[PATCH 1/2] mtd/nand : don't free the global data fsl_lbc_ctrl_dev->nand in fsl_elbc_chip_remove()
Scott Wood
scottwood at freescale.com
Fri Jul 1 12:14:49 EDT 2011
On Fri, 1 Jul 2011 08:40:21 +0300
Artem Bityutskiy <dedekind1 at gmail.com> wrote:
> On Thu, 2011-06-30 at 11:26 -0500, Scott Wood wrote:
> > If the NULL assignment is dropped, consider what happens if the
> > fsl_elbc_nand module is removed then reinserted. On reinsertion, it
> > will
> > see a non-NULL fsl_lbc_ctrl_dev->nand, and will skip allocating a new
> > one.
> > Then you're referencing freed memory.
>
> Oh, then this sounds like a separate bug. Removing the module should
> kill everything, and re-inserging the module should have zero
> dependencies on the previous states...
fsl_lbc_ctrl_dev (and thus the fsl_lbc_ctrl_dev->nand pointer) is not part
of the module, it is part of arch/powerpc/sysdev/fsl_lbc.c. NAND isn't the
only thing that elbc does. Since there can be multiple NAND chips, which
are separately probed, the first chip (under a lock) creates the NAND state
that is shared among the chips, and the last one removed destroys it.
> Anyway, if you think the original patch is OK, I can put it to my tree.
I think it's OK. The loop also needs to be removed, so the remove callback
operates only on the particular chip it's called on, but that's a separate
bug.
-Scott
More information about the linux-mtd
mailing list