From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 401BBC433F5 for ; Fri, 26 Nov 2021 13:03:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=qo9IdkxhGDqGenwF24ojL2wqt7O5L3w5HWOXajN01QQ=; b=zZrDdE0+CwgKcE 4dkotlRtqGvZS1BwAiH9t/jmo+bs97gEQv9HmaIDs188+E5UXUdi+LM/j1fVaymN7JhVWOrcjt64O Mc8Vql5PDOwn+eMu+o60Yh8OuSzaJabdUd64Cpw5j2zi9lUL4ZgHsnCvT/F1+hQ6BbIQbr0wa8vH8 1Xd4YrvXMXG56ccUvu2X7/ngbGEasvW8CICwe7RUxvDWBADZ+QBasuXo6kYpICOFfTVTsupt6hpfR ush92pdsBhT/cMwkOSbaHICHZakEFcBPgtFZePi0imqGCcg5DZLlFoqmaOh5JAomWd1/hjZtO8fDC sDlDYVjsDTi3dcXW5MzA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mqasG-00AWeC-M4; Fri, 26 Nov 2021 13:02:44 +0000 Received: from mail-lj1-x234.google.com ([2a00:1450:4864:20::234]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mqasC-00AWdM-UE for linux-mtd@lists.infradead.org; Fri, 26 Nov 2021 13:02:42 +0000 Received: by mail-lj1-x234.google.com with SMTP id j18so5431409ljc.12 for ; Fri, 26 Nov 2021 05:02:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kempniu.pl; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=TXOwpLv7KDX/kwKg8NXTBcWSQI5gKaFisLYfaSk/F6g=; b=SUdbpVmqbbzQ7GMGk5ybLBcdUOA8DYSC2v6K5Tuaxkogxu2DNLA4ClyRinwEuhHJAJ mctyH3gQW+gUfkKjDY2mFEhquFNAmjYC60OhMIAOsh921be6Z0RZaak/Ilanf1igyEhX nwNb/g+aGgtFVtjXE2WGR/kuzy4dEn8Y3NG8Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=TXOwpLv7KDX/kwKg8NXTBcWSQI5gKaFisLYfaSk/F6g=; b=GEt1B2Bu5NQc0ufim5wg4yIxpdaXyMzaUpWshyFECk+AEdSGCyJ7nyL/HSgFX8ii3u iVvK/Cr3mHEcZCD6MPf7dYcCOb80ny9aeJI9sfxL+Po6M1nvUtPLOPuTSxQ6C9W8sxpc KzyyA4RhG/Bev+tMBCbj1AsKeM1QHsdMbZJOtMnLBTZwET5GKWMadlc6QAhqSR8t/JTO v8ipBVGNB1NjIpiT9lkTYrWFCCYBTedaqGBDLXxD+XXI90+HMOp7tZPCeiAs/L2/xjmo RFNFQZ2AK5tYZ2Xd9Kbq8g1Ak9AgxCJhm4rCf00wZMTeWzgnYZ+ycVNgowBjyLG/EybO QbFA== X-Gm-Message-State: AOAM530T3/wvsFqeQ38oHgjtBlzyfCHCDRlNkGrh9NEzWGSlS9hvIlZl 0H/O23SYwg5Rn7Zb8pdLtGmtFg== X-Google-Smtp-Source: ABdhPJxUIahQRLbelSRGX08f9pSLdmcbvpjLK0Wt0SB+d6q+QgKmvzsKL3CRC0Q1NgyqKJbbE8NRFA== X-Received: by 2002:a2e:9ecb:: with SMTP id h11mr31283952ljk.212.1637931757336; Fri, 26 Nov 2021 05:02:37 -0800 (PST) Received: from larwa.hq.kempniu.pl ([2001:470:64df:111::e02]) by smtp.gmail.com with ESMTPSA id 18sm490378ljr.17.2021.11.26.05.02.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Nov 2021 05:02:36 -0800 (PST) Date: Fri, 26 Nov 2021 14:02:33 +0100 From: =?utf-8?B?TWljaGHFgiBLxJlwaWXFhA==?