From: Dan Carpenter <error27@gmail.com>
To: Sven Neumann <s.neumann@raumfeld.com>
Cc: Artem.Bityutskiy@nokia.com, eric.y.miao@gmail.com,
David.Woodhouse@intel.com, leiwen@marvell.com,
linux-kernel@vger.kernel.org, haojian.zhuang@marvell.com,
linux-mtd@lists.infradead.org, Daniel Mack <daniel@caiaq.de>,
linux-arm-kernel@lists.infradead.org
Subject: [patch v2] mtd: pxa3xx_nand: NULL dereference in pxa3xx_nand_probe
Date: Thu, 6 Jan 2011 17:05:36 +0300 [thread overview]
Message-ID: <20110106140536.GB1717@bicker> (raw)
In-Reply-To: <1294321502.2218.5.camel@sven>
"info->cmdset" gets dereferenced in __readid() so it needs to be
initialized earlier in the function. This bug was introduced in
18c81b1828f8 "mtd: pxa3xx_nand: remove the flash info in driver
structure".
Cc: stable@kernel.org [2.6.37+]
Reported-and-tested-by: Sven Neumann <s.neumann@raumfeld.com>
Signed-off-by: Dan Carpenter <error27@gmail.com>
---
v2: changed the commit text. added stable@kernel.org and a reported-by tag.
diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c
index 17f8518..ea2c288 100644
--- a/drivers/mtd/nand/pxa3xx_nand.c
+++ b/drivers/mtd/nand/pxa3xx_nand.c
@@ -885,6 +885,7 @@ static int pxa3xx_nand_detect_config(struct pxa3xx_nand_info *info)
/* set info fields needed to __readid */
info->read_id_bytes = (info->page_size == 2048) ? 4 : 2;
info->reg_ndcr = ndcr;
+ info->cmdset = &default_cmdset;
if (__readid(info, &id))
return -ENODEV;
@@ -915,7 +916,6 @@ static int pxa3xx_nand_detect_config(struct pxa3xx_nand_info *info)
info->ndtr0cs0 = nand_readl(info, NDTR0CS0);
info->ndtr1cs0 = nand_readl(info, NDTR1CS0);
- info->cmdset = &default_cmdset;
return 0;
}
next prev parent reply other threads:[~2011-01-06 14:05 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1294227801.3996.62.camel@sven>
2011-01-06 12:45 ` [patch] mtd: pxa3xx_nand: NULL dereference in pxa3xx_nand_probe Dan Carpenter
2011-01-06 13:45 ` Sven Neumann
2011-01-06 14:05 ` Dan Carpenter [this message]
2011-01-06 15:08 ` [patch v2] " Artem Bityutskiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110106140536.GB1717@bicker \
--to=error27@gmail.com \
--cc=Artem.Bityutskiy@nokia.com \
--cc=David.Woodhouse@intel.com \
--cc=daniel@caiaq.de \
--cc=eric.y.miao@gmail.com \
--cc=haojian.zhuang@marvell.com \
--cc=leiwen@marvell.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=s.neumann@raumfeld.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).