Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp3782332pxb; Tue, 19 Apr 2022 09:42:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwbtl4mK7TSB3eTL6ialjtpMHFLAlVKAxmLCgWkDnvORUooUM0teKqdq/IUe/U1IWZtZymI X-Received: by 2002:a05:6a00:1acc:b0:50a:906b:805a with SMTP id f12-20020a056a001acc00b0050a906b805amr6433534pfv.75.1650386541471; Tue, 19 Apr 2022 09:42:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650386541; cv=none; d=google.com; s=arc-20160816; b=YJH7Eu/wyzd6IWlrJX2RiD4vX/1FLBayQO6vqWm4sUaqQ7juo+6iMQdWBCK1rxsPZk UCpxMuEpAsWvVhINZyG60q11+wTv0KyyOI4M9OzN+JBCLUMvNDnetWl3+bfA6zUoq2f2 vA4fMnaFh00YWMnVzxYPKUamw+hee0iEcEw5Ap9pskPeR4zorswGXdFKrrUr0uZhk8MF 5db/8fOWlOxc3yXnNJZC/kmUqHftdRdpGb4oTo823ppiD75AVVAQt/hn8NlpJeYVUMCQ hnGajABF+mFlPuH0E0RtrN2v7dziyDziwroTDX2mn2YQGqhUucrTb4N5rNJ6mFDdLHUE vqMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=PhylthLBQ2glQtoRReWB3UsVRn+3t3bqEnBQKi8vT3U=; b=0VmaZW/DdU9HBssxxm5MWjvPYgEwtM9RrmmILLLo0gcJM/CS/63JtMu87V2PGuziR0 tsZqFuLjhN1H2GDf4o34st5ofYUqZb5JS7LzTrOD1zoPzRz71xUSCqmK1orXxsRfDfff o3kdex5GruTCZbj3IArYrbfcle6SyvpxeudUZofD5bMEURY86gIoOqz+s3/y7jLKxkUb sNq9Js4xy2LufMNX5V9N/9NHBqVoRQXBBvv8cuWIzy3MkbXWqBeeePvJavsyGNC+faeZ C25HLCfe2HA9quK1aPahbxsfGEpccxd18k86R2b3M1nYQPUCnUIzPktAXzm1ZeDn2aqq dYew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcdkim header.b=ixCS5lke; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w20-20020a63d754000000b003816043ee60si12490760pgi.85.2022.04.19.09.42.04; Tue, 19 Apr 2022 09:42:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcdkim header.b=ixCS5lke; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236644AbiDRFWa (ORCPT + 99 others); Mon, 18 Apr 2022 01:22:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48146 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235281AbiDRFW1 (ORCPT ); Mon, 18 Apr 2022 01:22:27 -0400 Received: from alexa-out-sd-01.qualcomm.com (alexa-out-sd-01.qualcomm.com [199.106.114.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0FA702DD6; Sun, 17 Apr 2022 22:19:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; i=@quicinc.com; q=dns/txt; s=qcdkim; t=1650259190; x=1681795190; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=PhylthLBQ2glQtoRReWB3UsVRn+3t3bqEnBQKi8vT3U=; b=ixCS5lkeFRyxYdV7xJrqMStNDXkxEQ0uPD0W1L+LPNP/DgZul+YpFDH4 1y9xXp2ltJmwjsrPf7pHBJxhgCjFY21h+ufPOEOmyBexfOroMfFMC7vgf +w+gkSZU2jBgPeUorqG4pjSG872tKMUTRQC1kzKM0Wk6JUOh1Tg+Byi69 I=; Received: from unknown (HELO ironmsg05-sd.qualcomm.com) ([10.53.140.145]) by alexa-out-sd-01.qualcomm.com with ESMTP; 17 Apr 2022 22:19:49 -0700 X-QCInternal: smtphost Received: from unknown (HELO nasanex01a.na.qualcomm.com) ([10.52.223.231]) by ironmsg05-sd.qualcomm.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Apr 2022 22:19:49 -0700 Received: from [10.201.2.159] (10.80.80.8) by nasanex01a.na.qualcomm.com (10.52.223.