mtd comments

Alexander Larsson alex at
Wed Mar 1 12:47:11 EST 2000


I'm just browsing trough the mtd code.
Here are some comments:

The following code in mtd.c::mtd_read() is pretty bad from a security

if (!mtd->point || (ret = MTD_POINT(mtd, *ppos, count, &retlen, &mtdbuf)) != 0)
   /* mtd->point() failed; use mtd->read instead */
   ret = MTD_READ(mtd, *ppos, count, &retlen, buf);

The passing of buf, which is a userspace pointer to a kernel API is
dubious at the very least. And in the case of i.e. slram.c the 
physmem_read() function in fact just does an memcpy leading to a direct
security problem. 

FTL uses the read functions directly to though, so read must be able to
handle kernel pointers also.

Is the buffer pointer in the read call supposed to be a kernel or
userspace pointer? Who is responsible for verifying it?
Maybe there needs to be two API:s, one for userspace buffers and one for
kernelspace buffers. In this context the MTD_POINT api is actually very

Also, what is oob (out of band) blocks? And how are flash-memories that
have non-constant erase-sector size (i.e. boot sectors etc.) handled?

/ Alex

To unsubscribe, send "unsubscribe mtd" to majordomo at

More information about the linux-mtd mailing list