[PATCH 0/2] mtd/ftl: fix the double free of buffers
Brian Norris
computersforpeace at gmail.com
Wed Jul 2 17:37:40 PDT 2014
Hi Kevin,
On Mon, Jun 16, 2014 at 03:52:35PM +0800, Kevin Hao wrote:
> I got the following panic on my fsl p5020ds board.
>
> Unable to handle kernel paging request for data at address 0x7375627379737465
> Faulting instruction address: 0xc000000000100778
> Oops: Kernel access of bad area, sig: 11 [#1]
[snip]
> ---[ end trace b4c9a94804a42d40 ]---
>
> It seems that the corrupted partition header on my mtd device triggers a bug
> in the ftl. Create a patch to fix this.
Considering the nature of the panic, this sounds like a -stable fix. Can
you elaborate on how you confirmed this is the bug? You didn't paste
sufficient logging/details to show which code paths you are exercising
in ftl.c. One hand, it sounds like scan_header() might have returned
non-zero (which skips build_maps()), and on the other hand, you say the
double-free occurs because both build_maps() and ftl_freepart() are
freeing the same buffers.
I'd just like to fill in my understanding a little better, if I'm going
to send this as a -stable fix. Plus, we might want to add some details
to the patch 2 commit message, instead of just in this cover letter.
Thanks,
Brian
More information about the linux-mtd
mailing list