* [PATCH] mtd: gpmi-nand: Fix kernel crash due to missing verify_buf
@ 2012-08-10 22:48 Fabio Estevam
2012-08-10 22:57 ` Marek Vasut
2012-08-11 3:01 ` Huang Shijie
0 siblings, 2 replies; 3+ messages in thread
From: Fabio Estevam @ 2012-08-10 22:48 UTC (permalink / raw)
To: Artem.Bityutskiy
Cc: marex, Fabio Estevam, dwmw2, stable, Huang Shijie, linux-mtd,
shijie8
From: Fabio Estevam <fabio.estevam@freescale.com>
When selecting CONFIG_MTD_NAND_VERIFY_WRITE=y and doing simple write tests the following kernel crash happens:
root@freescale /$ dd if=/dev/zero of=/dev/mtd0 bs=128k count=1
[ 41.070000] Unable to handle kernel NULL pointer dereference at virtual addr0
[ 41.080000] pgd = c77ac000
[ 41.080000] [00000000] *pgd=4773c831, *pte=00000000, *ppte=00000000
[ 41.090000] Internal error: Oops: 17 [#1] ARM
[ 41.090000] Modules linked in:
[ 41.090000] CPU: 0 Not tainted (3.6.0-rc1-next-20120809-00002-ga25d017-d)
[ 41.090000] PC is at nand_verify_buf+0x18/0x5c
[ 41.090000] LR is at nand_write_page+0xc0/0x140
[ 41.090000] pc : [<c023e7d4>] lr : [<c023fcfc>] psr: 20000013
[ 41.090000] sp : c7779de4 ip : 00000000 fp : c6e60000
[ 41.090000] r10: 00000000 r9 : 00020000 r8 : 00000000
[ 41.090000] r7 : 00000000 r6 : c6e60000 r5 : c762cb10 r4 : 00000000
[ 41.090000] r3 : c762c8a8 r2 : 00000800 r1 : c6e60000 r0 : 00000000
[ 41.090000] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[ 41.090000] Control: 0005317f Table: 477ac000 DAC: 00000015
[ 41.090000] Process dd (pid: 427, stack limit = 0xc7778270)
[ 41.090000] Stack: (0xc7779de4 to 0xc777a000)
...
The NULL pointer dereference that happens in nand_verify_buf() is due to the missing
gpmi_verify_buf implementation in the gpmi-nand driver.
Implement gpmi_verify_buf() to prevent this crash.
Cc: <stable@vger.kernel.org>
Signed-off-by: Huang Shijie <b32955@freescale.com>
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
---
drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 18 ++++++++++++++++++
drivers/mtd/nand/gpmi-nand/gpmi-nand.h | 1 +
2 files changed, 19 insertions(+), 0 deletions(-)
diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
index 8c0d2f0..72b25ce 100644
--- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
+++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
@@ -1533,6 +1533,23 @@ void gpmi_nfc_exit(struct gpmi_nand_data *this)
gpmi_free_dma_buffer(this);
}
+static int gpmi_verify_buf(struct mtd_info *mtd, const uint8_t *buf, int len)
+{
+ struct nand_chip *nand = mtd->priv;
+ struct gpmi_nand_data *data = container_of(mtd, struct gpmi_nand_data,
+ mtd);
+ int ret;
+
+ ret = nand->ecc.read_page(mtd, nand, data->verify_buf, 0, 0);
+ if (ret)
+ return -EFAULT;
+
+ if (memcmp(buf, data->verify_buf, len))
+ return -EFAULT;
+
+ return 0;
+}
+
static int __devinit gpmi_nfc_init(struct gpmi_nand_data *this)
{
struct mtd_info *mtd = &this->mtd;
