* [PATCH] mtd: Fix check in mtd_unpoint()
@ 2017-06-25 18:22 Boris Brezillon
2017-07-08 0:58 ` Brian Norris
0 siblings, 1 reply; 2+ messages in thread
From: Boris Brezillon @ 2017-06-25 18:22 UTC (permalink / raw)
To: David Woodhouse, Brian Norris, Boris Brezillon, Marek Vasut,
Richard Weinberger, Cyrille Pitchen, linux-mtd
The code checks that ->_point is not NULL, but we should actually check
->_unpoint value which is dereferenced a few lines after the check.
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
---
Found while checking that nobody except the core was directly calling
->_xxx().
Note that I didn't had a Fixes tag because it's hard to tell when
mtd_point() was introduced (code has been moved from mtd.h to mtdcore.c
in commit 8273a0c911d8 "mtd: add offset and length checks to the API
function"), and all drivers implementing ->_point() also implement
->_unpoint (the only exception being drivers/mtd/maps/uclinux.c).
---
drivers/mtd/mtdcore.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/mtdcore.c b/drivers/mtd/mtdcore.c
index e214af82b9be..e02ccdbdcdf1 100644
--- a/drivers/mtd/mtdcore.c
+++ b/drivers/mtd/mtdcore.c
@@ -991,7 +991,7 @@ EXPORT_SYMBOL_GPL(mtd_point);
/* We probably shouldn't allow XIP if the unpoint isn't a NULL */
int mtd_unpoint(struct mtd_info *mtd, loff_t from, size_t len)
{
- if (!mtd->_point)
+ if (!mtd->_unpoint)
return -EOPNOTSUPP;
if (from < 0 || from >= mtd->size || len > mtd->size - from)
return -EINVAL;
--
2.11.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] mtd: Fix check in mtd_unpoint()
2017-06-25 18:22 [PATCH] mtd: Fix check in mtd_unpoint() Boris Brezillon
@ 2017-07-08 0:58 ` Brian Norris
0 siblings, 0 replies; 2+ messages in thread
From: Brian Norris @ 2017-07-08 0:58 UTC (permalink / raw)
To: Boris Brezillon
Cc: David Woodhouse, Marek Vasut, Richard Weinberger, Cyrille Pitchen,
linux-mtd
On Sun, Jun 25, 2017 at 08:22:57PM +0200, Boris Brezillon wrote:
> The code checks that ->_point is not NULL, but we should actually check
> ->_unpoint value which is dereferenced a few lines after the check.
>
> Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
> ---
> Found while checking that nobody except the core was directly calling
> ->_xxx().
> Note that I didn't had a Fixes tag because it's hard to tell when
> mtd_point() was introduced (code has been moved from mtd.h to mtdcore.c
> in commit 8273a0c911d8 "mtd: add offset and length checks to the API
> function"), and all drivers implementing ->_point() also implement
> ->_unpoint (the only exception being drivers/mtd/maps/uclinux.c).
Applied
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-07-08 0:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-06-25 18:22 [PATCH] mtd: Fix check in mtd_unpoint() Boris Brezillon
2017-07-08 0:58 ` Brian Norris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.