Hi Yaniv,
On Wed, Jun 05 2013, Yaniv Gardi wrote:
> Inside the routine mmc_blk_ioctl_cmd() the sanitize command is
> identified according to the value of bits 16-23 of the argument.
>
> but what happens if a different command is sent, and only by chance,
> bits 16-23 contain the value of SANITIZE command ?
> In that case a SANITIZE command will be falsely identified.
> In order to prevent such a case, the condition is expanded and
> now it also checks the opcode itself, and verifies that it is an
> MMC_SWITCH opcode.
>
> Signed-off-by: Yaniv Gardi <ygardi@xxxxxxxxxxxxxx>
> ---
> drivers/mmc/card/block.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
> index c900d28..9775ae7 100644
> --- a/drivers/mmc/card/block.c
> +++ b/drivers/mmc/card/block.c
> @@ -542,7 +542,9 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev,
> goto cmd_rel_host;
> }
>
> - if (MMC_EXTRACT_INDEX_FROM_ARG(cmd.arg) == EXT_CSD_SANITIZE_START) {
> + if ((MMC_EXTRACT_INDEX_FROM_ARG(cmd.arg) == EXT_CSD_SANITIZE_START) &&
> + (cmd.opcode == MMC_SWITCH)) {
> +
> err = ioctl_do_sanitize(card);
>
> if (err)
Thanks, pushed to mmc-next for 3.11.
- Chris.
--
Chris Ball <cjb@xxxxxxxxxx> <http://printf.net/>
One Laptop Per Child
--
To unsubscribe from this list: send the line "unsubscribe linux-mmc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
