[ltsi-3.10.31] mtd: m25p80: Fix crash in m25p_probe()

Message ID	1400586228-23880-1-git-send-email-geert+renesas@glider.be (mailing list archive)
State	New, archived
Headers	show Return-Path: <ltsi-dev-bounces@lists.linuxfoundation.org> Received-SPF: none (google.com: geert@linux-m68k.org does not designate permitted sender hosts) client-ip=2001:4b98:c:538::198; From: Geert Uytterhoeven <geert+renesas@glider.be> To: Soren Brinkmann <soren.brinkmann@xilinx.com>, Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>, Yoshitake Kobayashi <yoshitake.kobayashi@toshiba.co.jp> Date: Tue, 20 May 2014 13:43:48 +0200 Message-Id: <1400586228-23880-1-git-send-email-geert+renesas@glider.be> ReSent-Date: Wed, 21 May 2014 21:18:24 +0200 (CEST) ReSent-From: Geert Uytterhoeven <geert@linux-m68k.org> ReSent-To: ltsi-dev@lists.linuxfoundation.org ReSent-Subject: [PATCH ltsi-3.10.31] mtd: m25p80: Fix crash in m25p_probe() ReSent-Message-ID: <alpine.DEB.2.02.1405212118240.19983@ayla.of.borg> ReSent-User-Agent: Alpine 2.02 (DEB 1266 2009-07-14) Cc: ltsi-dev@lists.linuxfoundation.org, Geert Uytterhoeven <geert+renesas@glider.be> Subject: [LTSI-dev] [PATCH ltsi-3.10.31] mtd: m25p80: Fix crash in m25p_probe() Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ltsi-dev-bounces@lists.linuxfoundation.org Errors-To: ltsi-dev-bounces@lists.linuxfoundation.org

Geert Uytterhoeven May 20, 2014, 11:43 a.m. UTC

If of_property_read_string() fails, comp_str will be uninitialized,
causing crashes:

Unable to handle kernel NULL pointer dereference at virtual address 0000009f
...
PC is at strcmp+0xc/0x40
LR is at m25p_probe+0x410/0xa04

and

Unable to handle kernel NULL pointer dereference at virtual address 00000000
...
PC is at strcmp+0xc/0x40
LR is at m25p_probe+0x6f4/0xa0c

Introduced by "mtd: xilinx: merge nand flash support from xilinx
repository" ([ltsi-kernel.git] / patches.zynq /
0007-mtd-xilinx-merge-nand-flash-support-from-xilinx-repo.patch)

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
---
 drivers/mtd/devices/m25p80.c |    9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

Greg Kroah-Hartman May 21, 2014, 10:07 p.m. UTC | #1

On Tue, May 20, 2014 at 01:43:48PM +0200, Geert Uytterhoeven wrote:
> If of_property_read_string() fails, comp_str will be uninitialized,
> causing crashes:
> 
> Unable to handle kernel NULL pointer dereference at virtual address 0000009f
> ...
> PC is at strcmp+0xc/0x40
> LR is at m25p_probe+0x410/0xa04
> 
> and
> 
> Unable to handle kernel NULL pointer dereference at virtual address 00000000
> ...
> PC is at strcmp+0xc/0x40
> LR is at m25p_probe+0x6f4/0xa0c
> 
> Introduced by "mtd: xilinx: merge nand flash support from xilinx
> repository" ([ltsi-kernel.git] / patches.zynq /
> 0007-mtd-xilinx-merge-nand-flash-support-from-xilinx-repo.patch)
> 
> Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
> ---
>  drivers/mtd/devices/m25p80.c |    9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)

Thanks, I'll queue this up when I update the ltsi kernel tree next week.

