From patchwork Tue Jun 5 14:07:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joakim Tjernlund X-Patchwork-Id: 925503 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=infinera.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="IAZd5oUi"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="h8VXWupD"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 410Z510gHzz9s0W for ; Wed, 6 Jun 2018 00:32:02 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=VpDk3AJZzAwFcx9kCXlwnMZ4Uc0XQs/hjumSvBrCAIE=; b=IAZ d5oUiIBAh/JZUkwvu2cJmExDYBs3/tzXWFfGEFBATOWJ+qKoLsQBQmaDVN6YNfa/F56hhE7PY2Zbb d9qSmL5WmSHUn18UDXrPY9Km96cxETw/v9qWn5ZH6OBjyIqn8yHFHnytJ1jtc+2NY/ZolB1P5C7BW MmAMkYBzPuY5ta/HLwFc7gpfiQdPIJ6b8NMxNRYfApb2mfAf9jON5OQ4yJ1k0BtakxhX5XIjB2HsR HrE/pWYDtP1PtsLfwOm8BL+N9/18hfkBguayyFy0ggo7lgcyqAZJfTZ5xVMnAbTPZ3WdboCWHk1DO +hBn6ujTqlzpOamMBg8X3bfV54lUnZA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fQD04-00076q-1o; Tue, 05 Jun 2018 14:31:52 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fQD02-0006ma-U5 for linux-mtd@bombadil.infradead.org; Tue, 05 Jun 2018 14:31:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ewiuuolbfCd4LDZLwMgdCx9NVrlS1wuWjHEQIggWw4Y=; b=h8VXWupDJkz/uqeS9e7oPdi+o gudi9/ly0wX3Zr2BKXhx8GlNz6qqH4CKrbF+HJKnMznJQuas9CaDb2Apyewm/uhFQQZ0NUAwT0yBK kNnLEzrS3yMci/xXO1DDnA4WJdGzX2c0DC5ljaZbdKNc5rdTv1mz/k8C1JtLOKboiH3B8mQdaqamO 9YRkTuAA7bAJET4ObmAAaWEWzsHn+GEdx10FMjVw6F/T61uU9qBa4RV7hBhjDo6H3j/BmrEthZMhF cGaFqAHV7wTZwKR9G2wL4KlXxmN/VTHG7Ck6vCbrj9HVgItNp/RCLX2+SOTAUnZkK0Qz+l22MeJSR OE0B8OUwA==; Received: from smtp.transmode.se ([31.15.61.139]) by casper.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fQCkX-0000Fl-Oz for linux-mtd@lists.infradead.org; Tue, 05 Jun 2018 14:15:51 +0000 Received: from gentoo-jocke.infinera.com (gentoo-jocke.infinera.com [10.210.72.209]) by smtp.transmode.se (Postfix) with ESMTP id 3408C1187061; Tue, 5 Jun 2018 16:07:13 +0200 (CEST) Received: from gentoo-jocke.infinera.com (gentoo-jocke.infinera.com [127.0.0.1]) by gentoo-jocke.infinera.com (8.14.9/8.14.9) with ESMTP id w55E7Dge008719; Tue, 5 Jun 2018 16:07:13 +0200 Received: (from jocke@localhost) by gentoo-jocke.infinera.com (8.14.9/8.14.9/Submit) id w55E7CoB008718; Tue, 5 Jun 2018 16:07:12 +0200 From: Joakim Tjernlund To: "linux-mtd @ lists . infradead . org" , Boris Brezillon Subject: [PATCH 1/2] mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips Date: Tue, 5 Jun 2018 16:07:09 +0200 Message-Id: <20180605140710.8624-1-joakim.tjernlund@infinera.com> X-Mailer: git-send-email 2.13.6 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180605_151549_882124_76AB469D X-CRM114-Status: GOOD ( 26.22 ) X-Spam-Score: 1.0 (+) X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary: Content analysis details: (1.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Joakim Tjernlund MIME-Version: 1.0 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org cfi_ppb_unlock() tries to relock all sectors that was locked before unlocking the whole chip. This locking used the chip start address + the FULL offset from the first flash chip, thereby forming an illegal address. Correct by using the chip offset(adr). In addition, do_ppb_xxlock() failed to add chip->start when quering for lock status(and chip_ready test), which caused false status reports. Fix by adding adr += chip->start and adjust call sites accordingly. Fixes: 1648eaaa1575e Signed-off-by: Joakim Tjernlund --- drivers/mtd/chips/cfi_cmdset_0002.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c index 5e526aec66f0..c74c53b886be 100644 --- a/drivers/mtd/chips/cfi_cmdset_0002.c +++ b/drivers/mtd/chips/cfi_cmdset_0002.c @@ -2535,7 +2535,7 @@ static int cfi_atmel_unlock(struct mtd_info *mtd, loff_t ofs, uint64_t len) struct ppb_lock { struct flchip *chip; - loff_t offset; + unsigned long adr; int locked; }; @@ -2553,8 +2553,9 @@ static int __maybe_unused do_ppb_xxlock(struct map_info *map, unsigned long timeo; int ret; + adr += chip->start; mutex_lock(&chip->mutex); - ret = get_chip(map, chip, adr + chip->start, FL_LOCKING); + ret = get_chip(map, chip, adr, FL_LOCKING); if (ret) { mutex_unlock(&chip->mutex); return ret; @@ -2572,8 +2573,8 @@ static int __maybe_unused do_ppb_xxlock(struct map_info *map, if (thunk == DO_XXLOCK_ONEBLOCK_LOCK) { chip->state = FL_LOCKING; - map_write(map, CMD(0xA0), chip->start + adr); - map_write(map, CMD(0x00), chip->start + adr); + map_write(map, CMD(0xA0), adr); + map_write(map, CMD(0x00), adr); } else if (thunk == DO_XXLOCK_ONEBLOCK_UNLOCK) { /* * Unlocking of one specific sector is not supported, so we @@ -2611,7 +2612,7 @@ static int __maybe_unused do_ppb_xxlock(struct map_info *map, map_write(map, CMD(0x00), chip->start); chip->state = FL_READY; - put_chip(map, chip, adr + chip->start); + put_chip(map, chip, adr); mutex_unlock(&chip->mutex); return ret; @@ -2670,7 +2671,7 @@ static int __maybe_unused cfi_ppb_unlock(struct mtd_info *mtd, loff_t ofs, */ if ((adr < ofs) || (adr >= (ofs + len))) { sect[sectors].chip = &cfi->chips[chipnum]; - sect[sectors].offset = offset; + sect[sectors].adr = adr; sect[sectors].locked = do_ppb_xxlock( map, &cfi->chips[chipnum], adr, 0, DO_XXLOCK_ONEBLOCK_GETLOCK); @@ -2686,7 +2687,6 @@ static int __maybe_unused cfi_ppb_unlock(struct mtd_info *mtd, loff_t ofs, if (adr >> cfi->chipshift) { adr = 0; chipnum++; - if (chipnum >= cfi->numchips) break; } @@ -2714,7 +2714,7 @@ static int __maybe_unused cfi_ppb_unlock(struct mtd_info *mtd, loff_t ofs, */ for (i = 0; i < sectors; i++) { if (sect[i].locked) - do_ppb_xxlock(map, sect[i].chip, sect[i].offset, 0, + do_ppb_xxlock(map, sect[i].chip, sect[i].adr, 0, DO_XXLOCK_ONEBLOCK_LOCK); }