Message ID | 20230605191047.1820016-1-AVKrasnov@sberdevices.ru |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2902211vqr; Mon, 5 Jun 2023 12:17:36 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7c5tKzYuwzyNYBqoQgnZPoeXPOpmUw6sJ4hFl/bzNzShG96r7SKBKpJnaorCGZ+2y5JsZ6 X-Received: by 2002:a17:90b:1204:b0:258:8609:f1e4 with SMTP id gl4-20020a17090b120400b002588609f1e4mr7125543pjb.24.1685992656547; Mon, 05 Jun 2023 12:17:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685992656; cv=none; d=google.com; s=arc-20160816; b=utxqsVR5WZHIygAAZry9yTT9v90fWqwo50iqCHbFX5gpTq37pwe2dLfD5CzgbxFgzC KBbYd+W+RSxM1zeQKQFKRMWZiiasJEgHZQ6JT07EVkI/yqFwbxeqJOWJfW64xypxeZV1 +Fr/uL2oE3FKYL2Ba0+xRrLeZsDO6xZekNDYH0Oocg2bGpi1YIg1Z06BOGVfkIGGaZuY BbmfhFobZw/Tl5AzB2wiUuGRfrLfRrPsSBpkMZ1UTvMx7ScYTlwqEhNklVVtzxTPjzfk 8evFC2aQwwZHKaZ1XMlsGoyNmCnGpmidJjoPKc7kJqTrOImUCVmOVoZE+DmZF1iaDFH7 Qj3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=G6c6j8iAcdDSpK0GLScKOrdhbGc4x8WhHl8LdEBggUo=; b=Ii0KVHaLlanCKBQqgqnwpL2aFTFX2d7xGjk7GrRhIN0TqIQxUB6XOHP/e7nMgcpLoc SxN4Au3IQxNFoO2Uh5OIgi6XF7OKw8ne28XMoaQHanedt2lSwJumKLkDaV45s4bJTfup DamlAyubC4CtnguZcjoahKS/hsil8MgSpM7d3atCTlz0bZkn592oPh4WzWt3aIX+YRXl lamtiaatLpHfHc7xhOwSfLE6gwrTkbZy8zrGy/KqYVf/UFk3zBGE+e1m7NLv9CKl+snH L/teCr8YwVSD4QkP85yjZCdxcAi2neg1ZkXjCin33PwmxhMABhrd4dKf4HKR77sdjBaE AYfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sberdevices.ru header.s=mail header.b="ph1/Z728"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=sberdevices.ru Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a3-20020a17090a854300b0023def94be5esi5842989pjw.20.2023.06.05.12.17.23; Mon, 05 Jun 2023 12:17:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@sberdevices.ru header.s=mail header.b="ph1/Z728"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=sberdevices.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233882AbjFETQK (ORCPT <rfc822;xxoosimple@gmail.com> + 99 others); Mon, 5 Jun 2023 15:16:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40204 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229580AbjFETQJ (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Mon, 5 Jun 2023 15:16:09 -0400 Received: from mx.sberdevices.ru (mx.sberdevices.ru [45.89.227.171]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DE1CAA7 for <linux-kernel@vger.kernel.org>; Mon, 5 Jun 2023 12:16:05 -0700 (PDT) Received: from s-lin-edge02.sberdevices.ru (localhost [127.0.0.1]) by mx.sberdevices.ru (Postfix) with ESMTP