Received: by 2002:a19:f614:0:0:0:0:0 with SMTP id x20csp64353lfe; Fri, 15 Apr 2022 19:42:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxUkj6I0ejOK/sjV0KfdJeeuTkyZEe8VSSwRU7QahYLv7GQ9qbT2gssScpk2FIySrNAX8HR X-Received: by 2002:a17:90b:4c8e:b0:1c6:8dfb:3cb6 with SMTP id my14-20020a17090b4c8e00b001c68dfb3cb6mr1900780pjb.72.1650076971589; Fri, 15 Apr 2022 19:42:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650076971; cv=none; d=google.com; s=arc-20160816; b=gXlE/cslHVjFC0kqIgPtHuye2bzUSLjBbCVNT4gF0/YJ16hibSGsV+GSLxQZdB/b+o hvlsS/OlpoMB4dRlO6IwFRDz1cNsjgv7UCoAMQwWJaxhUgV3L4SQyvC3OQzkYNLKiGQ5 449B3IEzvdYTkNgp1zSKogM0FmD31a6ygkIENRM8iuTnub7MjG1vX3pnGVntvaKWjDpX wacDpXReYRtYWWtBbmjswfIqHR983JrGJqyz7V/YI5IjzurzpTkoDkTGVEs6PPnXQ0OG u/9c+Akc5+FYKjojq+b4PUVNtlANP6aEZvQy/gjRpKUQC+jQ8pU17eYbhY5K4RYuy7S2 oQug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:dkim-signature; bh=ztYFw9ifTWPMIRCBm5gIwDz/r3tBF1L5vZf09P1ty6Q=; b=UOYOOwRbV23XFPNKDE4m7ysEiN1knJgOTdJ3l1v7yUdVC2vdOQ4aVI65m9YnXjyRWj gb9BaITrSQHHX/6CJlzFpVLilkorp9kS7MxUaafOJwiumDCMTfjZUmPtWI/PQ334Poi5 QMgmUr11ICQtHfhGgTZySTQQC/eQQEolXRUdv6pF2yPl5aOVRhb6tRPrJ/zn7J/puSOY 9ms4rhaHaKqE8tV9wYurEz6h5ZPASbgXjrJObEm6eyrAFTnPHWacQqTWI0ZQddfIIkfQ yAQU4fHLTX4mWrZPcC5gN5wQENeG1bCfoXg3Qn/gR0jRWKCi5WDlNPUhPBaoRnls2fkX ErHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@bootlin.com header.s=gm1 header.b=VvfTg0F1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=bootlin.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id pi19-20020a17090b1e5300b001cba2c0d367si6086023pjb.115.2022.04.15.19.42.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Apr 2022 19:42:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@bootlin.com header.s=gm1 header.b=VvfTg0F1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=bootlin.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E3A9318B78C; Fri, 15 Apr 2022 18:49:56 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243155AbiDNQGH (ORCPT + 99 others); Thu, 14 Apr 2022 12:06:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56846 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349560AbiDNP4z (ORCPT ); Thu, 14 Apr 2022 11:56:55 -0400 Received: from relay11.mail.gandi.net (relay11.mail.gandi.net [217.70.178.231]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D616100A47; Thu, 14 Apr 2022 08:36:47 -0700 (PDT) Received: (Authenticated sender: miquel.raynal@bootlin.com) by mail.gandi.net (Postfix) with ESMTPSA id B491B100007; Thu, 14 Apr 2022 15:36:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=gm1; t=1649950605; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ztYFw9ifTWPMIRCBm5gIwDz/r3tBF1L5vZf09P1ty6Q=; b=VvfTg0F10Po1ICzpPdgQ9YX+cnSUYpJPHhT/B+HZaTBwxxsi3I6IFKpFcS4le9E89U5yX0 tsMscD7QVYOmzkaFotYiRsif6VYzKOhYDgLncGfuKfFBm6gdiFnUh1bBD1Uw0AEEeCqKJs MkC5WOOnEuZ9nN7UjI6IzyGODB5ZeLZxe187YWw77PtPiCAZBuXSpckhiJ8rQwTK/TO3uP +ERWZQvWY2HWV2t3naLWP2+1lcqBrqJUwH7rjTNqXeNsZjjmWhGCFC7IkZLF6zrQOeoqjd