From patchwork Tue Feb 24 13:35:05 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sascha Hauer <s.hauer@pengutronix.de>
X-Patchwork-Id: 23617
Return-Path: 
 <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from bombadil.infradead.org (bombadil.infradead.org [18.85.46.34])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id E9455DDDFA
	for <incoming@patchwork.ozlabs.org>;
	Wed, 25 Feb 2009 01:00:39 +1100 (EST)
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.69 #1 (Red Hat Linux))
	id 1Lbxni-0007Hz-Aa; Tue, 24 Feb 2009 13:58:22 +0000
Received: from metis.ext.pengutronix.de
	([2001:6f8:1178:4:290:27ff:fe1d:cc33])
	by bombadil.infradead.org with esmtps (Exim 4.69 #1 (Red Hat Linux))
	id 1LbxnX-0007Hk-3L
	for linux-mtd@lists.infradead.org; Tue, 24 Feb 2009 13:58:17 +0000
Received: from octopus.hi.pengutronix.de
	([2001:6f8:1178:2:215:17ff:fe12:23b0])
	by metis.ext.pengutronix.de with esmtp (Exim 4.63)
	(envelope-from <sha@pengutronix.de>)
	id 1LbxRK-0003s9-4I; Tue, 24 Feb 2009 14:35:14 +0100
Received: from sha by octopus.hi.pengutronix.de with local (Exim 4.69)
	(envelope-from <sha@pengutronix.de>)
	id 1LbxRB-00031a-97; Tue, 24 Feb 2009 14:35:05 +0100
Date: Tue, 24 Feb 2009 14:35:05 +0100
From: Sascha Hauer <s.hauer@pengutronix.de>
To: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Subject: Re: [PATCH] physmap: Fix leak of memory returned by
	parse_mtd_partitions
Message-ID: <20090224133505.GJ21900@pengutronix.de>
References: <20081112.235733.01917391.anemo@mba.ocn.ne.jp>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20081112.235733.01917391.anemo@mba.ocn.ne.jp>
X-Sent-From: Pengutronix Entwicklungszentrum Nord - Hildesheim
X-URL: http://www.pengutronix.de/
X-IRC: #ptxdist @freenode
X-Accept-Language: de,en
X-Accept-Content-Type: text/plain
X-Impressum: Pengutronix - Linux Solutions for Science and Industry
	Handelsregister:  Amtsgericht Hildesheim, HRA 2686 Peiner Strasse
	6-8, 31137 Hildesheim, Germany Phone: +49-5121-206917-0 |  Fax:
	+49-5121-206917-5555 Inhaber: Dipl.-Ing. Robert Schwebel
X-Message-Flag: See Message Headers for Impressum
X-Uptime: 13:46:44 up 6 days, 4:40, 30 users, load average: 0.00, 0.06, 0.87
User-Agent: Mutt/1.5.18 (2008-05-17)
X-SA-Exim-Connect-IP: 2001:6f8:1178:2:215:17ff:fe12:23b0
X-SA-Exim-Mail-From: sha@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de);
	SAEximRunCond expanded to false
X-PTX-Original-Recipient: linux-mtd@lists.infradead.org
X-Spam-Score: 0.4 (/)
X-Spam-Report: SpamAssassin version 3.2.5 on bombadil.infradead.org summary:
	Content analysis details:   (0.4 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	0.4 SUBJECT_FUZZY_TION     Attempt to obfuscate words in Subject:
	-0.0 NO_RELAYS Informational: message was not relayed via SMTP
Cc: David Woodhouse <dwmw2@infradead.org>, linux-mtd@lists.infradead.org,
	linux-kernel@vger.kernel.org
X-BeenThere: linux-mtd@lists.infradead.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Linux MTD discussion mailing list <linux-mtd.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/listinfo/linux-mtd>,
	<mailto:linux-mtd-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-mtd>
List-Post: <mailto:linux-mtd@lists.infradead.org>
List-Help: <mailto:linux-mtd-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-mtd>,
	<mailto:linux-mtd-request@lists.infradead.org?subject=subscribe>
Sender: linux-mtd-bounces@lists.infradead.org
Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Hi,

Sorry to reply to such an old thread, but...

