leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2ff46e6fea
linux/drivers
History
Brian Norris 2ff46e6fea mtd: spi-nor: fix NULL dereference when no match found in spi_nor_ids[] 
Commit 06bb6f5a69 ("mtd: spi-nor: stop (ab)using struct
spi_device_id") converted an array into a pointer, which means that
we should be checking if the pointer goes anywhere, not whether the C
string is empty. To do the latter means we dereference a NULL pointer
when we reach the terminating entry, for which 'name' is now NULL
instead of an array { 0, 0, ... }.

Sample crash:

[    1.101371] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[    1.109457] pgd = c0004000
[    1.112157] [00000000] *pgd=00000000
[    1.115736] Internal error: Oops: 5 [#1] SMP ARM
[    1.120345] Modules linked in:
[    1.123405] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 4.2.0-next-20150902+ #61
[    1.130611] Hardware name: Rockchip (Device Tree)
[    1.135306] task: ee0b8d40 ti: ee0ba000 task.ti: ee0ba000
[    1.140697] PC is at spi_nor_scan+0x90/0x8c4
[    1.144958] LR is at spi_nor_scan+0xa4/0x8c4
...
[    1.504112] [<c03cc2e0>] (spi_nor_scan) from [<c03cb188>] (m25p_probe+0xc8/0x11c)
[    1.511583] [<c03cb188>] (m25p_probe) from [<c03cd9d8>] (spi_drv_probe+0x60/0x7c)
[    1.519055] [<c03cd9d8>] (spi_drv_probe) from [<c037faa0>] (driver_probe_device+0x1a0/0x444)
[    1.527478] [<c037faa0>] (driver_probe_device) from [<c037fec8>] (__device_attach_driver+0x94/0xa0)
[    1.536507] [<c037fec8>] (__device_attach_driver) from [<c037db3c>] (bus_for_each_drv+0x94/0xa4)
[    1.545277] [<c037db3c>] (bus_for_each_drv) from [<c037f7e4>] (__device_attach+0xa4/0x144)
[    1.553526] [<c037f7e4>] (__device_attach) from [<c0380058>] (device_initial_probe+0x1c/0x20)
[    1.562035] [<c0380058>] (device_initial_probe) from [<c037ec88>] (bus_probe_device+0x38/0x94)
[    1.570631] [<c037ec88>] (bus_probe_device) from [<c037ccf4>] (device_add+0x430/0x558)
[    1.578534] [<c037ccf4>] (device_add) from [<c03d0240>] (spi_add_device+0xe4/0x174)
[    1.586178] [<c03d0240>] (spi_add_device) from [<c03d0a24>] (spi_register_master+0x698/0x7d4)
[    1.594688] [<c03d0a24>] (spi_register_master) from [<c03d0ba0>] (devm_spi_register_master+0x40/0x7c)
[    1.603892] [<c03d0ba0>] (devm_spi_register_master) from [<c03d2fb4>] (rockchip_spi_probe+0x360/0x3f4)
[    1.613182] [<c03d2fb4>] (rockchip_spi_probe) from [<c0381e34>] (platform_drv_probe+0x58/0xa8)
[    1.621779] [<c0381e34>] (platform_drv_probe) from [<c037faa0>] (driver_probe_device+0x1a0/0x444)
[    1.630635] [<c037faa0>] (driver_probe_device) from [<c037fdc4>] (__driver_attach+0x80/0xa4)
[    1.639058] [<c037fdc4>] (__driver_attach) from [<c037e850>] (bus_for_each_dev+0x98/0xac)
[    1.647221] [<c037e850>] (bus_for_each_dev) from [<c037f448>] (driver_attach+0x28/0x30)
[    1.655210] [<c037f448>] (driver_attach) from [<c037ef74>] (bus_add_driver+0x128/0x250)
[    1.663200] [<c037ef74>] (bus_add_driver) from [<c0380c40>] (driver_register+0xac/0xf0)
[    1.671191] [<c0380c40>] (driver_register) from [<c0381d50>] (__platform_driver_register+0x58/0x6c)
[    1.680221] [<c0381d50>] (__platform_driver_register) from [<c0a467c8>] (rockchip_spi_driver_init+0x18/0x20)
[    1.690033] [<c0a467c8>] (rockchip_spi_driver_init) from [<c00098a4>] (do_one_initcall+0x124/0x1dc)
[    1.699063] [<c00098a4>] (do_one_initcall) from [<c0a19f84>] (kernel_init_freeable+0x218/0x2ec)
[    1.707748] [<c0a19f84>] (kernel_init_freeable) from [<c0719ed8>] (kernel_init+0x1c/0xf4)
[    1.715912] [<c0719ed8>] (kernel_init) from [<c000fe50>] (ret_from_fork+0x14/0x24)
[    1.723460] Code: e3510000 159f67c0 0a00000c e5961000 (e5d13000)
[    1.729564] ---[ end trace 95baa6b3b861ce25 ]---

Fixes: 06bb6f5a69 ("mtd: spi-nor: stop (ab)using struct spi_device_id")
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Cc: Rafał Miłecki <zajec5@gmail.com>
2015-09-02 16:34:35 -07:00
..