@@ -1555,6 +1572,7 @@ static int __devinit gpmi_nfc_init(struct gpmi_nand_data *this)
chip->dev_ready = gpmi_dev_ready;
chip->read_byte = gpmi_read_byte;
chip->read_buf = gpmi_read_buf;
+ chip->verify_buf = gpmi_verify_buf;
chip->write_buf = gpmi_write_buf;
chip->ecc.read_page = gpmi_ecc_read_page;
chip->ecc.write_page = gpmi_ecc_write_page;
diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.h b/drivers/mtd/nand/gpmi-nand/gpmi-nand.h
index 1547a60..cd9bdf7 100644
--- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.h
+++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.h
@@ -148,6 +148,7 @@ struct gpmi_nand_data {
/* General-use Variables */
int current_chip;
unsigned int command_length;
+ uint8_t verify_buf[NAND_MAX_PAGESIZE];
/* passed from upper layer */
uint8_t *upper_buf;
--
1.7.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] mtd: gpmi-nand: Fix kernel crash due to missing verify_buf
2012-08-10 22:48 [PATCH] mtd: gpmi-nand: Fix kernel crash due to missing verify_buf Fabio Estevam
@ 2012-08-10 22:57 ` Marek Vasut
2012-08-11 3:01 ` Huang Shijie
1 sibling, 0 replies; 3+ messages in thread
From: Marek Vasut @ 2012-08-10 22:57 UTC (permalink / raw)
To: Fabio Estevam
Cc: Fabio Estevam, Artem.Bityutskiy, stable, Huang Shijie, linux-mtd,
shijie8, dwmw2
Dear Fabio Estevam,
> From: Fabio Estevam <fabio.estevam@freescale.com>
>
> When selecting CONFIG_MTD_NAND_VERIFY_WRITE=y and doing simple write tests
> the following kernel crash happens:
>
> root@freescale /$ dd if=/dev/zero of=/dev/mtd0 bs=128k count=1
> [ 41.070000] Unable to handle kernel NULL pointer dereference at virtual
> addr0 [ 41.080000] pgd = c77ac000
> [ 41.080000] [00000000] *pgd=4773c831, *pte=00000000, *ppte=00000000
> [ 41.090000] Internal error: Oops: 17 [#1] ARM
> [ 41.090000] Modules linked in:
> [ 41.090000] CPU: 0 Not tainted
> (3.6.0-rc1-next-20120809-00002-ga25d017-d) [ 41.090000] PC is at
> nand_verify_buf+0x18/0x5c
> [ 41.090000] LR is at nand_write_page+0xc0/0x140
> [ 41.090000] pc : [<c023e7d4>] lr : [<c023fcfc>] psr: 20000013
> [ 41.090000] sp : c7779de4 ip : 00000000 fp : c6e60000
> [ 41.090000] r10: 00000000 r9 : 00020000 r8 : 00000000
> [ 41.090000] r7 : 00000000 r6 : c6e60000 r5 : c762cb10 r4 : 00000000
> [ 41.090000] r3 : c762c8a8 r2 : 00000800 r1 : c6e60000 r0 : 00000000
> [ 41.090000] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment
> user [ 41.090000] Control: 0005317f Table: 477ac000 DAC: 00000015
> [ 41.090000] Process dd (pid: 427, stack limit = 0xc7778270)
> [ 41.090000] Stack: (0xc7779de4 to 0xc777a000)
> ...
>
> The NULL pointer dereference that happens in nand_verify_buf() is due to
> the missing gpmi_verify_buf implementation in the gpmi-nand driver.
>
> Implement gpmi_verify_buf() to prevent this crash.
[...]
Acked-by: Marek Vasut <marex@denx.de>
Definitelly should go for stable too.
