From: Miquel Raynal <miquel.raynal@bootlin.com>
To: Pratyush Yadav <pratyush@kernel.org>
Cc: Gabor Juhos <j4g8y7@gmail.com>, Santhosh Kumar K <s-k6@ti.com>,
Richard Weinberger <richard@nod.at>,
Vignesh Raghavendra <vigneshr@ti.com>,
linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org, Daniel Golle <daniel@makrotopia.org>
Subject: Re: [PATCH v2] mtd: core: always verify OOB offset in mtd_check_oob_ops()
Date: Thu, 11 Sep 2025 16:05:31 +0200 [thread overview]
Message-ID: <87a5319j9w.fsf@bootlin.com> (raw)
In-Reply-To: <mafs0v7lpi1j5.fsf@kernel.org> (Pratyush Yadav's message of "Thu, 11 Sep 2025 15:03:58 +0200")
>> Sorry for the inconvenience.
>>
>>> Gabor, can you check what happens with mtdblock?
>
> My guess from a quick look at the code is that NOR devices have
> mtd->oobsize == 0 and mtd_read() sets ops->ooboffs and ops->ooblen to 0.
> So now that this check is not guarded by if (ops->ooblen), it gets
> triggered for NOR devices on the mtd_read() path and essentially turns
> into an if (0 >= 0), returning -EINVAL.
>
> Maybe a better check is if ((ops->ooboffs + ops->ooblen) >
> mtd_oobavail())?
Interesting, might make sense to do it this way.
Thanks Pratyush for the suggestion, it is worth the try.
Miquèl
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
WARNING: multiple messages have this Message-ID (diff)
From: Miquel Raynal <miquel.raynal@bootlin.com>
To: Pratyush Yadav <pratyush@kernel.org>
Cc: Gabor Juhos <j4g8y7@gmail.com>, Santhosh Kumar K <s-k6@ti.com>,
Richard Weinberger <richard@nod.at>,
Vignesh Raghavendra <vigneshr@ti.com>,
linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org, Daniel Golle <daniel@makrotopia.org>
Subject: Re: [PATCH v2] mtd: core: always verify OOB offset in mtd_check_oob_ops()
Date: Thu, 11 Sep 2025 16:05:31 +0200 [thread overview]
Message-ID: <87a5319j9w.fsf@bootlin.com> (raw)
In-Reply-To: <mafs0v7lpi1j5.fsf@kernel.org> (Pratyush Yadav's message of "Thu, 11 Sep 2025 15:03:58 +0200")
>> Sorry for the inconvenience.
>>
>>> Gabor, can you check what happens with mtdblock?
>
> My guess from a quick look at the code is that NOR devices have
> mtd->oobsize == 0 and mtd_read() sets ops->ooboffs and ops->ooblen to 0.
> So now that this check is not guarded by if (ops->ooblen), it gets
> triggered for NOR devices on the mtd_read() path and essentially turns
> into an if (0 >= 0), returning -EINVAL.
>
> Maybe a better check is if ((ops->ooboffs + ops->ooblen) >
> mtd_oobavail())?
Interesting, might make sense to do it this way.
Thanks Pratyush for the suggestion, it is worth the try.
Miquèl
next prev parent reply other threads:[~2025-09-11 14:05 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-01 14:24 [PATCH v2] mtd: core: always verify OOB offset in mtd_check_oob_ops() Gabor Juhos
2025-09-01 14:24 ` Gabor Juhos
2025-09-05 14:55 ` Miquel Raynal
2025-09-05 14:55 ` Miquel Raynal
2025-09-11 6:22 ` Santhosh Kumar K
2025-09-11 6:22 ` Santhosh Kumar K
2025-09-11 8:00 ` Miquel Raynal
2025-09-11 8:00 ` Miquel Raynal
2025-09-11 8:33 ` Gabor Juhos
2025-09-11 8:33 ` Gabor Juhos
2025-09-11 13:03 ` Pratyush Yadav
2025-09-11 13:03 ` Pratyush Yadav
2025-09-11 14:05 ` Miquel Raynal [this message]
2025-09-11 14:05 ` Miquel Raynal
2025-09-11 15:33 ` Miquel Raynal
2025-09-11 15:33 ` Miquel Raynal
2025-09-11 14:03 ` Miquel Raynal
2025-09-11 14:03 ` Miquel Raynal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a5319j9w.fsf@bootlin.com \
--to=miquel.raynal@bootlin.com \
--cc=daniel@makrotopia.org \
--cc=j4g8y7@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=pratyush@kernel.org \
--cc=richard@nod.at \
--cc=s-k6@ti.com \
--cc=stable@vger.kernel.org \
--cc=vigneshr@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.