Commit 4b56ffca authored by H Hartley Sweeten's avatar H Hartley Sweeten Committed by David Woodhouse

mtd: Fix kernel NULL pointer dereference in physmap.c

During the probe for physmap platform flash devices there are a
number error exit conditions that all do a goto err_out which
then calls physmap_flash_remove().  In that function one of the
cleanup steps is:

#ifdef CONFIG_MTD_CONCAT
	if (info->cmtd != info->mtd[0])
		mtd_concat_destroy(info->cmtd);
#endif

This test will succeed since info->cmtd == NULL and info->mtd[0] is
valid.

Fix this by exiting the remove function when info->cmtd == NULL.

Also, cleanup the #ifdef CONFIG_MTD_PARTITIONS stuff by using
mtd_has_partitions().
Signed-off-by: default avatarH Hartley Sweeten <hsweeten@visionengravers.com>
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 2d098a72
...@@ -44,22 +44,23 @@ static int physmap_flash_remove(struct platform_device *dev) ...@@ -44,22 +44,23 @@ static int physmap_flash_remove(struct platform_device *dev)
return 0; return 0;
platform_set_drvdata(dev, NULL); platform_set_drvdata(dev, NULL);
if (info->cmtd == NULL)
return 0;
physmap_data = dev->dev.platform_data; physmap_data = dev->dev.platform_data;
if (info->cmtd) { if (mtd_has_partitions()) {
#ifdef CONFIG_MTD_PARTITIONS if (info->nr_parts || physmap_data->nr_parts) {
if (info->nr_parts || physmap_data->nr_parts)
del_mtd_partitions(info->cmtd); del_mtd_partitions(info->cmtd);
else
if (info->nr_parts)
kfree(info->parts);
} else {
del_mtd_device(info->cmtd); del_mtd_device(info->cmtd);
#else }
} else {
del_mtd_device(info->cmtd); del_mtd_device(info->cmtd);
#endif
} }
#ifdef CONFIG_MTD_PARTITIONS
if (info->nr_parts)
kfree(info->parts);
#endif
#ifdef CONFIG_MTD_CONCAT #ifdef CONFIG_MTD_CONCAT
if (info->cmtd != info->mtd[0]) if (info->cmtd != info->mtd[0])
...@@ -169,7 +170,7 @@ static int physmap_flash_probe(struct platform_device *dev) ...@@ -169,7 +170,7 @@ static int physmap_flash_probe(struct platform_device *dev)
if (err) if (err)
goto err_out; goto err_out;
#ifdef CONFIG_MTD_PARTITIONS if (mtd_has_partitions()) {
err = parse_mtd_partitions(info->cmtd, part_probe_types, err = parse_mtd_partitions(info->cmtd, part_probe_types,
&info->parts, 0); &info->parts, 0);
if (err > 0) { if (err > 0) {
...@@ -184,7 +185,7 @@ static int physmap_flash_probe(struct platform_device *dev) ...@@ -184,7 +185,7 @@ static int physmap_flash_probe(struct platform_device *dev)
physmap_data->nr_parts); physmap_data->nr_parts);
return 0; return 0;
} }
#endif }
add_mtd_device(info->cmtd); add_mtd_device(info->cmtd);
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment