154bf89f5e
This patch fixes the mtdpart bug which allows users reading OOB past the end of the partition. This happens because 'part_read_oob()' allows reading multiple OOB areas in one go, and mtdparts does not validate the OOB length in the request. Although there is such check in 'nand_do_read_oob()' in nand_base.c, but it checks that we do not read past the flash chip, not the partition, because in nand_base.c we work with the whole chip (e.g., mtd->size in nand_base.c is the size of the whole chip). So this check cannot be done correctly in nand_base.c and should be instead done in mtdparts.c. This problem was reported by Jason Liu <r64343@freescale.com> and reproduced with nandsim: $ modprobe nandsim first_id_byte=0x20 second_id_byte=0xaa third_id_byte=0x00 \ fourth_id_byte=0x15 parts=0x400,0x400 $ modprobe nandsim mtd_oobtest.ko dev=0 $ dmesg = snip = mtd_oobtest: attempting to read past end of device mtd_oobtest: an error is expected... mtd_oobtest: error: read past end of device = snip = mtd_oobtest: finished with 2 errors Reported-by: Jason Liu <liu.h.jason@gmail.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> |
||
---|---|---|
.. | ||
chips | ||
devices | ||
lpddr | ||
maps | ||
nand | ||
onenand | ||
tests | ||
ubi | ||
afs.c | ||
ar7part.c | ||
cmdlinepart.c | ||
ftl.c | ||
inftlcore.c | ||
inftlmount.c | ||
Kconfig | ||
Makefile | ||
mtd_blkdevs.c | ||
mtdblock.c | ||
mtdblock_ro.c | ||
mtdchar.c | ||
mtdconcat.c | ||
mtdcore.c | ||
mtdcore.h | ||
mtdoops.c | ||
mtdpart.c | ||
mtdsuper.c | ||
nftlcore.c | ||
nftlmount.c | ||
ofpart.c | ||
redboot.c | ||
rfd_ftl.c | ||
sm_ftl.c | ||
sm_ftl.h | ||
ssfdc.c |