= To: Miquel Raynal Cc: Richard Weinberger , Vignesh Raghavendra , Boris Brezillon , linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] mtdchar: prevent unbounded allocation in MEMWRITE ioctl Message-ID: References: <20211025082104.8017-1-kernel@kempniu.pl> <20211122103122.424326a1@xps13> <20211126103116.5bef6bc0@xps13> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20211126103116.5bef6bc0@xps13> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211126_050241_075386_8FC3DF80 X-CRM114-Status: GOOD ( 34.49 ) X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+linux-mtd=archiver.kernel.org@lists.infradead.org SGkgTWlxdcOobCwKCj4gPiAgNS4gVGhlIGFib3ZlIGNhdXNlcyB0aGUgZHJpdmVyIHRvIHJlY2Vp dmUgMjA0OCBieXRlcyBvZiBkYXRhIGZvciBhIHBhZ2UKPiA+ICAgICB3cml0ZSBpbiByYXcgbW9k ZSwgd2hpY2ggcmVzdWx0cyBpbiBhbiBlcnJvciB0aGF0IHByb3BhZ2F0ZXMgYWxsIHRoZQo+ID4g ICAgIHdheSB1cCB0byBtdGRjaGFyX3dyaXRlX2lvY3RsKCkuCj4gCj4gVGhpcyBpcyBkZWZpbml0 ZWx5IGZhciBmcm9tIGFuIGV4cGVjdGVkIGJlaGF2aW9yLiBXcml0aW5nIGEgcGFnZQo+IHdpdGhv dXQgT09CIGlzIGNvbXBsZXRlbHkgZmluZS4KCkNvdWxkIGl0IGJlIGEgbmFuZHNpbSBxdWlyaz8g IFNvcnJ5LCBJIGRvIG5vdCBmZWVsIHF1YWxpZmllZCBlbm91Z2ggdG8KY29tbWVudCBvbiB0aGlz LiAgSSBwcmVwYXJlZCBhIGNvZGUgZmxvdyBhbmFseXNpcyBiZWxvdywgdGhvdWdoLgoKPiA+IFRo ZSBuYW5kc2ltIGRyaXZlciByZXR1cm5zIHRoZSBzYW1lIGVycm9yIGlmIHlvdSBwYXNzIHRoZSBm b2xsb3dpbmcKPiA+IHJlcXVlc3QgdG8gdGhlIE1FTVdSSVRFIGlvY3RsOgo+ID4gCj4gPiAgICAg c3RydWN0IG10ZF93cml0ZV9yZXEgcmVxID0gewo+ID4gICAgICAgICAuc3RhcnQgPSAyMDQ4LAo+ ID4gICAgICAgICAubGVuID0gMjA0OCwKPiA+ICAgICAgICAgLm9vYmxlbiA9IDAsCj4gPiAgICAg ICAgIC51c3JfZGF0YSA9IDB4MTAwMDAwMDAsCj4gPiAgICAgICAgIC51c3Jfb29iID0gTlVMTCwK PiA+ICAgICAgICAgLm1vZGUgPSBNVERfT1BTX1JBVywKPiA+ICAgICB9Owo+ID4gCj4gPiBzbyBp dCBpcyBub3QgdGhlIGRyaXZlciB0aGF0IGlzIGJyb2tlbiBvciBpbnNhbmUsIGl0IGlzIHRoZSBz cGxpdHRpbmcKPiA+IHByb2Nlc3MgdGhhdCBtYXkgY2F1c2UgdGhlIE1FTVdSSVRFIGlvY3RsIHRv IHJldHVybiBkaWZmZXJlbnQgZXJyb3IKPiA+IGNvZGVzIHRoYW4gYmVmb3JlLgo+ID4gCj4gPiBJ IHBsYXllZCB3aXRoIHRoZSBjb2RlIGEgYml0IG1vcmUgYW5kIEkgZm91bmQgYSBmaXggd2hpY2gg YWRkcmVzc2VzIHRoaXMKPiA+IGlzc3VlIHdpdGhvdXQgYnJlYWtpbmcgb3RoZXIgc2NlbmFyaW9z OiBzZXR0aW5nIG9vYmJ1ZiB0byB0aGUgc2FtZQo+ID4gcG9pbnRlciBmb3IgZXZlcnkgbG9vcCBp dGVyYXRpb24gKGlmIG9vYmxlbiBpcyAwLCBubyBPT0IgZGF0YSB3aWxsIGJlCj4gPiB3cml0dGVu