From patchwork Mon Apr 4 20:41:29 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Han Xu X-Patchwork-Id: 605987 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3qf4CT0PDpz9sCj for ; Tue, 5 Apr 2016 07:01:09 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=NXP1.onmicrosoft.com header.i=@NXP1.onmicrosoft.com header.b=ivYqTWc9; dkim-atps=neutral Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1anBaV-0007qJ-H7; Mon, 04 Apr 2016 20:59:07 +0000 Received: from mail-am1on0094.outbound.protection.outlook.com ([157.56.112.94] helo=emea01-am1-obe.outbound.protection.outlook.com) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1anBaS-0007mk-7x for linux-mtd@lists.infradead.org; Mon, 04 Apr 2016 20:59:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NXP1.onmicrosoft.com; s=selector1-nxp-com; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=PfZ+/zcJ4QCn5UEthSLezKkN1g/2p+FlAqW7WDU+7n8=; b=ivYqTWc9S3JoIOQdko5e8W8IvgrTmdxCwRVhP/Vj4HbmhtMCtaikpBvtw2iQ0Gyz+VCBbKFEN58EGdw4tdTYg+89NMumHDFDTzaYFf3i6T/pyMM8rY48CDM4mrEowUaYNvr/zpufE0hvwCFO+xGx8ffOZc6V/MmYNiRZEqqGYfI= Authentication-Results: nxp.com; dkim=none (message not signed) header.d=none;nxp.com; dmarc=none action=none header.from=nxp.com; Received: from chopperman.am.freescale.net (192.88.168.49) by DB5PR0401MB1799.eurprd04.prod.outlook.com (10.165.5.153) with Microsoft SMTP Server (TLS) id 15.1.447.15; Mon, 4 Apr 2016 20:58:38 +0000 From: Han Xu To: , , , , Subject: [PATCH] mtd: gpmi: fix raw_buffer pointer double free issue Date: Mon, 4 Apr 2016 15:41:29 -0500 Message-ID: <1459802489-30382-1-git-send-email-han.xu@nxp.com> X-Mailer: git-send-email 1.9.1 MIME-Version: 1.0 X-Originating-IP: [192.88.168.49] X-ClientProxiedBy: BY2PR06CA048.namprd06.prod.outlook.com (10.141.250.166) To DB5PR0401MB1799.eurprd04.prod.outlook.com (10.165.5.153) X-MS-Office365-Filtering-Correlation-Id: 8e7a5a9f-627b-4d5c-0f2a-08d35ccbe632 X-Microsoft-Exchange-Diagnostics: 1; DB5PR0401MB1799; 2:YUmjfAEJxCFrBdfgduabnBCW2VXjygCzW6wulvQZtz20GlEsDXp/vSI6Qw/JlUxjg4Vehz3c4ie5QDX1oC3fpjIgfhH7ORcGv9GGUtTDP3K4ZWIGhUchw4RU0/gm8ZRRbGf9A3SelRIYfHkOxwF5XS2cCxy6QmXan5x9jO8OBlO5ynzuzw4VfuZK2/pC2/Rm; 3:f5aCBCZZkw/FEiwrkNkrh77DIIZLFZPZFbYrKSyvJhnxmxNpNGoFnQRsZWUAfd1E0i9C3RH9Z0sgJjnm3+t4KdjPR+SIESGUbJtUqBm+9+d7DXAbKUEZoN/pJJR3iNRl; 