freemyipod r155 - Code Review

Jump to: navigation, search
Repository:freemyipod
Revision:r154‎ | r155 | r156 >
Date:14:17, 18 August 2010
Author:theseven
Status:new
Tags:
Comment:
Fix an FTL null pointer dereference bug (which did overwrite parts of the execption vectors) and use negative error return codes for FTL functions exposed to the storage layer. (Undetected errors were hiding the first bug)
Modified paths:
  • /embios/trunk/target/ipodnano2g/ftl.c (modified) (history)

Diff [purge]

Index: embios/trunk/target/ipodnano2g/ftl.c
@@ -1310,7 +1310,7 @@
13111311 uint32_t ppb = ftl_nand_type->pagesperblock * ftl_banks;
13121312 uint32_t error = 0;
13131313
1314 - if (!ftl_initialized) return 1;
 1314+ if (!ftl_initialized) return -1;
13151315
13161316 #ifdef FTL_TRACE
13171317 DEBUGF("FTL: Reading %d sectors starting at %d", count, sector);
@@ -1324,7 +1324,7 @@
13251325 if (sector + count > ftl_nand_type->userblocks * ppb)
13261326 {
13271327 DEBUGF("FTL: Sector %d is out of range!", sector + count - 1);
1328 - return 1;
 1328+ return -2;
13291329 }
13301330 if (count == 0) return 0;
13311331
@@ -1371,7 +1371,7 @@
13721372 else if ((ret & (0xd << (j << 2))) || ftl_sparebuffer[j].user.eccmark != 0xFF)
13731373 {
13741374 DEBUGF("FTL: Error while reading sector %d!", (sector + i));
1375 - error = 1;
 1375+ error = -3;
13761376 memset(&((uint8_t*)buffer)[(i + j) << 11], 0, 0x800);
13771377 }
13781378 i += ftl_banks - 1;
@@ -1384,7 +1384,7 @@
13851385 else if ((ret & 0x11D) != 0 || ftl_sparebuffer[0].user.eccmark != 0xFF)
13861386 {
13871387 DEBUGF("FTL: Error while reading sector %d!", (sector + i));
1388 - error = 1;
 1388+ error = -4;
13891389 memset(&((uint8_t*)buffer)[i << 11], 0, 0x800);
13901390 }
13911391 }
@@ -1845,8 +1845,11 @@
18461846 {
18471847 uint32_t i;
18481848 struct ftl_log_type* entry = ftl_get_log_entry(block);
1849 - entry->usn = ftl_cxt.nextblockusn - 1;
1850 - if (entry != (struct ftl_log_type*)0) return entry;
 1849+ if (entry != (struct ftl_log_type*)0)
 1850+ {
 1851+ entry->usn = ftl_cxt.nextblockusn - 1;
 1852+ return entry;
 1853+ }
18511854
18521855 for (i = 0; i < 0x11; i++)
18531856 {
@@ -1972,7 +1975,7 @@
19731976 uint32_t i, j, k;
19741977 uint32_t ppb = ftl_nand_type->pagesperblock * ftl_banks;
19751978
1976 - if (!ftl_initialized) return 1;
 1979+ if (!ftl_initialized) return -1;
19771980
19781981 #ifdef FTL_TRACE
19791982 DEBUGF("FTL: Writing %d sectors starting at %d", count, sector);
@@ -1986,7 +1989,7 @@
19871990 if (sector + count > ftl_nand_type->userblocks * ppb)
19881991 {
19891992 DEBUGF("FTL: Sector %d is out of range!", sector + count - 1);
1990 - return 1;
 1993+ return -2;
19911994 }
19921995 if (count == 0) return 0;
19931996
@@ -2000,7 +2003,7 @@
20012004 if (ftl_next_ctrl_pool_page() != 0)
20022005 {
20032006 mutex_unlock(&ftl_mtx);
2004 - return 1;
 2007+ return -3;
20052008 }
20062009 memset(ftl_buffer, 0xFF, 0x800);
20072010 memset(&ftl_sparebuffer[0], 0xFF, 0x40);
@@ -2013,7 +2016,7 @@
20142017 if (i == 3)
20152018 {
20162019 mutex_unlock(&ftl_mtx);
2017 - return 1;
 2020+ return -4;
20182021 }
20192022 DEBUGF("FTL: Wrote dirty mark to %d", ftl_cxt.ftlctrlpage);
20202023 ftl_cxt.clean_flag = 0;
@@ -2028,7 +2031,7 @@
20292032 if (logentry == (struct ftl_log_type*)0)
20302033 {
20312034 mutex_unlock(&ftl_mtx);
2032 - return 1;
 2035+ return -5;
20332036 }
20342037 if (page == 0 && count - i >= ppb)
20352038 {
@@ -2047,7 +2050,7 @@
20482051 if (vblock == 0xFFFFFFFF)
20492052 {
20502053 mutex_unlock(&ftl_mtx);
2051 - return 1;
 2054+ return -6;
20522055 }
20532056 }
20542057 ftl_cxt.nextblockusn++;
@@ -2089,7 +2092,7 @@
20902093 if (logentry == (struct ftl_log_type*)0)
20912094 {
20922095 mutex_unlock(&ftl_mtx);
2093 - return 1;
 2096+ return -7;
20942097 }
20952098 }
20962099 uint32_t cnt = FTL_WRITESPARE_SIZE;
@@ -2186,7 +2189,7 @@
21872190 if (rc != 0)
21882191 {
21892192 mutex_unlock(&ftl_mtx);
2190 - return 1;
 2193+ return -1;
21912194 }
21922195 for (i = 0; i < 5; i++)
21932196 if (ftl_commit_cxt() == 0)
@@ -2196,7 +2199,7 @@
21972200 }
21982201 else ftl_cxt.ftlctrlpage |= ppb - 1;
21992202 mutex_unlock(&ftl_mtx);
2200 - return 1;
 2203+ return -2;
22012204 }
22022205 #endif
22032206
@@ -2547,12 +2550,12 @@
25482551 if (founddevinfo == 0)
25492552 {
25502553 DEBUGF("FTL: No DEVICEINFO found!");
2551 - return 1;
 2554+ return -1;
25522555 }
25532556 if (foundsignature != 0 && (result & 0x11F) != 0)
25542557 {
25552558 DEBUGF("FTL: Problem with the signature!");
2556 - return 1;
 2559+ return -2;
25572560 }
25582561 if (ftl_vfl_open() == 0)
25592562 {
@@ -2579,5 +2582,5 @@
25802583
25812584 DEBUGF("FTL: Initialization failed!");
25822585
2583 - return 1;
 2586+ return -3;
25842587 }