id D666F5FD20; Mon, 5 Jun 2023 22:16:02 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sberdevices.ru; s=mail; t=1685992562; bh=G6c6j8iAcdDSpK0GLScKOrdhbGc4x8WhHl8LdEBggUo=; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type; b=ph1/Z7289OW3MlYDjIPY3ymnd754+Fc+LM4w90GVoZvQt50+TOLtGQQCJhmum0Jtr Yw2tCnJGI1BTqEK+c2w8WNipSIchj4D+GB4st9OfZ3jQzseRWAcpxJoV8Zl2rpGBlF gnahOoM81pABGHi4HKKNYIhNBovbrN+LeTKq0s6dmi+lVLf5NHsCwXjBABDrxvs5IO KsVgogDJPRNz7UmGP+Q7+f+PccfLxpOF0zVd4ZWO3wTPyFzfI5KreTXAg35NqSb8br 1JwQ7QJGe3KDsjvIwRe8bYsEeAJbTFqxdLK3r1NxmRrSganbZ/fRRvED6Wa6VpZF3r EJkoJi5xyvUGg== Received: from S-MS-EXCH01.sberdevices.ru (S-MS-EXCH01.sberdevices.ru [172.16.1.4]) by mx.sberdevices.ru (Postfix) with ESMTP; Mon, 5 Jun 2023 22:16:00 +0300 (MSK) From: Arseniy Krasnov <AVKrasnov@sberdevices.ru> To: Liang Yang <liang.yang@amlogic.com>, Miquel Raynal <miquel.raynal@bootlin.com>, Richard Weinberger <richard@nod.at>, Vignesh Raghavendra <vigneshr@ti.com>, Neil Armstrong <neil.armstrong@linaro.org>, Kevin Hilman <khilman@baylibre.com>, Jerome Brunet <jbrunet@baylibre.com>, Martin Blumenstingl <martin.blumenstingl@googlemail.com> CC: <oxffffaa@gmail.com>, <kernel@sberdevices.ru>, Arseniy Krasnov <AVKrasnov@sberdevices.ru>, <linux-mtd@lists.infradead.org>, <linux-arm-kernel@lists.infradead.org>, <linux-amlogic@lists.infradead.org>, <linux-kernel@vger.kernel.org> Subject: [PATCH v1] mtd: rawnand: meson: check buffer length Date: Mon, 5 Jun 2023 22:10:46 +0300 Message-ID: <20230605191047.1820016-1-AVKrasnov@sberdevices.ru> X-Mailer: git-send-email 2.35.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [172.16.1.6] X-ClientProxiedBy: S-MS-EXCH01.sberdevices.ru (172.16.1.4) To S-MS-EXCH01.sberdevices.ru (172.16.1.4) X-KSMG-Rule-ID: 4 X-KSMG-Message-Action: clean X-KSMG-AntiSpam-Status: not scanned, disabled by settings X-KSMG-AntiSpam-Interceptor-Info: not scanned X-KSMG-AntiPhishing: not scanned, disabled by settings X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 1.1.2.30, bases: 2023/06/05 13:50:00 #21435193 X-KSMG-AntiVirus-Status: Clean, skipped X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767891435884502379?= X-GMAIL-MSGID: =?utf-8?q?1767891435884502379?= |
Series |
[v1] mtd: rawnand: meson: check buffer length
|
|
Commit Message
Arseniy Krasnov
June 5, 2023, 7:10 p.m. UTC
Meson NAND controller has limited buffer length, so check it before
command execution to avoid length trim. Also check MTD write size on
chip attach.
