Message ID | ec15c358b8063f7c50ff4cd628cf0d2e14e43f49.1653064877.git.christophe.jaillet@wanadoo.fr |
---|---|
State | Accepted |
Headers | show |
Series | mtd: rawnand: meson: Fix a potential double free issue | expand |
Hi Christophe, On 2022/5/21 0:41, Christophe JAILLET wrote: > [ EXTERNAL EMAIL ] > > When meson_nfc_nand_chip_cleanup() is called, it will call: > meson_nfc_free_buffer(&meson_chip->nand); > nand_cleanup(&meson_chip->nand); > > nand_cleanup() in turn will call nand_detach() which calls the > .detach_chip() which is here meson_nand_detach_chip(). > > meson_nand_detach_chip() already calls meson_nfc_free_buffer(), so we > could double free some memory. > > Fix it by removing the unneeded explicit call to meson_nfc_free_buffer(). > > Fixes: 8fae856c5350 ("mtd: rawnand: meson: add support for Amlogic NAND flash controller") > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> > --- > This patch is speculative, so review with care. > --- > drivers/mtd/nand/raw/meson_nand.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c > index ac3be92872d0..032180183339 100644 > --- a/drivers/mtd/nand/raw/meson_nand.c > +++ b/drivers/mtd/nand/raw/meson_nand.c > @@ -1307,7 +1307,6 @@ static int meson_nfc_nand_chip_cleanup(struct meson_nfc *nfc) > if (ret) > return ret; > > - meson_nfc_free_buffer(&meson_chip->nand); > nand_cleanup(&meson_chip->nand); > list_del(&meson_chip->node); > } Acked-by: Liang Yang <liang.yang@amlogic.com> Thanks, Liang
On Fri, 2022-05-20 at 16:41:40 UTC, Christophe JAILLET wrote: > When meson_nfc_nand_chip_cleanup() is called, it will call: > meson_nfc_free_buffer(&meson_chip->nand); > nand_cleanup(&meson_chip->nand); > > nand_cleanup() in turn will call nand_detach() which calls the > .detach_chip() which is here meson_nand_detach_chip(). > > meson_nand_detach_chip() already calls meson_nfc_free_buffer(), so we > could double free some memory. > > Fix it by removing the unneeded explicit call to meson_nfc_free_buffer(). > > Fixes: 8fae856c5350 ("mtd: rawnand: meson: add support for Amlogic NAND flash controller") > Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> > Acked-by: Liang Yang <liang.yang@amlogic.com> Applied to https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git nand/next, thanks. Miquel
diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c index ac3be92872d0..032180183339 100644 --- a/drivers/mtd/nand/raw/meson_nand.c +++ b/drivers/mtd/nand/raw/meson_nand.c @@ -1307,7 +1307,6 @@ static int meson_nfc_nand_chip_cleanup(struct meson_nfc *nfc) if (ret) return ret; - meson_nfc_free_buffer(&meson_chip->nand); nand_cleanup(&meson_chip->nand); list_del(&meson_chip->node); }
When meson_nfc_nand_chip_cleanup() is called, it will call: meson_nfc_free_buffer(&meson_chip->nand); nand_cleanup(&meson_chip->nand); nand_cleanup() in turn will call nand_detach() which calls the .detach_chip() which is here meson_nand_detach_chip(). meson_nand_detach_chip() already calls meson_nfc_free_buffer(), so we could double free some memory. Fix it by removing the unneeded explicit call to meson_nfc_free_buffer(). Fixes: 8fae856c5350 ("mtd: rawnand: meson: add support for Amlogic NAND flash controller") Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> --- This patch is speculative, so review with care. --- drivers/mtd/nand/raw/meson_nand.c | 1 - 1 file changed, 1 deletion(-)