[U-Boot] [PATCH] mtd: pxa3xx_nand: Correct allocation and init bug

Fri, 23 Oct 2015 10:50:31 -0700 

Correct a null pointer dereference in board_nand_init().  Zeroed
memory was allocated, then immediately dereferenced, which is a
null dereference.  The dereference is completely removed, since
this pointer is later initialized in alloc_nand_resources.

The allocation size is reduced from what was introduced from the
Linux kernel, as U-boot uses the statically allocated nand_info
instead of needing to dynamically allocate an mtd_info instance.

Also, some pointer math was corrected in the initialization of
the nand_chip pointer.

Signed-off-by: Kevin Smith <kevin.sm...@elecsyscorp.com>
Cc: Stefan Roese <s...@denx.de>
Cc: Luka Perkov <luka.per...@sartura.hr>
Cc: Scott Wood <scottw...@freescale.com>
---
 drivers/mtd/nand/pxa3xx_nand.c | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c
index 1565a9a..e5ea5c2 100644
--- a/drivers/mtd/nand/pxa3xx_nand.c
+++ b/drivers/mtd/nand/pxa3xx_nand.c
@@ -1486,8 +1486,8 @@ static int alloc_nand_resource(struct pxa3xx_nand_info 
*info)
        info->variant = pxa3xx_nand_get_variant();
        for (cs = 0; cs < pdata->num_cs; cs++) {
                mtd = &nand_info[cs];
-               chip = (struct nand_chip *)info +
-                       sizeof(struct pxa3xx_nand_host);
+               chip = (struct nand_chip *)
+                       ((u8 *)&info[1] + sizeof(*host) * cs);
                host = (struct pxa3xx_nand_host *)chip;
                info->host[cs] = host;
                host->mtd = mtd;
@@ -1600,19 +1600,12 @@ void board_nand_init(void)
        struct pxa3xx_nand_host *host;
        int ret;
 
-       info = kzalloc(sizeof(*info) + (sizeof(struct mtd_info) +
-                                       sizeof(*host)) *
-                      CONFIG_SYS_MAX_NAND_DEVICE, GFP_KERNEL);
+       info = kzalloc(sizeof(*info) +
+                               sizeof(*host) * CONFIG_SYS_MAX_NAND_DEVICE,
+                       GFP_KERNEL);
        if (!info)
                return;
 
-       /*
-        * If CONFIG_SYS_NAND_SELF_INIT is defined, each driver is responsible
-        * for instantiating struct nand_chip, while drivers/mtd/nand/nand.c
-        * still provides a "struct mtd_info nand_info" instance.
-        */
-       info->host[0]->mtd = &nand_info[0];
-
        ret = pxa3xx_nand_probe(info);
        if (ret)
                return;
-- 
2.4.6
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

Reply via email to