Patchwork pwrite() to nand in raw mode fails with EINVAL

login
register
mail settings
Submitter David Woodhouse
Date Sept. 30, 2010, 2:48 a.m.
Message ID <1285814905.31224.4.camel@macbook.infradead.org>
Download mbox | patch
Permalink /patch/66108/
State New
Headers show

Comments

David Woodhouse - Sept. 30, 2010, 2:48 a.m.
On Tue, 2010-09-28 at 20:47 +0200, Maxime Bizon wrote:
> Since commit 782ce79a45b3b850b108896fcf7da26754061c8f ("cleanup the
> nand_do_write_ops"), a pwrite() to a NAND device fails with EINVAL.
> 
> The EINVAL comes from here:
> 
>         /* Don't allow multipage oob writes with offset */
>         if (ops->ooboffs && (ops->ooboffs + ops->ooblen > oobmaxlen))
>                 return -EINVAL;
> 
> 
> ops->ooboffs seems uninitialized.
> 
> 
> I think the following memset() are missing: 

Alternatively, perhaps the sanity check should treat the ->oob{offs,len}
fields as undefined if ->oobbuf is NULL (which is set explicitly in the
two functions you patched). Otherwise, we've effectively changed the API
and we need to make more of an effort to audit *all* users.

Patch

diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
index d551ddd..5d0dc74 100644
--- a/drivers/mtd/nand/nand_base.c
+++ b/drivers/mtd/nand/nand_base.c
@@ -2200,7 +2200,8 @@  static int nand_do_write_ops(struct mtd_info *mtd, loff_t to,
 		memset(chip->oob_poi, 0xff, mtd->oobsize);
 
 	/* Don't allow multipage oob writes with offset */
-	if (ops->ooboffs && (ops->ooboffs + ops->ooblen > oobmaxlen))
+	if (ops->oobbuf && ops->ooboffs &&
+	    (ops->ooboffs + ops->ooblen > oobmaxlen))
 		return -EINVAL;
 
 	while(1) {