Hi YouChing,
YouChing Lin <ycl...@mxic.com.tw> wrote on Thu, 10 Dec 2020 11:22:08
+0800:
> If eccbyte exceeds 64 bytes, the read operation will get wrong results.
> For example: Flash with a page size of 4096 bytes (eccbyte: 104 bytes).
> During the read operation, after executing nand_ecc_sw_bch_calculate(),
> since the calc_buf/code_buf ranges overlap each other, the last three
> steps of ecc_code (read from oob) will be changed.
>
> The root cause is that the size of calc_buf/code_buf is limited to 64
> bytes, although sizeof(mtd->oobsize) returns 4, kzalloc() will allocate
> 64 bytes (cache size alignment).
>
> So we correct the size of calc_buf/code_buf to mtd->oobsize.
>
> Signed-off-by: YouChing Lin <ycl...@mxic.com.tw>
> ---
> drivers/mtd/nand/ecc-sw-bch.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/mtd/nand/ecc-sw-bch.c b/drivers/mtd/nand/ecc-sw-bch.c
> index 4d8a979..0a0ac11 100644
> --- a/drivers/mtd/nand/ecc-sw-bch.c
> +++ b/drivers/mtd/nand/ecc-sw-bch.c
> @@ -237,8 +237,8 @@ int nand_ecc_sw_bch_init_ctx(struct nand_device *nand)
>
> engine_conf->code_size = code_size;
> engine_conf->nsteps = nsteps;
> - engine_conf->calc_buf = kzalloc(sizeof(mtd->oobsize), GFP_KERNEL);
> - engine_conf->code_buf = kzalloc(sizeof(mtd->oobsize), GFP_KERNEL);
> + engine_conf->calc_buf = kzalloc(mtd->oobsize, GFP_KERNEL);
> + engine_conf->code_buf = kzalloc(mtd->oobsize, GFP_KERNEL);
Very nice catch! If you don't mind I will merge this fix with the
faulty commit (still in next) and I will also bring the fix to Hamming
which will suffer from the same error.
Then I will apply the second patch.
> if (!engine_conf->calc_buf || !engine_conf->code_buf) {
> ret = -ENOMEM;
> goto free_bufs;
Thanks,
Miquèl
