[PATCH 1/2] mtd: rawnand: docg4: fix NULL deref while probing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun,  8 Jul 2018 14:29:23 +0300
Sergey Larin <cerg2010cerg2010 at mail.ru> wrote:

> nand_scan_tail() invokes nand_chip->scan_bbt() at the end, which is not set
> by the driver. Use the default nand_default_bbt() function to avoid NULL
> dereferncing.

Wow! For how long has this driver been broken? The ->scan_bbt() hook
has been there for a very long time, and nand_scan_tail() is calling
it when NAND_SKIP_BBTSCAN is not set. 

> 
> Signed-off-by: Sergey Larin <cerg2010cerg2010 at mail.ru>

Missing Fixes and Cc stable tags.

> ---
>  drivers/mtd/nand/raw/docg4.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/mtd/nand/raw/docg4.c b/drivers/mtd/nand/raw/docg4.c
> index bb96cb33cd6b..bbed8ea7858c 100644
> --- a/drivers/mtd/nand/raw/docg4.c
> +++ b/drivers/mtd/nand/raw/docg4.c
> @@ -1269,6 +1269,7 @@ static void __init init_mtd_structs(struct mtd_info *mtd)
>  	nand->read_buf = docg4_read_buf;
>  	nand->write_buf = docg4_write_buf16;
>  	nand->erase = docg4_erase_block;
> +	nand->scan_bbt = nand_default_bbt;

Are you sure that's really what you want. My experience with docg4 code
is that it's not really fitting in the raw NAND framework, so I
wouldn't be surprised if the default bad block table scan function does
not match how the docg4 NAND works.

>  	nand->set_features = nand_get_set_features_notsupp;
>  	nand->get_features = nand_get_set_features_notsupp;
>  	nand->ecc.read_page = docg4_read_page;
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux