From ae38a196ca587b35615ec3203baf09b87f443439 Mon Sep 17 00:00:00 2001 From: Md Sadre Alam Date: Thu, 4 Jun 2020 00:11:56 +0530 Subject: [PATCH] driver: nand: qpic_nand: Fix NULL pointer dereference. This change will fix NULL pointer dereference while reading from spi nand flash in oobbuf. The multipage read features is only to read with ecc for raw read/write the the access is page wise due to mtd layer will request only one page at a time. So don't increment oobbuf for every page while reading if already bitflips are present in spi nand flash. if so data abort will happen due to NULL pointer dereference. error: NAND read: device 0 offset 0x4480000, size 0x1000 data abort pc : [<4a9515ec>] lr : [<44000e18>] reloc pc : [<4a9515ec>] lr : [<44000e18>] sp : 4a77f6f4 ip : bbfff3dc fp : 4a783510 r10: 4a97bb40 r9 : 4a77feb0 r8 : 44000e0c r7 : 4a97ca2c r6 : 0000000f r5 : 00000004 r4 : 00000003 r3 : ffffffff r2 : 000001f4 r1 : 000000ff r0 : 44000e0c Flags: nzCv IRQs off FIQs off Mode SVC_32 Resetting CPU ... resetting ... Signed-off-by: Md Sadre Alam Change-Id: I435f65183b56ceef64bad7d0df7ffebe02175a66 --- drivers/mtd/nand/qpic_nand.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/nand/qpic_nand.c b/drivers/mtd/nand/qpic_nand.c index 62235ec4e1..05a3c5af0a 100644 --- a/drivers/mtd/nand/qpic_nand.c +++ b/drivers/mtd/nand/qpic_nand.c @@ -3081,8 +3081,8 @@ static int qpic_nand_multi_page_read(struct mtd_info *mtd, uint32_t page, } if (uncorrectable_err_cws) { - nand_ret = qpic_nand_check_erased_page(mtd, page, (ops_datbuf + (j * mtd->writesize)), - ops_oobbuf + j * 64, + nand_ret = qpic_nand_check_erased_page(mtd, page + j, (ops_datbuf + (j * mtd->writesize)), + ops_oobbuf, uncorrectable_err_cws, &max_bitflips); if (nand_ret < 0) @@ -3449,7 +3449,6 @@ static int qpic_nand_read_page_scope_multi_page(struct mtd_info *mtd, start_page = ((to >> chip->page_shift)); num_pages = qpic_get_read_page_count(mtd, ops, to); - while (1) { if (num_pages > MAX_MULTI_PAGE) {