[1/2] mtd: nand: gpmi: Fix gpmi_nand_init() error path

Message ID 1491813318-4417-1-git-send-email-boris.brezillon@free-electrons.com
State Accepted
Commit 4d02423e9afe6c46142ce98bbcaf5167316dbfbf
Delegated to: Boris Brezillon
Headers show

Commit Message

Boris Brezillon April 10, 2017, 8:35 a.m.
The GPMI driver is wrongly assuming that nand_release() can safely be
called on an uninitialized/unregistered NAND device.

Add a new err_nand_cleanup label in the error path and only execute if
nand_scan_tail() succeeded.

Note that we now call nand_cleanup() instead of nand_release()
(nand_release() is actually grouping the mtd_device_unregister() and
nand_cleanup() in one call) because there's no point in trying to
unregister a device that has never been registered.

Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
---
 drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

Comments

Marek Vasut April 15, 2017, 2:58 p.m. | #1
On 04/10/2017 10:35 AM, Boris Brezillon wrote:
> The GPMI driver is wrongly assuming that nand_release() can safely be
> called on an uninitialized/unregistered NAND device.
> 
> Add a new err_nand_cleanup label in the error path and only execute if
> nand_scan_tail() succeeded.
> 
> Note that we now call nand_cleanup() instead of nand_release()
> (nand_release() is actually grouping the mtd_device_unregister() and
> nand_cleanup() in one call) because there's no point in trying to
> unregister a device that has never been registered.
> 
> Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>

Reviewed-by: Marek Vasut <marek.vasut@gmail.com>

> ---
>  drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
> index d52139635b67..92279a0d52f1 100644
> --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
> +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
> @@ -2048,18 +2048,20 @@ static int gpmi_nand_init(struct gpmi_nand_data *this)
>  
>  	ret = nand_boot_init(this);
>  	if (ret)
> -		goto err_out;
> +		goto err_nand_cleanup;
>  	ret = chip->scan_bbt(mtd);
>  	if (ret)
> -		goto err_out;
> +		goto err_nand_cleanup;
>  
>  	ret = mtd_device_register(mtd, NULL, 0);
>  	if (ret)
> -		goto err_out;
> +		goto err_nand_cleanup;
>  	return 0;
>  
> +err_nand_cleanup:
> +	nand_cleanup(chip);
>  err_out:
> -	gpmi_nand_exit(this);
> +	gpmi_free_dma_buffer(this);
>  	return ret;
>  }
>  
>
Han Xu April 17, 2017, 4:50 p.m. | #2
From: Marek Vasut <marek.vasut@gmail.com>
Sent: Saturday, April 15, 2017 8:58 AM
To: Boris Brezillon; Richard Weinberger; linux-mtd@lists.infradead.org
Cc: David Woodhouse; Brian Norris; Cyrille Pitchen; Han Xu; Shawn Guo; Sascha Hauer; Leonard Crestez; Masahiro Yamada
Subject: Re: [PATCH 1/2] mtd: nand: gpmi: Fix gpmi_nand_init() error path

On 04/10/2017 10:35 AM, Boris Brezillon wrote:
> The GPMI driver is wrongly assuming that nand_release() can safely be
> called on an uninitialized/unregistered NAND device.
>
> Add a new err_nand_cleanup label in the error path and only execute if
> nand_scan_tail() succeeded.
>
> Note that we now call nand_cleanup() instead of nand_release()
> (nand_release() is actually grouping the mtd_device_unregister() and
> nand_cleanup() in one call) because there's no point in trying to
> unregister a device that has never been registered.
>
> Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>

Acked-by: Han Xu <han.xu@nxp.com>
Reviewed-by: Marek Vasut <marek.vasut@gmail.com>

> ---
>  drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
> index d52139635b67..92279a0d52f1 100644
> --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
> +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
> @@ -2048,18 +2048,20 @@ static int gpmi_nand_init(struct gpmi_nand_data *this)
>
>       ret = nand_boot_init(this);
>       if (ret)
> -             goto err_out;
> +             goto err_nand_cleanup;
>       ret = chip->scan_bbt(mtd);
>       if (ret)
> -             goto err_out;
> +             goto err_nand_cleanup;
>
>       ret = mtd_device_register(mtd, NULL, 0);
>       if (ret)
> -             goto err_out;
> +             goto err_nand_cleanup;
>       return 0;
>
> +err_nand_cleanup:
> +     nand_cleanup(chip);
>  err_out:
> -     gpmi_nand_exit(this);
> +     gpmi_free_dma_buffer(this);
>       return ret;
>  }
>
>


--
Best regards,
Marek Vasut
Boris Brezillon May 15, 2017, 7:40 p.m. | #3
On Mon, 10 Apr 2017 10:35:17 +0200
Boris Brezillon <boris.brezillon@free-electrons.com> wrote:

> The GPMI driver is wrongly assuming that nand_release() can safely be
> called on an uninitialized/unregistered NAND device.
> 
> Add a new err_nand_cleanup label in the error path and only execute if
> nand_scan_tail() succeeded.
> 
> Note that we now call nand_cleanup() instead of nand_release()
> (nand_release() is actually grouping the mtd_device_unregister() and
> nand_cleanup() in one call) because there's no point in trying to
> unregister a device that has never been registered.
> 
> Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>

Applied both to nand/next.

> ---
>  drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
> index d52139635b67..92279a0d52f1 100644
> --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
> +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
> @@ -2048,18 +2048,20 @@ static int gpmi_nand_init(struct gpmi_nand_data *this)
>  
>  	ret = nand_boot_init(this);
>  	if (ret)
> -		goto err_out;
> +		goto err_nand_cleanup;
>  	ret = chip->scan_bbt(mtd);
>  	if (ret)
> -		goto err_out;
> +		goto err_nand_cleanup;
>  
>  	ret = mtd_device_register(mtd, NULL, 0);
>  	if (ret)
> -		goto err_out;
> +		goto err_nand_cleanup;
>  	return 0;
>  
> +err_nand_cleanup:
> +	nand_cleanup(chip);
>  err_out:
> -	gpmi_nand_exit(this);
> +	gpmi_free_dma_buffer(this);
>  	return ret;
>  }
>

Patch

diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
index d52139635b67..92279a0d52f1 100644
--- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
+++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
@@ -2048,18 +2048,20 @@  static int gpmi_nand_init(struct gpmi_nand_data *this)
 
 	ret = nand_boot_init(this);
 	if (ret)
-		goto err_out;
+		goto err_nand_cleanup;
 	ret = chip->scan_bbt(mtd);
 	if (ret)
-		goto err_out;
+		goto err_nand_cleanup;
 
 	ret = mtd_device_register(mtd, NULL, 0);
 	if (ret)
-		goto err_out;
+		goto err_nand_cleanup;
 	return 0;
 
+err_nand_cleanup:
+	nand_cleanup(chip);
 err_out:
-	gpmi_nand_exit(this);
+	gpmi_free_dma_buffer(this);
 	return ret;
 }