[LEDE-DEV] [PATCH] ar71xx: fix invalid pointer dereference in rb95x_nand_scan_fixup()
Gabor Juhos
juhosg at freemail.hu
Wed Dec 13 11:10:09 PST 2017
Hello,
>> Since Linux 4.6, mtd->priv no longer points to the NAND specific
>> structure. Under 4.9 it contains NULL, thus using it to access
>> chip->options causes an invalid pointer dereference (FS#1200).
>>
>> Update the code to use the mtd_to_nand() helper under 4.9 to obtain
>> the address of the chip specific data.
>
> This same construction is present in other files as well:
>
> target/linux/ar71xx/files/arch/mips/ath79/mach-c60.c: struct
> nand_chip *chip = mtd->priv;
> target/linux/ar71xx/files/arch/mips/ath79/mach-rb2011.c: struct
> nand_chip *chip = mtd->priv;
> target/linux/ar71xx/files/arch/mips/ath79/mach-rb922.c: struct
> nand_chip *chip = mtd->priv;
> target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c: struct
> nand_chip *chip = mtd->priv;
> target/linux/ar71xx/files/arch/mips/ath79/mach-rbsxtlite.c: struct
> nand_chip *chip = mtd->priv;
>
> Shouldn't these be included in this patch as well for sake of completeness?
Good point, mach-c60.c should be fixed as well. I will send a separate patch for
that.
The other mach-rb*.c files are not affected. The fields of the nand_chip
structure are not accessed under 4.9 in those files.
Regards,
Gabor
More information about the Lede-dev
mailing list