[PATCH][v4] mtd: rawnand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0

Boris Brezillon boris.brezillon at bootlin.com
Wed Mar 21 01:55:35 PDT 2018


On Wed, 21 Mar 2018 05:51:46 +0530
Jagdish Gediya <jagdish.gediya at nxp.com> wrote:

> Number of ECC status registers i.e. (ECCSTATx) has been increased in IFC
> version 2.0.0 due to increase in SRAM size. This is causing eccstat
> array to over flow.
> 
> So, replace eccstat array with u32 variable to make it fail-safe and
> independent of number of ECC status registers or SRAM size.
> 
> Fixes: bccb06c353af ("mtd: nand: ifc: update bufnum mask for ver >= 2.0.0")
> Cc: stable at vger.kernel.org # 3.18+
> Signed-off-by: Prabhakar Kushwaha <prabhakar.kushwaha at nxp.com>
> Signed-off-by: Jagdish Gediya <jagdish.gediya at nxp.com>
> ---
> Changes for v2: Incorporated comments from Miquel Raynal and Boris Brezillon 
>         - Updated patch subject
>         - Remove usage of eccstat array
>         - Added Cc: stable at vger.kernel.org 
> 
> Changes for v3: Incorporated comments from Boris Brezillon
>         - Added fixes tag
> 
> Changes for v4: Incorporated comments from Boris Brezillon
> 
>  drivers/mtd/nand/fsl_ifc_nand.c | 23 ++++++++++-------------
>  1 file changed, 10 insertions(+), 13 deletions(-)
> 
> diff --git a/drivers/mtd/nand/fsl_ifc_nand.c b/drivers/mtd/nand/fsl_ifc_nand.c
> index 4872a7b..9a01309 100644
> --- a/drivers/mtd/nand/fsl_ifc_nand.c
> +++ b/drivers/mtd/nand/fsl_ifc_nand.c
> @@ -173,14 +173,9 @@ static void set_addr(struct mtd_info *mtd, int column, int page_addr, int oob)
>  
>  /* returns nonzero if entire page is blank */
>  static int check_read_ecc(struct mtd_info *mtd, struct fsl_ifc_ctrl *ctrl,
> -			  u32 *eccstat, unsigned int bufnum)
> +			  u32 eccstat, unsigned int bufnum)
>  {
> -	u32 reg = eccstat[bufnum / 4];
> -	int errors;
> -
> -	errors = (reg >> ((3 - bufnum % 4) * 8)) & 15;
> -
> -	return errors;
> +	return  (eccstat >> ((3 - bufnum % 4) * 8)) & 15;
>  }
>  
>  /*
> @@ -193,7 +188,7 @@ static void fsl_ifc_run_command(struct mtd_info *mtd)
>  	struct fsl_ifc_ctrl *ctrl = priv->ctrl;
>  	struct fsl_ifc_nand_ctrl *nctrl = ifc_nand_ctrl;
>  	struct fsl_ifc_runtime __iomem *ifc = ctrl->rregs;
> -	u32 eccstat[4];
> +	u32 eccstat;
>  	int i;
>  
>  	/* set the chip select for NAND Transaction */
> @@ -228,8 +223,8 @@ static void fsl_ifc_run_command(struct mtd_info *mtd)
>  	if (nctrl->eccread) {
>  		int errors;
>  		int bufnum = nctrl->page & priv->bufnum_mask;
> -		int sector = bufnum * chip->ecc.steps;
> -		int sector_end = sector + chip->ecc.steps - 1;
> +		int sector_start = bufnum * chip->ecc.steps;
> +		int sector_end = sector_start + chip->ecc.steps - 1;
>  		__be32 *eccstat_regs;
>  
>  		if (ctrl->version >= FSL_IFC_VERSION_2_0_0)
> @@ -237,10 +232,12 @@ static void fsl_ifc_run_command(struct mtd_info *mtd)
>  		else
>  			eccstat_regs = ifc->ifc_nand.v1_nand_eccstat;
>  
> -		for (i = sector / 4; i <= sector_end / 4; i++)
> -			eccstat[i] = ifc_in32(&eccstat_regs[i]);
> +		eccstat = ifc_in32(&eccstat_regs[sector_start / 4]);
> +
> +		for (i = sector_start; i <= sector_end; i++) {
> +			if (!(i % 4))
> +				eccstat = ifc_in32(&eccstat_regs[i / 4]);

So now you're reading eccstat_regs[sector_start / 4] twice if
sector_start is aligned on 4. Why don't you want the test I proposed
in my last review?

			if (i != sector_start && !(i % 4))

>  
> -		for (i = sector; i <= sector_end; i++) {
>  			errors = check_read_ecc(mtd, ctrl, eccstat, i);
>  
>  			if (errors == 15) {



-- 
Boris Brezillon, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com



More information about the linux-mtd mailing list