2d02a4f5bd
Refresh patches. Adapt 704-phy-no-genphy-soft-reset.patch. Remove brcm2708/950-0005-mm-Remove-the-PFN-busy-warning.patch. Compile-tested on brcm2708/bcm2708 and x86/64. Runtime-tested on brcm2708/bcm2708 and x86/64. Fixes the following vulnerabilities: - CVE-2017-7533 - CVE-2017-1000111 - CVE-2017-1000112 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
33 lines
1.3 KiB
Diff
33 lines
1.3 KiB
Diff
From 42ebff638003be18fab503b37de4ad7853244e95 Mon Sep 17 00:00:00 2001
|
|
From: Ezequiel Garcia <ezequiel.garcia@imgtec.com>
|
|
Date: Sat, 25 Feb 2017 15:58:22 +0000
|
|
Subject: mtd: nand: Check length of ID before reading bits per cell
|
|
|
|
The table-based NAND identification currently reads the number
|
|
of bits per cell from the 3rd byte of the extended ID. This is done
|
|
for the so-called 'full ID' devices; i.e. devices that have a known
|
|
length ID.
|
|
|
|
However, if the ID length is shorter than three, there's no 3rd byte,
|
|
and so it's wrong to read the bits per cell from there. Fix this by
|
|
adding a check for the ID length.
|
|
|
|
(picked from http://lists.infradead.org/pipermail/linux-mtd/2014-December/056764.html)
|
|
|
|
Signed-off-by: Ezequiel Garcia <ezequiel.garcia@imgtec.com>
|
|
---
|
|
drivers/mtd/nand/nand_base.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
--- a/drivers/mtd/nand/nand_base.c
|
|
+++ b/drivers/mtd/nand/nand_base.c
|
|
@@ -4040,7 +4040,8 @@ static bool find_full_id_nand(struct mtd
|
|
mtd->erasesize = type->erasesize;
|
|
mtd->oobsize = type->oobsize;
|
|
|
|
- chip->bits_per_cell = nand_get_bits_per_cell(id_data[2]);
|
|
+ if (type->id_len > 2)
|
|
+ chip->bits_per_cell = nand_get_bits_per_cell(id_data[2]);
|
|
chip->chipsize = (uint64_t)type->chipsize << 20;
|
|
chip->options |= type->options;
|
|
chip->ecc_strength_ds = NAND_ECC_STRENGTH(type);
|