Signed-off-by: Arseniy Krasnov <AVKrasnov@sberdevices.ru>
---
drivers/mtd/nand/raw/meson_nand.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
Comments
Hi Arseniy, AVKrasnov@sberdevices.ru wrote on Mon, 5 Jun 2023 22:10:46 +0300: > Meson NAND controller has limited buffer length, so check it before > command execution to avoid length trim. Also check MTD write size on > chip attach. Almost there :) > > Signed-off-by: Arseniy Krasnov <AVKrasnov@sberdevices.ru> > --- > drivers/mtd/nand/raw/meson_nand.c | 22 +++++++++++++++++++--- > 1 file changed, 19 insertions(+), 3 deletions(-) > > diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c > index 074e14225c06..bfb5363cac23 100644 > --- a/drivers/mtd/nand/raw/meson_nand.c > +++ b/drivers/mtd/nand/raw/meson_nand.c > @@ -108,6 +108,8 @@ > > #define PER_INFO_BYTE 8 > > +#define NFC_CMD_RAW_LEN GENMASK(13, 0) > + > struct meson_nfc_nand_chip { > struct list_head node; > struct nand_chip nand; > @@ -280,7 +282,7 @@ static void meson_nfc_cmd_access(struct nand_chip *nand, int raw, bool dir, > > if (raw) { > len = mtd->writesize + mtd->oobsize; > - cmd = (len & GENMASK(13, 0)) | scrambler | DMA_DIR(dir); > + cmd = len | scrambler | DMA_DIR(dir); > writel(cmd, nfc->reg_base + NFC_REG_CMD); > return; > } > @@ -544,7 +546,7 @@ static int meson_nfc_read_buf(struct nand_chip *nand, u8 *buf, int len) > if (ret) > goto out; > > - cmd = NFC_CMD_N2M | (len & GENMASK(13, 0)); > + cmd = NFC_CMD_N2M | len; > writel(cmd, nfc->reg_base + NFC_REG_CMD); > > meson_nfc_drain_cmd(nfc); > @@ -568,7 +570,7 @@ static int meson_nfc_write_buf(struct nand_chip *nand, u8 *buf, int len) > if (ret) > return ret; > > - cmd = NFC_CMD_M2N | (len & GENMASK(13, 0)); > + cmd = NFC_CMD_M2N | len; > writel(cmd, nfc->reg_base + NFC_REG_CMD); > > meson_nfc_drain_cmd(nfc); > @@ -936,6 +938,9 @@ static int meson_nfc_exec_op(struct nand_chip *nand, > break; > > case NAND_OP_DATA_IN_INSTR: > + if (instr->ctx.data.len > NFC_CMD_RAW_LEN) > + return -EINVAL; You need to refuse the operation earlier. That's what the check_op boolean is about. Maybe you can take inspiration from anfc_check_op() in the arasan controller. > + > buf = meson_nand_op_get_dma_safe_input_buf(instr); > if (!buf) > return -ENOMEM; > @@ -944,6 +949,9 @@ static int meson_nfc_exec_op(struct nand_chip *nand, > break; > > case NAND_OP_DATA_OUT_INSTR: > + if (instr->ctx.data.len > NFC_CMD_RAW_LEN) > + return -EINVAL; Same. > + > buf = meson_nand_op_get_dma_safe_output_buf(instr); > if (!buf) > return -ENOMEM; > @@ -1181,6 +1189,7 @@ static int meson_nand_attach_chip(struct nand_chip *nand) > struct meson_nfc_nand_chip *meson_chip = to_meson_nand(nand); > struct mtd_info *mtd = nand_to_mtd(nand); > int nsectors = mtd->writesize / 1024; > + int raw_writesize; > int ret; > > if (!mtd->name) { > @@ -1192,6 +1201,13 @@ static int meson_nand_attach_chip(struct nand_chip *nand) > return -ENOMEM; > } > > + raw_writesize = mtd->writesize + mtd->oobsize; > + if (raw_writesize > NFC_CMD_RAW_LEN) { > + dev_err(nfc->dev, "too big write size in raw mode: %d > %ld\n", > + raw_writesize, NFC_CMD_RAW_LEN); > + return -EINVAL; > + } > + > if (nand->bbt_options & NAND_BBT_USE_FLASH) > nand->bbt_options |= NAND_BBT_NO_OOB; > Thanks, Miquèl
