From patchwork Thu Jun 1 06:18:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arseniy Krasnov X-Patchwork-Id: 13263066 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DCC24C77B7E for ; Thu, 1 Jun 2023 06:24:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=qhkmmKnTi6r0UU5oqzjPwKuJ9kb92id00XqDzir1hWs=; b=s42kWo7iC9Um0U KF6Q4pOcCZiKfB4pAkoPi4u8J8TmRMq4+YaKvFYVQdwgAQD53zaVwfytjvQbXibV2bX/CtYFRK/YY 6TvvtzpaFoBnlr0DotDRBrRGrKVX6vogwbCV5u4srAn+VPP+mi8ObkaKyO+8rBarnSw1o4RngDpOz TEj+W0/Cft1uCamaM0cBEAOj/kR29J3a81s497HYxaZL1xMVF00CuUX2toShDUAso4m2sESS7QraN +Kuv3+NqW+g+sgtrewpWZFCgYETxu2vPVNot4+ZiT1CPCsD8Yy+4EX9uXsM1Iqv5Jrn4TP5OOLSxQ HlaWBxsr92IqEt3/cpTQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1q4bjS-002B4c-1g; Thu, 01 Jun 2023 06:24:22 +0000 Received: from mx.sberdevices.ru ([45.89.227.171]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1q4bj4-002Afu-0h; Thu, 01 Jun 2023 06:24:00 +0000 Received: from s-lin-edge02.sberdevices.ru (localhost [127.0.0.1]) by mx.sberdevices.ru (Postfix) with ESMTP id B6D9A5FD73; Thu, 1 Jun 2023 09:23:53 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sberdevices.ru; s=mail; t=1685600633; bh=kSvrNV01pYKxwurCvddI8AqxMVYMKQLY/eHlqyiGjSc=; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type; b=fApJxuo1I+DhpC4BGUSekoYjDmIMVAAy0hnnT/WsPI5i7lcRfV1pmAe0GaaiLcxef EU83Ar7jcpkqXBZ3bqxtWN2Hu8rGnGnlj3tzkZDkaEIZ7TLEM81GRm5Qa1F2GUJ2gI ifkpXX4PmPrMdxpganpJ2dDbnkAmym/c46VakgtVUDSsdIJzoPFsfWyTbejOCagyF4 Mkwi5sl9l4ER2dEvFT2Wy6JJpCiY9N/hKnE2+UjdpJu7UpCEAqPr1bOGVVKhU+a3Rx vIWiS54iPrTSj/pI5uQDPP8A/rpVRhH0LruM93gFH8nJO+qC5vbXgIXkrSmA94Epih RfGtZOkZZhlqQ== Received: from S-MS-EXCH01.sberdevices.ru (S-MS-EXCH01.sberdevices.ru [172.16.1.4]) by mx.sberdevices.ru (Postfix) with ESMTP; Thu, 1 Jun 2023 09:23:53 +0300 (MSK) From: Arseniy Krasnov To: Liang Yang , Miquel Raynal , Richard Weinberger , Vignesh Raghavendra , Neil Armstrong , Kevin Hilman , Jerome Brunet , Martin Blumenstingl CC: , , Arseniy Krasnov , , , , Subject: [RFC PATCH v5 5/6] mtd: rawnand: meson: check buffer length Date: Thu, 1 Jun 2023 09:18:48 +0300 Message-ID: <20230601061850.3907800-6-AVKrasnov@sberdevices.ru> X-Mailer: git-send-email 2.35.0 In-Reply-To: <20230601061850.3907800-1-AVKrasnov@sberdevices.ru> References: <20230601061850.3907800-1-AVKrasnov@sberdevices.ru> MIME-Version: 1.0 X-Originating-IP: [172.16.1.6] X-ClientProxiedBy: S-MS-EXCH01.sberdevices.ru (172.16.1.4) To S-MS-EXCH01.sberdevices.ru (172.16.1.4) X-KSMG-Rule-ID: 4 X-KSMG-Message-Action: clean X-KSMG-AntiSpam-Status: not scanned, disabled by settings X-KSMG-AntiSpam-Interceptor-Info: not scanned X-KSMG-AntiPhishing: not scanned, disabled by settings X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 1.1.2.30, bases: 2023/06/01 03:13:00 #21393813 X-KSMG-AntiVirus-Status: Clean, skipped