From: H Hartley Sweeten Date: Mon, 19 Oct 2009 17:31:46 +0000 (-0400) Subject: mtd: Fix kernel NULL pointer dereference in physmap.c X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=4b56ffcacee937a85bf39e14872dd141e23ee85f;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git mtd: Fix kernel NULL pointer dereference in physmap.c During the probe for physmap platform flash devices there are a number error exit conditions that all do a goto err_out which then calls physmap_flash_remove(). In that function one of the cleanup steps is: #ifdef CONFIG_MTD_CONCAT if (info->cmtd != info->mtd[0]) mtd_concat_destroy(info->cmtd); #endif This test will succeed since info->cmtd == NULL and info->mtd[0] is valid. Fix this by exiting the remove function when info->cmtd == NULL. Also, cleanup the #ifdef CONFIG_MTD_PARTITIONS stuff by using mtd_has_partitions(). Signed-off-by: H Hartley Sweeten Signed-off-by: David Woodhouse --- diff --git a/drivers/mtd/maps/physmap.c b/drivers/mtd/maps/physmap.c index 380648e9051a..65f52d4804a2 100644 --- a/drivers/mtd/maps/physmap.c +++ b/drivers/mtd/maps/physmap.c @@ -44,22 +44,23 @@ static int physmap_flash_remove(struct platform_device *dev) return 0; platform_set_drvdata(dev, NULL); + if (info->cmtd == NULL) + return 0; + physmap_data = dev->dev.platform_data; - if (info->cmtd) { -#ifdef CONFIG_MTD_PARTITIONS - if (info->nr_parts || physmap_data->nr_parts) + if (mtd_has_partitions()) { + if (info->nr_parts || physmap_data->nr_parts) { del_mtd_partitions(info->cmtd); - else + + if (info->nr_parts) + kfree(info->parts); + } else { del_mtd_device(info->cmtd); -#else + } + } else { del_mtd_device(info->cmtd); -#endif } -#ifdef CONFIG_MTD_PARTITIONS - if (info->nr_parts) - kfree(info->parts); -#endif #ifdef CONFIG_MTD_CONCAT if (info->cmtd != info->mtd[0]) @@ -169,22 +170,22 @@ static int physmap_flash_probe(struct platform_device *dev) if (err) goto err_out; -#ifdef CONFIG_MTD_PARTITIONS - err = parse_mtd_partitions(info->cmtd, part_probe_types, - &info->parts, 0); - if (err > 0) { - add_mtd_partitions(info->cmtd, info->parts, err); - info->nr_parts = err; - return 0; - } + if (mtd_has_partitions()) { + err = parse_mtd_partitions(info->cmtd, part_probe_types, + &info->parts, 0); + if (err > 0) { + add_mtd_partitions(info->cmtd, info->parts, err); + info->nr_parts = err; + return 0; + } - if (physmap_data->nr_parts) { - printk(KERN_NOTICE "Using physmap partition information\n"); - add_mtd_partitions(info->cmtd, physmap_data->parts, - physmap_data->nr_parts); - return 0; + if (physmap_data->nr_parts) { + printk(KERN_NOTICE "Using physmap partition information\n"); + add_mtd_partitions(info->cmtd, physmap_data->parts, + physmap_data->nr_parts); + return 0; + } } -#endif add_mtd_device(info->cmtd); return 0;