diff mbox series

[4.14] mtd: rawnand: brcmnand: Fix ecc chunk calculation for erased page bitfips

Message ID 1dfa7e7f-233b-43da-b0ea-0ad3b1f69a37@lineo.co.jp
State New
Headers show
Series [4.14] mtd: rawnand: brcmnand: Fix ecc chunk calculation for erased page bitfips | expand

Commit Message

Yuta Hayama Nov. 29, 2023, 8:29 a.m. UTC 
From: Claire Lin <claire.lin@broadcom.com>

commit 7f852cc1579297fd763789f8cd370639d0c654b6 upstream.

In brcmstb_nand_verify_erased_page(), the ECC chunk pointer calculation
while correcting erased page bitflips is wrong, fix it.

Fixes: 02b88eea9f9c ("mtd: brcmnand: Add check for erased page bitflips")
Signed-off-by: Claire Lin <claire.lin@broadcom.com>
Reviewed-by: Ray Jui <ray.jui@broadcom.com>
Signed-off-by: Kamal Dasu <kdasu.kdev@gmail.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Yuta Hayama <hayama@lineo.co.jp>
---
After applying e44b9a9c1357 ("mtd: nand: brcmnand: Zero bitflip is not an
error"), the return value 0 of brcmstb_nand_verify_erased_page() is
*correctly* interpreted as "no bit flips, no errors". However, that
function still has the issue that it may incorrectly return 0 for a page
that contains bitflips. Without this patch, the data buffer of the erased
page could be passed to a upper layer (e.g. UBIFS) without bitflips being
detected and corrected.

In active stable, 4.14.y and 4.19.y seem to have a same issue.

 drivers/mtd/nand/brcmnand/brcmnand.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Greg Kroah-Hartman Nov. 30, 2023, 1:42 p.m. UTC | #1 
On Wed, Nov 29, 2023 at 05:29:13PM +0900, Yuta Hayama wrote:
> From: Claire Lin <claire.lin@broadcom.com>
> 
> commit 7f852cc1579297fd763789f8cd370639d0c654b6 upstream.
> 
> In brcmstb_nand_verify_erased_page(), the ECC chunk pointer calculation
> while correcting erased page bitflips is wrong, fix it.
> 
> Fixes: 02b88eea9f9c ("mtd: brcmnand: Add check for erased page bitflips")
> Signed-off-by: Claire Lin <claire.lin@broadcom.com>
> Reviewed-by: Ray Jui <ray.jui@broadcom.com>
> Signed-off-by: Kamal Dasu <kdasu.kdev@gmail.com>
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> Signed-off-by: Yuta Hayama <hayama@lineo.co.jp>
> ---
> After applying e44b9a9c1357 ("mtd: nand: brcmnand: Zero bitflip is not an
> error"), the return value 0 of brcmstb_nand_verify_erased_page() is
> *correctly* interpreted as "no bit flips, no errors". However, that
> function still has the issue that it may incorrectly return 0 for a page
> that contains bitflips. Without this patch, the data buffer of the erased
> page could be passed to a upper layer (e.g. UBIFS) without bitflips being
> detected and corrected.
> 
> In active stable, 4.14.y and 4.19.y seem to have a same issue.

Both now queued up, thanks.

greg k-h
diff mbox series

Patch

diff --git a/drivers/mtd/nand/brcmnand/brcmnand.c b/drivers/mtd/nand/brcmnand/brcmnand.c
index fa66663df6e8..267bbba09afb 100644
--- a/drivers/mtd/nand/brcmnand/brcmnand.c
+++ b/drivers/mtd/nand/brcmnand/brcmnand.c
@@ -1753,6 +1753,7 @@  static int brcmstb_nand_verify_erased_page(struct mtd_info *mtd,
 	int bitflips = 0;
 	int page = addr >> chip->page_shift;
 	int ret;
+	void *ecc_chunk;
 
 	if (!buf) {
 		buf = chip->buffers->databuf;
@@ -1769,7 +1770,9 @@  static int brcmstb_nand_verify_erased_page(struct mtd_info *mtd,
 		return ret;
 
 	for (i = 0; i < chip->ecc.steps; i++, oob += sas) {
-		ret = nand_check_erased_ecc_chunk(buf, chip->ecc.size,
+		ecc_chunk = buf + chip->ecc.size * i;
+		ret = nand_check_erased_ecc_chunk(ecc_chunk,
+						  chip->ecc.size,
 						  oob, sas, NULL, 0,
 						  chip->ecc.strength);
 		if (ret < 0)