mtd: nand: arasan: Fix the crash caused by use after free

The below exception observed on QEMU, as it doesn't support
NAND controller.

"Synchronous Abort" handler, esr 0x96000005, far 0x17acfc878
elr: 000000000803ad40 lr : 000000000805f438 (reloc)
elr: 000000007fcb4d40 lr : 000000007fcd9438
x0 : 000000007bbfc880 x1 : 00000000ff100000
x2 : 000000007fcf059c x3 : 000000007bbfc870
x4 : 000000007fd9a388 x5 : 000000017acfc870
x6 : 0000000000000000 x7 : 000000007bbfd0e0
x8 : 0000000000003dd4 x9 : 000000007bbeec0c
x10: 0000000000000001 x11: 0000000000003f8c
x12: 000000007bbeecfc x13: 000000007bbeeeb0
x14: 000000007bbeeeb0 x15: 000000007bbee474
x16: 000000007fcef18c x17: 0000000000000000
x18: 000000007bbf9d70 x19: 000000007bbfc888
x20: 000000007bbfc870 x21: 000000007fd68ddb
x22: 00000000ffffffed x23: 000000007bbfc878
x24: 0000000000000000 x25: 0000000000000000
x26: 0000000000000000 x27: 0000000000000000
x28: 0000000000000000 x29: 000000007bbeed10

Code: 927ff8c1 924000c6 8b010065 f9400887 (f94004a2)
Resetting CPU ...

The crash is caused by the use after free.
Updating the correct return codes rather than hardcoding.
Fixes: 3dd0f8cccd6d ("mtd: nand: Remove hardcoded base address of nand")
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@amd.com>
Link: https://lore.kernel.org/r/20240306033404.18537-1-venkatesh.abbarapu@amd.com
Signed-off-by: Michal Simek <michal.simek@amd.com>

diff --git a/drivers/mtd/nand/raw/arasan_nfc.c b/drivers/mtd/nand/raw/arasan_nfc.c
index 0b1b91f7711ecc260cadfd164ab3783d41f362d0..ffcd963b3dacaa303cf0924fc42a3c5bbd3fd79a 100644 (file)
--- a/drivers/mtd/nand/raw/arasan_nfc.c
+++ b/drivers/mtd/nand/raw/arasan_nfc.c
@@ -1232,7 +1232,7 @@ static int arasan_probe(struct udevice *dev)
        struct nand_config *nand = &info->config;
        struct mtd_info *mtd;
        ofnode child;
-       int err = -1;
+       int ret;
        const char *str;
 
        info->reg = dev_read_addr_ptr(dev);
@@ -1259,9 +1259,10 @@ static int arasan_probe(struct udevice *dev)
        writel(0x0, &info->reg->pgm_reg);
 
        /* first scan to find the device and get the page size */
-       if (nand_scan_ident(mtd, CONFIG_SYS_NAND_MAX_CHIPS, NULL)) {
+       ret = nand_scan_ident(mtd, CONFIG_SYS_NAND_MAX_CHIPS, NULL);
+       if (ret) {
                printf("%s: nand_scan_ident failed\n", __func__);
-               goto fail;
+               return ret;
        }
 
        str = ofnode_read_string(nand_chip->flash_node, "nand-ecc-mode");
@@ -1289,26 +1290,26 @@ static int arasan_probe(struct udevice *dev)
                nand_chip->ecc.bytes = 0;
                nand_chip->ecc.layout = &ondie_nand_oob_64;
        } else {
-               if (arasan_nand_ecc_init(mtd)) {
+               ret = arasan_nand_ecc_init(mtd);
+               if (ret) {
                        printf("%s: nand_ecc_init failed\n", __func__);
-                       goto fail;
+                       return ret;
                }
        }
 
-       if (nand_scan_tail(mtd)) {
+       ret = nand_scan_tail(mtd);
+       if (ret) {
                printf("%s: nand_scan_tail failed\n", __func__);
-               goto fail;
+               return ret;
        }
 
-       if (nand_register(0, mtd)) {
+       ret = nand_register(0, mtd);
+       if (ret) {
                printf("Nand Register Fail\n");
-               goto fail;
+               return ret;
        }
 
-       return 0;
-fail:
-       free(nand);
-       return err;
+       return ret;
 }
 
 static const struct udevice_id arasan_nand_dt_ids[] = {