[LEDE-DEV] [PATCH] ar71xx: fix invalid pointer dereference in rb95x_nand_scan_fixup()
Gabor Juhos
juhosg at freemail.hu
Tue Dec 12 12:49:50 PST 2017
Since Linux 4.6, mtd->priv no longer points to the NAND specific
structure. Under 4.9 it contains NULL, thus using it to access
chip->options causes an invalid pointer dereference (FS#1200).
Update the code to use the mtd_to_nand() helper under 4.9 to obtain
the address of the chip specific data.
Fixes: 7bbf4117c6fe ("ar71xx: Add kernel 4.9 support")
Signed-off-by: Gabor Juhos <juhosg at freemail.hu>
---
target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c b/target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c
index 9eaeaa7f9d..5e24694d5c 100644
--- a/target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c
+++ b/target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c
@@ -207,7 +207,11 @@ static const struct mtd_ooblayout_ops rb95x_nand_ecclayout_ops = {
static int rb95x_nand_scan_fixup(struct mtd_info *mtd)
{
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4,6,0)
struct nand_chip *chip = mtd->priv;
+#else
+ struct nand_chip *chip = mtd_to_nand(mtd);
+#endif /* < 4.6.0 */
if (mtd->writesize == 512) {
/*
--
2.14.3
More information about the Lede-dev
mailing list