Commit 52d039fd authored by Dan Carpenter's avatar Dan Carpenter Committed by David Woodhouse

mtd: pxa3xx_nand: NULL dereference in pxa3xx_nand_probe

"info->cmdset" gets dereferenced in __readid() so it needs to be
initialized earlier in the function.  This bug was introduced in
18c81b18 "mtd: pxa3xx_nand: remove the flash info in driver
structure".

Cc: stable@kernel.org [2.6.37+]
Reported-and-tested-by: default avatarSven Neumann <s.neumann@raumfeld.com>
Signed-off-by: default avatarDan Carpenter <error27@gmail.com>
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent a121f643
...@@ -885,6 +885,7 @@ static int pxa3xx_nand_detect_config(struct pxa3xx_nand_info *info) ...@@ -885,6 +885,7 @@ static int pxa3xx_nand_detect_config(struct pxa3xx_nand_info *info)
/* set info fields needed to __readid */ /* set info fields needed to __readid */
info->read_id_bytes = (info->page_size == 2048) ? 4 : 2; info->read_id_bytes = (info->page_size == 2048) ? 4 : 2;
info->reg_ndcr = ndcr; info->reg_ndcr = ndcr;
info->cmdset = &default_cmdset;
if (__readid(info, &id)) if (__readid(info, &id))
return -ENODEV; return -ENODEV;
...@@ -915,7 +916,6 @@ static int pxa3xx_nand_detect_config(struct pxa3xx_nand_info *info) ...@@ -915,7 +916,6 @@ static int pxa3xx_nand_detect_config(struct pxa3xx_nand_info *info)
info->ndtr0cs0 = nand_readl(info, NDTR0CS0); info->ndtr0cs0 = nand_readl(info, NDTR0CS0);
info->ndtr1cs0 = nand_readl(info, NDTR1CS0); info->ndtr1cs0 = nand_readl(info, NDTR1CS0);
info->cmdset = &default_cmdset;
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment