[PATCH] mtd: rawnand: cadence: fix DMA device NULL pointer dereference
niravkumarlaxmidas.rabara at altera.com
niravkumarlaxmidas.rabara at altera.com
Wed Oct 22 20:32:01 PDT 2025
From: Niravkumar L Rabara <niravkumarlaxmidas.rabara at altera.com>
The DMA device pointer `dma_dev` was being dereferenced before ensuring
that `cdns_ctrl->dmac` is properly initialized.
Move the assignment of `dma_dev` after successfully acquiring the DMA
channel to ensure the pointer is valid before use.
Fixes: d76d22b5096c ("mtd: rawnand: cadence: use dma_map_resource for sdma address")
Cc: stable at vger.kernel.org
Signed-off-by: Niravkumar L Rabara <niravkumarlaxmidas.rabara at altera.com>
---
This patch fixes below kernel Oops:
...
[ 1.469661] cadence-nand-controller 10b80000.nand-controller: IRQ: nr 21
[ 1.476591] Unable to handle kernel paging request at virtual address fffffffffffffff8
[ 1.484493] Mem abort info:
[ 1.487280] ESR = 0x0000000096000004
[ 1.491019] EC = 0x25: DABT (current EL), IL = 32 bits
[ 1.496318] SET = 0, FnV = 0
[ 1.499366] EA = 0, S1PTW = 0
[ 1.502499] FSC = 0x04: level 0 translation fault
[ 1.507363] Data abort info:
[ 1.510237] ISV = 0, ISS = 0x00000004
[ 1.514062] CM = 0, WnR = 0
[ 1.517024] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000087a0a000
[ 1.523706] [fffffffffffffff8] pgd=0000000000000000, p4d=0000000000000000
[ 1.530490] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
...
drivers/mtd/nand/raw/cadence-nand-controller.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/cadence-nand-controller.c b/drivers/mtd/nand/raw/cadence-nand-controller.c
index 6667eea95597..32ed38b89394 100644
--- a/drivers/mtd/nand/raw/cadence-nand-controller.c
+++ b/drivers/mtd/nand/raw/cadence-nand-controller.c
@@ -2871,7 +2871,7 @@ cadence_nand_irq_cleanup(int irqnum, struct cdns_nand_ctrl *cdns_ctrl)
static int cadence_nand_init(struct cdns_nand_ctrl *cdns_ctrl)
{
dma_cap_mask_t mask;
- struct dma_device *dma_dev = cdns_ctrl->dmac->device;
+ struct dma_device *dma_dev;
int ret;
cdns_ctrl->cdma_desc = dma_alloc_coherent(cdns_ctrl->dev,
@@ -2915,6 +2915,7 @@ static int cadence_nand_init(struct cdns_nand_ctrl *cdns_ctrl)
}
}
+ dma_dev = cdns_ctrl->dmac->device;
cdns_ctrl->io.iova_dma = dma_map_resource(dma_dev->dev, cdns_ctrl->io.dma,
cdns_ctrl->io.size,
DMA_BIDIRECTIONAL, 0);
--
2.25.1
More information about the linux-mtd
mailing list