LinuxLists.cc - [PATCH v1] mmc: card: fixing an false identification of SANITIZE command

2013-06-05 11:13:39

Subject: [PATCH v1] mmc: card: fixing an false identification of SANITIZE command

Inside the routine mmc_blk_ioctl_cmd() the sanitize command is
identified according to the value of bits 16-23 of the argument.

but what happens if a different command is sent, and only by chance,
bits 16-23 contain the value of SANITIZE command ?
In that case a SANITIZE command will be falsely identified.
In order to prevent such a case, the condition is expanded and
now it also checks the opcode itself, and verifies that it is an
MMC_SWITCH opcode.

Signed-off-by: Yaniv Gardi <[email protected]>
---
drivers/mmc/card/block.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
index c900d28..9775ae7 100644
--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -542,7 +542,9 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev,
goto cmd_rel_host;
}

- if (MMC_EXTRACT_INDEX_FROM_ARG(cmd.arg) == EXT_CSD_SANITIZE_START) {
+ if ((MMC_EXTRACT_INDEX_FROM_ARG(cmd.arg) == EXT_CSD_SANITIZE_START) &&
+ (cmd.opcode == MMC_SWITCH)) {
+
err = ioctl_do_sanitize(card);

if (err)
--
1.7.6

2013-06-27 15:28:37

by Chris Ball

[permalink] [raw]

Subject: Re: [PATCH v1] mmc: card: fixing an false identification of SANITIZE command

Hi Yaniv,

On Wed, Jun 05 2013, Yaniv Gardi wrote:
> Inside the routine mmc_blk_ioctl_cmd() the sanitize command is
> identified according to the value of bits 16-23 of the argument.
>
> but what happens if a different command is sent, and only by chance,
> bits 16-23 contain the value of SANITIZE command ?
> In that case a SANITIZE command will be falsely identified.
> In order to prevent such a case, the condition is expanded and
> now it also checks the opcode itself, and verifies that it is an
> MMC_SWITCH opcode.
>
> Signed-off-by: Yaniv Gardi <[email protected]>
> ---
> drivers/mmc/card/block.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
> index c900d28..9775ae7 100644
> --- a/drivers/mmc/card/block.c
> +++ b/drivers/mmc/card/block.c
> @@ -542,7 +542,9 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev,
> goto cmd_rel_host;
> }
>
> - if (MMC_EXTRACT_INDEX_FROM_ARG(cmd.arg) == EXT_CSD_SANITIZE_START) {
> + if ((MMC_EXTRACT_INDEX_FROM_ARG(cmd.arg) == EXT_CSD_SANITIZE_START) &&
> + (cmd.opcode == MMC_SWITCH)) {
> +
> err = ioctl_do_sanitize(card);
>
> if (err)

Thanks, pushed to mmc-next for 3.11.

- Chris.
--
Chris Ball <[email protected]> <http://printf.net/>
One Laptop Per Child