2010-08-28 20:32:48

by Mike Frysinger

[permalink] [raw]
Subject: [PATCH] mtd: Blackfin NFC: fix invalid free in remove()

Since info->mtd isn't dynamically allocated, we shouldn't attempt to
kfree() it. Otherwise we get random fun corruption when unloading
the driver built as a module.

Signed-off-by: Mike Frysinger <[email protected]>
---
note: this should be merged for 2.6.36 and probably sent to stable trees

drivers/mtd/nand/bf5xx_nand.c | 7 +------
1 files changed, 1 insertions(+), 6 deletions(-)

diff --git a/drivers/mtd/nand/bf5xx_nand.c b/drivers/mtd/nand/bf5xx_nand.c
index 162c5ea..6fbeefa 100644
--- a/drivers/mtd/nand/bf5xx_nand.c
+++ b/drivers/mtd/nand/bf5xx_nand.c
@@ -682,7 +682,6 @@ static int __devinit bf5xx_nand_add_partition(struct bf5xx_nand_info *info)
static int __devexit bf5xx_nand_remove(struct platform_device *pdev)
{
struct bf5xx_nand_info *info = to_nand_info(pdev);
- struct mtd_info *mtd = NULL;

platform_set_drvdata(pdev, NULL);

@@ -690,11 +689,7 @@ static int __devexit bf5xx_nand_remove(struct platform_device *pdev)
* and their partitions, then go through freeing the
* resources used
*/
- mtd = &info->mtd;
- if (mtd) {
- nand_release(mtd);
- kfree(mtd);
- }
+ nand_release(&info->mtd);

peripheral_free_list(bfin_nfc_pin_req);
bf5xx_nand_dma_remove(info);
--
1.7.2.2


2010-08-28 20:33:03

by Mike Frysinger

[permalink] [raw]
Subject: [PATCH] mtd: Blackfin NFC: fix invalid free in remove()

Since info->mtd isn't dynamically allocated, we shouldn't attempt to
kfree() it. Otherwise we get random fun corruption when unloading
the driver built as a module.

Signed-off-by: Mike Frysinger <[email protected]>
---
drivers/mtd/nand/bf5xx_nand.c | 7 +------
1 files changed, 1 insertions(+), 6 deletions(-)

diff --git a/drivers/mtd/nand/bf5xx_nand.c b/drivers/mtd/nand/bf5xx_nand.c
index 162c5ea..6fbeefa 100644
--- a/drivers/mtd/nand/bf5xx_nand.c
+++ b/drivers/mtd/nand/bf5xx_nand.c
@@ -682,7 +682,6 @@ static int __devinit bf5xx_nand_add_partition(struct bf5xx_nand_info *info)
static int __devexit bf5xx_nand_remove(struct platform_device *pdev)
{
struct bf5xx_nand_info *info = to_nand_info(pdev);
- struct mtd_info *mtd = NULL;

platform_set_drvdata(pdev, NULL);

@@ -690,11 +689,7 @@ static int __devexit bf5xx_nand_remove(struct platform_device *pdev)
* and their partitions, then go through freeing the
* resources used
*/
- mtd = &info->mtd;
- if (mtd) {
- nand_release(mtd);
- kfree(mtd);
- }
+ nand_release(&info->mtd);

peripheral_free_list(bfin_nfc_pin_req);
bf5xx_nand_dma_remove(info);
--
1.7.2.2

2010-08-30 12:58:14

by Artem Bityutskiy

[permalink] [raw]
Subject: Re: [PATCH] mtd: Blackfin NFC: fix invalid free in remove()

On Sat, 2010-08-28 at 16:42 -0400, Mike Frysinger wrote:
> Since info->mtd isn't dynamically allocated, we shouldn't attempt to
> kfree() it. Otherwise we get random fun corruption when unloading
> the driver built as a module.
>
> Signed-off-by: Mike Frysinger <[email protected]>
> ---
> note: this should be merged for 2.6.36 and probably sent to stable trees

You send the same patch 2 times once with this note and the other time
without this note. Which one should be ignored?

--
Best Regards,
Artem Bityutskiy (Битюцкий Артём)

2010-08-30 12:59:42

by Artem Bityutskiy

[permalink] [raw]
Subject: Re: [PATCH] mtd: Blackfin NFC: fix invalid free in remove()

On Mon, 2010-08-30 at 15:58 +0300, Artem Bityutskiy wrote:
> On Sat, 2010-08-28 at 16:42 -0400, Mike Frysinger wrote:
> > Since info->mtd isn't dynamically allocated, we shouldn't attempt to
> > kfree() it. Otherwise we get random fun corruption when unloading
> > the driver built as a module.
> >
> > Signed-off-by: Mike Frysinger <[email protected]>
> > ---
> > note: this should be merged for 2.6.36 and probably sent to stable trees
>
> You send the same patch 2 times once with this note and the other time
> without this note. Which one should be ignored?

I guess it is 2.6.36 material. Also, if you want this in -stable, add
corresponding CC please.