accessibility
acpi Additional ACPICA material for v4.2-rc1 2015-07-02 17:11:28 -07:00
amba
android
ata ARM: SoC cleanups for v4.2 2015-06-26 11:08:27 -07:00
atm
auxdisplay
base Merge branch 'akpm' (patches from Andrew) 2015-07-01 17:47:51 -07:00
bcma
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-07-04 19:36:06 -07:00
bluetooth Bluetooth: ath3k: Add support of 04ca:300d AR3012 device 2015-06-18 21:00:06 +03:00
bus ARM: SoC: driver updates for v4.2 2015-06-26 11:54:29 -07:00
cdrom
char Merge tag 'drm-intel-next-fixes-2015-07-02' of git://anongit.freedesktop.org/drm-intel 2015-07-02 14:36:40 -07:00
clk Replace module_platform_driver with builtin_platform driver in non modules. 2015-07-02 10:42:13 -07:00
clocksource Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:44:18 -07:00
connector
cpufreq Replace module_platform_driver with builtin_platform driver in non modules. 2015-07-02 10:42:13 -07:00
cpuidle Replace module_platform_driver with builtin_platform driver in non modules. 2015-07-02 10:42:13 -07:00
crypto crypto: marvell/cesa - another fix up for of_get_named_gen_pool() rename 2015-07-03 11:37:02 -07:00
dca
devfreq
dio
dma Merge branch 'akpm' (patches from Andrew) 2015-07-01 17:47:51 -07:00
dma-buf
edac A build fix for octeon_edac from Aaro Koskinen. 2015-07-03 12:10:12 -07:00
eisa
extcon
firewire
firmware Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2015-07-03 15:20:57 -07:00
fmc
gpio Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:19:35 -07:00
gpu Merge tag 'topic/drm-fixes-2015-07-04' of git://anongit.freedesktop.org/drm-intel 2015-07-03 16:09:29 -07:00
hid Merge branches 'for-4.2/i2c-hid', 'for-4.2/lenovo', 'for-4.2/plantronics', 'for-4.2/rmi', 'for-4.2/sensor-hub', 'for-4.2/sjoy', 'for-4.2/sony' and 'for-4.2/wacom' into for-linus 2015-06-22 16:23:43 +02:00
hsi Fix up implicit <module.h> users that will break later. 2015-07-02 10:25:22 -07:00
hv
hwmon hwmon: (w83627ehf) Use swap() in w82627ehf_swap_tempreg() 2015-07-03 14:39:06 +02:00
hwspinlock hwspinlock: qcom: Correct msb in regmap_field 2015-07-01 16:15:05 +03:00
hwtracing/coresight
i2c Char/Misc driver patches for 4.2-rc1 2015-06-26 14:51:15 -07:00
ide Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
idle
iio
infiniband Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-07-04 19:36:06 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-07-04 08:14:22 -07:00
iommu IOMMU Fixes for Linux v4.2-rc0 2015-07-01 14:44:22 -07:00
ipack
irqchip Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-04 09:22:51 -07:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-06-24 16:49:49 -07:00
leds Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds 2015-07-01 19:09:11 -07:00
lguest Merge branch 'x86-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-06-22 17:59:09 -07:00
macintosh
mailbox Replace module_init with appropriate alternate initcall in non modules. 2015-07-02 10:36:29 -07:00
mcb
md Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-07-04 19:36:06 -07:00
media Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds 2015-07-01 19:09:11 -07:00
memory ARM: SoC: driver updates for v4.2 2015-06-26 11:54:29 -07:00
memstick memstick: remove deprecated use of pci api 2015-06-30 19:44:57 -07:00
