I went back and traced the CWM recovery code to see how mmc_erase() was being called.
The call chain looks like this (the code is simplified for readability):
range = 0;
range = len;
ioctl(fd, BLKSECDISCARD, &range);
ioctl(fd, BLKDISCARD, &range);
I haven't compiled CWM recovery on ICS so this is just based on examining the CWM code people made available for their GB compiles so it is possible I haven't interpreted things correctly for the ICS-based CWM recovery.
So basically in GB there was no support for automatic "wipe" functionality using mmc_erase() (in kernel mmc driver) via ioctl() (in userspace). This functionality was added in the libext4_utils.a library for ICS. The function make_ext4fs() was modified to unconditionally always enables "wipe" whenever it is called. This change was added on 26-Jan-2011 by Colin Cross [[email protected]
[Diff1 - make_ext4fs.c
[Diff2 - output_file.c
[Initial checkin - wipe.c
Now I am only looking at the GB-based CWM code as I couldn't find any ICS-based CWM checked in for E4GT, so I might have this part wrong, but I'm guessing when people ported CWM to ICS, they linked against the new libext4_utils.a library and therefore called the new make_ext4fs() which unconditionally always "wipes" when called. This eventually results in the ioctl() which triggers the mmc_erase() in the mmc driver in the kernel, which in turn triggers the EMMC firmware lockup/superbrick bug.
Given that, my guess is that Samsung will likely make their patch in libext4_utils.a
(and libext4_utils.so, which is not relevant for us since recovery is statically linked, it would only be relevant for Android utilities)
That means the change likely will NOT be in the kernel proper, but rather in the libraries CWM is linked against.
Since CWM is statically linked (at least the copy I saw checked in was) then that means even if Samsung patches libext4_utils.a, the CWM binaries we have now will not get that change.
They will need to be recompiled against the new libext4_utils.a that will be available when Samsung releases the source code.
Also there is actually no need to wait for the Samsung source code. If the people who compile CWM simply NOOP the "wipe" code in their current source tree, their recoveries should then be "safe".
This can be done in
by replacing wipe_block_device() with
int wipe_block_device(int fd, s64 len)
The above code would be the simplest change to make recoveries "safe" again.
Now it would be better to replace it with code that writes zeros to the area (which you should be able to do with write() to the file descriptor coupled with some zero buffer and a loop)
Feel free to comment if I've made some mistake in my analysis.