[PATCH] physmap: Fix leak of memory returned by parse_mtd_partitions

Atsushi Nemoto anemo at mba.ocn.ne.jp
Tue Feb 24 20:31:40 EST 2009


On Tue, 24 Feb 2009 16:29:58 +0100, Sascha Hauer <s.hauer at pengutronix.de> wrote:
> > The physmap patch has another bug and fixes are on the way mainline:
> > 
> > http://git.infradead.org/mtd-2.6.git?a=commit;h=e480814f138cd5d78a8efe397756ba6b6518fdb6
> > 
> > But this seems not enough, as you wrote.  If multiple mtd have same
> > mtd-id, bad things can happen.  And more seriously, if I load physmap
> > driver _again_ after unload, cmdlinepart will return a freed pointer
> > on the second time.
> > 
> > Hmm, little memory leak is less serious than crash.  Now I start
> > thinking reverting the commit 176bf2e0 will be best for 2.6.29
> > release.
> 
> Even when reverting the commit the same problem still exists because the
> array then gets freed in physmap_flash_remove(). This won't hurt me
> though because I never use mtd drivers as modules.

If the commit reverted, kfree() in physmap_flash_remove never be
called due to another bug (info->nr_parts is not set properly).  But
unloading the physmap module will lead crash anyway since master mtd
device will be freed without deleting slave mtd devices if cmdlinepart
was used.

So I think either reverting the commit or applying the above fix in
mtd-2.6 git tree can fix regression from 2.6.28.  Both work well
unless unloading the physmap module after booting with mtdparts=
option.

---
Atsushi Nemoto



More information about the linux-mtd mailing list