redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers/mtd
History
Will Newton 7a84477c4a mtd: fix oops in dataflash driver 
I'm seeing an oops in mtd_dataflash.c with Linux 3.3. What appears to
be happening is that otp_select_filemode calls mtd_read_fact_prot_reg
with -1 for offset and length and a NULL buffer to test if OTP
operations are supported. This finds its way down to otp_read in
mtd_dataflash.c and causes an oops when memcpying the returned data
into the NULL buf.

None of the checks in otp_read catches the negative length and offset.
Changing the length of the dummy read to 0 prevents the oops.

Cc: stable@kernel.org [3.3+]
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
2012-05-07 20:29:50 +01:00
..
chips MTD merge for 3.4 2012-03-30 17:31:56 -07:00
devices MTD merge for 3.4 2012-03-30 17:31:56 -07:00
lpddr mtd: move zero length verification to MTD API functions 2012-03-27 00:32:19 +01:00
maps MTD merge for 3.4 2012-03-30 17:31:56 -07:00
nand MTD merge for 3.4 2012-03-30 17:31:56 -07:00
onenand MTD merge for 3.4 2012-03-30 17:31:56 -07:00
tests mtd: introduce mtd_can_have_bb helper 2012-01-09 18:26:24 +00:00
ubi Merge branch 'akpm' (Andrew's patch-bomb) 2012-04-05 15:30:34 -07:00
afs.c mtd: introduce mtd_read interface 2012-01-09 18:25:19 +00:00
ar7part.c mtd: introduce mtd_read interface 2012-01-09 18:25:19 +00:00
bcm63xxpart.c mtd: introduce mtd_read interface 2012-01-09 18:25:19 +00:00
cmdlinepart.c
ftl.c mtd: do not use mtd->sync directly 2012-01-09 18:26:21 +00:00
inftlcore.c mtd: add leading underscore to all mtd functions 2012-03-27 00:20:01 +01:00
inftlmount.c mtd: introduce mtd_block_markbad interface 2012-01-09 18:25:48 +00:00
Kconfig MTD merge for 3.4 2012-03-30 17:31:56 -07:00
Makefile mtd: maps: bcm963xx-flash: make CFE partition parsing an mtd parser 2012-01-09 18:15:31 +00:00
mtd_blkdevs.c mtd: mtdblock: call mtd_sync() only if opened for write 2012-03-27 00:11:11 +01:00
mtdblock.c mtd: mtdblock: call mtd_sync() only if opened for write 2012-03-27 00:11:11 +01:00
mtdblock_ro.c mtd: introduce mtd_write interface 2012-01-09 18:25:20 +00:00
mtdchar.c mtd: fix oops in dataflash driver 2012-05-07 20:29:50 +01:00
mtdconcat.c mtd: unify initialization of erase_info->fail_addr 2012-03-27 01:02:24 +01:00
mtdcore.c mtd: unify initialization of erase_info->fail_addr 2012-03-27 01:02:24 +01:00
mtdcore.h
mtdoops.c mtdoops: clean-up new MTD API usage 2012-03-27 00:23:53 +01:00
mtdpart.c mtd: flash drivers set ecc strength 2012-03-27 00:56:46 +01:00
mtdsuper.c
mtdswap.c mtd: do not use mtd->block_markbad directly 2012-01-09 18:26:26 +00:00
nftlcore.c mtd: nftlcore: remove out-of-date and now irrelevant piece of code 2012-03-27 00:24:03 +01:00
nftlmount.c mtd: introduce mtd_block_markbad interface 2012-01-09 18:25:48 +00:00
ofpart.c
redboot.c mtd: redboot: remove useless code 2012-03-27 00:24:14 +01:00
rfd_ftl.c mtd: do not use mtd->sync directly 2012-01-09 18:26:21 +00:00
sm_ftl.c mtd: sm_ftl: fix typo in major number. 2012-03-27 01:01:26 +01:00
sm_ftl.h
ssfdc.c mtd: introduce mtd_block_isbad interface 2012-01-09 18:25:47 +00:00