Bug 26212

Summary: kernel NULL pointer dereference in pxa3xx_nand_probe
Product: Platform Specific/Hardware Reporter: Maciej Rutecki (maciej.rutecki)
Component: ARMAssignee: linux-arm-kernel (linux-arm-kernel)
Status: CLOSED CODE_FIX    
Severity: normal CC: maciej.rutecki, rjw, s.neumann
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.37 Subsystem:
Regression: Yes Bisected commit-id:
Bug Depends on:    
Bug Blocks: 21782    

Description Maciej Rutecki 2011-01-06 10:12:59 UTC 
Subject    : kernel NULL pointer dereference in pxa3xx_nand_probe
Submitter  : Sven Neumann <s.neumann@raumfeld.com>
Date       : 2011-01-05 11:43
Message-ID : 1294227801.3996.62.camel@sven
References : http://marc.info/?l=linux-kernel&m=129422903703756&w=2

This entry is being used for tracking a regression from 2.6.36. Please don't
close it until the problem is fixed in the mainline.
Comment 1 Sven Neumann 2011-02-03 08:41:25 UTC 
This is fixed in mainline and the patch has been submitted for inclusion in 2.6.37 (I haven't verified if it did actually end up there):

commit 52d039fdaa78c5a9f9bc2940ad58d7ed76b8336d
Author: Dan Carpenter <error27@gmail.com>
Date:   Thu Jan 6 17:05:36 2011 +0300

    mtd: pxa3xx_nand: NULL dereference in pxa3xx_nand_probe
    
    "info->cmdset" gets dereferenced in __readid() so it needs to be
    initialized earlier in the function.  This bug was introduced in
    18c81b1828f8 "mtd: pxa3xx_nand: remove the flash info in driver
    structure".
    
    Cc: stable@kernel.org [2.6.37+]
    Reported-and-tested-by: Sven Neumann <s.neumann@raumfeld.com>
    Signed-off-by: Dan Carpenter <error27@gmail.com>
    Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>