[1/1] MTD: Fix MTD_MODE_RAW write fail

Submitted by Frank Li on Oct. 26, 2010, 2:54 a.m.

Details

Message ID 1288061660-23363-1-git-send-email-Frank.Li@freescale.com
State New, archived
Headers show

Commit Message

Frank Li Oct. 26, 2010, 2:54 a.m.
mtdchar have not initilized all field of struct mtd_oob_ops
in mtd_write when mode is MTD_MODE_RAW.

function nand_do_write_ops
	if (ops->ooboffs && (ops->ooboffs + ops->ooblen > oobmaxlen))
		return -EINVAL;

ooboffs is not initilized at mtd_write.
So random data cause nand_do_write_ops return fail.

Signed-off-by: Frank Li <Frank.Li@freescale.com>
---
 drivers/mtd/mtdchar.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

Comments

Jon Povey Oct. 26, 2010, 3:48 a.m.
linux-mtd-bounces@lists.infradead.org wrote:
> mtdchar have not initilized all field of struct mtd_oob_ops
> in mtd_write when mode is MTD_MODE_RAW.
>
> function nand_do_write_ops
>         if (ops->ooboffs && (ops->ooboffs + ops->ooblen > oobmaxlen))
>                 return -EINVAL;
>
> ooboffs is not initilized at mtd_write.
> So random data cause nand_do_write_ops return fail.

Looks like you have found the same thing:

http://lists.infradead.org/pipermail/linux-mtd/2010-September/032453.html
http://lists.infradead.org/pipermail/linux-mtd/2010-October/032538.html

> Signed-off-by: Frank Li <Frank.Li@freescale.com>
> ---
>  drivers/mtd/mtdchar.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
> index b7ed09c..58839fa 100644
> --- a/drivers/mtd/mtdchar.c
> +++ b/drivers/mtd/mtdchar.c
> @@ -319,6 +319,7 @@ static ssize_t mtd_write(struct file
> *file, const char __user *buf, size_t count
>                 case MTD_MODE_RAW:
>                 {
>                         struct mtd_oob_ops ops;
> +                       memset(&ops, 0, sizeof(struct mtd_oob_ops));
>
>                         ops.mode = MTD_OOB_RAW;
>                         ops.datbuf = kbuf;



--
Jon Povey
jon.povey@racelogic.co.uk

Racelogic is a limited company registered in England. Registered number 2743719 .
Registered Office Unit 10, Swan Business Centre, Osier Way, Buckingham, Bucks, MK18 1TB .

The information contained in this electronic mail transmission is intended by Racelogic Ltd for the use of the named individual or entity to which it is directed and may contain information that is confidential or privileged. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email so that the sender's address records can be corrected. The views expressed by the sender of this communication do not necessarily represent those of Racelogic Ltd. Please note that Racelogic reserves the right to monitor e-mail communications passing through its network
Li Frank-B20596 Oct. 26, 2010, 9:35 a.m.
> 
> Looks like you have found the same thing:
> 
>
http://lists.infradead.org/pipermail/linux-mtd/2010-September/032453.htm
l
>
http://lists.infradead.org/pipermail/linux-mtd/2010-October/032538.html
> 

Yes. That's the same.

Patch hide | download patch | download mbox

diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
index b7ed09c..58839fa 100644
--- a/drivers/mtd/mtdchar.c
+++ b/drivers/mtd/mtdchar.c
@@ -319,6 +319,7 @@  static ssize_t mtd_write(struct file *file, const char __user *buf, size_t count
 		case MTD_MODE_RAW:
 		{
 			struct mtd_oob_ops ops;
+			memset(&ops, 0, sizeof(struct mtd_oob_ops));
 
 			ops.mode = MTD_OOB_RAW;
 			ops.datbuf = kbuf;