X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230531_232358_634954_E700D071 X-CRM114-Status: GOOD ( 13.78 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org This NAND controller has limited buffer length, so check it before command execution to avoid length trim. Also check MTD write size on chip attach. Signed-off-by: Arseniy Krasnov --- Changelog v4->v5: * Move length checks from functions 'meson_nfc_read/write_buf()' to 'meson_nfc_exec_op()'. drivers/mtd/nand/raw/meson_nand.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c index 23a73268421b..2a91916566f4 100644 --- a/drivers/mtd/nand/raw/meson_nand.c +++ b/drivers/mtd/nand/raw/meson_nand.c @@ -111,6 +111,8 @@ #define NFC_USER_BYTES 2 #define NFC_OOB_PER_ECC(nand) ((nand)->ecc.bytes + NFC_USER_BYTES) +#define NFC_CMD_RAW_LEN GENMASK(13, 0) + struct meson_nfc_nand_chip { struct list_head node; struct nand_chip nand; @@ -284,7 +286,7 @@ static void meson_nfc_cmd_access(struct nand_chip *nand, int raw, bool dir, if (raw) { len = mtd->writesize + mtd->oobsize; - cmd = (len & GENMASK(13, 0)) | scrambler | DMA_DIR(dir); + cmd = len | scrambler | DMA_DIR(dir); writel(cmd, nfc->reg_base + NFC_REG_CMD); return; } @@ -573,7 +575,7 @@ static int meson_nfc_read_buf(struct nand_chip *nand, u8 *buf, int len) if (ret) goto out; - cmd = NFC_CMD_N2M | (len & GENMASK(13, 0)); + cmd = NFC_CMD_N2M | len; writel(cmd, nfc->reg_base + NFC_REG_CMD); meson_nfc_drain_cmd(nfc); @@ -597,7 +599,7 @@ static int meson_nfc_write_buf(struct nand_chip *nand, u8 *buf, int len) if (ret) return ret; - cmd = NFC_CMD_M2N | (len & GENMASK(13, 0)); + cmd = NFC_CMD_M2N | len; writel(cmd, nfc->reg_base + NFC_REG_CMD); meson_nfc_drain_cmd(nfc); @@ -1044,6 +1046,9 @@ static int meson_nfc_exec_op(struct nand_chip *nand, break; case NAND_OP_DATA_IN_INSTR: + if (instr->ctx.data.len > NFC_CMD_RAW_LEN) + return -EINVAL; + buf = meson_nand_op_get_dma_safe_input_buf(instr); if (!buf) return -ENOMEM; @@ -1052,6 +1057,9 @@ static int meson_nfc_exec_op(struct nand_chip *nand, break; case NAND_OP_DATA_OUT_INSTR: + if (instr->ctx.data.len > NFC_CMD_RAW_LEN) + return -EINVAL; + buf = meson_nand_op_get_dma_safe_output_buf(instr); if (!buf) return -ENOMEM; @@ -1293,6 +1301,7 @@ static int meson_nand_attach_chip(struct nand_chip *nand) struct meson_nfc_nand_chip *meson_chip = to_meson_nand(nand); struct mtd_info *mtd = nand_to_mtd(nand); int nsectors = mtd->writesize / 1024; + int raw_writesize; int ret; if (!mtd->name) { @@ -1304,6 +1313,13 @@ static int meson_nand_attach_chip(struct nand_chip *nand) return -ENOMEM; } + raw_writesize = mtd->writesize + mtd->oobsize; + if (raw_writesize > NFC_CMD_RAW_LEN) { + dev_err(nfc->dev, "too big write size in raw mode: %d > %ld\n", + raw_writesize, NFC_CMD_RAW_LEN); + return -EINVAL; + } + if (nand->bbt_options & NAND_BBT_USE_FLASH) nand->bbt_options |= NAND_BBT_NO_OOB;