Patchwork [1/1] MTD: Fix MTD_MODE_RAW write fail

login
register
mail settings
Submitter Frank Li
Date Oct. 26, 2010, 2:54 a.m.
Message ID <1288061660-23363-1-git-send-email-Frank.Li@freescale.com>
Download mbox | patch
Permalink /patch/69157/
State New
Headers show

Comments

Frank Li - Oct. 26, 2010, 2:54 a.m.
mtdchar have not initilized all field of struct mtd_oob_ops
in mtd_write when mode is MTD_MODE_RAW.

function nand_do_write_ops
	if (ops->ooboffs && (ops->ooboffs + ops->ooblen > oobmaxlen))
		return -EINVAL;

ooboffs is not initilized at mtd_write.
So random data cause nand_do_write_ops return fail.

Signed-off-by: Frank Li <Frank.Li@freescale.com>
---
 drivers/mtd/mtdchar.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
Jon Povey - Oct. 26, 2010, 3:48 a.m.
linux-mtd-bounces@lists.infradead.org wrote:
> mtdchar have not initilized all field of struct mtd_oob_ops
> in mtd_write when mode is MTD_MODE_RAW.
>
> function nand_do_write_ops
>         if (ops->ooboffs && (ops->ooboffs + ops->ooblen > oobmaxlen))
>                 return -EINVAL;
>
> ooboffs is not initilized at mtd_write.
> So random data cause nand_do_write_ops return fail.

Looks like you have found the same thing:

http://lists.infradead.org/pipermail/linux-mtd/2010-September/032453.html
http://lists.infradead.org/pipermail/linux-mtd/2010-October/032538.html

> Signed-off-by: Frank Li <Frank.Li@freescale.com>
> ---
>  drivers/mtd/mtdchar.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
> index b7ed09c..58839fa 100644
> --- a/drivers/mtd/mtdchar.c
> +++ b/drivers/mtd/mtdchar.c
> @@ -319,6 +319,7 @@ static ssize_t mtd_write(struct file
> *file, const char __user *buf, size_t count
>                 case MTD_MODE_RAW:
>                 {
>                         struct mtd_oob_ops ops;
> +                       memset(&ops, 0, sizeof(struct mtd_oob_ops));
>
>                         ops.mode = MTD_OOB_RAW;
>                         ops.datbuf = kbuf;



--
Jon Povey
jon.povey@racelogic.co.uk

Racelogic is a limited company registered in England. Registered number 2743719 .
Registered Office Unit 10, Swan Business Centre, Osier Way, Buckingham, Bucks, MK18 1TB .

The information contained in this electronic mail transmission is intended by Racelogic Ltd for the use of the named individual or entity to which it is directed and may contain information that is confidential or privileged. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email so that the sender's address records can be corrected. The views expressed by the sender of this communication do not necessarily represent those of Racelogic Ltd. Please note that Racelogic reserves the right to monitor e-mail communications passing through its network
Li Frank-B20596 - Oct. 26, 2010, 9:35 a.m.
> 
> Looks like you have found the same thing:
> 
>
http://lists.infradead.org/pipermail/linux-mtd/2010-September/032453.htm
l
>
http://lists.infradead.org/pipermail/linux-mtd/2010-October/032538.html
> 

Yes. That's the same.

Patch

diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
index b7ed09c..58839fa 100644
--- a/drivers/mtd/mtdchar.c
+++ b/drivers/mtd/mtdchar.c
@@ -319,6 +319,7 @@  static ssize_t mtd_write(struct file *file, const char __user *buf, size_t count
 		case MTD_MODE_RAW:
 		{
 			struct mtd_oob_ops ops;
+			memset(&ops, 0, sizeof(struct mtd_oob_ops));
 
 			ops.mode = MTD_OOB_RAW;
 			ops.datbuf = kbuf;