25:Wz6QybB1jWaJ2/tyBbAFL0tsYx2utWXX98w9Y8oDQ3T78KuFPmixV73XpE1diQNr8wAmcMncIvVmjmgMZuEL1Ecu1bkHOmtR6haoBouZ/A+7YUVwPJkEmUGS4MUciWvwwFRiLXzsRMOHALU2fasJdZY52/pRMEieE6734FRPBZ+6xsiHt+N0O9p9ogVqF5NxpgV3/7YywXi/SeHluiYMAR+FK5QoNvNNVPBjeUsWnK909M/Xn/KQO0DVObV78cP44uFJBXVEbVO9GKEBSUZhDtZN6zH08BRdGM0QEEbKTGtHqjbHBpgTYc9G0zrKV0bTIXf+sMFp3+FYtKRg8kF2aiVehtQ0qfgyXld714pfvkrzsTG3Vagw0VYNtcv6StMCm+Mv8omnyNWPsEPV5YRNjdRlCd3Dq/t/Og/97gPKx5dOOvjXM3u/BBPUV9Vsbk+iTeL5VxkM3I7K3XN/4s6p70c0lg7PGGe0KhWBD7S7QCYzI4E3GeXi4dvn6XxqClehjhP6K3YBv3ANqXYjE7W1/vtFa3z3smhgseZxy0ZveSbusdeJWMry+1sIRkvA+7sJpvbiYyBoeVNinULUt+HtHcvcRl2mAr282XWphFIrwmE= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DB5PR0401MB1799; X-Microsoft-Exchange-Diagnostics: 1; DB5PR0401MB1799; 20:b7fLE0iropLMRpRSHS1B5p3VNN/XH/ZV9reurfYZ/J1PF1/S2VcuMdfVla6MrHW1s8YTdWuX9N2PCCCW/YC3qiRXaj6G/xf7Kuch7WoRHd5zPCQuXytK7KV+4QWjLyBy/HJVkeABuKhCIx8r7Hrz2/wlXtlM7Afcb10AjEIzz+cKa3miSLLRyspoT1cGzwKrXg3SJnE30ucF6LTrEPo3bh3j2uXtVkykcHLrvne6U/hcvyien0pTzpK+0KB6JFzPCVD60zLtpr4+aNsgW/NvfF42xdAc/CxGbdyevQfW920SAfy9LXr5uZ1zeVC2PjzQECvsTg3MVD+T90aOrmvw4X29mK8BrW3JG3VP/ZEKNCHn9YM6s5AlQuSP7igmm37mHboHyzaGxtKSfh+cCtKAKJWCuOVNSuLKvCz0B8xUnp0csji+yljRloMdS35AO0Q/qDpQ9xUaNT8mIlxBcSKFW4j25mjJxyi35ZuemdFbr3Vqm6KhhfeIzpl0iCe4Nrz/; 4:1JYy5CU7/VTUh+VA6LZOKGjuwWESUqF+JXigKf22awvGER/xtBmx2iIXJds5C7AwXeQwIKdApqP6GQA2BiDHH3zzKHHnt3xmdDfQs3lm8lh0DBoF7E9LKIdUP/TqnmKC0/DV23QFsbt9L0T7Qdg5L0c9ooRZQ9avg4vrw3VGareOTArrP5CmbTGO5LyAo/fFlHVnPry7lbF11jVCi/rGs5qjFXC1430jfKQFukjNzh31Ixtu+iu2pArMbvZlhtwlVEPPA2isy3ya+uOC6rA+pFB8r8J5nc/t3ChK6IZrVmqBwyr13iN/ucFS3/De1h9H7JOPiXmvhKsMQQxXyohRO/hl/ljIq1u9spLfVjUOByb4UtEgQVFE5lSC3PeMvrfg X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001); SRVR:DB5PR0401MB1799; BCL:0; PCL:0; RULEID:; SRVR:DB5PR0401MB1799; X-Forefront-PRVS: 0902222726 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(6009001)(50466002)(5008740100001)(5003940100001)(50986999)(36756003)(92566002)(66066001)(5004730100002)(229853001)(48376002)(42186005)(47776003)(2201001)(86362001)(33646002)(50226001)(77096005)(5001770100001)(4326007)(2906002)(19580395003)(189998001)(19580405001)(3846002)(6116002)(586003)(1096002)(81166005); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR0401MB1799; H:chopperman.am.freescale.net; FPR:; SPF:None; MLV:sfv; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; DB5PR0401MB1799; 