diff options
| author | Michał Kępień <kernel@kempniu.pl> | 2022-06-29 15:57:35 +0300 |
|---|---|---|
| committer | Miquel Raynal <miquel.raynal@bootlin.com> | 2022-09-21 11:38:07 +0300 |
| commit | 745df17906029cc683b8b5ac8bcb08f82860baff (patch) | |
| tree | 7880199cc6c84d6715d0b6979fe7bdf5cc8cc576 /drivers/mtd/nand/onenand | |
| parent | 65394169bdae073bfb2c6816f5bf095bd7d53e61 (diff) | |
| download | linux-745df17906029cc683b8b5ac8bcb08f82860baff.tar.xz | |
mtd: always initialize 'stats' in struct mtd_oob_ops
As the 'stats' field in struct mtd_oob_ops is used in conditional
expressions, ensure it is always zero-initialized in all such structures
to prevent random stack garbage from being interpreted as a pointer.
Strictly speaking, this problem currently only needs to be fixed for
struct mtd_oob_ops structures subsequently passed to mtd_read_oob().
However, this commit goes a step further and makes all instances of
struct mtd_oob_ops in the tree zero-initialized, in hope of preventing
future problems, e.g. if struct mtd_req_stats gets extended with write
statistics at some point.
Signed-off-by: Michał Kępień <kernel@kempniu.pl>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20220629125737.14418-3-kernel@kempniu.pl
Diffstat (limited to 'drivers/mtd/nand/onenand')
| -rw-r--r-- | drivers/mtd/nand/onenand/onenand_base.c | 4 | ||||
| -rw-r--r-- | drivers/mtd/nand/onenand/onenand_bbt.c | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/drivers/mtd/nand/onenand/onenand_base.c b/drivers/mtd/nand/onenand/onenand_base.c index 958bac54b190..5810104420a2 100644 --- a/drivers/mtd/nand/onenand/onenand_base.c +++ b/drivers/mtd/nand/onenand/onenand_base.c @@ -2935,7 +2935,7 @@ static int do_otp_write(struct mtd_info *mtd, loff_t to, size_t len, struct onenand_chip *this = mtd->priv; unsigned char *pbuf = buf; int ret; - struct mtd_oob_ops ops; + struct mtd_oob_ops ops = { }; /* Force buffer page aligned */ if (len < mtd->writesize) { @@ -2977,7 +2977,7 @@ static int do_otp_lock(struct mtd_info *mtd, loff_t from, size_t len, size_t *retlen, u_char *buf) { struct onenand_chip *this = mtd->priv; - struct mtd_oob_ops ops; + struct mtd_oob_ops ops = { }; int ret; if (FLEXONENAND(this)) { diff --git a/drivers/mtd/nand/onenand/onenand_bbt.c b/drivers/mtd/nand/onenand/onenand_bbt.c index b17315f8e1d4..d7fe35bc45cb 100644 --- a/drivers/mtd/nand/onenand/onenand_bbt.c +++ b/drivers/mtd/nand/onenand/onenand_bbt.c @@ -61,7 +61,7 @@ static int create_bbt(struct mtd_info *mtd, uint8_t *buf, struct nand_bbt_descr int startblock; loff_t from; size_t readlen; - struct mtd_oob_ops ops; + struct mtd_oob_ops ops = { }; int rgn; printk(KERN_INFO "Scanning device for bad blocks\n"); |