Patchwork pwrite() to nand in raw mode fails with EINVAL

login
register
mail settings
Submitter Maxime Bizon
Date Sept. 28, 2010, 6:47 p.m.
Message ID <1285699650.32420.70.camel@sakura.staff.proxad.net>
Download mbox | patch
Permalink /patch/66014/
State New
Headers show

Comments

Maxime Bizon - Sept. 28, 2010, 6:47 p.m.
Hi,

Since commit 782ce79a45b3b850b108896fcf7da26754061c8f ("cleanup the
nand_do_write_ops"), a pwrite() to a NAND device fails with EINVAL.

The EINVAL comes from here:

        /* Don't allow multipage oob writes with offset */
        if (ops->ooboffs && (ops->ooboffs + ops->ooblen > oobmaxlen))
                return -EINVAL;


ops->ooboffs seems uninitialized.


I think the following memset() are missing:
Artem Bityutskiy - Sept. 29, 2010, 12:44 p.m.
On Tue, 2010-09-28 at 20:47 +0200, Maxime Bizon wrote:
> Hi,
> 
> Since commit 782ce79a45b3b850b108896fcf7da26754061c8f ("cleanup the
> nand_do_write_ops"), a pwrite() to a NAND device fails with EINVAL.
> 
> The EINVAL comes from here:
> 
>         /* Don't allow multipage oob writes with offset */
>         if (ops->ooboffs && (ops->ooboffs + ops->ooblen > oobmaxlen))
>                 return -EINVAL;
> 
> 
> ops->ooboffs seems uninitialized.
> 
> 
> I think the following memset() are missing:

This looks like a regression fix and this also needs to be sent to
stable, right?

Patch

diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
index e4def84..731ff36 100644
--- a/drivers/mtd/mtdchar.c
+++ b/drivers/mtd/mtdchar.c
@@ -202,6 +202,7 @@  static ssize_t mtd_read(struct file *file, char __user *buf, size_t count,loff_t
 		{
 			struct mtd_oob_ops ops;
 
+			memset(&ops, 0, sizeof (ops));
 			ops.mode = MTD_OOB_RAW;
 			ops.datbuf = kbuf;
 			ops.oobbuf = NULL;
@@ -305,6 +306,7 @@  static ssize_t mtd_write(struct file *file, const char __user *buf, size_t count
 		{
 			struct mtd_oob_ops ops;
 
+			memset(&ops, 0, sizeof (ops));
 			ops.mode = MTD_OOB_RAW;
 			ops.datbuf = kbuf;
 			ops.oobbuf = NULL;