23:cLlB3OXG6IjN3HhXDOp6lznQ9bzVdyrWIyBOdvNrKku64rn2AiHiGybWxF+ugne4hw8pmSqzh7OmiaDMrI5JtfM+IRrNtUKS6VFxpgmn6pgh6zLV1AnbPyAmvjQdiyOgHA14ISsIFu69jG7NKclhi/if+fCTZYHMHNl4DnsWdf9/wyw6Z30eu4IZcNW4CioKcqrss1xlDuIpy5t/VjZOzQFdI1QlHRfJdakSWACjTW7yL9NkGeziqzQXK3k642uGGkK3uWKOfP4CNaOL6vS7fepcopIa/jtGouwOmObXhnP9fJ6AUETVq6YjtX/lBTojHZlSEeNsgWczq5qxL33YkTvGGkZTkwoBDEsgV++ZYC2kU/Cb51aAamWbeBconMy+mvNkmZm0sEOweclfSh8N3qETv1ujiWZvX0eWGTJdXCBr+Grl/gvjC7WYtUoyY4ivJPO0NrN42LzOSkuz6arM4MPe8moO2nNSrfCYDPQP8bDXuZDZghJHnTMdFbL9B7FnReYijocEudN2S7bIJU2GijMs7OeIns80oObEy+OSYKHbUoSY0Av5xYyv7QGV16ODz4RoQw2Ag6QHo//1g0Z21Ch6ml3w5DCf5mP+YFQyL6ZKAqkvWZePpi1eBpIbxX1FjcBocv5WpxvuRu+QIGClvVR4lhejf94iKd9wEHB49M04/ZePaGWdiO10ZkithXMHGBBHV/++B0PdfGSK3x4Lm8I/eIPRxgvSDYVW0RMgHpldcUWDvRvzreCd+MUf07b9+RscmS39EKhV4FlVYgJBO5TFuowoxOr2/TUBYTRK9RDs9Nvo8ErQL+y8keeMlIoA15h03Q6Tn3VP3gXIn/70OJJHBg49wFdu1ewz6KJqvnU= X-Microsoft-Exchange-Diagnostics: 1; DB5PR0401MB1799; 5:F73U37+EN/PP+wouhnuOz3IjMnIBNa29zpuQKzSuSTvVOz3nfK/RCVMk/8M8TG9lySvhfCVveQEEESMv97PPGbIvmdzHOGoHysq6yoJcPbjGz807rrIvjG29wBEY709p0c4nLQNTX18XeE6tGVQP/w==; 24:Bd0tznNlfX/6jmOHxnMRnx/aWTdBByO2ah4sLi/UXHNwfuiE4aFYV+5wGmlL70ySM/sXgwXPG4HX8iQc4Zjurzj543Zx4D/aU93Lq1xkAkk= SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Apr 2016 20:58:38.2184 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR0401MB1799 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160404_135904_637037_4A167C63 X-CRM114-Status: UNSURE ( 7.98 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -1.9 (-) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-1.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [157.56.112.94 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [157.56.112.94 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org fix the raw_buffer pointer double free issue found by coverify. CID 18344 (#2 of 2): Double free (USE_AFTER_FREE) 3. double_free: Calling gpmi_alloc_dma_buffer frees pointer this->raw_buffer which has already been freed Signed-off-by: Han Xu Reviewed-by: Richard Weinberger --- changes in v2: - add coverity check log --- drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c index 8122c69..dcb60b0 100644 --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c @@ -797,6 +797,7 @@ static void gpmi_free_dma_buffer(struct gpmi_nand_data *this) this->cmd_buffer = NULL; this->data_buffer_dma = NULL; + this->raw_buffer = NULL; this->page_buffer_virt = NULL; this->page_buffer_size = 0; }