mtd: physmap_of: fix potential NULL dereference
Linux-MTD Mailing List
linux-mtd at lists.infradead.org
Mon Dec 15 19:59:11 PST 2014
Gitweb: http://git.infradead.org/?p=mtd-2.6.git;a=commit;h=92b633a8a482c4bc1ff3b7cffdcace7836861554
Commit: 92b633a8a482c4bc1ff3b7cffdcace7836861554
Parent: 58c81957b7d284c57a9fc1b815c77155ef744ea5
Author: Ard Biesheuvel <ard.biesheuvel at linaro.org>
AuthorDate: Sun Nov 30 13:51:03 2014 +0100
Committer: Brian Norris <computersforpeace at gmail.com>
CommitDate: Fri Dec 12 19:12:16 2014 -0800
mtd: physmap_of: fix potential NULL dereference
On device remove, when testing the cmtd field of an of_flash
struct to decide whether it is a concatenated device or not,
we get a false positive on cmtd == NULL, and dereference it
subsequently. This may occur if of_flash_remove() is called
from the cleanup path of of_flash_probe().
Instead, test for NULL first, and only then perform the test
for a concatenated device.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel at linaro.org>
Signed-off-by: Brian Norris <computersforpeace at gmail.com>
---
drivers/mtd/maps/physmap_of.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/mtd/maps/physmap_of.c b/drivers/mtd/maps/physmap_of.c
index c1d21cb..e489304 100644
--- a/drivers/mtd/maps/physmap_of.c
+++ b/drivers/mtd/maps/physmap_of.c
@@ -47,14 +47,12 @@ static int of_flash_remove(struct platform_device *dev)
return 0;
dev_set_drvdata(&dev->dev, NULL);
- if (info->cmtd != info->list[0].mtd) {
+ if (info->cmtd) {
mtd_device_unregister(info->cmtd);
- mtd_concat_destroy(info->cmtd);
+ if (info->cmtd != info->list[0].mtd)
+ mtd_concat_destroy(info->cmtd);
}
- if (info->cmtd)
- mtd_device_unregister(info->cmtd);
-
for (i = 0; i < info->list_size; i++) {
if (info->list[i].mtd)
map_destroy(info->list[i].mtd);
More information about the linux-mtd-cvs
mailing list