--
Best Regards,
Artem Bityutskiy (Битюцкий Артём)

2010-08-30 13:32:56

by Mike Frysinger

[permalink] [raw]
Subject: Re: [Uclinux-dist-devel] [PATCH] mtd: Blackfin NFC: fix invalid free in remove()

On Mon, Aug 30, 2010 at 08:59, Artem Bityutskiy wrote:
> On Mon, 2010-08-30 at 15:58 +0300, Artem Bityutskiy wrote:
>> On Sat, 2010-08-28 at 16:42 -0400, Mike Frysinger wrote:
>> > Since info->mtd isn't dynamically allocated, we shouldn't attempt to
>> > kfree() it.  Otherwise we get random fun corruption when unloading
>> > the driver built as a module.
>> >
>> > Signed-off-by: Mike Frysinger <[email protected]>
>> > ---
>> > note: this should be merged for 2.6.36 and probably sent to stable trees
>>
>> You send the same patch 2 times once with this note and the other time
>> without this note. Which one should be ignored?
>
> I guess it is 2.6.36 material. Also, if you want this in -stable, add
> corresponding CC please.

once it gets merged, then i can notify the stable guys
-mike

2010-08-30 13:38:01

by Mike Frysinger

[permalink] [raw]
Subject: Re: [Uclinux-dist-devel] [PATCH] mtd: Blackfin NFC: fix invalid free in remove()

On Mon, Aug 30, 2010 at 08:58, Artem Bityutskiy wrote:
> On Sat, 2010-08-28 at 16:42 -0400, Mike Frysinger wrote:
>> Since info->mtd isn't dynamically allocated, we shouldn't attempt to
>> kfree() it.  Otherwise we get random fun corruption when unloading
>> the driver built as a module.
>>
>> Signed-off-by: Mike Frysinger <[email protected]>
>> ---
>> note: this should be merged for 2.6.36 and probably sent to stable trees
>
> You send the same patch 2 times once with this note and the other time
> without this note. Which one should be ignored?

they're the same thing. i used a wrong option with git-send-email.
-mike

2010-08-30 15:10:54

by Artem Bityutskiy

[permalink] [raw]
Subject: Re: [Uclinux-dist-devel] [PATCH] mtd: Blackfin NFC: fix invalid free in remove()

On Mon, 2010-08-30 at 09:32 -0400, Mike Frysinger wrote:
> On Mon, Aug 30, 2010 at 08:59, Artem Bityutskiy wrote:
> > On Mon, 2010-08-30 at 15:58 +0300, Artem Bityutskiy wrote:
> >> On Sat, 2010-08-28 at 16:42 -0400, Mike Frysinger wrote:
> >> > Since info->mtd isn't dynamically allocated, we shouldn't attempt to
> >> > kfree() it. Otherwise we get random fun corruption when unloading
> >> > the driver built as a module.
> >> >
> >> > Signed-off-by: Mike Frysinger <[email protected]>
> >> > ---
> >> > note: this should be merged for 2.6.36 and probably sent to stable trees
> >>
> >> You send the same patch 2 times once with this note and the other time
> >> without this note. Which one should be ignored?
> >
> > I guess it is 2.6.36 material. Also, if you want this in -stable, add
> > corresponding CC please.
>
> once it gets merged, then i can notify the stable guys

AFAIK, this is not the way they prefer to work. The right protocol is
that you add 'Cc: [email protected]' to the commit message, ane they
pick the patch. I might be mistaken, but AFAIK this is the way.

--
Best Regards,
Artem Bityutskiy (Битюцкий Артём)

2010-08-30 15:15:04

by Mike Frysinger

[permalink] [raw]
Subject: Re: [Uclinux-dist-devel] [PATCH] mtd: Blackfin NFC: fix invalid free in remove()

On Mon, Aug 30, 2010 at 11:10, Artem Bityutskiy wrote:
> On Mon, 2010-08-30 at 09:32 -0400, Mike Frysinger wrote:
>> On Mon, Aug 30, 2010 at 08:59, Artem Bityutskiy wrote:
>> > On Mon, 2010-08-30 at 15:58 +0300, Artem Bityutskiy wrote:
>> >> On Sat, 2010-08-28 at 16:42 -0400, Mike Frysinger wrote:
>> >> > Since info->mtd isn't dynamically allocated, we shouldn't attempt to
>> >> > kfree() it.  Otherwise we get random fun corruption when unloading
>> >> > the driver built as a module.
>> >> >
>> >> > Signed-off-by: Mike Frysinger <[email protected]>
>> >> > ---
>> >> > note: this should be merged for 2.6.36 and probably sent to stable trees
>> >>
>> >> You send the same patch 2 times once with this note and the other time
>> >> without this note. Which one should be ignored?
>> >
>> > I guess it is 2.6.36 material. Also, if you want this in -stable, add
>> > corresponding CC please.
>>
>> once it gets merged, then i can notify the stable guys
>
> AFAIK, this is not the way they prefer to work. The right protocol is
> that you add 'Cc: [email protected]' to the commit message, ane they
> pick the patch. I might be mistaken, but AFAIK this is the way.

np ... i'm not claiming to know more than you ;)
-mike