Re: [PATCH 4/9] mtd: nand: qcom: fix null pointer access for erased buffer detection
From: Miquel Raynal
Date: Tue Apr 10 2018 - 05:13:07 EST
Hi Abhishek,
On Wed, 4 Apr 2018 18:12:20 +0530, Abhishek Sahu
<absahu@xxxxxxxxxxxxxx> wrote:
> parse_read_errors can be called with only oob buf also in which
> case data_buf will be NULL. If data_buf is NULL, then donât
> treat this page as completely erased in case of ECC uncorrectable
> error.
>
> Signed-off-by: Abhishek Sahu <absahu@xxxxxxxxxxxxxx>
> ---
> drivers/mtd/nand/qcom_nandc.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/mtd/nand/qcom_nandc.c b/drivers/mtd/nand/qcom_nandc.c
> index 57c16a6..0ebcc55 100644
> --- a/drivers/mtd/nand/qcom_nandc.c
> +++ b/drivers/mtd/nand/qcom_nandc.c
> @@ -1607,9 +1607,11 @@ static int parse_read_errors(struct qcom_nand_host *host, u8 *data_buf,
> if (host->bch_enabled) {
> erased = (erased_cw & ERASED_CW) == ERASED_CW ?
> true : false;
Why the parse_read_errors() function could not be called without
data_buf when using BCH? Are you sure the situation can only happen
without it?
Would the following apply here too, with a:
if (!data_buf) {
erased = false;
} else {
if (host->bch_enabled)
...
else
...
}
> - } else {
> + } else if (data_buf) {
> erased = erased_chunk_check_and_fixup(data_buf,
> data_len);
> + } else {
> + erased = false;
> }
>
> if (erased) {
> @@ -1652,7 +1654,8 @@ static int parse_read_errors(struct qcom_nand_host *host, u8 *data_buf,
> max_bitflips = max(max_bitflips, stat);
> }
>
> - data_buf += data_len;
> + if (data_buf)
> + data_buf += data_len;
> if (oob_buf)
> oob_buf += oob_len + ecc->bytes;
> }
Thanks,
MiquÃl
--
Miquel Raynal, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com