rZk07PHs5846fc4m3OM9uFsFZt/AZa7HvjUPQngEaWgTrbXB8GaX0pr/1E1noQ== Date: Thu, 14 Apr 2022 17:36:42 +0200 From: Miquel Raynal To: Md Sadre Alam Cc: mani@kernel.org, richard@nod.at, vigneshr@ti.com, linux-mtd@lists.infradead.org, linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org, konrad.dybcio@somainline.org, quic_srichara@quicinc.com Subject: Re: [PATCH V2] mtd: rawnand: qcom: fix memory corruption that causes panic Message-ID: <20220414173642.56baedf5@xps13> In-Reply-To: <1649950217-32272-1-git-send-email-quic_mdalam@quicinc.com> References: <1649950217-32272-1-git-send-email-quic_mdalam@quicinc.com> Organization: Bootlin X-Mailer: Claws Mail 3.17.7 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Md, quic_mdalam@quicinc.com wrote on Thu, 14 Apr 2022 21:00:17 +0530: > This patch fixes a memory corruption that occurred in the > nand_scan() path for Hynix nand device. >=20 > On boot, for Hynix nand device will panic at a weird place: > | Unable to handle kernel NULL pointer dereference at virtual > address 00000070 > | [00000070] *pgd=3D00000000 > | Internal error: Oops: 5 [#1] PREEMPT SMP ARM > | Modules linked in: > | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.0-01473-g13ae1769cfb0 > #38 > | Hardware name: Generic DT based system > | PC is at nandc_set_reg+0x8/0x1c > | LR is at qcom_nandc_command+0x20c/0x5d0 > | pc : [] lr : [] psr: 00000113 > | sp : c14adc50 ip : c14ee208 fp : c0cc970c > | r10: 000000a3 r9 : 00000000 r8 : 00000040 > | r7 : c16f6a00 r6 : 00000090 r5 : 00000004 r4 :c14ee040 > | r3 : 00000000 r2 : 0000000b r1 : 00000000 r0 :c14ee040 > | Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none > | Control: 10c5387d Table: 8020406a DAC: 00000051 > | Register r0 information: slab kmalloc-2k start c14ee000 pointer offset > 64 size 2048 > | Process swapper/0 (pid: 1, stack limit =3D 0x(ptrval)) > | nandc_set_reg from qcom_nandc_command+0x20c/0x5d0 > | qcom_nandc_command from nand_readid_op+0x198/0x1e8 > | nand_readid_op from hynix_nand_has_valid_jedecid+0x30/0x78 > | hynix_nand_has_valid_jedecid from hynix_nand_init+0xb8/0x454 > | hynix_nand_init from nand_scan_with_ids+0xa30/0x14a8 > | nand_scan_with_ids from qcom_nandc_probe+0x648/0x7b0 > | qcom_nandc_probe from platform_probe+0x58/0xac >=20 > The problem is that the nand_scan()'s qcom_nand_attach_chip callback > is updating the nandc->max_cwperpage from 1 to 4.This causes the > sg_init_table of clear_bam_transaction() in the driver's > qcom_nandc_command() to memset much more than what was initially > allocated by alloc_bam_transaction(). >=20 > This patch will update nandc->max_cwperpage 1 to 4 after nand_scan() > returns, and remove updating nandc->max_cwperpage from > qcom_nand_attach_chip call back. Please update also the commit log. Fixes: ? Cc: stable ? > Signed-off-by: Md Sadre Alam > Signed-off-by: Sricharan R > --- > [V2] Thanks, Miqu=C3=A8l