greg k-h

Geert Uytterhoeven May 22, 2014, 6:46 a.m. UTC | #2

Hi Greg,

On Thu, May 22, 2014 at 12:07 AM, Greg KH <gregkh@linuxfoundation.org> wrote:
> On Tue, May 20, 2014 at 01:43:48PM +0200, Geert Uytterhoeven wrote:
>> If of_property_read_string() fails, comp_str will be uninitialized,
>> causing crashes:
>>
>> Unable to handle kernel NULL pointer dereference at virtual address 0000009f
>> ...
>> PC is at strcmp+0xc/0x40
>> LR is at m25p_probe+0x410/0xa04
>>
>> and
>>
>> Unable to handle kernel NULL pointer dereference at virtual address 00000000
>> ...
>> PC is at strcmp+0xc/0x40
>> LR is at m25p_probe+0x6f4/0xa0c
>>
>> Introduced by "mtd: xilinx: merge nand flash support from xilinx
>> repository" ([ltsi-kernel.git] / patches.zynq /
>> 0007-mtd-xilinx-merge-nand-flash-support-from-xilinx-repo.patch)
>>
>> Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
>> ---
>>  drivers/mtd/devices/m25p80.c |    9 +++++----
>>  1 file changed, 5 insertions(+), 4 deletions(-)
>
> Thanks, I'll queue this up when I update the ltsi kernel tree next week.

BTW, are you aware
0007-mtd-xilinx-merge-nand-flash-support-from-xilinx-repo.patch
is not in mainline?

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Greg Kroah-Hartman May 22, 2014, 7:06 a.m. UTC | #3

On Thu, May 22, 2014 at 08:46:53AM +0200, Geert Uytterhoeven wrote:
> Hi Greg,
> 
> On Thu, May 22, 2014 at 12:07 AM, Greg KH <gregkh@linuxfoundation.org> wrote:
> > On Tue, May 20, 2014 at 01:43:48PM +0200, Geert Uytterhoeven wrote:
> >> If of_property_read_string() fails, comp_str will be uninitialized,
> >> causing crashes:
> >>
> >> Unable to handle kernel NULL pointer dereference at virtual address 0000009f
> >> ...
> >> PC is at strcmp+0xc/0x40
> >> LR is at m25p_probe+0x410/0xa04
> >>
> >> and
> >>
> >> Unable to handle kernel NULL pointer dereference at virtual address 00000000
> >> ...
> >> PC is at strcmp+0xc/0x40
> >> LR is at m25p_probe+0x6f4/0xa0c
> >>
> >> Introduced by "mtd: xilinx: merge nand flash support from xilinx
> >> repository" ([ltsi-kernel.git] / patches.zynq /
> >> 0007-mtd-xilinx-merge-nand-flash-support-from-xilinx-repo.patch)
> >>
> >> Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
> >> ---
> >>  drivers/mtd/devices/m25p80.c |    9 +++++----
> >>  1 file changed, 5 insertions(+), 4 deletions(-)
> >
> > Thanks, I'll queue this up when I update the ltsi kernel tree next week.
> 
> BTW, are you aware
> 0007-mtd-xilinx-merge-nand-flash-support-from-xilinx-repo.patch
> is not in mainline?