IGFueXdheSkuCj4gCj4gWW91IG1lYW4gdGhhdAo+IAl7IC51c2VyX29vYiA9IE5VTEwsIC5vb2Js ZW4gPSAwIH0KPiBmYWlscywgd2hpbGUKPiAJeyAudXNlcl9vb2IgPSByYW5kb20sIC5vb2JsZW4g PSAwIH0KPiB3b3Jrcz8gVGhpcyBzZWVtcyBhIGxpdHRsZSBiaXQgZnJhZ2lsZS4KClRoYXQgaXMg aW5kZWVkIHRoZSBiZWhhdmlvciBJIGFtIG9ic2VydmluZyB3aXRoIG5hbmRzaW0sIGV2ZW4gb24g YQprZXJuZWwgd2hpY2ggZG9lcyBub3QgaW5jbHVkZSBteSBwYXRjaC4KCj4gQ291bGQgeW91IHRl bGwgdXMgdGhlIG9yaWdpbiBvZiB0aGUgZXJyb3I/IEJlY2F1c2UgaW4KPiBuYW5kX2RvX3dyaXRl X29wcygpIGlmIG9wcy0+b29iYnVmIGlzIHBvcHVsYXRlZCB0aGVuIG9vYl9yZXF1aXJlZCBpcwo+ IHNldCB0byB0cnVlIG5vIG1hdHRlciB0aGUgdmFsdWUgc2V0IGluIG9vYmxlbi4KCkNvcnJlY3Qg LSBhbmQgdGhhdCBpcyB3aGF0IGNhdXNlcyB0aGUgYmVoYXZpb3IgZGVzY3JpYmVkIGFib3ZlIChh bmQgd2h5CnRoZSB0d2VhayBJIGNhbWUgdXAgd2l0aCB3b3JrcyBhcm91bmQgdGhlIHByb2JsZW0p LgoKbmFuZF9kb193cml0ZV9vcHMoKSBjYWxscyBuYW5kX3dyaXRlX3BhZ2UoKSB3aXRoICdvb2Jf cmVxdWlyZWQnIHBhc3NlZAphcyB0aGUgZmlmdGggcGFyYW1ldGVyLiAgSW4gcmF3IG1vZGUsIG5h bmRfd3JpdGVfcGFnZSgpIGNhbGxzCm5hbmRfd3JpdGVfcGFnZV9yYXcoKS4gIEhlcmUgaXMgd2hh dCBoYXBwZW5zIHRoZXJlOgoKIDEuIG5hbmRfcHJvZ19wYWdlX2JlZ2luX29wKCkgc2V0cyB1cCBh IHBhZ2UgcHJvZ3JhbW1pbmcgb3BlcmF0aW9uIGJ5CiAgICBzZW5kaW5nIGEgZmV3IGNvbW1hbmRz IHRvIHRoZSBjaGlwLiAgU2VlIG5hbmRfZXhlY19wcm9nX3BhZ2Vfb3AoKQogICAgZm9yIGRldGFp bHMuICBOb3RlIHRoYXQgc2luY2UgdGhlICdwcm9nJyBwYXJhbWV0ZXIgaXMgc2V0IHRvIGZhbHNl LAogICAgdGhlIGxhc3QgdHdvIGluc3RydWN0aW9ucyBmcm9tIHRoZSAnaW5zdHJzJyBhcnJheSBh cmUgbm90IHJ1biB5ZXQuCgogMi4gJ29vYl9yZXF1aXJlZCcgaXMgY2hlY2tlZC4gIElmIGl0IGlz IHNldCB0byAxLCBPT0IgZGF0YSBpcyBzZW50IHRvCiAgICB0aGUgY2hpcDsgb3RoZXJ3aXNlLCBp dCBpcyBub3Qgc2VudC4KCiAzLiBuYW5kX3Byb2dfcGFnZV9lbmRfb3AoKSBpcyBjYWxsZWQgdG8g ZmluaXNoIHRoZSBwcm9ncmFtbWluZwogICAgb3BlcmF0aW9uLgoKQXQgdGhhdCBwb2ludCwgdGhl IEFDVElPTl9QUkdQQUdFIHN3aXRjaCBjYXNlIGluIG5zX2RvX3N0YXRlX2FjdGlvbigpCihpbiBk cml2ZXJzL210ZC9uYW5kL3Jhdy9uYW5kc2ltLmMpIGNoZWNrcyB3aGV0aGVyIHRoZSBudW1iZXIg b2YgYnl0ZXMKaXQgcmVjZWl2ZWQgc28gZmFyIGZvciB0aGlzIG9wZXJhdGlvbiAobnMtPnJlZ3Mu Y291bnQsIHVwZGF0ZWQgYnkKbnNfbmFuZF93cml0ZV9idWYoKSBhcyBkYXRhIGlzIHB1c2hlZCB0 byB0aGUgY2hpcCkgZXF1YWxzIHRoZSBudW1iZXIgb2YKYnl0ZXMgaW4gYSBmdWxsIHBhZ2Ugd2l0 aCBPT0IgZGF0YSAobnVtKS4gIElmIG5vdCwgYW4gZXJyb3IgaXMgcmV0dXJuZWQsCndoaWNoIHJl c3VsdHMgaW4gdGhlIE5BTkRfU1RBVFVTX0ZBSUwgZmxhZyBiZWluZyBzZXQgaW4gdGhlIHN0YXR1 cyBieXRlLAp0cmlnZ2VyaW5nIGFuIC1FSU8uCgpUaGlzIGRvZXMgbm90IGhhcHBlbiBmb3IgYW55 