Aug 2012 08:50:33 +1000 (EST) Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.76 #1 (Red Hat Linux)) id 1Szy0g-0004ie-RT; Fri, 10 Aug 2012 22:48:50 +0000 Received: from mail-gh0-f177.google.com ([209.85.160.177]) by merlin.infradead.org with esmtps (Exim 4.76 #1 (Red Hat Linux)) id 1Szy0c-0004iE-UL for linux-mtd@lists.infradead.org; Fri, 10 Aug 2012 22:48:48 +0000 Received: by ghbf20 with SMTP id f20so2106052ghb.36 for ; Fri, 10 Aug 2012 15:48:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer; bh=2nN79zjBvI89lS/LTmRhRLdCHDTMU1vmY5aqDJU+ge0=; b=ch3rxo6jvADxUU6S26CFOafgdy0/3h1L6ci9G6iRSdQsPSpEhNyoJOCJlBDLoHfn2S AOOEK78RucVheG9Ozip49KSdRFQNZZ91JpBO3OckIx3FHJKpK4R+6UNR9sP962qBXbrQ E3AE7WtXfLWd6sg8m0Ci2adf2QFFQ8WfIcZQxN/nBqD+0O6WQKsK+7c+NtI9mgFw6XTP 4HSxaIES8m9sS5QPOaYpluF4gb1bVk2eqi5se6Cp5SXmj6XOLc4F7oiqB9PKeWede4uB 89Ov9vqvjfbMr4tKOeITFlZP3CPw9qq+j1A4Uitv6aid/pi4E+5tWNvpsvwHuHhHYJfK 2yJA== Received: by 10.236.170.135 with SMTP id p7mr4482574yhl.109.1344638925262; Fri, 10 Aug 2012 15:48:45 -0700 (PDT) Received: from localhost.localdomain ([189.5.6.233]) by mx.google.com with ESMTPS id a4sm162633anm.14.2012.08.10.15.48.42 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 10 Aug 2012 15:48:44 -0700 (PDT) From: Fabio Estevam To: Artem.Bityutskiy@linux.intel.com Subject: [PATCH] mtd: gpmi-nand: Fix kernel crash due to missing verify_buf Date: Fri, 10 Aug 2012 19:48:34 -0300 Message-Id: <1344638914-5268-1-git-send-email-festevam@gmail.com> X-Mailer: git-send-email 1.7.1 X-Spam-Note: CRM114 invocation failed X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (festevam[at]gmail.com) -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [209.85.160.177 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Cc: marex@denx.de, Fabio Estevam , dwmw2@infradead.org, stable@vger.kernel.org, Huang Shijie , linux-mtd@lists.infradead.org, shijie8@gmail.com X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: linux-mtd-bounces@lists.infradead.org Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Fabio Estevam When selecting CONFIG_MTD_NAND_VERIFY_WRITE=y and doing simple write tests the following kernel crash happens: root@freescale /$ dd if=/dev/zero of=/dev/mtd0 bs=128k count=1 [ 41.070000] Unable to handle kernel NULL pointer dereference at virtual addr0 [ 41.080000] pgd = c77ac000 [ 41.080000] [00000000] *pgd=4773c831, *pte=00000000, *ppte=00000000 [ 41.090000] Internal error: Oops: 17 [#1] ARM [ 41.090000] Modules linked in: [ 41.090000] CPU: 0 Not tainted (3.6.0-rc1-next-20120809-00002-ga25d017-d) [ 41.090000] PC is at nand_verify_buf+0x18/0x5c [ 41.090000] LR is at nand_write_page+0xc0/0x140 [ 41.090000] pc : [] lr : [] psr: 20000013 [ 41.090000] sp : c7779de4 ip : 00000000 fp : c6e60000 [ 41.090000] r10: 00000000 r9 : 00020000 r8 : 00000000 [ 41.090000] r7 : 00000000 r6 : c6e60000 r5 : c762cb10 r4 : 00000000 [ 41.090000] r3 : c762c8a8 r2 : 00000800 r1 : c6e60000 r0 : 00000000 [ 41.090000] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 41.090000] Control: 0005317f Table: 477ac000 DAC: 00000015 [ 41.090000] Process dd (pid: 427, stack limit = 0xc7778270) [ 41.090000] Stack: (0xc7779de4 to 0xc777a000) ... The NULL pointer dereference that happens in nand_verify_buf() is due to the missing gpmi_verify_buf implementation in the gpmi-nand driver. Implement gpmi_verify_buf() to prevent this crash. Cc: Signed-off-by: Huang Shijie Signed-off-by: Fabio Estevam Acked-by: Marek Vasut --- drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 18 ++++++++++++++++++ drivers/mtd/nand/gpmi-nand/gpmi-nand.h | 1 + 2 files changed, 19 insertions(+), 0 deletions(-) diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c index 8c0d2f0..72b25ce 100644 --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c @@ -1533,6 +1533,23 @@ void gpmi_nfc_exit(struct gpmi_nand_data *this) gpmi_free_dma_buffer(this); } +static int gpmi_verify_buf(struct mtd_info *mtd, const uint8_t *buf, int len) +{ + struct nand_chip *nand = mtd->priv; + struct gpmi_nand_data *data = container_of(mtd, struct gpmi_nand_data, + mtd); + int ret; + + ret = nand->ecc.read_page(mtd, nand, data->verify_buf, 0, 0); + if (ret) + return -EFAULT; + + if (memcmp(buf, data->verify_buf, len)) + return -EFAULT; + + return 0; +} + static int __devinit gpmi_nfc_init(struct gpmi_nand_data *this) { struct mtd_info *mtd = &this->mtd; @@ -1555,6 +1572,7 @@ static int __devinit gpmi_nfc_init(struct gpmi_nand_data *this) chip->dev_ready = gpmi_dev_ready; chip->read_byte = gpmi_read_byte; chip->read_buf = gpmi_read_buf; + chip->verify_buf = gpmi_verify_buf; chip->write_buf = gpmi_write_buf; chip->ecc.read_page = gpmi_ecc_read_page; chip->ecc.write_page = gpmi_ecc_write_page; diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.h b/drivers/mtd/nand/gpmi-nand/gpmi-nand.h index 1547a60..cd9bdf7 100644 --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.h +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.h @@ -148,6 +148,7 @@ struct gpmi_nand_data { /* General-use Variables */ int current_chip; unsigned int command_length; + uint8_t verify_buf[NAND_MAX_PAGESIZE]; /* passed from upper layer */ uint8_t *upper_buf;