Best regards,
Marek Vasut
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] mtd: gpmi-nand: Fix kernel crash due to missing verify_buf
2012-08-10 22:48 [PATCH] mtd: gpmi-nand: Fix kernel crash due to missing verify_buf Fabio Estevam
2012-08-10 22:57 ` Marek Vasut
@ 2012-08-11 3:01 ` Huang Shijie
1 sibling, 0 replies; 3+ messages in thread
From: Huang Shijie @ 2012-08-11 3:01 UTC (permalink / raw)
To: Fabio Estevam
Cc: marex, Fabio Estevam, Artem.Bityutskiy, stable, Huang Shijie,
linux-mtd, dwmw2
On Fri, Aug 10, 2012 at 6:48 PM, Fabio Estevam <festevam@gmail.com> wrote:
> From: Fabio Estevam <fabio.estevam@freescale.com>
>
> When selecting CONFIG_MTD_NAND_VERIFY_WRITE=y and doing simple write tests the following kernel crash happens:
>
> root@freescale /$ dd if=/dev/zero of=/dev/mtd0 bs=128k count=1
> [ 41.070000] Unable to handle kernel NULL pointer dereference at virtual addr0
> [ 41.080000] pgd = c77ac000
> [ 41.080000] [00000000] *pgd=4773c831, *pte=00000000, *ppte=00000000
> [ 41.090000] Internal error: Oops: 17 [#1] ARM
> [ 41.090000] Modules linked in:
> [ 41.090000] CPU: 0 Not tainted (3.6.0-rc1-next-20120809-00002-ga25d017-d)
> [ 41.090000] PC is at nand_verify_buf+0x18/0x5c
> [ 41.090000] LR is at nand_write_page+0xc0/0x140
> [ 41.090000] pc : [<c023e7d4>] lr : [<c023fcfc>] psr: 20000013
> [ 41.090000] sp : c7779de4 ip : 00000000 fp : c6e60000
> [ 41.090000] r10: 00000000 r9 : 00020000 r8 : 00000000
> [ 41.090000] r7 : 00000000 r6 : c6e60000 r5 : c762cb10 r4 : 00000000
> [ 41.090000] r3 : c762c8a8 r2 : 00000800 r1 : c6e60000 r0 : 00000000
> [ 41.090000] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
> [ 41.090000] Control: 0005317f Table: 477ac000 DAC: 00000015
> [ 41.090000] Process dd (pid: 427, stack limit = 0xc7778270)
> [ 41.090000] Stack: (0xc7779de4 to 0xc777a000)
> ...
>
> The NULL pointer dereference that happens in nand_verify_buf() is due to the missing
> gpmi_verify_buf implementation in the gpmi-nand driver.
>
> Implement gpmi_verify_buf() to prevent this crash.
>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Huang Shijie <b32955@freescale.com>
> Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
> ---
> drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 18 ++++++++++++++++++
> drivers/mtd/nand/gpmi-nand/gpmi-nand.h | 1 +
> 2 files changed, 19 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
> index 8c0d2f0..72b25ce 100644
> --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
> +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
> @@ -1533,6 +1533,23 @@ void gpmi_nfc_exit(struct gpmi_nand_data *this)
> gpmi_free_dma_buffer(this);
> }
>
> +static int gpmi_verify_buf(struct mtd_info *mtd, const uint8_t *buf, int len)
> +{
> + struct nand_chip *nand = mtd->priv;
> + struct gpmi_nand_data *data = container_of(mtd, struct gpmi_nand_data,
> + mtd);
> + int ret;
> +
> + ret = nand->ecc.read_page(mtd, nand, data->verify_buf, 0, 0);
> + if (ret)
> + return -EFAULT;
> +
> + if (memcmp(buf, data->verify_buf, len))
> + return -EFAULT;
> +
> + return 0;
> +}
> +
> static int __devinit gpmi_nfc_init(struct gpmi_nand_data *this)
> {
> struct mtd_info *mtd = &this->mtd;
> @@ -1555,6 +1572,7 @@ static int __devinit gpmi_nfc_init(struct gpmi_nand_data *this)
> chip->dev_ready = gpmi_dev_ready;
> chip->read_byte = gpmi_read_byte;
> chip->read_buf = gpmi_read_buf;
> + chip->verify_buf = gpmi_verify_buf;
> chip->write_buf = gpmi_write_buf;
> chip->ecc.read_page = gpmi_ecc_read_page;
> chip->ecc.write_page = gpmi_ecc_write_page;
> diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.h b/drivers/mtd/nand/gpmi-nand/gpmi-nand.h
> index 1547a60..cd9bdf7 100644
> --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.h
> +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.h
> @@ -148,6 +148,7 @@ struct gpmi_nand_data {
> /* General-use Variables */
> int current_chip;
> unsigned int command_length;
> + uint8_t verify_buf[NAND_MAX_PAGESIZE];
It seems this will waste a page memory when the nand page is 4K.
So it's better to allocate the verify_buf dynamically whose size is
the mtd->writesize.
Best Regards
Huang Shijie
>
> /* passed from upper layer */
> uint8_t *upper_buf;
> --
> 1.7.1
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-08-11 3:01 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-10 22:48 [PATCH] mtd: gpmi-nand: Fix kernel crash due to missing verify_buf Fabio Estevam
2012-08-10 22:57 ` Marek Vasut
2012-08-11 3:01 ` Huang Shijie
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox