Message ID | 1344638914-5268-1-git-send-email-festevam@gmail.com |
---|---|
State | New, archived |
Headers | show |
Dear Fabio Estevam, > From: Fabio Estevam <fabio.estevam@freescale.com> > > When selecting CONFIG_MTD_NAND_VERIFY_WRITE=y and doing simple write tests > the following kernel crash happens: > > root@freescale /$ dd if=/dev/zero of=/dev/mtd0 bs=128k count=1 > [ 41.070000] Unable to handle kernel NULL pointer dereference at virtual > addr0 [ 41.080000] pgd = c77ac000 > [ 41.080000] [00000000] *pgd=4773c831, *pte=00000000, *ppte=00000000 > [ 41.090000] Internal error: Oops: 17 [#1] ARM > [ 41.090000] Modules linked in: > [ 41.090000] CPU: 0 Not tainted > (3.6.0-rc1-next-20120809-00002-ga25d017-d) [ 41.090000] PC is at > nand_verify_buf+0x18/0x5c > [ 41.090000] LR is at nand_write_page+0xc0/0x140 > [ 41.090000] pc : [<c023e7d4>] lr : [<c023fcfc>] psr: 20000013 > [ 41.090000] sp : c7779de4 ip : 00000000 fp : c6e60000 > [ 41.090000] r10: 00000000 r9 : 00020000 r8 : 00000000 > [ 41.090000] r7 : 00000000 r6 : c6e60000 r5 : c762cb10 r4 : 00000000 > [ 41.090000] r3 : c762c8a8 r2 : 00000800 r1 : c6e60000 r0 : 00000000 > [ 41.090000] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment > user [ 41.090000] Control: 0005317f Table: 477ac000 DAC: 00000015 > [ 41.090000] Process dd (pid: 427, stack limit = 0xc7778270) > [ 41.090000] Stack: (0xc7779de4 to 0xc777a000) > ... > > The NULL pointer dereference that happens in nand_verify_buf() is due to > the missing gpmi_verify_buf implementation in the gpmi-nand driver. > > Implement gpmi_verify_buf() to prevent this crash. [...] Acked-by: Marek Vasut <marex@denx.de> Definitelly should go for stable too. Best regards, Marek Vasut
On Fri, Aug 10, 2012 at 6:48 PM, Fabio Estevam <festevam@gmail.com> wrote: > From: Fabio Estevam <fabio.estevam@freescale.com> > > When selecting CONFIG_MTD_NAND_VERIFY_WRITE=y and doing simple write tests the following kernel crash happens: > > root@freescale /$ dd if=/dev/zero of=/dev/mtd0 bs=128k count=1 > [ 41.070000] Unable to handle kernel NULL pointer dereference at virtual addr0 > [ 41.080000] pgd = c77ac000 > [ 41.080000] [00000000] *pgd=4773c831, *pte=00000000, *ppte=00000000 > [ 41.090000] Internal error: Oops: 17 [#1] ARM > [ 41.090000] Modules linked in: > [ 41.090000] CPU: 0 Not tainted (3.6.0-rc1-next-20120809-00002-ga25d017-d) > [ 41.090000] PC is at nand_verify_buf+0x18/0x5c > [ 41.090000] LR is at nand_write_page+0xc0/0x140 > [ 41.090000] pc : [<c023e7d4>] lr : [<c023fcfc>] psr: 20000013 > [ 41.090000] sp : c7779de4 ip : 00000000 fp : c6e60000 > [ 41.090000] r10: 00000000 r9 : 00020000 r8 : 00000000 > [ 41.090000] r7 : 00000000 r6 : c6e60000 r5 : c762cb10 r4 : 00000000 > [ 41.090000] r3 : c762c8a8 r2 : 00000800 r1 : c6e60000 r0 : 00000000 > [ 41.090000] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user > [ 41.090000] Control: 0005317f Table: 477ac000 DAC: 00000015 > [ 41.090000] Process dd (pid: 427, stack limit = 0xc7778270) > [ 41.090000] Stack: (0xc7779de4 to 0xc777a000) > ... > > The NULL pointer dereference that happens in nand_verify_buf() is due to the missing > gpmi_verify_buf implementation in the gpmi-nand driver. > > Implement gpmi_verify_buf() to prevent this crash. > > Cc: <stable@vger.kernel.org> > Signed-off-by: Huang Shijie <b32955@freescale.com> > Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com> > --- > drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 18 ++++++++++++++++++ > drivers/mtd/nand/gpmi-nand/gpmi-nand.h | 1 + > 2 files changed, 19 insertions(+), 0 deletions(-) > > diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c > index 8c0d2f0..72b25ce 100644 > --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c > +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c > @@ -1533,6 +1533,23 @@ void gpmi_nfc_exit(struct gpmi_nand_data *this) > gpmi_free_dma_buffer(this); > } > > +static int gpmi_verify_buf(struct mtd_info *mtd, const uint8_t *buf, int len) > +{ > + struct nand_chip *nand = mtd->priv; > + struct gpmi_nand_data *data = container_of(mtd, struct gpmi_nand_data, > + mtd); > + int ret; > + > + ret = nand->ecc.read_page(mtd, nand, data->verify_buf, 0, 0); > + if (ret) > + return -EFAULT; > + > + if (memcmp(buf, data->verify_buf, len)) > + return -EFAULT; > + > + return 0; > +} > + > static int __devinit gpmi_nfc_init(struct gpmi_nand_data *this) > { > struct mtd_info *mtd = &this->mtd; > @@ -1555,6 +1572,7 @@ static int __devinit gpmi_nfc_init(struct gpmi_nand_data *this) > chip->dev_ready = gpmi_dev_ready; > chip->read_byte = gpmi_read_byte; > chip->read_buf = gpmi_read_buf; > + chip->verify_buf = gpmi_verify_buf; > chip->write_buf = gpmi_write_buf; > chip->ecc.read_page = gpmi_ecc_read_page; > chip->ecc.write_page = gpmi_ecc_write_page; > diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.h b/drivers/mtd/nand/gpmi-nand/gpmi-nand.h > index 1547a60..cd9bdf7 100644 > --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.h > +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.h > @@ -148,6 +148,7 @@ struct gpmi_nand_data { > /* General-use Variables */ > int current_chip; > unsigned int command_length; > + uint8_t verify_buf[NAND_MAX_PAGESIZE]; It seems this will waste a page memory when the nand page is 4K. So it's better to allocate the verify_buf dynamically whose size is the mtd->writesize. Best Regards Huang Shijie > > /* passed from upper layer */ > uint8_t *upper_buf; > -- > 1.7.1 >
diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c index 8c0d2f0..72b25ce 100644 --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c @@ -1533,6 +1533,23 @@ void gpmi_nfc_exit(struct gpmi_nand_data *this) gpmi_free_dma_buffer(this); } +static int gpmi_verify_buf(struct mtd_info *mtd, const uint8_t *buf, int len) +{ + struct nand_chip *nand = mtd->priv; + struct gpmi_nand_data *data = container_of(mtd, struct gpmi_nand_data, + mtd); + int ret; + + ret = nand->ecc.read_page(mtd, nand, data->verify_buf, 0, 0); + if (ret) + return -EFAULT; + + if (memcmp(buf, data->verify_buf, len)) + return -EFAULT; + + return 0; +} + static int __devinit gpmi_nfc_init(struct gpmi_nand_data *this) { struct mtd_info *mtd = &this->mtd; @@ -1555,6 +1572,7 @@ static int __devinit gpmi_nfc_init(struct gpmi_nand_data *this) chip->dev_ready = gpmi_dev_ready; chip->read_byte = gpmi_read_byte; chip->read_buf = gpmi_read_buf; + chip->verify_buf = gpmi_verify_buf; chip->write_buf = gpmi_write_buf; chip->ecc.read_page = gpmi_ecc_read_page; chip->ecc.write_page = gpmi_ecc_write_page; diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.h b/drivers/mtd/nand/gpmi-nand/gpmi-nand.h index 1547a60..cd9bdf7 100644 --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.h +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.h @@ -148,6 +148,7 @@ struct gpmi_nand_data { /* General-use Variables */ int current_chip; unsigned int command_length; + uint8_t verify_buf[NAND_MAX_PAGESIZE]; /* passed from upper layer */ uint8_t *upper_buf;