On Wed, Nov 12, 2008 at 11:57:33PM +0900, Atsushi Nemoto wrote:
> The mtd partition parser returns an allocated pointer array of
> mtd_partition.  The caller must free it.  The array is used only for
> add_mtd_partitions(), so free it just after the call.

This patch breaks command line parsing support. With command line
partition parsing the struct mtd_partition array is allocated, but only
once. On my board with NAND and NOR (both with command line partition
parsing) It fails badly in parse_cmdline_partitions() when the second
device gets parsed.

The following patch fixes it, but I don't know if this is
the correct solution. Does anybody have more insights on this?

Sascha


> 
> Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
> ---
>  drivers/mtd/maps/physmap.c |   17 ++++++++---------
>  1 files changed, 8 insertions(+), 9 deletions(-)
> 
> diff --git a/drivers/mtd/maps/physmap.c b/drivers/mtd/maps/physmap.c
> index 7ca048d..cc26b41 100644
> --- a/drivers/mtd/maps/physmap.c
> +++ b/drivers/mtd/maps/physmap.c
> @@ -29,7 +29,6 @@ struct physmap_flash_info {
>  	struct map_info		map[MAX_RESOURCES];
>  #ifdef CONFIG_MTD_PARTITIONS
>  	int			nr_parts;
> -	struct mtd_partition	*parts;
>  #endif
>  };
>  
> @@ -56,14 +55,10 @@ static int physmap_flash_remove(struct platform_device *dev)
>  	for (i = 0; i < MAX_RESOURCES; i++) {
>  		if (info->mtd[i] != NULL) {
>  #ifdef CONFIG_MTD_PARTITIONS
> -			if (info->nr_parts) {
> +			if (info->nr_parts || physmap_data->nr_parts)
>  				del_mtd_partitions(info->mtd[i]);
> -				kfree(info->parts);
> -			} else if (physmap_data->nr_parts) {
> -				del_mtd_partitions(info->mtd[i]);
> -			} else {
> +			else
>  				del_mtd_device(info->mtd[i]);
> -			}
>  #else
>  			del_mtd_device(info->mtd[i]);
>  #endif
> @@ -86,6 +81,9 @@ static int physmap_flash_probe(struct platform_device *dev)
>  	int err = 0;
>  	int i;
>  	int devices_found = 0;
> +#ifdef CONFIG_MTD_PARTITIONS
> +	struct mtd_partition *parts;
> +#endif
>  
>  	physmap_data = dev->dev.platform_data;
>  	if (physmap_data == NULL)
> @@ -166,9 +164,10 @@ static int physmap_flash_probe(struct platform_device *dev)
>  		goto err_out;
>  
>  #ifdef CONFIG_MTD_PARTITIONS
> -	err = parse_mtd_partitions(info->cmtd, part_probe_types, &info->parts, 0);
> +	err = parse_mtd_partitions(info->cmtd, part_probe_types, &parts, 0);
>  	if (err > 0) {
> -		add_mtd_partitions(info->cmtd, info->parts, err);
> +		add_mtd_partitions(info->cmtd, parts, err);
> +		kfree(parts);
>  		return 0;
>  	}
>  
> -- 
> 1.5.6.3
> 
> ______________________________________________________
> Linux MTD discussion mailing list
> http://lists.infradead.org/mailman/listinfo/linux-mtd/
>

diff --git a/drivers/mtd/cmdlinepart.c b/drivers/mtd/cmdlinepart.c
index 50a3403..14c00dd 100644
--- a/drivers/mtd/cmdlinepart.c
+++ b/drivers/mtd/cmdlinepart.c
@@ -335,7 +335,13 @@ static int parse_cmdline_partitions(struct mtd_info *master,
 				}
 				offset += part->parts[i].size;
 			}
-			*pparts = part->parts;
+
+			*pparts = kmalloc(sizeof (struct mtd_partition) * part->num_parts, GFP_KERNEL);
+			if (!*pparts)
+				return -ENOMEM;
+
+			memcpy(*pparts, part->parts, sizeof (struct mtd_partition) * part->num_parts);
+
 			return part->num_parts;
 		}
 	}