From patchwork Fri Oct 23 17:49:58 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kevin Smith X-Patchwork-Id: 535142 X-Patchwork-Delegate: scottwood@freescale.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id 8197C140549 for ; Sat, 24 Oct 2015 04:50:16 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 923E54B875; Fri, 23 Oct 2015 19:50:11 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i9giOf0WuGr8; Fri, 23 Oct 2015 19:50:11 +0200 (CEST) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 14FC74B80A; Fri, 23 Oct 2015 19:50:11 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 6DB0B4B80A for ; Fri, 23 Oct 2015 19:50:08 +0200 (CEST) Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jtXXj7y1ULUk for ; Fri, 23 Oct 2015 19:50:08 +0200 (CEST) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from p02c11o141.mxlogic.net (p02c11o141.mxlogic.net [208.65.144.74]) by theia.denx.de (Postfix) with ESMTPS id 465644B809 for ; Fri, 23 Oct 2015 19:50:02 +0200 (CEST) Received: from unknown [64.198.156.98] (EHLO ELECSYS-MAIL.dci.local) by p02c11o141.mxlogic.net(mxl_mta-8.5.0-3) over TLS secured channel with ESMTP id 8437a265.0.289882.00-397.826372.p02c11o141.mxlogic.net (envelope-from ); Fri, 23 Oct 2015 11:50:07 -0600 (MDT) X-MXL-Hash: 562a734f61e85f18-963132691f54715629778c009d9de57396b6daf5 Received: from ELECSYS-MAIL.dci.local ([fe80::f963:2d15:a0de:5ad0]) by ELECSYS-MAIL.dci.local ([fe80::f963:2d15:a0de:5ad0%12]) with mapi id 14.03.0248.002; Fri, 23 Oct 2015 12:49:59 -0500 From: Kevin Smith To: "u-boot@lists.denx.de" Thread-Topic: [PATCH] mtd: pxa3xx_nand: Correct allocation and init bug Thread-Index: AQHRDbs8firDCXRS/0O5sTRUGdPUGw== Date: Fri, 23 Oct 2015 17:49:58 +0000 Message-ID: <1445622596-18764-1-git-send-email-kevin.smith@elecsyscorp.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.63.192.143] MIME-Version: 1.0 X-AnalysisOut: [v=2.1 cv=H4/Pwooi c=1 sm=1 tr=0 a=51qEjsKpZkmECDgIwGerrA==] X-AnalysisOut: [:117 a=51qEjsKpZkmECDgIwGerrA==:17 a=LfzEU8aZAAAA:8 a=YlVT] X-AnalysisOut: [AMxIAAAA:8 a=tiPCBs538qsA:10 a=8nJEP1OIZ-IA:10 a=xqWC_Br6k] X-AnalysisOut: [Y4A:10 a=5lJygRwiOn0A:10 a=6ohNodAXAAAA:8 a=wE_c9I3jrS1VxX] X-AnalysisOut: [SGdIAA:9 a=wPNLvfGTeEIA:10] X-Spam: [F=0.5399361022; CM=0.500; MH=0.539(2015102310); S=0.200(2015072901)] X-MAIL-FROM: X-SOURCE-IP: [64.198.156.98] Cc: Scott Wood , Stefan Roese , Luka Perkov Subject: [U-Boot] [PATCH] mtd: pxa3xx_nand: Correct allocation and init bug X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.15 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Correct a null pointer dereference in board_nand_init(). Zeroed memory was allocated, then immediately dereferenced, which is a null dereference. The dereference is completely removed, since this pointer is later initialized in alloc_nand_resources. The allocation size is reduced from what was introduced from the Linux kernel, as U-boot uses the statically allocated nand_info instead of needing to dynamically allocate an mtd_info instance. Also, some pointer math was corrected in the initialization of the nand_chip pointer. Signed-off-by: Kevin Smith Cc: Stefan Roese Cc: Luka Perkov Cc: Scott Wood --- drivers/mtd/nand/pxa3xx_nand.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c index 1565a9a..e5ea5c2 100644 --- a/drivers/mtd/nand/pxa3xx_nand.c +++ b/drivers/mtd/nand/pxa3xx_nand.c @@ -1486,8 +1486,8 @@ static int alloc_nand_resource(struct pxa3xx_nand_info *info) info->variant = pxa3xx_nand_get_variant(); for (cs = 0; cs < pdata->num_cs; cs++) { mtd = &nand_info[cs]; - chip = (struct nand_chip *)info + - sizeof(struct pxa3xx_nand_host); + chip = (struct nand_chip *) + ((u8 *)&info[1] + sizeof(*host) * cs); host = (struct pxa3xx_nand_host *)chip; info->host[cs] = host; host->mtd = mtd; @@ -1600,19 +1600,12 @@ void board_nand_init(void) struct pxa3xx_nand_host *host; int ret; - info = kzalloc(sizeof(*info) + (sizeof(struct mtd_info) + - sizeof(*host)) * - CONFIG_SYS_MAX_NAND_DEVICE, GFP_KERNEL); + info = kzalloc(sizeof(*info) + + sizeof(*host) * CONFIG_SYS_MAX_NAND_DEVICE, + GFP_KERNEL); if (!info) return; - /* - * If CONFIG_SYS_NAND_SELF_INIT is defined, each driver is responsible - * for instantiating struct nand_chip, while drivers/mtd/nand/nand.c - * still provides a "struct mtd_info nand_info" instance. - */ - info->host[0]->mtd = &nand_info[0]; - ret = pxa3xx_nand_probe(info); if (ret) return;