From bf2870c1d9e162f27925e9c40eca9e0069096f3b Mon Sep 17 00:00:00 2001 From: John Thomson Date: Thu, 6 Aug 2020 07:13:54 +1000 Subject: [PATCH] kernel: fix mtd partition erase < parent_erasesize writes This bug applied where mtd partition end address, or erase start address, was not cleanly divisible by parent mtd erasesize. This error would cause the bits following the end of the partition to the next erasesize block boundary to be erased, and this partition-overflow data to be written to the partition erase address (missing additional partition offset address) of the mtd (top) parent device. Fixes: FS#2428 Signed-off-by: John Thomson Tested-by: Tomasz Maciej Nowak [shorten commit title, add Fixes, fix kernel 4.19 as well] Signed-off-by: Adrian Schmutzler --- .../411-mtd-partial_eraseblock_write.patch | 13 ++++++------- .../412-mtd-partial_eraseblock_unlock.patch | 2 +- .../411-mtd-partial_eraseblock_write.patch | 13 ++++++------- .../412-mtd-partial_eraseblock_unlock.patch | 2 +- 4 files changed, 14 insertions(+), 16 deletions(-) diff --git a/target/linux/generic/pending-4.19/411-mtd-partial_eraseblock_write.patch b/target/linux/generic/pending-4.19/411-mtd-partial_eraseblock_write.patch index f3a314ae02..f945122149 100644 --- a/target/linux/generic/pending-4.19/411-mtd-partial_eraseblock_write.patch +++ b/target/linux/generic/pending-4.19/411-mtd-partial_eraseblock_write.patch @@ -19,7 +19,7 @@ Signed-off-by: Felix Fietkau /* Our partition linked list */ static LIST_HEAD(mtd_partitions); static DEFINE_MUTEX(mtd_partitions_mutex); -@@ -220,6 +222,53 @@ static int part_erase(struct mtd_info *m +@@ -220,11 +222,77 @@ static int part_erase(struct mtd_info *m { struct mtd_part *part = mtd_to_part(mtd); int ret; @@ -73,10 +73,9 @@ Signed-off-by: Felix Fietkau instr->addr += part->offset; ret = part->parent->_erase(part->parent, instr); -@@ -227,6 +276,24 @@ static int part_erase(struct mtd_info *m + if (instr->fail_addr != MTD_FAIL_ADDR_UNKNOWN) instr->fail_addr -= part->offset; - instr->addr -= part->offset; - ++ + if (mtd->flags & MTD_ERASE_PARTIAL) { + if (partial_start) { + part->parent->_write(part->parent, @@ -95,10 +94,10 @@ Signed-off-by: Felix Fietkau + kfree(erase_buf); + } + - return ret; - } + instr->addr -= part->offset; -@@ -539,19 +606,22 @@ static struct mtd_part *allocate_partiti + return ret; +@@ -539,19 +607,22 @@ static struct mtd_part *allocate_partiti remainder = do_div(tmp, wr_alignment); if ((slave->mtd.flags & MTD_WRITEABLE) && remainder) { /* Doesn't start on a boundary of major erase size */ diff --git a/target/linux/generic/pending-4.19/412-mtd-partial_eraseblock_unlock.patch b/target/linux/generic/pending-4.19/412-mtd-partial_eraseblock_unlock.patch index a54603a0f8..e038c4e60c 100644 --- a/target/linux/generic/pending-4.19/412-mtd-partial_eraseblock_unlock.patch +++ b/target/linux/generic/pending-4.19/412-mtd-partial_eraseblock_unlock.patch @@ -20,7 +20,7 @@ Signed-off-by: Tim Harvey --- a/drivers/mtd/mtdpart.c +++ b/drivers/mtd/mtdpart.c -@@ -306,7 +306,16 @@ static int part_lock(struct mtd_info *mt +@@ -307,7 +307,16 @@ static int part_lock(struct mtd_info *mt static int part_unlock(struct mtd_info *mtd, loff_t ofs, uint64_t len) { struct mtd_part *part = mtd_to_part(mtd); diff --git a/target/linux/generic/pending-5.4/411-mtd-partial_eraseblock_write.patch b/target/linux/generic/pending-5.4/411-mtd-partial_eraseblock_write.patch index b46c3f5ed4..c48a144d3d 100644 --- a/target/linux/generic/pending-5.4/411-mtd-partial_eraseblock_write.patch +++ b/target/linux/generic/pending-5.4/411-mtd-partial_eraseblock_write.patch @@ -19,7 +19,7 @@ Signed-off-by: Felix Fietkau /* Our partition linked list */ static LIST_HEAD(mtd_partitions); static DEFINE_MUTEX(mtd_partitions_mutex); -@@ -206,6 +208,53 @@ static int part_erase(struct mtd_info *m +@@ -206,11 +208,77 @@ static int part_erase(struct mtd_info *m { struct mtd_part *part = mtd_to_part(mtd); int ret; @@ -73,10 +73,9 @@ Signed-off-by: Felix Fietkau instr->addr += part->offset; ret = part->parent->_erase(part->parent, instr); -@@ -213,6 +262,24 @@ static int part_erase(struct mtd_info *m + if (instr->fail_addr != MTD_FAIL_ADDR_UNKNOWN) instr->fail_addr -= part->offset; - instr->addr -= part->offset; - ++ + if (mtd->flags & MTD_ERASE_PARTIAL) { + if (partial_start) { + part->parent->_write(part->parent, @@ -95,10 +94,10 @@ Signed-off-by: Felix Fietkau + kfree(erase_buf); + } + - return ret; - } + instr->addr -= part->offset; -@@ -525,19 +592,22 @@ static struct mtd_part *allocate_partiti + return ret; +@@ -525,19 +593,22 @@ static struct mtd_part *allocate_partiti remainder = do_div(tmp, wr_alignment); if ((slave->mtd.flags & MTD_WRITEABLE) && remainder) { /* Doesn't start on a boundary of major erase size */ diff --git a/target/linux/generic/pending-5.4/412-mtd-partial_eraseblock_unlock.patch b/target/linux/generic/pending-5.4/412-mtd-partial_eraseblock_unlock.patch index 348fb9a842..b23bc1b201 100644 --- a/target/linux/generic/pending-5.4/412-mtd-partial_eraseblock_unlock.patch +++ b/target/linux/generic/pending-5.4/412-mtd-partial_eraseblock_unlock.patch @@ -20,7 +20,7 @@ Signed-off-by: Tim Harvey --- a/drivers/mtd/mtdpart.c +++ b/drivers/mtd/mtdpart.c -@@ -292,7 +292,16 @@ static int part_lock(struct mtd_info *mt +@@ -293,7 +293,16 @@ static int part_lock(struct mtd_info *mt static int part_unlock(struct mtd_info *mtd, loff_t ofs, uint64_t len) { struct mtd_part *part = mtd_to_part(mtd);