Re: [PATCH] mtd: pxa3xx_nand: fix driver when num_cs is 0

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>
To: Robert Jarzmik <robert.jarzmik@free.fr>,
	David Woodhouse <dwmw2@infradead.org>,
	Brian Norris <computersforpeace@gmail.com>
Cc: linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mtd: pxa3xx_nand: fix driver when num_cs is 0
Date: Mon, 09 Feb 2015 09:53:45 -0300	[thread overview]
Message-ID: <54D8ADD9.4030506@free-electrons.com> (raw)
In-Reply-To: <1423425729-20671-1-git-send-email-robert.jarzmik@free.fr>

On 02/08/2015 05:02 PM, Robert Jarzmik wrote:
> As the devicetree binding doesn't require num_cs to exist or be strictly
> positive, and neither does the platform data case, a bug appear when
> num_cs is set to 0 and panics the kernel.
> 
> The issue is that in alloc_nand_resource(), chip is dereferenced without
> having a value assigned when num_cs == 0.
> 
> Fix this by returning ENODEV is num_cs == 0.
> 
> The panic seen is :
> Unable to handle kernel NULL pointer dereference at virtual address 000002b8
> pgd = c0004000
> [000002b8] *pgd=00000000
> Internal error: Oops: 5 [#1] PREEMPT ARM
> Modules linked in:
> Hardware name: Marvell PXA3xx (Device Tree Support)
> task: c3822aa0 ti: c3826000 task.ti: c3826000
> PC is at alloc_nand_resource+0x180/0x4a8
> LR is at alloc_nand_resource+0xa0/0x4a8
> pc : [<c0275b90>]    lr : [<c0275ab0>]    psr: 68000013
> sp : c3827d90  ip : 00000000  fp : 00000000
> r10: c3862200  r9 : 0000005e  r8 : 00000000
> r7 : c3865610  r6 : c3862210  r5 : c3924210  r4 : c3862200
> r3 : 00000000  r2 : 00000000  r1 : 00000000  r0 : 00000000
> Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
> Control: 0000397f  Table: 80004018  DAC: 00000035
> Process swapper (pid: 1, stack limit = 0xc3826198)
> Stack: (0xc3827d90 to 0xc3828000)
> ...zip...
> [<c0275b90>] (alloc_nand_resource) from [<c0275ff8>] (pxa3xx_nand_probe+0x140/0x978)
> [<c0275ff8>] (pxa3xx_nand_probe) from [<c0258c40>] (platform_drv_probe+0x48/0xa4)
> [<c0258c40>] (platform_drv_probe) from [<c0257650>] (driver_probe_device+0x80/0x21c)
> [<c0257650>] (driver_probe_device) from [<c0257878>] (__driver_attach+0x8c/0x90)
> [<c0257878>] (__driver_attach) from [<c0255ec4>] (bus_for_each_dev+0x58/0x88)
> [<c0255ec4>] (bus_for_each_dev) from [<c0256ec8>] (bus_add_driver+0xd8/0x1d4)
> [<c0256ec8>] (bus_add_driver) from [<c0257f14>] (driver_register+0x78/0xf4)
> [<c0257f14>] (driver_register) from [<c00088a8>] (do_one_initcall+0x80/0x1e4)
> [<c00088a8>] (do_one_initcall) from [<c048ed08>] (kernel_init_freeable+0xec/0x1b4)
> [<c048ed08>] (kernel_init_freeable) from [<c0377d8c>] (kernel_init+0x8/0xe4)
> [<c0377d8c>] (kernel_init) from [<c00095f8>] (ret_from_fork+0x14/0x3c)
> Code: e503b234 e5953008 e1530001 caffffd1 (e59002b8)
> ---[ end trace a5770060c8441895 ]---
> 
> Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
> ---
>  drivers/mtd/nand/pxa3xx_nand.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c
> index 96b0b1d..4a2df63 100644
> --- a/drivers/mtd/nand/pxa3xx_nand.c
> +++ b/drivers/mtd/nand/pxa3xx_nand.c
> @@ -1572,6 +1572,8 @@ static int alloc_nand_resource(struct platform_device *pdev)
>  	int ret, irq, cs;
>  
>  	pdata = dev_get_platdata(&pdev->dev);
> +	if (pdata->num_cs <= 0)
> +		return -ENODEV;
>  	info = devm_kzalloc(&pdev->dev, sizeof(*info) + (sizeof(*mtd) +
>  			    sizeof(*host)) * pdata->num_cs, GFP_KERNEL);
>  	if (!info)
> 

Looks good,

Acked-by: Ezequiel Garcia <ezequiel.garcia@free-electrons.com>

-- 
Ezequiel García, Free Electrons
Embedded Linux, Kernel and Android Engineering
http://free-electrons.com

next prev parent reply	other threads:[~2015-02-09 12:56 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-02-08 20:02 [PATCH] mtd: pxa3xx_nand: fix driver when num_cs is 0 Robert Jarzmik
2015-02-08 20:02 ` Robert Jarzmik
2015-02-09 12:53 ` Ezequiel Garcia [this message]
2015-02-14 21:45   ` Robert Jarzmik
2015-02-28  9:23 ` Brian Norris
2015-02-28  9:23   ` Brian Norris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=54D8ADD9.4030506@free-electrons.com \
    --to=ezequiel.garcia@free-electrons.com \
    --cc=computersforpeace@gmail.com \
    --cc=dwmw2@infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mtd@lists.infradead.org \
    --cc=robert.jarzmik@free.fr \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.