While trying to add support for older Meson SoCs to the meson-nand
driver I was experiencing a crash in meson_nfc_read_buf(). While trying
to find out why that happened I inspected the code in that function and
found that there's:
- a missing check on the return value of a kzalloc() call
- a potential memory leak in it
Both fixes have nothing to do with my original crash (for which I'll
open a separate thread).
Martin Blumenstingl (2):
mtd: rawnand: meson: add missing ENOMEM check in meson_nfc_read_buf()
mtd: rawnand: meson: fix a potential memory leak in meson_nfc_read_buf
drivers/mtd/nand/raw/meson_nand.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--
2.21.0
kzalloc() can return NULL if memory could not be allocated. Check the
return value of the kzalloc() call in meson_nfc_read_buf() to make it
consistent with other memory allocations within the meson_nand driver.
Fixes: 8fae856c53500a ("mtd: rawnand: meson: add support for Amlogic NAND flash controller")
Signed-off-by: Martin Blumenstingl <[email protected]>
---
drivers/mtd/nand/raw/meson_nand.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c
index 3e8aa71407b5..a1d8506b61c7 100644
--- a/drivers/mtd/nand/raw/meson_nand.c
+++ b/drivers/mtd/nand/raw/meson_nand.c
@@ -528,6 +528,9 @@ static int meson_nfc_read_buf(struct nand_chip *nand, u8 *buf, int len)
u8 *info;
info = kzalloc(PER_INFO_BYTE, GFP_KERNEL);
+ if (!info)
+ return -ENOMEM;
+
ret = meson_nfc_dma_buffer_setup(nand, buf, len, info,
PER_INFO_BYTE, DMA_FROM_DEVICE);
if (ret)
--
2.21.0
meson_nfc_dma_buffer_setup() is called with the "info" buffer which is
allocated a few lines before using kzalloc(). If
meson_nfc_dma_buffer_setup() fails we need to free the allocated "info"
buffer instead of only freeing it upon success.
Fixes: 8fae856c53500a ("mtd: rawnand: meson: add support for Amlogic NAND flash controller")
Signed-off-by: Martin Blumenstingl <[email protected]>
---
drivers/mtd/nand/raw/meson_nand.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c
index a1d8506b61c7..38db4fd61459 100644
--- a/drivers/mtd/nand/raw/meson_nand.c
+++ b/drivers/mtd/nand/raw/meson_nand.c
@@ -534,7 +534,7 @@ static int meson_nfc_read_buf(struct nand_chip *nand, u8 *buf, int len)
ret = meson_nfc_dma_buffer_setup(nand, buf, len, info,
PER_INFO_BYTE, DMA_FROM_DEVICE);
if (ret)
- return ret;
+ goto out;
cmd = NFC_CMD_N2M | (len & GENMASK(5, 0));
writel(cmd, nfc->reg_base + NFC_REG_CMD);
@@ -542,6 +542,8 @@ static int meson_nfc_read_buf(struct nand_chip *nand, u8 *buf, int len)
meson_nfc_drain_cmd(nfc);
meson_nfc_wait_cmd_finish(nfc, 1000);
meson_nfc_dma_buffer_release(nand, len, PER_INFO_BYTE, DMA_FROM_DEVICE);
+
+out:
kfree(info);
return ret;
--
2.21.0
Hello Martin,
On 2019/3/2 1:38, Martin Blumenstingl wrote:
> kzalloc() can return NULL if memory could not be allocated. Check the
> return value of the kzalloc() call in meson_nfc_read_buf() to make it
> consistent with other memory allocations within the meson_nand driver.
>
> Fixes: 8fae856c53500a ("mtd: rawnand: meson: add support for Amlogic NAND flash controller")
> Signed-off-by: Martin Blumenstingl <[email protected]>
> ---
> drivers/mtd/nand/raw/meson_nand.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c
> index 3e8aa71407b5..a1d8506b61c7 100644
> --- a/drivers/mtd/nand/raw/meson_nand.c
> +++ b/drivers/mtd/nand/raw/meson_nand.c
> @@ -528,6 +528,9 @@ static int meson_nfc_read_buf(struct nand_chip *nand, u8 *buf, int len)
> u8 *info;
>
> info = kzalloc(PER_INFO_BYTE, GFP_KERNEL);
> + if (!info)
> + return -ENOMEM;
> +
Thank you very much. it is really good to me.
Acked-by: Liang Yang <[email protected]>
> ret = meson_nfc_dma_buffer_setup(nand, buf, len, info,
> PER_INFO_BYTE, DMA_FROM_DEVICE);
> if (ret)
>
Hello Martin,
Thank you very much.
On 2019/3/2 1:38, Martin Blumenstingl wrote:
> meson_nfc_dma_buffer_setup() is called with the "info" buffer which is
> allocated a few lines before using kzalloc(). If
> meson_nfc_dma_buffer_setup() fails we need to free the allocated "info"
> buffer instead of only freeing it upon success.
>
> Fixes: 8fae856c53500a ("mtd: rawnand: meson: add support for Amlogic NAND flash controller")
> Signed-off-by: Martin Blumenstingl <[email protected]>
> ---
> drivers/mtd/nand/raw/meson_nand.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c
> index a1d8506b61c7..38db4fd61459 100644
> --- a/drivers/mtd/nand/raw/meson_nand.c
> +++ b/drivers/mtd/nand/raw/meson_nand.c
> @@ -534,7 +534,7 @@ static int meson_nfc_read_buf(struct nand_chip *nand, u8 *buf, int len)
> ret = meson_nfc_dma_buffer_setup(nand, buf, len, info,
> PER_INFO_BYTE, DMA_FROM_DEVICE);
> if (ret)
> - return ret;
> + goto out;
> Looks good to me.
Acked-by: Liang Yang <[email protected]>
> cmd = NFC_CMD_N2M | (len & GENMASK(5, 0));
> writel(cmd, nfc->reg_base + NFC_REG_CMD);
> @@ -542,6 +542,8 @@ static int meson_nfc_read_buf(struct nand_chip *nand, u8 *buf, int len)
> meson_nfc_drain_cmd(nfc);
> meson_nfc_wait_cmd_finish(nfc, 1000);
> meson_nfc_dma_buffer_release(nand, len, PER_INFO_BYTE, DMA_FROM_DEVICE);
> +
> +out:
Looks good to me.
Acked-by: Liang Yang <[email protected]>
> kfree(info);
>
> return ret;
>