[U-Boot] [PATCH] mmc: fix eMMC v5.1 incorrect version detection
eMMC cards v5.1 has value 8 inside EXT_CSD_REV register. The patch make EXT_CSD_REV value 8 match v5.1
The is a hole inside version enumeration. EXT_CSD_REV value 4 doens't correspond to any valid eMMC version. So EXT_CSD_REV value 4 assigned undefined version.
Also the patch fix mmc_versions array bounds check. Value 8 produced out of array access.
Signed-off-by: Alexander Kochetkov al.kochet@gmail.com --- drivers/mmc/mmc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/mmc.c b/drivers/mmc/mmc.c index 255310a..c8c13bd 100644 --- a/drivers/mmc/mmc.c +++ b/drivers/mmc/mmc.c @@ -1950,6 +1950,7 @@ static int mmc_startup_v4(struct mmc *mmc) MMC_VERSION_4_1, MMC_VERSION_4_2, MMC_VERSION_4_3, + MMC_VERSION_UNKNOWN, MMC_VERSION_4_41, MMC_VERSION_4_5, MMC_VERSION_5_0, @@ -1973,7 +1974,8 @@ static int mmc_startup_v4(struct mmc *mmc) return -ENOMEM; memcpy(mmc->ext_csd, ext_csd, MMC_MAX_BLOCK_LEN);
- if (ext_csd[EXT_CSD_REV] > ARRAY_SIZE(mmc_versions)) + if (ext_csd[EXT_CSD_REV] >= ARRAY_SIZE(mmc_versions) || + ext_csd[EXT_CSD_REV] == 4) return -EINVAL;
mmc->version = mmc_versions[ext_csd[EXT_CSD_REV]];
Hi,
On 02/20/2018 06:29 PM, Alexander Kochetkov wrote:
eMMC cards v5.1 has value 8 inside EXT_CSD_REV register. The patch make EXT_CSD_REV value 8 match v5.1
The is a hole inside version enumeration. EXT_CSD_REV value 4 doens't correspond to any valid eMMC version. So EXT_CSD_REV value 4 assigned undefined version.
Also the patch fix mmc_versions array bounds check. Value 8 produced out of array access.
It was already fixed.
http://git.denx.de/?p=u-boot/u-boot-mmc.git;a=commit;h=ace1bed327411cf3cade4...
Best Regards, Jaehoon Chung
Signed-off-by: Alexander Kochetkov al.kochet@gmail.com
drivers/mmc/mmc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mmc/mmc.c b/drivers/mmc/mmc.c index 255310a..c8c13bd 100644 --- a/drivers/mmc/mmc.c +++ b/drivers/mmc/mmc.c @@ -1950,6 +1950,7 @@ static int mmc_startup_v4(struct mmc *mmc) MMC_VERSION_4_1, MMC_VERSION_4_2, MMC_VERSION_4_3,
MMC_VERSION_UNKNOWN,@@ -1973,7 +1974,8 @@ static int mmc_startup_v4(struct mmc *mmc) return -ENOMEM; memcpy(mmc->ext_csd, ext_csd, MMC_MAX_BLOCK_LEN);
- if (ext_csd[EXT_CSD_REV] > ARRAY_SIZE(mmc_versions))
if (ext_csd[EXT_CSD_REV] >= ARRAY_SIZE(mmc_versions) ||
ext_csd[EXT_CSD_REV] == 4)return -EINVAL;
mmc->version = mmc_versions[ext_csd[EXT_CSD_REV]];
20 февр. 2018 г., в 13:02, Jaehoon Chung jh80.chung@samsung.com написал(а):
Also the patch fix mmc_versions array bounds check. Value 8 produced out of array access.
It was already fixed.
http://git.denx.de/?p=u-boot/u-boot-mmc.git;a=commit;h=ace1bed327411cf3cade4...
Best Regards, Jaehoon Chung
Thank you for pointing updated git tree. I sent off-by-one bug fix from the patch as new patch.
Regards, Alexander.
participants (2)
-
Alexander Kochetkov -
Jaehoon Chung