From: Scott Wood <scottwood@freescale.com>
To: <dedekind1@gmail.com>
Cc: linuxppc-dev@ozlabs.org, b35362@freescale.com,
dwmw2@infradead.org, linux-mtd@lists.infradead.org
Subject: Re: [PATCH 1/2] mtd/nand : don't free the global data fsl_lbc_ctrl_dev->nand in fsl_elbc_chip_remove()
Date: Thu, 30 Jun 2011 11:26:56 -0500 [thread overview]
Message-ID: <20110630112656.3257116a@schlenkerla.am.freescale.net> (raw)
In-Reply-To: <1309434797.23597.178.camel@sauron>
On Thu, 30 Jun 2011 14:53:13 +0300
Artem Bityutskiy <dedekind1@gmail.com> wrote:
> On Wed, 2011-06-29 at 11:45 -0500, Scott Wood wrote:
> > If we're freeing fsl_lbc_ctrl, we'd better get rid of references to it...
>
> Yes, on the one hand this is a good defensive programming practice, on
> the other hand it hides double-free bugs. Like this patch fixes a
> double-free bug, and why it was noticed before? I thought may be because
> of this NULL assignment?
I'm not sure how the NULL assignment was hiding anything here. It was
probably hidden only because nobody tested it with suitable debug options
enabled since the code was last reorganized.
If the NULL assignment is dropped, consider what happens if the
fsl_elbc_nand module is removed then reinserted. On reinsertion, it will
see a non-NULL fsl_lbc_ctrl_dev->nand, and will skip allocating a new one.
Then you're referencing freed memory.
Looking more closely, the MAX_BANKS loop should be removed. Since the
reorganization, the platform device represents one chip, not the
controller, so we should only be removing that one chip.
-Scott
next prev parent reply other threads:[~2011-06-30 16:28 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-28 1:50 [PATCH 1/2] mtd/nand : don't free the global data fsl_lbc_ctrl_dev->nand in fsl_elbc_chip_remove() b35362
2011-06-28 1:50 ` [PATCH 2/2] mtd/nand : workaround for Freescale FCM to support large-page Nand chip b35362
2011-06-28 15:35 ` [PATCH 2/2] mtd/nand : workaround for Freescale FCM to supportlarge-page " Mike Hench
2011-06-28 16:30 ` Scott Wood
2011-06-29 6:22 ` [PATCH 2/2] mtd/nand : workaround for Freescale FCM to support large-page " Artem Bityutskiy
2011-06-29 16:43 ` Scott Wood
2011-06-30 11:51 ` Artem Bityutskiy
2011-06-29 6:20 ` [PATCH 1/2] mtd/nand : don't free the global data fsl_lbc_ctrl_dev->nand in fsl_elbc_chip_remove() Artem Bityutskiy
2011-06-29 16:45 ` Scott Wood
2011-06-30 11:53 ` Artem Bityutskiy
2011-06-30 16:26 ` Scott Wood [this message]
2011-07-01 5:40 ` Artem Bityutskiy
2011-07-01 16:14 ` Scott Wood
2011-07-06 6:46 ` Artem Bityutskiy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110630112656.3257116a@schlenkerla.am.freescale.net \
--to=scottwood@freescale.com \
--cc=b35362@freescale.com \
--cc=dedekind1@gmail.com \
--cc=dwmw2@infradead.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linuxppc-dev@ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).