[PATCH] mtd: spi-nor: Potential oops on error path in quad_enable()
Cyrille Pitchen
cyrille.pitchen at wedev4u.fr
Wed May 3 14:40:09 PDT 2017
Hi Dan,
Le 28/04/2017 à 15:06, Dan Carpenter a écrit :
> Before commit cff959958832 ("mtd: spi-nor: introduce SPI 1-2-2 and SPI
> 1-4-4 protocols") then we treated 1 as -EINVAL in the caller but after
> that commit we changed to propagate the return. My static checker
> complains that it's eventually passed to an ERR_PTR() and later
> dereferenced, but I'm not totally certain if that's true. Regardless,
> returning 1 is wrong.
>
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
>
> diff --git a/drivers/mtd/spi-nor/spi-nor.c b/drivers/mtd/spi-nor/spi-nor.c
> index 060a59e716be..a05db3371ebb 100644
> --- a/drivers/mtd/spi-nor/spi-nor.c
> +++ b/drivers/mtd/spi-nor/spi-nor.c
> @@ -1390,7 +1390,7 @@ static int macronix_quad_enable(struct spi_nor *nor)
> write_sr(nor, val | SR_QUAD_EN_MX);
>
> if (spi_nor_wait_till_ready(nor))
> - return 1;
> + return -EINVAL;
>
Good catch!
However, I think we could return the return code of
spi_nor_wait_till_ready() instead, like already done in
spansion_quad_enable().
Looking at the source code of spi_nor_wait_till_ready() /
spi_nor_wait_till_ready_with_timeout(), both function return 0 when
successful, a negative error code otherwise.
Best regards,
Cyrille
> ret = read_sr(nor);
> if (!(ret > 0 && (ret & SR_QUAD_EN_MX))) {
>
More information about the linux-mtd
mailing list