From: Ard Biesheuvel Date: Sun, 30 Nov 2014 12:51:03 +0000 (+0100) Subject: mtd: physmap_of: fix potential NULL dereference X-Git-Tag: v4.13~6085^2~1 X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=92b633a8a482c4bc1ff3b7cffdcace7836861554;p=mirror_ubuntu-bionic-kernel.git mtd: physmap_of: fix potential NULL dereference On device remove, when testing the cmtd field of an of_flash struct to decide whether it is a concatenated device or not, we get a false positive on cmtd == NULL, and dereference it subsequently. This may occur if of_flash_remove() is called from the cleanup path of of_flash_probe(). Instead, test for NULL first, and only then perform the test for a concatenated device. Signed-off-by: Ard Biesheuvel Signed-off-by: Brian Norris --- diff --git a/drivers/mtd/maps/physmap_of.c b/drivers/mtd/maps/physmap_of.c index c1d21cb501ca..e48930424091 100644 --- a/drivers/mtd/maps/physmap_of.c +++ b/drivers/mtd/maps/physmap_of.c @@ -47,14 +47,12 @@ static int of_flash_remove(struct platform_device *dev) return 0; dev_set_drvdata(&dev->dev, NULL); - if (info->cmtd != info->list[0].mtd) { + if (info->cmtd) { mtd_device_unregister(info->cmtd); - mtd_concat_destroy(info->cmtd); + if (info->cmtd != info->list[0].mtd) + mtd_concat_destroy(info->cmtd); } - if (info->cmtd) - mtd_device_unregister(info->cmtd); - for (i = 0; i < info->list_size; i++) { if (info->list[i].mtd) map_destroy(info->list[i].mtd);