On 06.06.2023 10:16, Miquel Raynal wrote: > Hi Arseniy, > > AVKrasnov@sberdevices.ru wrote on Mon, 5 Jun 2023 22:10:46 +0300: > >> Meson NAND controller has limited buffer length, so check it before >> command execution to avoid length trim. Also check MTD write size on >> chip attach. > > Almost there :) Hello Miquel! You mean to rephrase it? :) Thanks, Arseniy > >> >> Signed-off-by: Arseniy Krasnov <AVKrasnov@sberdevices.ru> >> --- >> drivers/mtd/nand/raw/meson_nand.c | 22 +++++++++++++++++++--- >> 1 file changed, 19 insertions(+), 3 deletions(-) >> >> diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c >> index 074e14225c06..bfb5363cac23 100644 >> --- a/drivers/mtd/nand/raw/meson_nand.c >> +++ b/drivers/mtd/nand/raw/meson_nand.c >> @@ -108,6 +108,8 @@ >> >> #define PER_INFO_BYTE 8 >> >> +#define NFC_CMD_RAW_LEN GENMASK(13, 0) >> + >> struct meson_nfc_nand_chip { >> struct list_head node; >> struct nand_chip nand; >> @@ -280,7 +282,7 @@ static void meson_nfc_cmd_access(struct nand_chip *nand, int raw, bool dir, >> >> if (raw) { >> len = mtd->writesize + mtd->oobsize; >> - cmd = (len & GENMASK(13, 0)) | scrambler | DMA_DIR(dir); >> + cmd = len | scrambler | DMA_DIR(dir); >> writel(cmd, nfc->reg_base + NFC_REG_CMD); >> return; >> } >> @@ -544,7 +546,7 @@ static int meson_nfc_read_buf(struct nand_chip *nand, u8 *buf, int len) >> if (ret) >> goto out; >> >> - cmd = NFC_CMD_N2M | (len & GENMASK(13, 0)); >> + cmd = NFC_CMD_N2M | len; >> writel(cmd, nfc->reg_base + NFC_REG_CMD); >> >> meson_nfc_drain_cmd(nfc); >> @@ -568,7 +570,7 @@ static int meson_nfc_write_buf(struct nand_chip *nand, u8 *buf, int len) >> if (ret) >> return ret; >> >> - cmd = NFC_CMD_M2N | (len & GENMASK(13, 0)); >> + cmd = NFC_CMD_M2N | len; >> writel(cmd, nfc->reg_base + NFC_REG_CMD); >> >> meson_nfc_drain_cmd(nfc); >> @@ -936,6 +938,9 @@ static int meson_nfc_exec_op(struct nand_chip *nand, >> break; >> >> case NAND_OP_DATA_IN_INSTR: >> + if (instr->ctx.data.len > NFC_CMD_RAW_LEN) >> + return -EINVAL; > > You need to refuse the operation earlier. That's what the check_op > boolean is about. Maybe you can take inspiration from anfc_check_op() > in the arasan controller. Ok! Thanks! > >> + >> buf = meson_nand_op_get_dma_safe_input_buf(instr); >> if (!buf) >> return -ENOMEM; >> @@ -944,6 +949,9 @@ static int meson_nfc_exec_op(struct nand_chip *nand, >> break; >> >> case NAND_OP_DATA_OUT_INSTR: >> + if (instr->ctx.data.len > NFC_CMD_RAW_LEN) >> + return -EINVAL; > > Same. > >> + >> buf = meson_nand_op_get_dma_safe_output_buf(instr); >> if (!buf) >> return -ENOMEM; >> @@ -1181,6 +1189,7 @@ static int meson_nand_attach_chip(struct nand_chip *nand) >> struct meson_nfc_nand_chip *meson_chip = to_meson_nand(nand); >> struct mtd_info *mtd = nand_to_mtd(nand); >> int nsectors = mtd->writesize / 1024; >> + int raw_writesize; >> int ret; >> >> if (!mtd->name) { >> @@ -1192,6 +1201,13 @@ static int meson_nand_attach_chip(struct nand_chip *nand) >> return -ENOMEM; >> } >> >> + raw_writesize = mtd->writesize + mtd->oobsize; >> + if (raw_writesize > NFC_CMD_RAW_LEN) { >> + dev_err(nfc->dev, "too big write size in raw mode: %d > %ld\n", >> + raw_writesize, NFC_CMD_RAW_LEN); >> + return -EINVAL; >> + } >> + >> if (nand->bbt_options & NAND_BBT_USE_FLASH) >> nand->bbt_options |= NAND_BBT_NO_OOB; >> > > > Thanks, > Miquèl