IG90aGVyIE1URCBvcGVyYXRpb24gbW9kZSBiZWNhdXNlIHRoZSBjaGlwCmNhbGxiYWNrcyB0aGF0 IG5hbmRfd3JpdGVfcGFnZSgpIGludm9rZXMgaW4gdGhvc2Ugb3RoZXIgbW9kZXMgY2F1c2UgT09C CmRhdGEgdG8gYmUgc2VudCB0byB0aGUgY2hpcC4KCj4gUGx1cywgdGhlIGNvZGUgaW4gbXRkY2hh ciBpcyBjbGVhcjogLm9vYmJ1ZiBpcyBzZXQgdG8gTlVMTCBpZiB0aGVyZSBhcmUKPiBubyBPT0Jz IHByb3ZpZGVkIGJ5IHRoZSB1c2VyIHNvIEkgYmVsaWV2ZSB0aGlzIGlzIGEgc2l0dWF0aW9uIHRo YXQKPiBzaG91bGQgYWxyZWFkeSB3b3JrLiAKCkNvcnJlY3QsIHRob3VnaCBjdXJyZW50IG10ZGNo YXJfd3JpdGVfaW9jdGwoKSBjb2RlIG9ubHkgbG9va3MgYXQgdGhlCnZhbHVlIG9mIHRoZSAndXNy X29vYicgZmllbGQgaW4gdGhlIHN0cnVjdCBtdGRfd3JpdGVfcmVxIHBhc3NlZCB0byBpdCwKc28g ZXZlbiBpZiB5b3UgcGFzcyB7IC51c3Jfb29iID0gPHNvbWV0aGluZyBub24tTlVMTD4sIC5vb2Js ZW4gPSAwIH0sIGl0CndpbGwgc3RpbGwgc2V0IG9wcy5vb2JidWYgdG8gdGhlIHBvaW50ZXIgcmV0 dXJuZWQgYnkgbWVtZHVwX3VzZXIoKS4KCi0tIApCZXN0IHJlZ2FyZHMsCk1pY2hhxYIgS8SZcGll xYQKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f XwpMaW51eCBNVEQgZGlzY3Vzc2lvbiBtYWlsaW5nIGxpc3QKaHR0cDovL2xpc3RzLmluZnJhZGVh ZC5vcmcvbWFpbG1hbi9saXN0aW5mby9saW51eC1tdGQvCg== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D01D5C433F5 for ; Fri, 26 Nov 2021 13:45:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1377686AbhKZNsw (ORCPT ); Fri, 26 Nov 2021 08:48:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53834 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348777AbhKZNqu (ORCPT ); Fri, 26 Nov 2021 08:46:50 -0500 Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9E4BC061746 for ; Fri, 26 Nov 2021 05:02:39 -0800 (PST) Received: by mail-lj1-x231.google.com with SMTP id 13so18570221ljj.11 for ; Fri, 26 Nov 2021 05:02:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kempniu.pl; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=TXOwpLv7KDX/kwKg8NXTBcWSQI5gKaFisLYfaSk/F6g=; b=SUdbpVmqbbzQ7GMGk5ybLBcdUOA8DYSC2v6K5Tuaxkogxu2DNLA4ClyRinwEuhHJAJ mctyH3gQW+gUfkKjDY2mFEhquFNAmjYC60OhMIAOsh921be6Z0RZaak/Ilanf1igyEhX nwNb/g+aGgtFVtjXE2WGR/kuzy4dEn8Y3NG8Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=TXOwpLv7KDX/kwKg8NXTBcWSQI5gKaFisLYfaSk/F6g=; b=dEi7kWg2paLAuLvXFLpImJSmQKkZCntcOBDt6TnZtRrBYHXjM8bv95tq3qAFJi+t+V 8yEFrke61cMpPCUgj+CFmBf5Bp3CbgK7bEK64fOI1S9ty90HlfDeTGW7g4JYlhbWhILH XXYThtW4/3QZIj7IZaAhY6XOxkZVSc4zSWPqKXems/Q0r/716pBIDDYzSOaCrPMTyq++ e0viv+zCaqqMjstNtSW38l5vHf7vuQZQhaDvL8v0eroRmeU1uaS4AZTYXX4FmvdAc0QH wMTBZ1EVgm2MdcKPWuRKzTHcbMBJJjNGAWok9gvh6GS5maLyo6PJq0b4nU7rwcYHRecI kAvg== X-Gm-Message-State: AOAM533kRMCj+GJ+2mD4viJiwlmF34xAOCVez2R9AlWbpnlgJN3TroSL 9NL81wE9mU/YqSoAk7T/NCl/6zu4j3u6Rw== X-Google-Smtp-Source: ABdhPJxUIahQRLbelSRGX08f9pSLdmcbvpjLK0Wt0SB+d6q+QgKmvzsKL3CRC0Q1NgyqKJbbE8NRFA== X-Received: by 2002:a2e:9ecb:: with SMTP id h11mr31283952ljk.212.1637931757336; Fri, 26 Nov 2021 05:02:37 -0800 (PST) Received: from larwa.hq.kempniu.pl ([2001:470:64df:111::e02]) by smtp.gmail.com with ESMTPSA id 18sm490378ljr.17.2021.11.26.05.02.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Nov 2021 05:02:36 -0800 (PST) Date: Fri, 26 Nov 2021 14:02:33 +0100 From: =?utf-8?B?TWljaGHFgiBLxJlwaWXFhA==?= To: Miquel Raynal Cc: Richard Weinberger , Vignesh Raghavendra , Boris Brezillon , linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] mtdchar: prevent unbounded allocation in MEMWRITE ioctl Message-ID: References: <20211025082104.8017-1-kernel@kempniu.pl> <20211122103122.424326a1@xps13> <20211126103116.5bef6bc0@xps13> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20211126103116.5bef6bc0@xps13> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Miquèl, > > 5. The above causes the driver to receive 2048 bytes of data for a page > > write in raw mode, which results in an error that propagates all the > > way up to mtdchar_write_ioctl(). > > This is definitely far from an expected behavior. Writing a page > without OOB is completely fine. Could it be a nandsim quirk? Sorry, I do not feel qualified enough to comment on this. I prepared a code flow analysis below, though. > > The nandsim driver returns the same error if you pass the following > > request to the MEMWRITE ioctl: > > > > struct mtd_write_req req = { > > .start = 2048, > > .len = 2048, > > .ooblen = 0, > > .usr_data = 0x10000000, > > .usr_oob = NULL, > > .mode = MTD_OPS_RAW, > > }; > > > > so it is not the driver that is broken or insane, it is the splitting > > process that may cause the MEMWRITE ioctl to return different error > > codes than before. > > > > I played with the code a bit more and I found a fix which addresses this > > issue without breaking other scenarios: setting oobbuf to the same > > pointer for every loop iteration (if ooblen is 0, no