From: Boris Brezillon <boris.brezillon@bootlin.com>
To: Sergey Larin <cerg2010cerg2010@mail.ru>
Cc: miquel.raynal@bootlin.com, richard@nod.at, dwmw2@infradead.org,
computersforpeace@gmail.com, marek.vasut@gmail.com,
linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/2] mtd: rawnand: docg4: fix NULL deref while probing
Date: Sun, 8 Jul 2018 13:53:42 +0200 [thread overview]
Message-ID: <20180708135342.2385fad6@bbrezillon> (raw)
In-Reply-To: <30a41254ed09624a8972aa1daf14e4dd1efabed3.1531045014.git.cerg2010cerg2010@mail.ru>
On Sun, 8 Jul 2018 14:29:23 +0300
Sergey Larin <cerg2010cerg2010@mail.ru> wrote:
> nand_scan_tail() invokes nand_chip->scan_bbt() at the end, which is not set
> by the driver. Use the default nand_default_bbt() function to avoid NULL
> dereferncing.
Wow! For how long has this driver been broken? The ->scan_bbt() hook
has been there for a very long time, and nand_scan_tail() is calling
it when NAND_SKIP_BBTSCAN is not set.
>
> Signed-off-by: Sergey Larin <cerg2010cerg2010@mail.ru>
Missing Fixes and Cc stable tags.
> ---
> drivers/mtd/nand/raw/docg4.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/mtd/nand/raw/docg4.c b/drivers/mtd/nand/raw/docg4.c
> index bb96cb33cd6b..bbed8ea7858c 100644
> --- a/drivers/mtd/nand/raw/docg4.c
> +++ b/drivers/mtd/nand/raw/docg4.c
> @@ -1269,6 +1269,7 @@ static void __init init_mtd_structs(struct mtd_info *mtd)
> nand->read_buf = docg4_read_buf;
> nand->write_buf = docg4_write_buf16;
> nand->erase = docg4_erase_block;
> + nand->scan_bbt = nand_default_bbt;
Are you sure that's really what you want. My experience with docg4 code
is that it's not really fitting in the raw NAND framework, so I
wouldn't be surprised if the default bad block table scan function does
not match how the docg4 NAND works.
> nand->set_features = nand_get_set_features_notsupp;
> nand->get_features = nand_get_set_features_notsupp;
> nand->ecc.read_page = docg4_read_page;
next prev parent reply other threads:[~2018-07-08 11:53 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-08 11:29 [PATCH 0/2] fix regressions in DoC G4 driver Sergey Larin
2018-07-08 11:29 ` Sergey Larin
2018-07-08 11:29 ` [PATCH 1/2] mtd: rawnand: docg4: fix NULL deref while probing Sergey Larin
2018-07-08 11:29 ` Sergey Larin
2018-07-08 11:44 ` Miquel Raynal
2018-07-08 11:53 ` Boris Brezillon [this message]
2018-07-08 14:24 ` kbuild test robot
2018-07-08 11:29 ` [PATCH 2/2] mtd: rawnand: docg4: specify bits_per_cell Sergey Larin
2018-07-08 11:29 ` Sergey Larin
2018-07-08 12:04 ` Boris Brezillon
2018-07-08 11:41 ` [PATCH 0/2] fix regressions in DoC G4 driver Boris Brezillon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180708135342.2385fad6@bbrezillon \
--to=boris.brezillon@bootlin.com \
--cc=cerg2010cerg2010@mail.ru \
--cc=computersforpeace@gmail.com \
--cc=dwmw2@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=marek.vasut@gmail.com \
--cc=miquel.raynal@bootlin.com \
--cc=richard@nod.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.