* [PATCH] nand: nand_base: Always initialise oob_poi before writing OOB data
@ 2011-05-24 13:32 THOMSON, Adam (Adam)
2011-05-24 20:29 ` Vimal Singh
0 siblings, 1 reply; 2+ messages in thread
From: THOMSON, Adam (Adam) @ 2011-05-24 13:32 UTC (permalink / raw)
To: linux-mtd
In nand_do_write_ops() code it is possible for a caller to provide
ops.oobbuf populated and ops.mode == MTD_OOB_AUTO, which currently
means that the chip->oob_poi buffer isn't initialised to all 0xFF.
The nand_fill_oob() method then carries out the task of copying
the provided OOB data to oob_poi, but with MTD_OOB_AUTO it skips
areas marked as unavailable by the layout struct, including the
bad block marker bytes.
An example of this causing issues is when the last OOB data read
was from the start of a bad block where the markers are not 0xFF,
and the caller wishes to write new OOB data at the beginning of
another block. In this scenario the caller would provide OOB data,
but nand_fill_oob() would skip the bad block marker bytes in
oob_poi before copying the OOB data provided by the caller.
This means that when the OOB data is written back to NAND,
the block is inadvertently marked as bad without the caller knowing.
This has been witnessed when using YAFFS2 where tags are stored
in the OOB.
This patch changes the code so that oob_poi is always initialised
to 0xFF to make sure no left over data is inadvertently written
back to OOB data.
Signed-off-by: Adam Thomson <adam.thomson@alcatel-lucent.com>
---
drivers/mtd/nand/nand_base.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
index 8c21b89..cb1dec1 100644
--- a/drivers/mtd/nand/nand_base.c
+++ b/drivers/mtd/nand/nand_base.c
@@ -1843,9 +1843,9 @@ static int nand_do_write_ops(struct mtd_info *mtd, loff_t to,
(chip->pagebuf << chip->page_shift) < (to + ops->len))
chip->pagebuf = -1;
- /* If we're not given explicit OOB data, let it be 0xFF */
- if (likely(!oob))
- memset(chip->oob_poi, 0xff, mtd->oobsize);
+ /* Initialise to all 0xFF, to avoid the possibility of
+ left over OOB data from a previous OOB read. */
+ memset(chip->oob_poi, 0xff, mtd->oobsize);
while(1) {
int bytes = mtd->writesize;
--
1.7.5.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] nand: nand_base: Always initialise oob_poi before writing OOB data
2011-05-24 13:32 [PATCH] nand: nand_base: Always initialise oob_poi before writing OOB data THOMSON, Adam (Adam)
@ 2011-05-24 20:29 ` Vimal Singh
0 siblings, 0 replies; 2+ messages in thread
From: Vimal Singh @ 2011-05-24 20:29 UTC (permalink / raw)
To: THOMSON, Adam (Adam); +Cc: linux-mtd
On Tue, May 24, 2011 at 7:02 PM, THOMSON, Adam (Adam)
<adam.thomson@alcatel-lucent.com> wrote:
> In nand_do_write_ops() code it is possible for a caller to provide
> ops.oobbuf populated and ops.mode == MTD_OOB_AUTO, which currently
> means that the chip->oob_poi buffer isn't initialised to all 0xFF.
> The nand_fill_oob() method then carries out the task of copying
> the provided OOB data to oob_poi, but with MTD_OOB_AUTO it skips
> areas marked as unavailable by the layout struct, including the
> bad block marker bytes.
>
> An example of this causing issues is when the last OOB data read
> was from the start of a bad block where the markers are not 0xFF,
> and the caller wishes to write new OOB data at the beginning of
> another block. In this scenario the caller would provide OOB data,
> but nand_fill_oob() would skip the bad block marker bytes in
> oob_poi before copying the OOB data provided by the caller.
> This means that when the OOB data is written back to NAND,
> the block is inadvertently marked as bad without the caller knowing.
> This has been witnessed when using YAFFS2 where tags are stored
> in the OOB.
>
> This patch changes the code so that oob_poi is always initialised
> to 0xFF to make sure no left over data is inadvertently written
> back to OOB data.
>
> Signed-off-by: Adam Thomson <adam.thomson@alcatel-lucent.com>
> ---
> drivers/mtd/nand/nand_base.c | 6 +++---
> 1 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
> index 8c21b89..cb1dec1 100644
> --- a/drivers/mtd/nand/nand_base.c
> +++ b/drivers/mtd/nand/nand_base.c
> @@ -1843,9 +1843,9 @@ static int nand_do_write_ops(struct mtd_info *mtd, loff_t to,
> (chip->pagebuf << chip->page_shift) < (to + ops->len))
> chip->pagebuf = -1;
>
> - /* If we're not given explicit OOB data, let it be 0xFF */
> - if (likely(!oob))
> - memset(chip->oob_poi, 0xff, mtd->oobsize);
> + /* Initialise to all 0xFF, to avoid the possibility of
> + left over OOB data from a previous OOB read. */
Please correct the multi-line comment style. Like this:
/*
* Initialise to all 0xFF, to avoid the possibility of
* left over OOB data from a previous OOB read.
*/
> + memset(chip->oob_poi, 0xff, mtd->oobsize);
--
Regards,
Vimal Singh
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-05-24 20:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-05-24 13:32 [PATCH] nand: nand_base: Always initialise oob_poi before writing OOB data THOMSON, Adam (Adam)
2011-05-24 20:29 ` Vimal Singh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.