Lots of patches in the LTSI tree are not in mainline :(

Soren Brinkmann May 22, 2014, 3:38 p.m. UTC | #4

On Thu, 2014-05-22 at 04:06PM +0900, Greg KH wrote:
> On Thu, May 22, 2014 at 08:46:53AM +0200, Geert Uytterhoeven wrote:
> > Hi Greg,
> > 
> > On Thu, May 22, 2014 at 12:07 AM, Greg KH <gregkh@linuxfoundation.org> wrote:
> > > On Tue, May 20, 2014 at 01:43:48PM +0200, Geert Uytterhoeven wrote:
> > >> If of_property_read_string() fails, comp_str will be uninitialized,
> > >> causing crashes:
> > >>
> > >> Unable to handle kernel NULL pointer dereference at virtual address 0000009f
> > >> ...
> > >> PC is at strcmp+0xc/0x40
> > >> LR is at m25p_probe+0x410/0xa04
> > >>
> > >> and
> > >>
> > >> Unable to handle kernel NULL pointer dereference at virtual address 00000000
> > >> ...
> > >> PC is at strcmp+0xc/0x40
> > >> LR is at m25p_probe+0x6f4/0xa0c
> > >>
> > >> Introduced by "mtd: xilinx: merge nand flash support from xilinx
> > >> repository" ([ltsi-kernel.git] / patches.zynq /
> > >> 0007-mtd-xilinx-merge-nand-flash-support-from-xilinx-repo.patch)
> > >>
> > >> Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
> > >> ---
> > >>  drivers/mtd/devices/m25p80.c |    9 +++++----
> > >>  1 file changed, 5 insertions(+), 4 deletions(-)
> > >
> > > Thanks, I'll queue this up when I update the ltsi kernel tree next week.
> > 
> > BTW, are you aware
> > 0007-mtd-xilinx-merge-nand-flash-support-from-xilinx-repo.patch
> > is not in mainline?
> 
> Lots of patches in the LTSI tree are not in mainline :(

We're working on it. I don't know the exact state, but Zynq mainline
support is growing quite a bit.

	Sören

Daniel Sangorrin May 27, 2014, 12:32 a.m. UTC | #5

Hi Geert,

Thanks for the patch, and sorry that I introduced a patch with a bug.

Regards
Daniel

On 2014/05/20 20:43, Geert Uytterhoeven wrote:
> If of_property_read_string() fails, comp_str will be uninitialized,
> causing crashes:
> 
> Unable to handle kernel NULL pointer dereference at virtual address 0000009f
> ...
> PC is at strcmp+0xc/0x40
> LR is at m25p_probe+0x410/0xa04
> 
> and
> 
> Unable to handle kernel NULL pointer dereference at virtual address 00000000
> ...
> PC is at strcmp+0xc/0x40
> LR is at m25p_probe+0x6f4/0xa0c
> 
> Introduced by "mtd: xilinx: merge nand flash support from xilinx
> repository" ([ltsi-kernel.git] / patches.zynq /
> 0007-mtd-xilinx-merge-nand-flash-support-from-xilinx-repo.patch)
> 
> Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
> ---
>  drivers/mtd/devices/m25p80.c |    9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/mtd/devices/m25p80.c b/drivers/mtd/devices/m25p80.c
> index 3572513cb0f0..d33317d7842e 100644
> --- a/drivers/mtd/devices/m25p80.c
> +++ b/drivers/mtd/devices/m25p80.c
> @@ -1243,8 +1243,8 @@ static int m25p_probe(struct spi_device *spi)
>  		const char *comp_str;
>  		u32 is_dual;
>  		np = of_get_next_parent(spi->dev.of_node);
> -		of_property_read_string(np, "compatible", &comp_str);
> -		if (!strcmp(comp_str, "xlnx,ps7-qspi-1.00.a")) {
> +		if (!of_property_read_string(np, "compatible", &comp_str) &&
> +		    !strcmp(comp_str, "xlnx,ps7-qspi-1.00.a")) {
>  			if (of_property_read_u32(np, "is-dual", &is_dual) < 0) {
>  				/* Default to single if prop not defined */
>  				flash->shift = 0;
> @@ -1354,8 +1354,9 @@ static int m25p_probe(struct spi_device *spi)
>  #ifdef CONFIG_OF
>  			const char *comp_str;
>  			np = of_get_next_parent(spi->dev.of_node);
> -			of_property_read_string(np, "compatible", &comp_str);
> -			if (!strcmp(comp_str, "xlnx,ps7-qspi-1.00.a")) {
> +			if (!of_property_read_string(np, "compatible",
> +						     &comp_str) &&
> +			    !strcmp(comp_str, "xlnx,ps7-qspi-1.00.a")) {
>  				flash->addr_width = 3;
>  				set_4byte(flash, info->jedec_id, 0);
>  			} else {
>

[ltsi-3.10.31] mtd: m25p80: Fix crash in m25p_probe()

Commit Message

Comments

Patch