mtd: Fix kernel NULL pointer dereference in physmap.c
Linux-MTD Mailing List
linux-mtd at lists.infradead.org
Mon Oct 19 21:59:01 EDT 2009
Gitweb: http://git.infradead.org/?p=mtd-2.6.git;a=commit;h=4b56ffcacee937a85bf39e14872dd141e23ee85f
Commit: 4b56ffcacee937a85bf39e14872dd141e23ee85f
Parent: 2d098a725333990d265dfe4754d1b63032c35afb
Author: H Hartley Sweeten <hartleys at visionengravers.com>
AuthorDate: Mon Oct 19 13:31:46 2009 -0400
Committer: David Woodhouse <David.Woodhouse at intel.com>
CommitDate: Tue Oct 20 09:36:04 2009 +0900
mtd: Fix kernel NULL pointer dereference in physmap.c
During the probe for physmap platform flash devices there are a
number error exit conditions that all do a goto err_out which
then calls physmap_flash_remove(). In that function one of the
cleanup steps is:
#ifdef CONFIG_MTD_CONCAT
if (info->cmtd != info->mtd[0])
mtd_concat_destroy(info->cmtd);
#endif
This test will succeed since info->cmtd == NULL and info->mtd[0] is
valid.
Fix this by exiting the remove function when info->cmtd == NULL.
Also, cleanup the #ifdef CONFIG_MTD_PARTITIONS stuff by using
mtd_has_partitions().
Signed-off-by: H Hartley Sweeten <hsweeten at visionengravers.com>
Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
---
drivers/mtd/maps/physmap.c | 49 ++++++++++++++++++++++---------------------
1 files changed, 25 insertions(+), 24 deletions(-)
diff --git a/drivers/mtd/maps/physmap.c b/drivers/mtd/maps/physmap.c
index 380648e..65f52d4 100644
--- a/drivers/mtd/maps/physmap.c
+++ b/drivers/mtd/maps/physmap.c
@@ -44,22 +44,23 @@ static int physmap_flash_remove(struct platform_device *dev)
return 0;
platform_set_drvdata(dev, NULL);
+ if (info->cmtd == NULL)
+ return 0;
+
physmap_data = dev->dev.platform_data;
- if (info->cmtd) {
-#ifdef CONFIG_MTD_PARTITIONS
- if (info->nr_parts || physmap_data->nr_parts)
+ if (mtd_has_partitions()) {
+ if (info->nr_parts || physmap_data->nr_parts) {
del_mtd_partitions(info->cmtd);
- else
+
+ if (info->nr_parts)
+ kfree(info->parts);
+ } else {
del_mtd_device(info->cmtd);
-#else
+ }
+ } else {
del_mtd_device(info->cmtd);
-#endif
}
-#ifdef CONFIG_MTD_PARTITIONS
- if (info->nr_parts)
- kfree(info->parts);
-#endif
#ifdef CONFIG_MTD_CONCAT
if (info->cmtd != info->mtd[0])
@@ -169,22 +170,22 @@ static int physmap_flash_probe(struct platform_device *dev)
if (err)
goto err_out;
-#ifdef CONFIG_MTD_PARTITIONS
- err = parse_mtd_partitions(info->cmtd, part_probe_types,
- &info->parts, 0);
- if (err > 0) {
- add_mtd_partitions(info->cmtd, info->parts, err);
- info->nr_parts = err;
- return 0;
- }
+ if (mtd_has_partitions()) {
+ err = parse_mtd_partitions(info->cmtd, part_probe_types,
+ &info->parts, 0);
+ if (err > 0) {
+ add_mtd_partitions(info->cmtd, info->parts, err);
+ info->nr_parts = err;
+ return 0;
+ }
- if (physmap_data->nr_parts) {
- printk(KERN_NOTICE "Using physmap partition information\n");
- add_mtd_partitions(info->cmtd, physmap_data->parts,
- physmap_data->nr_parts);
- return 0;
+ if (physmap_data->nr_parts) {
+ printk(KERN_NOTICE "Using physmap partition information\n");
+ add_mtd_partitions(info->cmtd, physmap_data->parts,
+ physmap_data->nr_parts);
+ return 0;
+ }
}
-#endif
add_mtd_device(info->cmtd);
return 0;
More information about the linux-mtd-cvs
mailing list