Daniel Mentz | 29 Aug 00:37 2014

ubifs_dump_node must bounds check ubifs_ch->len

I believe that ubifs_dump_node() must bounds check ch->len in the
UBIFS_DATA_NODE case. It currently does not which resulted in a crash
on a system. See below.

This is the source code as it stands today:

int dlen = le32_to_cpu(ch->len) - UBIFS_DATA_NODE_SZ;
print_hex_dump(KERN_ERR, "\t", DUMP_PREFIX_OFFSET, 32, 1,
                               (void *)&dn->data, dlen, 0);

For some reason, ch->len was 47. UBIFS_DATA_NODE_SZ appears to be 48,
so dlen got assigned -1 which is then coerced into a size_t. Since
size_t is unsigned, it effectively passes 0xFFFFFFFF to

[   23.873556] UBIFS: recovery needed
[   25.530459] UBIFS error (pid 772): ubifs_check_node: bad node length 47
[   25.537102] UBIFS error (pid 772): ubifs_check_node: bad node at
LEB 246:621328
[   25.547138]  magic          0x6101831
[   25.550833]  crc            0xdbc28925
[   25.554594]  node_type      1 (data node)
[   25.558629]  group_type     0 (no node group)
[   25.562998]  sqnum          736111
[   25.566409]  len            47
[   25.569485]  key            (7202, data, 816)
[   25.573854]  size           4096
[   25.577091]  compr_typ      1
[   25.580089]  data size      -1
[   25.583159]  data:
(Continue reading)

David Woodhouse | 28 Aug 14:55 2014

Re: jffs2 about highest_ino

On Thu, 2014-08-28 at 16:49 +0800, 蓝宇の幽深 wrote:
> according to the jffs2 source code when creat a new file
> the highest_ino will be add one,I used sqlite-3 in my system
> linux2.6.30 and cpu sam9260 ,when "update" or "insert" sqlite-3 will
> creat a Statement Journal file and delete it after finish,so once
> operate will be increase  "highest_ino",after the "highest_ino" more
> than 10 million,I reset my system run to ‍‍‍
> if (!xattr)
> xattr = jffs2_verify_xattr(c);
> spin_lock(&c->inocache_lock);
> ic = jffs2_get_ino_cache(c, c->checked_ino++);
> if (!ic) {
> spin_unlock(&c->inocache_lock);
> continue;
> }‍
> the jffs2 will eat cpu 100% for about 10 seconds and can not feed
> watchdog, case the system reset again . so my problem is that whether
> the "highest_ino" will  decrease ???

Hm, at the very least there ought to be a cond_resched() in there
somewhere. But really, the problem is that the iteration over inodes to
be checked is *entirely* naïve.
(Continue reading)

Miss.Maryam Zakaria | 28 Aug 02:15 2014


My Dear,
I want to establish a charity foundation in your country with this sum
which I inherited from my late fathers (Mr kumar Zakaria) it is my desire to see that this money is invested to
any business /organization of your choice in your country, motherless baby’s home, mosques, churches,School,Destitute
aged men and women or whatever you may have in mind that will be to the benefit of the less fortunate
Miss.Maryam Zakaria (miss.maryam_zakaria <at> yahoo.com)

Linux MTD discussion mailing list
Aaron Sierra | 27 Aug 19:45 2014

[PATCH 1/2] mtd: nand: Base BCH ECC bytes on required strength

From: Jordan Friendshuh <jfriendshuh <at> xes-inc.com>

NAND devices with page sizes over 4 KiB require more than 4-bits of ECC
coverage. This patch calculates the value of ecc_bytes based on a still
assumed 512-byte step size (13-bits) and the ecc_strength.

Micron M73A devices (8 KiB page) require 8-bit ECC per 512-byte

Signed-off-by: Jordan Friendshuh <jfriendshuh <at> xes-inc.com>
Signed-off-by: Aaron Sierra <asierra <at> xes-inc.com>
 drivers/mtd/nand/nand_base.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
index 4f3e80c..9fdfed4 100644
--- a/drivers/mtd/nand/nand_base.c
+++ b/drivers/mtd/nand/nand_base.c
 <at>  <at>  -4001,7 +4001,7  <at>  <at>  int nand_scan_tail(struct mtd_info *mtd)
 		if (!ecc->size && (mtd->oobsize >= 64)) {
 			ecc->size = 512;
-			ecc->bytes = 7;
+			ecc->bytes = DIV_ROUND_UP(13 * ecc->strength, 8);
 		ecc->priv = nand_bch_init(mtd, ecc->size, ecc->bytes,

(Continue reading)

Aaron Sierra | 27 Aug 01:18 2014

[PATCH v3] fsl_ifc: Support all 8 IFC chip selects

Freescale's QorIQ T Series processors support 8 IFC chip selects
within a memory map backward compatible with previous P Series
processors which supported only 4 chip selects.

