[PATCH] mtd: Fix kernel NULL pointer dereference in physmap.c
H Hartley Sweeten
hartleys at visionengravers.com
Tue Oct 20 12:08:00 EDT 2009
On Tuesday, October 20, 2009 8:30 AM, Atsushi Nemoto wrote:
> On Mon, 19 Oct 2009 13:31:46 -0400, "H Hartley Sweeten" <hartleys at visionengravers.com> wrote:
>> During the probe for physmap platform flash devices there are a
>> number error exit conditions that all do a goto err_out which
>> then calls physmap_flash_remove(). In that function one of the
>> cleanup steps is:
>>
>> #ifdef CONFIG_MTD_CONCAT
>> if (info->cmtd != info->mtd[0])
>> mtd_concat_destroy(info->cmtd);
>> #endif
>>
>> This test will succeed since info->cmtd == NULL and info->mtd[0] is
>> valid.
>
> Oh I had missed this case when fixing physmap_flash_remove last time.
>
>> Fix this by exiting the remove function when info->cmtd == NULL.
>
> No, map_destroy loop at the end of the function should not be skipped
> even when info->cmtd == NULL.
Missed that part. I will modify the patch and repost.
>> Also, cleanup the #ifdef CONFIG_MTD_PARTITIONS stuff by using
>> mtd_has_partitions().
>
> And this cleanup cause build errors when CONFIG_MTD_PARTITIONS was not
> set. A separate patch might be better for such cleanup.
Hmm.. Not sure why that would cause a build error. Regardless, I will
remove that change from this patch.
Regards,
Hartley
More information about the linux-mtd
mailing list