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Sun, 17 Apr 2022 22:19:46 -0700 Message-ID: <8140244d-81d8-6837-7fb9-728b042c115f@quicinc.com> Date: Mon, 18 Apr 2022 10:49:43 +0530 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0 Subject: Re: [PATCH V2] mtd: rawnand: qcom: fix memory corruption that causes panic Content-Language: en-US To: Manivannan Sadhasivam , Miquel Raynal CC: , , , , , , References: <1649950217-32272-1-git-send-email-quic_mdalam@quicinc.com> <20220414173642.56baedf5@xps13> <20220414155319.GB20493@thinkpad> From: Md Sadre Alam In-Reply-To: <20220414155319.GB20493@thinkpad> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nasanex01a.na.qualcomm.com (10.52.223.231) X-Spam-Status: No, score=-7.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/14/2022 9:23 PM, Manivannan Sadhasivam wrote: > WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros. > > On Thu, Apr 14, 2022 at 05:36:42PM +0200, Miquel Raynal wrote: >> Hi Md, >> >> quic_mdalam@quicinc.com wrote on Thu, 14 Apr 2022 21:00:17 +0530: >> >>> This patch fixes a memory corruption that occurred in the >>> nand_scan() path for Hynix nand device. >>> >>> On boot, for Hynix nand device will panic at a weird place: >>> | Unable to handle kernel NULL pointer dereference at virtual >>> address 00000070 >>> | [00000070] *pgd=00000000 >>> | Internal error: Oops: 5 [#1] PREEMPT SMP ARM >>> | Modules linked in: >>> | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.0-01473-g13ae1769cfb0 >>> #38 >>> | Hardware name: Generic DT based system >>> | PC is at nandc_set_reg+0x8/0x1c >>> | LR is at qcom_nandc_command+0x20c/0x5d0 >>> | pc : [] lr : [] psr: 00000113 >>> | sp : c14adc50 ip : c14ee208 fp : c0cc970c >>> | r10: 000000a3 r9 : 00000000 r8 : 00000040 >>> | r7 : c16f6a00 r6 : 00000090 r5 : 00000004 r4 :c14ee040 >>> | r3 : 00000000 r2 : 0000000b r1 : 00000000 r0 :c14ee040 >>> | Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none >>> | Control: 10c5387d Table: 8020406a DAC: 00000051 >>> | Register r0 information: slab kmalloc-2k start c14ee000 pointer offset >>> 64 size 2048 >>> | Process swapper/0 (pid: 1, stack limit = 0x(ptrval)) >>> | nandc_set_reg from qcom_nandc_command+0x20c/0x5d0 >>> | qcom_nandc_command from nand_readid_op+0x198/0x1e8 >>> | nand_readid_op from hynix_nand_has_valid_jedecid+0x30/0x78 >>> | hynix_nand_has_valid_jedecid from hynix_nand_init+0xb8/0x454 >>> | hynix_nand_init from nand_scan_with_ids+0xa30/0x14a8 >>> | nand_scan_with_ids from qcom_nandc_probe+0x648/0x7b0 >>> | qcom_nandc_probe from platform_probe+0x58/0xac >>> >>> The problem is that the nand_scan()'s qcom_nand_attach_chip callback >>> is updating the nandc->max_cwperpage from 1 to 4.This causes the >>> sg_init_table of clear_bam_transaction() in the driver's >>> qcom_nandc_command() to memset much more than what was initially >>> allocated by alloc_bam_transaction(). >>> >>> This patch will update nandc->max_cwperpage 1 to 4 after nand_scan() >>> returns, and remove updating nandc->max_cwperpage from >>> qcom_nand_attach_chip call back. >> Please update also the commit log. >> >> Fixes: ? >> Cc: stable ? > Also please add Reported-by to credit Konrad.    Updated in V3 patch. > > Thanks, > Mani > >>> Signed-off-by: Md Sadre Alam >>> Signed-off-by: Sricharan R >>> --- >>> [V2] >> Thanks, >> Miquèl