Hi Arseniy, avkrasnov@sberdevices.ru wrote on Tue, 6 Jun 2023 10:37:43 +0300: > On 06.06.2023 10:16, Miquel Raynal wrote: > > Hi Arseniy, > > > > AVKrasnov@sberdevices.ru wrote on Mon, 5 Jun 2023 22:10:46 +0300: > > > >> Meson NAND controller has limited buffer length, so check it before > >> command execution to avoid length trim. Also check MTD write size on > >> chip attach. > > > > Almost there :) > > Hello Miquel! > > You mean to rephrase it? :) Not at all, I meant: there is something to change in this file (see below) but the patch is close to be ready. > > Thanks, Arseniy > > > > >> > >> Signed-off-by: Arseniy Krasnov <AVKrasnov@sberdevices.ru> > >> --- > >> drivers/mtd/nand/raw/meson_nand.c | 22 +++++++++++++++++++--- > >> 1 file changed, 19 insertions(+), 3 deletions(-) > >> > >> diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c > >> index 074e14225c06..bfb5363cac23 100644 > >> --- a/drivers/mtd/nand/raw/meson_nand.c > >> +++ b/drivers/mtd/nand/raw/meson_nand.c > >> @@ -108,6 +108,8 @@ > >> > >> #define PER_INFO_BYTE 8 > >> > >> +#define NFC_CMD_RAW_LEN GENMASK(13, 0) > >> + > >> struct meson_nfc_nand_chip { > >> struct list_head node; > >> struct nand_chip nand; > >> @@ -280,7 +282,7 @@ static void meson_nfc_cmd_access(struct nand_chip *nand, int raw, bool dir, > >> > >> if (raw) { > >> len = mtd->writesize + mtd->oobsize; > >> - cmd = (len & GENMASK(13, 0)) | scrambler | DMA_DIR(dir); > >> + cmd = len | scrambler | DMA_DIR(dir); > >> writel(cmd, nfc->reg_base + NFC_REG_CMD); > >> return; > >> } > >> @@ -544,7 +546,7 @@ static int meson_nfc_read_buf(struct nand_chip *nand, u8 *buf, int len) > >> if (ret) > >> goto out; > >> > >> - cmd = NFC_CMD_N2M | (len & GENMASK(13, 0)); > >> + cmd = NFC_CMD_N2M | len; > >> writel(cmd, nfc->reg_base + NFC_REG_CMD); > >> > >> meson_nfc_drain_cmd(nfc); > >> @@ -568,7 +570,7 @@ static int meson_nfc_write_buf(struct nand_chip *nand, u8 *buf, int len) > >> if (ret) > >> return ret; > >> > >> - cmd = NFC_CMD_M2N | (len & GENMASK(13, 0)); > >> + cmd = NFC_CMD_M2N | len; > >> writel(cmd, nfc->reg_base + NFC_REG_CMD); > >> > >> meson_nfc_drain_cmd(nfc); > >> @@ -936,6 +938,9 @@ static int meson_nfc_exec_op(struct nand_chip *nand, > >> break; > >> > >> case NAND_OP_DATA_IN_INSTR: > >> + if (instr->ctx.data.len > NFC_CMD_RAW_LEN) > >> + return -EINVAL; > > > > You need to refuse the operation earlier. That's what the check_op > > boolean is about. Maybe you can take inspiration from anfc_check_op() > > in the arasan controller. > > Ok! Thanks! > > > > >> + > >> buf = meson_nand_op_get_dma_safe_input_buf(instr); > >> if (!buf) > >> return -ENOMEM; > >> @@ -944,6 +949,9 @@ static int meson_nfc_exec_op(struct nand_chip *nand, > >> break; > >> > >> case NAND_OP_DATA_OUT_INSTR: > >> + if (instr->ctx.data.len > NFC_CMD_RAW_LEN) > >> + return -EINVAL; > > > > Same. > > > >> + > >> buf = meson_nand_op_get_dma_safe_output_buf(instr); > >> if (!buf) > >> return -ENOMEM; > >> @@ -1181,6 +1189,7 @@ static int meson_nand_attach_chip(struct nand_chip *nand) > >> struct meson_nfc_nand_chip *meson_chip = to_meson_nand(nand); > >> struct mtd_info *mtd = nand_to_mtd(nand); > >> int nsectors = mtd->writesize / 1024; > >> + int raw_writesize; > >> int ret; > >> > >> if (!mtd->name) { > >> @@ -1192,6 +1201,13 @@ static int meson_nand_attach_chip(struct nand_chip *nand) > >> return -ENOMEM; > >> } > >> > >> + raw_writesize = mtd->writesize + mtd->oobsize; > >> + if (raw_writesize > NFC_CMD_RAW_LEN) { > >> + dev_err(nfc->dev, "too big write size in raw mode: %d > %ld\n", > >> + raw_writesize, NFC_CMD_RAW_LEN); > >> + return -EINVAL; > >> + } > >> + > >> if (nand->bbt_options & NAND_BBT_USE_FLASH) > >> nand->bbt_options |= NAND_BBT_NO_OOB; > >> > > > > > > Thanks, > > Miquèl Thanks, Miquèl
diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c index 074e14225c06..bfb5363cac23 100644 --- a/drivers/mtd/nand/raw/meson_nand.c +++ b/drivers/mtd/nand/raw/meson_nand.c @@ -108,6 +108,8 @@ #define PER_INFO_BYTE 8 +#define NFC_CMD_RAW_LEN GENMASK(13, 0) + struct meson_nfc_nand_chip { struct list_head node; struct nand_chip nand; @@ -280,7 +282,7 @@ static void meson_nfc_cmd_access(struct nand_chip *nand, int raw, bool dir, if (raw) { len = mtd->writesize + mtd->oobsize; - cmd = (len & GENMASK(13, 0)) | scrambler | DMA_DIR(dir); + cmd = len | scrambler | DMA_DIR(dir); writel(cmd, nfc->reg_base + NFC_REG_CMD); return; } @@ -544,7 +546,7 @@ static int meson_nfc_read_buf(struct nand_chip *nand, u8 *buf, int len) if (ret) goto out; - cmd = NFC_CMD_N2M | (len & GENMASK(13, 0)); + cmd = NFC_CMD_N2M | len; writel(cmd, nfc->reg_base + NFC_REG_CMD); meson_nfc_drain_cmd(nfc); @@ -568,7 +570,7 @@ static int meson_nfc_write_buf(struct nand_chip *nand, u8 *buf, int len) if (ret) return ret; - cmd = NFC_CMD_M2N | (len & GENMASK(13, 0)); + cmd = NFC_CMD_M2N | len; writel(cmd, nfc->reg_base + NFC_REG_CMD); meson_nfc_drain_cmd(nfc); @@ -936,6 +938,9 @@ static int meson_nfc_exec_op(struct nand_chip *nand, break; case NAND_OP_DATA_IN_INSTR: + if (instr->ctx.data.len > NFC_CMD_RAW_LEN) + return -EINVAL; + buf = meson_nand_op_get_dma_safe_input_buf(instr); if (!buf) return -ENOMEM; @@ -944,6 +949,9 @@ static int meson_nfc_exec_op(struct nand_chip *nand, break; case NAND_OP_DATA_OUT_INSTR: + if (instr->ctx.data.len > NFC_CMD_RAW_LEN) + return -EINVAL; + buf = meson_nand_op_get_dma_safe_output_buf(instr); if (!buf) return -ENOMEM; @@ -1181,6 +1189,7 @@ static int meson_nand_attach_chip(struct nand_chip *nand) struct meson_nfc_nand_chip *meson_chip = to_meson_nand(nand); struct mtd_info *mtd = nand_to_mtd(nand); int nsectors = mtd->writesize / 1024; + int raw_writesize; int ret; if (!mtd->name) { @@ -1192,6 +1201,13 @@ static int meson_nand_attach_chip(struct nand_chip *nand) return -ENOMEM; } + raw_writesize = mtd->writesize + mtd->oobsize; + if (raw_writesize > NFC_CMD_RAW_LEN) { + dev_err(nfc->dev, "too big write size in raw mode: %d > %ld\n", + raw_writesize, NFC_CMD_RAW_LEN); + return -EINVAL; + } + if (nand->bbt_options & NAND_BBT_USE_FLASH) nand->bbt_options |= NAND_BBT_NO_OOB;