| Message ID | 1438305164-82852-1-git-send-email-shengyong1@huawei.com |
|---|---|
| State | Accepted |
| Commit | 192db1caa253c087496b9671ab8aa0a53da31f35 |
| Headers | show |
On Fri, Jul 31, 2015 at 01:12:44AM +0000, Sheng Yong wrote: > When using nandsim to simulate a 128K block nand with `overridesize = 1', > the size of mtd device is too small (mtd_size = 4 * block_size) to get the > right length of bbt. Then when creating bbt, kzmalloc() will return > ZERO_SIZE_PTR. This causes a NULL pointer oops when scanning bbt. > [...] > > This patch gives a smallest length to bbt, 1 byte, which is enough to > represent up to 4 blocks. > > Signed-off-by: Sheng Yong <shengyong1@huawei.com> > --- > drivers/mtd/nand/nand_bbt.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/mtd/nand/nand_bbt.c b/drivers/mtd/nand/nand_bbt.c > index 63a1a36..b1d4f81 100644 > --- a/drivers/mtd/nand/nand_bbt.c > +++ b/drivers/mtd/nand/nand_bbt.c > @@ -1080,7 +1080,7 @@ static int nand_scan_bbt(struct mtd_info *mtd, struct nand_bbt_descr *bd) > struct nand_bbt_descr *td = this->bbt_td; > struct nand_bbt_descr *md = this->bbt_md; > > - len = mtd->size >> (this->bbt_erase_shift + 2); > + len = (mtd->size >> (this->bbt_erase_shift + 2)) ? : 1; > /* > * Allocate memory (2bit per block) and clear the memory bad block > * table. So that's all that needs fixed to get that small of a "NAND" working? I'd assume something else would break too. But maybe not! Applied to l2-mtd.git. Thanks.
diff --git a/drivers/mtd/nand/nand_bbt.c b/drivers/mtd/nand/nand_bbt.c index 63a1a36..b1d4f81 100644 --- a/drivers/mtd/nand/nand_bbt.c +++ b/drivers/mtd/nand/nand_bbt.c @@ -1080,7 +1080,7 @@ static int nand_scan_bbt(struct mtd_info *mtd, struct nand_bbt_descr *bd) struct nand_bbt_descr *td = this->bbt_td; struct nand_bbt_descr *md = this->bbt_md; - len = mtd->size >> (this->bbt_erase_shift + 2); + len = (mtd->size >> (this->bbt_erase_shift + 2)) ? : 1; /* * Allocate memory (2bit per block) and clear the memory bad block * table.
When using nandsim to simulate a 128K block nand with `overridesize = 1', the size of mtd device is too small (mtd_size = 4 * block_size) to get the right length of bbt. Then when creating bbt, kzmalloc() will return ZERO_SIZE_PTR. This causes a NULL pointer oops when scanning bbt. [ 952.156166] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 [ 952.157064] IP: [<ffffffff8148ad4a>] nand_isreserved_bbt+0x2a/0x40 [ 952.157064] PGD 0 [ 952.157064] Oops: 0000 [#1] SMP [ 952.157064] Modules linked in: nandsim(+) [last unloaded: nandsim] [ 952.157064] CPU: 1 PID: 7103 Comm: modprobe Not tainted 4.2.0-rc3-next-20150724 #4 [ 952.157064] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 952.157064] task: ffff88003e24b980 ti: ffff88003d274000 task.ti: ffff88003d274000 [ 952.157064] RIP: 0010:[<ffffffff8148ad4a>] [<ffffffff8148ad4a>] nand_isreserved_bbt+0x2a/0x40 [ 952.157064] RSP: 0018:ffff88003d277b90 EFLAGS: 00010246 [ 952.157064] RAX: 0000000000000010 RBX: ffff88003d5a1000 RCX: 0000000000000000 [ 952.157064] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88003d919000 [ 952.157064] RBP: ffff88003d277b98 R08: 0000000000020000 R09: 0000000000000000 [ 952.157064] R10: 0000000000000000 R11: 0000000000000195 R12: ffff88003d919000 [ 952.157064] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 952.157064] FS: 00007fada4d07700(0000) GS:ffff88003fd00000(0000) knlGS:0000000000000000 [ 952.157064] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 952.157064] CR2: 0000000000000010 CR3: 0000000037924000 CR4: 00000000000006a0 [ 952.157064] Stack: [ 952.157064] ffffffff814851ec ffff88003d277ba8 ffffffff8147e35f ffff88003d277bf8 [ 952.157064] ffffffff814816f3 ffff88003d277c08 ffff88003d277bc8 0000000000000282 [ 952.157064] 0000000000000001 0000000000000000 ffff88003d209540 0000000000000001 [ 952.157064] Call Trace: [ 952.157064] [<ffffffff814851ec>] ? nand_block_isreserved+0x1c/0x20 [ 952.157064] [<ffffffff8147e35f>] mtd_block_isreserved+0x1f/0x30 [ 952.157064] [<ffffffff814816f3>] allocate_partition+0x463/0x6a0 [ 952.157064] [<ffffffff81481b3b>] add_mtd_partitions+0x4b/0xe0 [ 952.157064] [<ffffffff8147f14c>] mtd_device_parse_register+0x4c/0xe0 [ 952.157064] [<ffffffffa0013daf>] ns_init_module+0xdaf/0xde4 [nandsim] [ 952.157064] [<ffffffff8128d7c8>] ? kasprintf+0x38/0x40 [ 952.157064] [<ffffffffa0013000>] ? 0xffffffffa0013000 [ 952.157064] [<ffffffff810002c3>] do_one_initcall+0x83/0x1b0 [ 952.157064] [<ffffffff8113afab>] ? kmem_cache_alloc_trace+0x6b/0x120 [ 952.157064] [<ffffffff8160b503>] do_init_module+0x5c/0x1dd [ 952.157064] [<ffffffff810aa4db>] load_module+0x1bbb/0x20b0 [ 952.157064] [<ffffffff810a6fc0>] ? __symbol_put+0x30/0x30 [ 952.157064] [<ffffffff810aaac9>] SyS_init_module+0xf9/0x110 [ 952.157064] [<ffffffff810aa9d1>] ? SyS_init_module+0x1/0x110 [ 952.157064] [<ffffffff81615f57>] entry_SYSCALL_64_fastpath+0x12/0x6a [ 952.157064] Code: 00 55 48 8b 87 80 01 00 00 48 89 e5 8b 88 cc 00 00 00 48 8b 80 f0 03 00 00 5d 48 d3 fe 89 f2 83 e6 03 c1 fa 02 8d 0c 36 48 63 d2 <0f> b6 04 10 d3 f8 83 e0 03 3c 02 0f 94 c0 0f b6 c0 c3 0f 1f 40 [ 952.157064] RIP [<ffffffff8148ad4a>] nand_isreserved_bbt+0x2a/0x40 [ 952.157064] RSP <ffff88003d277b90> [ 952.157064] CR2: 0000000000000010 [ 952.204010] ---[ end trace 6ca2e1c041fdba36 ]--- This patch gives a smallest length to bbt, 1 byte, which is enough to represent up to 4 blocks. Signed-off-by: Sheng Yong <shengyong1@huawei.com> --- drivers/mtd/nand/nand_bbt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)