[PATCH 4.19] mtd: rawnand: brcmnand: Fix ecc chunk calculation for erased page bitfips

Yuta Hayama hayama at lineo.co.jp
Wed Nov 29 00:26:59 PST 2023


From: Claire Lin <claire.lin at broadcom.com>

commit 7f852cc1579297fd763789f8cd370639d0c654b6 upstream.

In brcmstb_nand_verify_erased_page(), the ECC chunk pointer calculation
while correcting erased page bitflips is wrong, fix it.

Fixes: 02b88eea9f9c ("mtd: brcmnand: Add check for erased page bitflips")
Signed-off-by: Claire Lin <claire.lin at broadcom.com>
Reviewed-by: Ray Jui <ray.jui at broadcom.com>
Signed-off-by: Kamal Dasu <kdasu.kdev at gmail.com>
Signed-off-by: Miquel Raynal <miquel.raynal at bootlin.com>
Signed-off-by: Yuta Hayama <hayama at lineo.co.jp>
---
After applying e44b9a9c1357 ("mtd: nand: brcmnand: Zero bitflip is not an
error"), the return value 0 of brcmstb_nand_verify_erased_page() is
*correctly* interpreted as "no bit flips, no errors". However, that
function still has the issue that it may incorrectly return 0 for a page
that contains bitflips. Without this patch, the data buffer of the erased
page could be passed to a upper layer (e.g. UBIFS) without bitflips being
detected and corrected.

In active stable, 4.14.y and 4.19.y seem to have a same issue.

 drivers/mtd/nand/raw/brcmnand/brcmnand.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/mtd/nand/raw/brcmnand/brcmnand.c b/drivers/mtd/nand/raw/brcmnand/brcmnand.c
index 0e14892ff926..dc7650ae0464 100644
--- a/drivers/mtd/nand/raw/brcmnand/brcmnand.c
+++ b/drivers/mtd/nand/raw/brcmnand/brcmnand.c
@@ -1753,6 +1753,7 @@ static int brcmstb_nand_verify_erased_page(struct mtd_info *mtd,
 	int bitflips = 0;
 	int page = addr >> chip->page_shift;
 	int ret;
+	void *ecc_chunk;
 
 	if (!buf) {
 		buf = chip->data_buf;
@@ -1768,7 +1769,9 @@ static int brcmstb_nand_verify_erased_page(struct mtd_info *mtd,
 		return ret;
 
 	for (i = 0; i < chip->ecc.steps; i++, oob += sas) {
-		ret = nand_check_erased_ecc_chunk(buf, chip->ecc.size,
+		ecc_chunk = buf + chip->ecc.size * i;
+		ret = nand_check_erased_ecc_chunk(ecc_chunk,
+						  chip->ecc.size,
 						  oob, sas, NULL, 0,
 						  chip->ecc.strength);
 		if (ret < 0)
-- 
2.25.1



More information about the linux-mtd mailing list