From: Artem Bityutskiy <dedekind1@gmail.com>
To: "Prins Anton (ST-CO/ENG1.1)" <Anton.Prins@nl.bosch.com>
Cc: "linux-mtd@lists.infradead.org" <linux-mtd@lists.infradead.org>
Subject: Re: Patch to solve NULL pointer dereference in physmap_of.c
Date: Fri, 30 Nov 2012 13:51:02 +0200 [thread overview]
Message-ID: <1354276262.30168.102.camel@sauron.fi.intel.com> (raw)
In-Reply-To: <85D877DD6EE67B4A9FCA9B9C3A4865670C3AF1D4E4@SI-MBX14.de.bosch.com>
[-- Attachment #1: Type: text/plain, Size: 3969 bytes --]
Hi, sorry for long delay, but would you please re-send this in a nice
form:
1. Wrap commit message lines to 80 characters.
2. Make the patch applicable with 'git am' - this one does not apply.
Thanks!
On Thu, 2012-11-22 at 16:20 +0100, Prins Anton (ST-CO/ENG1.1) wrote:
> [PATCH] mtd: maps/physmap_of.c: change error checking to prevent a NULL pointer dereference if no DTS tuple is mappable
>
> This patch solves a NULL pointer dereference, this may occur if the tuple is not mappable (jumps to continue in the for-loop).
> Out of the loop possible results are:
> - info->list_size == 0 if no of the tuples is mappable
> - info->list_size == 1
> - info->list_size > 1
> If no one of the supplied tuples is mappable (info->list_size == 0) and info->cmtd will not be set.
> But it is used in mtd_device_parse_register, OOPS... if should generate an error in this case!
>
> [From: Anton Prins <anton.prins@nl.bosch.com>]
>
> diff --git a/drivers/mtd/maps/physmap_of.c b/drivers/mtd/maps/physmap_of.c
> index 2e6fb68..f6de444 100644
> --- a/drivers/mtd/maps/physmap_of.c
> +++ b/drivers/mtd/maps/physmap_of.c
> @@ -268,6 +268,7 @@ static int __devinit of_flash_probe(struct platform_device *dev)
> }
>
> err = 0;
> + info->cmtd = NULL;
> if (info->list_size == 1) {
> info->cmtd = info->list[0].mtd;
> } else if (info->list_size > 1) {
> @@ -276,9 +277,10 @@ static int __devinit of_flash_probe(struct platform_device *dev)
> */
> info->cmtd = mtd_concat_create(mtd_list, info->list_size,
> dev_name(&dev->dev));\r- if (info->cmtd == NULL)
> - err = -ENXIO;
> }
> + if (info->cmtd == NULL)
> + err = -ENXIO;
> +
> if (err)
> goto err_out;
>
> -----Original Message-----
> From: Artem Bityutskiy [mailto:dedekind1@gmail.com]
> Sent: woensdag 21 november 2012 8:42
> To: Prins Anton (ST-CO/ENG1.1)
> Cc: linux-mtd@lists.infradead.org
> Subject: Re: Patch to solve NULL pointer dereference in physmap_of.c
> On Fri, 2012-11-09 at 08:45 +0100, Prins Anton (ST-CO/ENG1.1) wrote:\r> commit 0905a6f4aec377123e94d2260f2f7a0d867e19be
> > Author: Anton Prins <anton.prins@nl.bosch.com>
> > Date: Fri Nov 9 10:12:58 2012 +0100
> >
> > Correct error checking to prevent a NULL pointer dereference
> >
> > The problem only occurs if the DTS is not correct, the requested mapping is not reserved on the parent bus.
> > In this special case the count is 1, but the list_size after mapping is 0. list_size 0 should generate an error!
>
> Sorry, I do not really understand which problem this patch solves, could
> you please improve the commit message and re-send?
>
> >
> > diff --git a/drivers/mtd/maps/physmap_of.c b/drivers/mtd/maps/physmap_of.c
> > index 2e6fb68..83d121e 100644
> > --- a/drivers/mtd/maps/physmap_of.c
> > +++ b/drivers/mtd/maps/physmap_of.c
> > @@ -267,13 +267,14 @@ static int __devinit of_flash_probe(struct platform_device *dev)
> > info->list[i].mtd->dev.parent = &dev->dev;
> > }
> >
>
> It seems the error condition should be checked and acted upon here. What
> you looks more like making the code less readable.
>
> > - err = 0;
> > if (info->list_size == 1) {
> > + err = 0;
> > info->cmtd = info->list[0].mtd;
> > } else if (info->list_size > 1) {
> > /*
> > * We detected multiple devices. Concatenate them together.
> > */
> > + err = 0;
> > info->cmtd = mtd_concat_create(mtd_list, info->list_size,
> > dev_name(&dev->dev));\r> if (info->cmtd == NULL)
>
--
Best Regards,
Artem Bityutskiy
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2012-11-30 11:50 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-09 7:45 Patch to solve NULL pointer dereference in physmap_of.c Prins Anton (ST-CO/ENG1.1)
2012-11-21 7:42 ` Artem Bityutskiy
2012-11-21 8:43 ` Prins Anton (ST-CO/ENG1.1)
2012-11-22 15:20 ` Prins Anton (ST-CO/ENG1.1)
2012-11-30 11:51 ` Artem Bityutskiy [this message]
2012-12-03 7:31 ` Prins Anton (ST-CO/ENG1.1)
2012-12-10 13:31 ` Artem Bityutskiy
2012-12-11 8:34 ` Prins Anton (ST-CO/ENG1.1)
2012-12-11 8:49 ` Artem Bityutskiy
2012-12-05 14:19 ` Prins Anton (ST-CO/ENG1.1)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1354276262.30168.102.camel@sauron.fi.intel.com \
--to=dedekind1@gmail.com \
--cc=Anton.Prins@nl.bosch.com \
--cc=linux-mtd@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.