Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-6.9.y 2023-06-01T16:12:31Z 2023-06-01T16:12:31Z Arnd Bergmann arnd@arndb.de 2023-04-17T20:56:50Z urn:sha1:0ea923f443350c8c5cca6eef5b748d52b903f46c The addition of the mtdchar_read_ioctl() function caused the stack usage of mtdchar_ioctl() to grow beyond the warning limit on 32-bit architectures with gcc-13: drivers/mtd/mtdchar.c: In function 'mtdchar_ioctl': drivers/mtd/mtdchar.c:1229:1: error: the frame size of 1488 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] Mark both the read and write portions as noinline_for_stack to ensure they don't get inlined and use separate stack slots to reduce the maximum usage, both in the mtdchar_ioctl() and combined with any of its callees. Fixes: 095bb6e44eb1 ("mtdchar: add MEMREAD ioctl") Cc: stable@vger.kernel.org Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Richard Weinberger <richard@nod.at> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20230417205654.1982368-1-arnd@kernel.org 2022-09-21T08:38:11Z Michał Kępień kernel@kempniu.pl 2022-06-29T12:57:37Z urn:sha1:095bb6e44eb17da2cf95dbde9c83b44664a493f5 User-space applications making use of MTD devices via /dev/mtd* character devices currently have limited capabilities for reading data: - only deprecated methods of accessing OOB layout information exist, - there is no way to explicitly specify MTD operation mode to use; it is auto-selected based on the MTD file mode (MTD_FILE_MODE_*) set for the character device; in particular, this prevents using MTD_OPS_AUTO_OOB for reads, - all existing user-space interfaces which cause mtd_read() or mtd_read_oob() to be called (via mtdchar_read() and mtdchar_read_oob(), respectively) return success even when those functions return -EUCLEAN or -EBADMSG; this renders user-space applications using these interfaces unaware of any corrected bitflips or uncorrectable ECC errors detected during reads. Note that the existing MEMWRITE ioctl allows the MTD operation mode to be explicitly set, allowing user-space applications to write page data and OOB data without requiring them to know anything about the OOB layout of the MTD device they are writing to (MTD_OPS_AUTO_OOB). Also, the MEMWRITE ioctl does not mangle the return value of mtd_write_oob(). Add a new ioctl, MEMREAD, which addresses the above issues. It is intended to be a read-side counterpart of the existing MEMWRITE ioctl. Similarly to the latter, the read operation is performed in a loop which processes at most mtd->erasesize bytes in each iteration. This is done to prevent unbounded memory allocations caused by calling kmalloc() with the 'size' argument taken directly from the struct mtd_read_req provided by user space. However, the new ioctl is implemented so that the values it returns match those that would have been returned if just a single mtd_read_oob() call was issued to handle the entire read operation in one go. Note that while just returning -EUCLEAN or -EBADMSG to user space would already be a valid and useful indication of the ECC algorithm detecting errors during a read operation, that signal would not be granular enough to cover all use cases. For example, knowing the maximum number of bitflips detected in a single ECC step during a read operation performed on a given page may be useful when dealing with an MTD partition whose ECC layout varies across pages (e.g. a partition consisting of a bootloader area using a "custom" ECC layout followed by data pages using a "standard" ECC layout). To address that, include ECC statistics in the structure returned to user space by the new MEMREAD ioctl. Link: https://www.infradead.org/pipermail/linux-mtd/2016-April/067085.html Suggested-by: Boris Brezillon <boris.brezillon@collabora.com> Signed-off-by: Michał Kępień <kernel@kempniu.pl> Acked-by: Richard Weinberger <richard@nod.at> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20220629125737.14418-5-kernel@kempniu.pl 2022-06-09T13:03:32Z Michał Kępień kernel@kempniu.pl 2022-05-16T07:06:01Z urn:sha1:83208e106a8e8a859110ebb04a5e927ced911afb mtdchar_write_ioctl() calls kmalloc() with the 'size' argument set to the smaller of two values: the write request's data/OOB length provided by user space and the erase block size of the MTD device. If the latter is large, kmalloc() may not be able to serve such allocation requests. Use kvmalloc() instead. Correspondingly, replace kfree() calls with kvfree() calls. Suggested-by: Richard Weinberger <richard@nod.at> Signed-off-by: Michał Kępień <kernel@kempniu.pl> Acked-by: Richard Weinberger <richard@nod.at> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20220516070601.11428-3-kernel@kempniu.pl 