mtd comments
Alexander Larsson
alex at cendio.se
Wed Mar 1 12:47:11 EST 2000
Hi,
I'm just browsing trough the mtd code.
Here are some comments:
The following code in mtd.c::mtd_read() is pretty bad from a security
standpoint:
if (!mtd->point || (ret = MTD_POINT(mtd, *ppos, count, &retlen, &mtdbuf)) != 0)
{
/* mtd->point() failed; use mtd->read instead */
ret = MTD_READ(mtd, *ppos, count, &retlen, buf);
The passing of buf, which is a userspace pointer to a kernel API is
dubious at the very least. And in the case of i.e. slram.c the
physmem_read() function in fact just does an memcpy leading to a direct
security problem.
FTL uses the read functions directly to though, so read must be able to
handle kernel pointers also.
Is the buffer pointer in the read call supposed to be a kernel or
userspace pointer? Who is responsible for verifying it?
Maybe there needs to be two API:s, one for userspace buffers and one for
kernelspace buffers. In this context the MTD_POINT api is actually very
nice.
Also, what is oob (out of band) blocks? And how are flash-memories that
have non-constant erase-sector size (i.e. boot sectors etc.) handled?
/ Alex
To unsubscribe, send "unsubscribe mtd" to majordomo at infradead.org
More information about the linux-mtd
mailing list