Signed-off-by: Aaron Sierra <asierra <at> xes-inc.com>
 Note: v1 and v2 patches were submitted to Linux PPC mailing list

 v3: * IFC version register read only once
     * fsl_ifc_version and fsl_ifc_bank_count inline functions replaced
       by version and banks members of struct fsl_ifc_ctrl
     * IFC version print moved from fsl_ifc_nand.c to fsl_ifc.c

 drivers/memory/fsl_ifc.c        | 13 +++++++++++--
 drivers/mtd/nand/fsl_ifc_nand.c | 10 ++++------
 include/linux/fsl_ifc.h         | 21 ++++++++++++++++-----
 3 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/drivers/memory/fsl_ifc.c b/drivers/memory/fsl_ifc.c
index 3d5d792..410c397 100644
--- a/drivers/memory/fsl_ifc.c
+++ b/drivers/memory/fsl_ifc.c
 <at>  <at>  -61,7 +61,7  <at>  <at>  int fsl_ifc_find(phys_addr_t addr_base)
 	if (!fsl_ifc_ctrl_dev || !fsl_ifc_ctrl_dev->regs)
 		return -ENODEV;

-	for (i = 0; i < ARRAY_SIZE(fsl_ifc_ctrl_dev->regs->cspr_cs); i++) {
+	for (i = 0; i < fsl_ifc_ctrl_dev->banks; i++) {
 		u32 cspr = in_be32(&fsl_ifc_ctrl_dev->regs->cspr_cs[i].cspr);
 		if (cspr & CSPR_V && (cspr & CSPR_BA) ==
(Continue reading)

xinyuan.wang81 | 26 Aug 18:01 2014

Question about ubifs license

Do I have a license problem if I use ubifs on other OS such as VxWorks?

-David Wang

Linux MTD discussion mailing list

Sebastian Andrzej Siewior | 22 Aug 18:49 2014

[PATCH] mkfs.ubifs: use gid from table instead 2x uid

If the devtable is used then the tool uses uid twice and doesn't
consider gid at all. This changes it to use gid & uid.

Signed-off-by: Sebastian Andrzej Siewior <bigeasy <at> linutronix.de>
 mkfs.ubifs/mkfs.ubifs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mkfs.ubifs/mkfs.ubifs.c b/mkfs.ubifs/mkfs.ubifs.c
index 200c8a5..d7a252c 100644
--- a/mkfs.ubifs/mkfs.ubifs.c
+++ b/mkfs.ubifs/mkfs.ubifs.c
 <at>  <at>  -1535,7 +1535,7  <at>  <at>  static int add_directory(const char *dir_name, ino_t dir_inum, struct stat *st,

 		memcpy(&fake_st, &root_st, sizeof(struct stat));
 		fake_st.st_uid  = nh_elt->uid;
-		fake_st.st_uid  = nh_elt->uid;
+		fake_st.st_gid  = nh_elt->gid;
 		fake_st.st_mode = nh_elt->mode;
 		fake_st.st_rdev = nh_elt->dev;
 		fake_st.st_nlink = 1;


Linux MTD discussion mailing list

Ronald Wahl | 21 Aug 20:13 2014

cfi_intelext_is_locked() misses get_chip()/put_chip() calls


cfi_intelext_is_locked() in cfi_cmdset_0001.c calls 
do_getlockstatus_oneblock() withou calling get_chip() before and 
put_chip() afterwards. So chip state is changed without protection.
This may lead to hanging processes.

Is this analysis correct?

If someone can fix this quickly - fine - but I can also provide a patch.



Ronald Wahl - ronald.wahl <at> raritan.com - Phone +49 375271349-0 Fax -99
Raritan Deutschland GmbH, Kornmarkt 7, 08056 Zwickau, Germany
USt-IdNr. DE813094160, Steuer-Nr. 227/117/01749
Amtsgericht Chemnitz HRB 23605
Geschäftsführung: Stuart Hopper, Ralf Ploenes

Linux MTD discussion mailing list
Rafał Miłecki | 21 Aug 12:30 2014

[PATCH] mtd: bcm53xxspiflash: new driver for SPI flahes on Broadcom ARM SoCs

Broadcom ARM SoCs often include SPI controller, it's used to attach
flash chip. It's registered as "bcm53xxspiflash" SPI device.
This patch adds SPI driver that handles such flashes. It uses spi-nor
framework to share some code and devices database.