message
mfd Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:19:35 -07:00
misc Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
mmc ARM: SoC: late fixes and dependencies 2015-07-02 14:40:49 -07:00
mtd mtd: spi-nor: fix NULL dereference when no match found in spi_nor_ids[] 2015-09-02 16:34:35 -07:00
net A very significant modification to NTB in this series. 2015-07-04 14:07:47 -07:00
nfc Char/Misc driver patches for 4.2-rc1 2015-06-26 14:51:15 -07:00
ntb NTB: Add split BAR output for debugfs stats 2015-07-04 14:09:32 -04:00
nubus
nvdimm arch, x86: pmem api for ensuring durability of persistent memory updates 2015-06-26 11:23:38 -04:00
of Devicetree changes for v4.2 2015-07-01 19:40:18 -07:00
oprofile
parisc
parport
pci Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:19:35 -07:00
pcmcia Fix up implicit <module.h> users that will break later. 2015-07-02 10:25:22 -07:00
phy Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2015-06-27 12:44:34 -07:00
pinctrl Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:19:35 -07:00
platform platform-drivers-x86 for 4.2-2 2015-07-05 10:54:09 -07:00
pnp Merge branches 'pnp' and 'pm-tools' 2015-06-19 01:18:43 +02:00
power Replace module_platform_driver with builtin_platform driver in non modules. 2015-07-02 10:42:13 -07:00
powercap
pps
ps3
ptp
pwm pwm: Changes for v4.2-rc1 2015-06-23 13:32:38 -07:00
rapidio Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-06-23 14:08:54 -07:00
ras
regulator Fix up implicit <module.h> users that will break later. 2015-07-02 10:25:22 -07:00
remoteproc remoteproc: fix !CONFIG_OF build breakage 2015-06-18 11:44:41 +03:00
reset
rpmsg
rtc Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2015-06-27 12:44:34 -07:00
s390 KVM: s390: virtio-ccw: don't overwrite config space values 2015-07-03 18:55:18 +02:00
sbus
scsi Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
sfi
sh Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2015-07-01 15:19:35 -07:00
sn
soc ARM: SoC: late fixes and dependencies 2015-07-02 14:40:49 -07:00
spi Merge remote-tracking branches 'spi/topic/sirf', 'spi/topic/spidev' and 'spi/topic/zynq' into spi-next 2015-06-18 00:19:56 +01:00
spmi
ssb
staging Staging driver patches for 4.2-rc1 2015-06-26 15:46:08 -07:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
tc
thermal Minor merge needed, due to function move. 2015-07-01 10:49:25 -07:00
thunderbolt
tty ARM: SoC: late fixes and dependencies 2015-07-02 14:40:49 -07:00
uio
usb Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2015-07-04 19:36:06 -07:00
uwb
vfio VFIO updates for v4.2 2015-06-28 12:32:13 -07:00
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
video fbdev fixes for 4.2 2015-07-03 12:11:17 -07:00
virt
virtio virtio/vhost: cross endian support 2015-07-03 16:02:25 -07:00
vlynq
vme
w1
watchdog Merge git://www.linux-watchdog.org/linux-watchdog 2015-07-01 19:33:16 -07:00
xen Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
zorro
Kconfig libnvdimm, nfit: initial libnvdimm infrastructure and NFIT support 2015-06-24 21:24:10 -04:00
Makefile The libnvdimm sub-system introduces, in addition to the libnvdimm-core, 2015-06-29 10:34:42 -07:00