OOB data will be > > written anyway). > > You mean that > { .user_oob = NULL, .ooblen = 0 } > fails, while > { .user_oob = random, .ooblen = 0 } > works? This seems a little bit fragile. That is indeed the behavior I am observing with nandsim, even on a kernel which does not include my patch. > Could you tell us the origin of the error? Because in > nand_do_write_ops() if ops->oobbuf is populated then oob_required is > set to true no matter the value set in ooblen. Correct - and that is what causes the behavior described above (and why the tweak I came up with works around the problem). nand_do_write_ops() calls nand_write_page() with 'oob_required' passed as the fifth parameter. In raw mode, nand_write_page() calls nand_write_page_raw(). Here is what happens there: 1. nand_prog_page_begin_op() sets up a page programming operation by sending a few commands to the chip. See nand_exec_prog_page_op() for details. Note that since the 'prog' parameter is set to false, the last two instructions from the 'instrs' array are not run yet. 2. 'oob_required' is checked. If it is set to 1, OOB data is sent to the chip; otherwise, it is not sent. 3. nand_prog_page_end_op() is called to finish the programming operation. At that point, the ACTION_PRGPAGE switch case in ns_do_state_action() (in drivers/mtd/nand/raw/nandsim.c) checks whether the number of bytes it received so far for this operation (ns->regs.count, updated by ns_nand_write_buf() as data is pushed to the chip) equals the number of bytes in a full page with OOB data (num). If not, an error is returned, which results in the NAND_STATUS_FAIL flag being set in the status byte, triggering an -EIO. This does not happen for any other MTD operation mode because the chip callbacks that nand_write_page() invokes in those other modes cause OOB data to be sent to the chip. > Plus, the code in mtdchar is clear: .oobbuf is set to NULL if there are > no OOBs provided by the user so I believe this is a situation that > should already work. Correct, though current mtdchar_write_ioctl() code only looks at the value of the 'usr_oob' field in the struct mtd_write_req passed to it, so even if you pass { .usr_oob = , .ooblen = 0 }, it will still set ops.oobbuf to the pointer returned by memdup_user(). -- Best regards, Michał Kępień