Support for wait_till_ready is not implemented yet, so it's disabled
(depends on BROKEN) right now. We'll be able to enable it once we clean
the wait_till_ready.

Signed-off-by: Rafał Miłecki <zajec5 <at> gmail.com>
This driver was succesfully tested with two ARM routers, one with
"w25q128" and the other one with "mx25l25635f" chips. Support for the
"mx25l25635f" is currently not included, as it needs some cleaning
before I can push it.

This driver doesn't work for flash found in Netgear R6250. It replies
with 0xFF all the time, so it may be some bug in controller driver.
 drivers/mtd/spi-nor/Kconfig           |   6 +
 drivers/mtd/spi-nor/Makefile          |   1 +
 drivers/mtd/spi-nor/bcm53xxspiflash.c | 241 ++++++++++++++++++++++++++++++++++
 3 files changed, 248 insertions(+)
 create mode 100644 drivers/mtd/spi-nor/bcm53xxspiflash.c

diff --git a/drivers/mtd/spi-nor/Kconfig b/drivers/mtd/spi-nor/Kconfig
index abab223..f99f717 100644
--- a/drivers/mtd/spi-nor/Kconfig
+++ b/drivers/mtd/spi-nor/Kconfig
 <at>  <at>  -28,4 +28,10  <at>  <at>  config SPI_FSL_QUADSPI
(Continue reading)

Ryan Barnett | 20 Aug 22:24 2014

Using MTD Concat With QSPI NOR Flash


I am currently working with a Spansion S70FL01GS QSPI Flash NOR (128
MB NOR Flash) on the 3.14 kernel with an Altera Cyclone V SoC as my
processor. The S70FL01GS contains two separate 64 MB flash chips that
have their own individual chip selects. Currently, it is only possible
to have flash chips appear as separate MTD flash devices (m25p80
driver). I would like to be able to combine the two 64 MB flash chips
together in order to put a JFFS2 filesystem that spans both of the
devices. In researching if this has been done before, I ran across
some work that was done on OpenWRT project where they combine a SPI
Flash chip into a single device was done using MTD Concat functality

I used this as my bases to create single MTD device that contains both
flash chips. I register a mtd_notifer that waits until both of the MTD
devices have been registered which is when I create a MTD concatenated
device. I am able to successfully to get a single 128 MB MTD device to
appear and am able to successfully access it using flash_erase to
clear the device. However, when I create a JFFS2 partition across the
partition I run into filesystem corruption issues after write numerous
files and then remounting the partition. The errors I get are as

jffs2: notice: (1355) check_node_data: wrong data CRC in data node at
0x0019eeb0: read 0x3b0018a4, calculated 0x3648671b.
jffs2: notice: (1362) read_dnode: node CRC failed on dnode at
0x6977b0: read 0xffffffff, calculated 0x2d48d97e
jffs2: notice: (1355) check_node_data: wrong data CRC in data node at
0x00191b3c: read 0x52b5069, calculated 0x324d9c93.
(Continue reading)

Rafał Miłecki | 19 Aug 13:55 2014

[PATCH] mtd: nand: don't break long print messages

This follows Chapter 2 of Linux's CodingStyle:
> However, never break user-visible strings such as printk messages,
> because that breaks the ability to grep for them.

Signed-off-by: Rafał Miłecki <zajec5 <at> gmail.com>
 drivers/mtd/nand/nand_base.c | 14 +++++---------
 drivers/mtd/nand/nand_bbt.c  | 23 ++++++++++-------------
 2 files changed, 15 insertions(+), 22 deletions(-)

diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
index ae6e7c4..801cad1 100644
--- a/drivers/mtd/nand/nand_base.c
+++ b/drivers/mtd/nand/nand_base.c
 <at>  <at>  -3936,8 +3936,7  <at>  <at>  int nand_scan_tail(struct mtd_info *mtd)
 		/* Similar to NAND_ECC_HW, but a separate read_page handle */
 		if (!ecc->calculate || !ecc->correct || !ecc->hwctl) {
-			pr_warn("No ECC functions supplied; "
-				   "hardware ECC not possible\n");
+			pr_warn("No ECC functions supplied; hardware ECC not possible\n");
 		if (!ecc->read_page)
 <at>  <at>  -3968,8 +3967,7  <at>  <at>  int nand_scan_tail(struct mtd_info *mtd)
 		     ecc->read_page == nand_read_page_hwecc ||
 		     !ecc->write_page ||
 		     ecc->write_page == nand_write_page_hwecc)) {
-			pr_warn("No ECC functions supplied; "
-				   "hardware ECC not possible\n");
(Continue reading)