From: Gabor Juhos Date: Tue, 12 Dec 2017 20:49:50 +0000 (+0100) Subject: ar71xx: fix invalid pointer dereference in rb95x_nand_scan_fixup() X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=665bb2749906aff4d4ec607a308353fa30cb1b3a;p=openwrt%2Fstaging%2Fnbd.git ar71xx: fix invalid pointer dereference in rb95x_nand_scan_fixup() Since Linux 4.6, mtd->priv no longer points to the NAND specific structure. Under 4.9 it contains NULL, thus using it to access chip->options causes an invalid pointer dereference (FS#1200). Update the code to use the mtd_to_nand() helper under 4.9 to obtain the address of the chip specific data. Fixes: 7bbf4117c6fe ("ar71xx: Add kernel 4.9 support") Signed-off-by: Gabor Juhos --- diff --git a/target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c b/target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c index 9eaeaa7f9d..5e24694d5c 100644 --- a/target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c +++ b/target/linux/ar71xx/files/arch/mips/ath79/mach-rb95x.c @@ -207,7 +207,11 @@ static const struct mtd_ooblayout_ops rb95x_nand_ecclayout_ops = { static int rb95x_nand_scan_fixup(struct mtd_info *mtd) { +#if LINUX_VERSION_CODE < KERNEL_VERSION(4,6,0) struct nand_chip *chip = mtd->priv; +#else + struct nand_chip *chip = mtd_to_nand(mtd); +#endif /* < 4.6.0 */ if (mtd->writesize == 512) { /*