From: Kevin Wolf <kwolf@redhat.com>
To: "Philippe Mathieu-Daudé" <philmd@linaro.org>
Cc: qemu-devel@nongnu.org, Qiang Liu <cyruscyliu@gmail.com>,
Mauro Matteo Cascella <mcascell@redhat.com>,
Alexander Bulekov <alxndr@bu.edu>,
Hanna Reitz <hreitz@redhat.com>,
qemu-block@nongnu.org
Subject: Re: [PATCH-for-9.0? 1/3] hw/block/nand: Factor nand_load_iolen() method out
Date: Tue, 9 Apr 2024 12:48:03 +0200 [thread overview]
Message-ID: <ZhUc47XdQXFvTMEz@redhat.com> (raw)
In-Reply-To: <20240408083605.55238-2-philmd@linaro.org>
Am 08.04.2024 um 10:36 hat Philippe Mathieu-Daudé geschrieben:
> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> ---
> hw/block/nand.c | 32 +++++++++++++++++++-------------
> 1 file changed, 19 insertions(+), 13 deletions(-)
>
> diff --git a/hw/block/nand.c b/hw/block/nand.c
> index d1435f2207..6fa9038bb5 100644
> --- a/hw/block/nand.c
> +++ b/hw/block/nand.c
> @@ -243,9 +243,25 @@ static inline void nand_pushio_byte(NANDFlashState *s, uint8_t value)
> }
> }
>
> +/*
> + * nand_load_block: Load block containing (s->addr + @offset).
> + * Returns length of data available at @offset in this block.
> + */
> +static int nand_load_block(NANDFlashState *s, int offset)
> +{
> + int iolen;
> +
> + s->blk_load(s, s->addr, offset);
Wouldn't it make more sense for @offset to be unsigned, like in
nand_command() before this patch?
I think the values are guaranteed to be small enough to fit in either
signed or unsigned, but we never check for < 0 (maybe that should be
done in your patch to s->blk_load() anyway).
> + iolen = (1 << s->page_shift) - offset;
This is not new, but I'm confused. Can this legitimately be negative?
offset seems to be limited to (1 << s->addr_shift) + s->offset in
practice, but addr_shift > page_shift for NAND_PAGE_SIZE == 2048.
After patch 3, offset is implicitly limited to NAND_PAGE_SIZE + OOB_SIZE
because we return early if s->blk_load() fails. I wonder if it wouldn't
be better to catch this in the callers already and only assert in
s->blk_load().
Anyway, after patch 3 iolen can only temporarily become negative here...
> + if (s->gnd) {
> + iolen += 1 << s->oob_shift;
...before it becomes non-negative again here.
> + }
> + return iolen;
> +}
So none of this makes the code technically incorrect after applying the
full series, but let someone modify it who doesn't understand these
intricacies and I think chances are that it will fall apart.
Kevin
next prev parent reply other threads:[~2024-04-09 10:48 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-08 8:36 [PATCH-for-9.0? 0/3] hw/block/nand: Fix out-of-bound access in NAND block buffer Philippe Mathieu-Daudé
2024-04-08 8:36 ` [PATCH-for-9.0? 1/3] hw/block/nand: Factor nand_load_iolen() method out Philippe Mathieu-Daudé
2024-04-08 16:35 ` Richard Henderson
2024-04-09 10:48 ` Kevin Wolf [this message]
2024-04-08 8:36 ` [PATCH-for-9.0? 2/3] hw/block/nand: Have blk_load() return boolean indicating success Philippe Mathieu-Daudé
2024-04-08 16:36 ` Richard Henderson
2024-04-08 8:36 ` [PATCH-for-9.0? 3/3] hw/block/nand: Fix out-of-bound access in NAND block buffer Philippe Mathieu-Daudé
2024-04-08 8:43 ` Philippe Mathieu-Daudé
2024-04-08 16:39 ` Richard Henderson
2024-04-08 22:05 ` Philippe Mathieu-Daudé
2024-04-08 15:45 ` [PATCH-for-9.0? 0/3] " Mauro Matteo Cascella
2024-04-09 13:57 ` Philippe Mathieu-Daudé
2024-04-09 10:55 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZhUc47XdQXFvTMEz@redhat.com \
--to=kwolf@redhat.com \
--cc=alxndr@bu.edu \
--cc=cyruscyliu@gmail.com \
--cc=hreitz@redhat.com \
--cc=mcascell@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.