[PATCH 8/8] mtd: rawnand: qcom: Fix address parsing within ->exec_op()

Miquel Raynal miquel.raynal at bootlin.com
Sun Jul 16 07:46:12 PDT 2023


The naddrs variable is initialized but not used. Fixing this could have
been a matter of dropping the variable, but the right way to do it looks
a bit more complex: we can avoid useless writes to the q_op structure by
using it. In practice we could even have possible out-of-bound bugs with
the existing implementation. Let's fix all that by just performing the
right number of assignments in the addr{1,2}_reg fields.

Fixes: 89550beb098e ("mtd: rawnand: qcom: Implement exec_op()")
Reported-by: kernel test robot <lkp at intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202307131959.PdPSC86K-lkp@intel.com/
Closes: https://lore.kernel.org/oe-kbuild-all/202307131730.NOYbcjBr-lkp@intel.com/
Signed-off-by: Miquel Raynal <miquel.raynal at bootlin.com>
---
 drivers/mtd/nand/raw/qcom_nandc.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c
index 4fc8dafa8f03..dc8ca60fc2e2 100644
--- a/drivers/mtd/nand/raw/qcom_nandc.c
+++ b/drivers/mtd/nand/raw/qcom_nandc.c
@@ -2616,12 +2616,13 @@ static void qcom_parse_instructions(struct nand_chip *chip,
 			offset = nand_subop_get_addr_start_off(subop, op_id);
 			naddrs = nand_subop_get_num_addr_cyc(subop, op_id);
 			addrs = &instr->ctx.addr.addrs[offset];
-			for (i = 0; i < MAX_ADDRESS_CYCLE; i++) {
-				if (i < 4)
-					q_op->addr1_reg |= (u32)addrs[i] << i * 8;
-				else
-					q_op->addr2_reg |= addrs[i];
-			}
+
+			for (i = 0; i < min_t(unsigned int, 4, naddrs); i++)
+				q_op->addr1_reg |= addrs[i] << (i * 8);
+
+			if (naddrs > 4)
+				q_op->addr2_reg |= addrs[4];
+
 			q_op->rdy_delay_ns = instr->delay_ns;
 			break;
 
-- 
2.34.1




More information about the linux-arm-kernel mailing list