[U-Boot] [PATCH] mtd: pxa3xx_nand: Correct allocation and init bug

Kevin Smith kevin.smith at elecsyscorp.com
Fri Oct 23 19:49:58 CEST 2015 

Correct a null pointer dereference in board_nand_init().  Zeroed
memory was allocated, then immediately dereferenced, which is a
null dereference.  The dereference is completely removed, since
this pointer is later initialized in alloc_nand_resources.

The allocation size is reduced from what was introduced from the
Linux kernel, as U-boot uses the statically allocated nand_info
instead of needing to dynamically allocate an mtd_info instance.

Also, some pointer math was corrected in the initialization of
the nand_chip pointer.

Signed-off-by: Kevin Smith <kevin.smith at elecsyscorp.com>
Cc: Stefan Roese <sr at denx.de>
Cc: Luka Perkov <luka.perkov at sartura.hr>
Cc: Scott Wood <scottwood at freescale.com>
---
 drivers/mtd/nand/pxa3xx_nand.c | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c
index 1565a9a..e5ea5c2 100644
--- a/drivers/mtd/nand/pxa3xx_nand.c
+++ b/drivers/mtd/nand/pxa3xx_nand.c
@@ -1486,8 +1486,8 @@ static int alloc_nand_resource(struct pxa3xx_nand_info *info)
 	info->variant = pxa3xx_nand_get_variant();
 	for (cs = 0; cs < pdata->num_cs; cs++) {
 		mtd = &nand_info[cs];
-		chip = (struct nand_chip *)info +
-			sizeof(struct pxa3xx_nand_host);
+		chip = (struct nand_chip *)
+			((u8 *)&info[1] + sizeof(*host) * cs);
 		host = (struct pxa3xx_nand_host *)chip;
 		info->host[cs] = host;
 		host->mtd = mtd;
@@ -1600,19 +1600,12 @@ void board_nand_init(void)
 	struct pxa3xx_nand_host *host;
 	int ret;
 
-	info = kzalloc(sizeof(*info) + (sizeof(struct mtd_info) +
-					sizeof(*host)) *
-		       CONFIG_SYS_MAX_NAND_DEVICE, GFP_KERNEL);
+	info = kzalloc(sizeof(*info) +
+				sizeof(*host) * CONFIG_SYS_MAX_NAND_DEVICE,
+			GFP_KERNEL);
 	if (!info)
 		return;
 
-	/*
-	 * If CONFIG_SYS_NAND_SELF_INIT is defined, each driver is responsible
-	 * for instantiating struct nand_chip, while drivers/mtd/nand/nand.c
-	 * still provides a "struct mtd_info nand_info" instance.
-	 */
-	info->host[0]->mtd = &nand_info[0];
-
 	ret = pxa3xx_nand_probe(info);
 	if (ret)
 		return;
-- 
2.4.6

More information about the U-Boot mailing list