2022-06-09T13:03:32Z Michał Kępień kernel@kempniu.pl 2022-05-16T07:06:00Z urn:sha1:a1eda864c04cf24ea1130334963c6199318f6f95 Commit 6420ac0af95d ("mtdchar: prevent unbounded allocation in MEMWRITE ioctl") added a safety check to mtdchar_write_ioctl() which attempts to ensure that the write request sent by user space does not extend beyond the MTD device's size. However, that check contains an addition of two struct mtd_write_req fields, 'start' and 'len', both of which are u64 variables. The result of that addition can overflow, allowing the safety check to be bypassed. The arguably simplest fix - changing the data types of the relevant struct mtd_write_req fields - is not feasible as it would break user space. Fix by making mtdchar_write_ioctl() truncate the value provided by user space in the 'len' field of struct mtd_write_req, so that only the lower 32 bits of that field are used, preventing the overflow. While the 'ooblen' field of struct mtd_write_req is not currently used in any similarly flawed safety check, also truncate it to 32 bits, for consistency with the 'len' field and with other MTD routines handling OOB data. Update include/uapi/mtd/mtd-abi.h accordingly. Suggested-by: Richard Weinberger <richard@nod.at> Signed-off-by: Michał Kępień <kernel@kempniu.pl> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20220516070601.11428-2-kernel@kempniu.pl 2021-12-09T16:52:29Z Michał Kępień kernel@kempniu.pl 2021-11-30T11:31:49Z urn:sha1:6420ac0af95dbcb2fd8452e2d551ab50e1bbad83 In the mtdchar_write_ioctl() function, memdup_user() is called with its 'len' parameter set to verbatim values provided by user space via a struct mtd_write_req. Both the 'len' and 'ooblen' fields of that structure are 64-bit unsigned integers, which means the MEMWRITE ioctl can trigger unbounded kernel memory allocation requests. Fix by iterating over the buffers provided by user space in a loop, processing at most mtd->erasesize bytes in each iteration. Adopt some checks from mtd_check_oob_ops() to retain backward user space compatibility. Suggested-by: Boris Brezillon <boris.brezillon@collabora.com> Signed-off-by: Michał Kępień <kernel@kempniu.pl> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20211130113149.21848-1-kernel@kempniu.pl 2021-03-28T17:24:54Z Michael Walle michael@walle.cc 2021-03-03T20:18:19Z urn:sha1:e3c1f1c92d6ede3cfa09d6a103d3d1c1ef645e35 This may sound like a contradiction but some SPI-NOR flashes really support erasing their OTP region until it is finally locked. Having the possibility to erase an OTP region might come in handy during development. The ioctl argument follows the OTPLOCK style. Signed-off-by: Michael Walle <michael@walle.cc> Acked-by: Vignesh Raghavendra <vigneshr@ti.com> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20210303201819.2752-1-michael@walle.cc 2021-03-28T17:20:11Z Michael Walle michael@walle.cc 2021-03-03T15:57:35Z urn:sha1:1e97743fd180981bef5f01402342bb54bf1c6366 MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK is always write-once. MEMSETBADBLOCK modifies the bad block table. Fixes: f7e6b19bc764 ("mtd: properly check all write ioctls for permissions") Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Rafał Miłecki <rafal@milecki.pl> Acked-by: Richard Weinberger <richard@nod.at> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20210303155735.25887-1-michael@walle.cc 2021-03-11T11:17:42Z Gustavo A. R. Silva gustavoars@kernel.org 2021-03-05T08:22:24Z urn:sha1:0975b633871cb77c3be7f1deb9feb885e3e86b9c In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning by explicitly adding a break statement instead of letting the code fall through to the next case. Link: https://github.com/KSPP/linux/issues/115 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20210305082224.GA137360@embeddedor 2021-03-11T08:37:49Z Alexander Sverdlin alexander.sverdlin@nokia.com 2021-02-17T21:18:45Z urn:sha1:1ad55288829c78e85bfe7d0c86d75415adf5f305 Get rid of central chrdev MTD lock, which prevents simultaneous operations on completely independent physical MTD chips. Replace it with newly introduced per-master mutex. Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20210217211845.43364-2-alexander.sverdlin@nokia.com 2021-03-11T08:37:49Z Alexander Sverdlin alexander.sverdlin@nokia.com 2021-02-17T21:18:44Z urn:sha1:ecd400ce5f97e03aed6bef9bc4efb1befdbf779b It looks unnecessary in the function, remove it from the function having in mind to remove it completely. Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20210217211845.43364-1-alexander.sverdlin@nokia.com