lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20251023033201.2182-1-niravkumarlaxmidas.rabara@altera.com>
Date: Thu, 23 Oct 2025 11:32:01 +0800
From: niravkumarlaxmidas.rabara@...era.com
To: miquel.raynal@...tlin.com,
	richard@....at,
	vigneshr@...com
Cc: linux-mtd@...ts.infradead.org,
	linux-kernel@...r.kernel.org,
	Niravkumar L Rabara <niravkumarlaxmidas.rabara@...era.com>,
	stable@...r.kernel.org
Subject: [PATCH] mtd: rawnand: cadence: fix DMA device NULL pointer dereference

From: Niravkumar L Rabara <niravkumarlaxmidas.rabara@...era.com>

The DMA device pointer `dma_dev` was being dereferenced before ensuring
that `cdns_ctrl->dmac` is properly initialized.

Move the assignment of `dma_dev` after successfully acquiring the DMA
channel to ensure the pointer is valid before use.

Fixes: d76d22b5096c ("mtd: rawnand: cadence: use dma_map_resource for sdma address")
Cc: stable@...r.kernel.org
Signed-off-by: Niravkumar L Rabara <niravkumarlaxmidas.rabara@...era.com>
---

This patch fixes below kernel Oops:
...
[    1.469661] cadence-nand-controller 10b80000.nand-controller: IRQ: nr 21
[    1.476591] Unable to handle kernel paging request at virtual address fffffffffffffff8
[    1.484493] Mem abort info:
[    1.487280]   ESR = 0x0000000096000004
[    1.491019]   EC = 0x25: DABT (current EL), IL = 32 bits
[    1.496318]   SET = 0, FnV = 0
[    1.499366]   EA = 0, S1PTW = 0
[    1.502499]   FSC = 0x04: level 0 translation fault
[    1.507363] Data abort info:
[    1.510237]   ISV = 0, ISS = 0x00000004
[    1.514062]   CM = 0, WnR = 0
[    1.517024] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000087a0a000
[    1.523706] [fffffffffffffff8] pgd=0000000000000000, p4d=0000000000000000
[    1.530490] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
...

 drivers/mtd/nand/raw/cadence-nand-controller.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/mtd/nand/raw/cadence-nand-controller.c b/drivers/mtd/nand/raw/cadence-nand-controller.c
index 6667eea95597..32ed38b89394 100644
--- a/drivers/mtd/nand/raw/cadence-nand-controller.c
+++ b/drivers/mtd/nand/raw/cadence-nand-controller.c
@@ -2871,7 +2871,7 @@ cadence_nand_irq_cleanup(int irqnum, struct cdns_nand_ctrl *cdns_ctrl)
 static int cadence_nand_init(struct cdns_nand_ctrl *cdns_ctrl)
 {
 	dma_cap_mask_t mask;
-	struct dma_device *dma_dev = cdns_ctrl->dmac->device;
+	struct dma_device *dma_dev;
 	int ret;
 
 	cdns_ctrl->cdma_desc = dma_alloc_coherent(cdns_ctrl->dev,
@@ -2915,6 +2915,7 @@ static int cadence_nand_init(struct cdns_nand_ctrl *cdns_ctrl)
 		}
 	}
 
+	dma_dev = cdns_ctrl->dmac->device;
 	cdns_ctrl->io.iova_dma = dma_map_resource(dma_dev->dev, cdns_ctrl->io.dma,
 						  cdns_ctrl->io.size,
 						  DMA_BIDIRECTIONAL, 0);
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