[bug report] mtd: rawnand: cadence: fix DMA device NULL pointer dereference
Niravkumar L Rabara
niravkumarlaxmidas.rabara at altera.com
Mon Oct 27 19:23:01 PDT 2025
On 27/10/2025 2:36 pm, Dan Carpenter wrote:
> Hello Niravkumar L Rabara,
>
> This is a semi-automatic email about new static checker warnings.
>
> Commit 5c56bf214af8 ("mtd: rawnand: cadence: fix DMA device NULL
> pointer dereference") from Oct 23, 2025, leads to the following
> Smatch complaint:
>
> drivers/mtd/nand/raw/cadence-nand-controller.c:2956 cadence_nand_init()
> warn: variable dereferenced before check 'cdns_ctrl->dmac' (see line 2918)
>
> drivers/mtd/nand/raw/cadence-nand-controller.c
> 2909 if (cdns_ctrl->caps1->has_dma) {
> 2910 cdns_ctrl->dmac = dma_request_chan_by_mask(&mask);
> ^^^^^^^^^^^^^^^
> This is only set sometimes
>
>
> 2911 if (IS_ERR(cdns_ctrl->dmac)) {
> 2912 ret = dev_err_probe(cdns_ctrl->dev, PTR_ERR(cdns_ctrl->dmac),
> 2913 "%d: Failed to get a DMA channel\n", ret);
> 2914 goto disable_irq;
> 2915 }
> 2916 }
> 2917
> 2918 dma_dev = cdns_ctrl->dmac->device;
> ^^^^^^^^^^^^^^^^^
> Potential NULL dereference
>
> 2919 cdns_ctrl->io.iova_dma = dma_map_resource(dma_dev->dev, cdns_ctrl->io.dma,
> 2920 cdns_ctrl->io.size,
> 2954
> 2955 dma_release_chnl:
> 2956 if (cdns_ctrl->dmac)
> ^^^^^^^^^^^^^^^
> Checked here, after dereference.
>
> 2957 dma_release_channel(cdns_ctrl->dmac);
> 2958
>
>
> regards,
> dan carpenter
Dan thanks for the bug report, next time I will make sure to check using
smatch before submitting the patch.
I will submit a patch to fix this.
Thanks,
Nirav
More information about the linux-mtd
mailing list