[LEDE-DEV] [PATCH] ar71xx: fix invalid pointer dereference in rb95x_nand_scan_fixup()
Arjen de Korte
arjen+lede at de-korte.org
Tue Dec 12 14:34:00 PST 2017
Citeren Gabor Juhos <juhosg at freemail.hu>:
> Since Linux 4.6, mtd->priv no longer points to the NAND specific
> structure. Under 4.9 it contains NULL, thus using it to access
> chip->options causes an invalid pointer dereference (FS#1200).
>
> Update the code to use the mtd_to_nand() helper under 4.9 to obtain
> the address of the chip specific data.
This same construction is present in other files as well:
target/linux/ar71xx/files/arch/mips/ath79/mach-c60.c: struct
nand_chip *chip = mtd->priv;
target/linux/ar71xx/files/arch/mips/ath79/mach-rb2011.c: struct
nand_chip *chip = mtd->priv;
target/linux/ar71xx/files/arch/mips/ath79/mach-rb922.c: struct
nand_chip *chip = mtd->priv;
target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c: struct
nand_chip *chip = mtd->priv;
target/linux/ar71xx/files/arch/mips/ath79/mach-rbsxtlite.c: struct
nand_chip *chip = mtd->priv;
Shouldn't these be included in this patch as well for sake of completeness?
> Fixes: 7bbf4117c6fe ("ar71xx: Add kernel 4.9 support")
> Signed-off-by: Gabor Juhos <juhosg at freemail.hu>
> ---
> target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c
> b/target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c
> index 9eaeaa7f9d..5e24694d5c 100644
> --- a/target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c
> +++ b/target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c
> @@ -207,7 +207,11 @@ static const struct mtd_ooblayout_ops
> rb95x_nand_ecclayout_ops = {
>
> static int rb95x_nand_scan_fixup(struct mtd_info *mtd)
> {
> +#if LINUX_VERSION_CODE < KERNEL_VERSION(4,6,0)
> struct nand_chip *chip = mtd->priv;
> +#else
> + struct nand_chip *chip = mtd_to_nand(mtd);
> +#endif /* < 4.6.0 */
>
> if (mtd->writesize == 512) {
> /*
More information about the Lede-dev
mailing list