linux-mtd.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Boris Brezillon <boris.brezillon@collabora.com>
To: Miquel Raynal <miquel.raynal@bootlin.com>
Cc: Vignesh Raghavendra <vigneshr@ti.com>,
	Tudor Ambarus <Tudor.Ambarus@microchip.com>,
	Richard Weinberger <richard.weinberger@gmail.com>,
	Richard Weinberger <richard@nod.at>,
	dedekind@infradead.org, linux-mtd@lists.infradead.org
Subject: Re: [PATCH 17/17] mtd: rawnand: nandsim: Reorganize ns_cleanup_module()
Date: Mon, 25 May 2020 10:35:02 +0200	[thread overview]
Message-ID: <20200525103502.2b838933@collabora.com> (raw)
In-Reply-To: <20200525102852.068349d8@xps13>

On Mon, 25 May 2020 10:28:52 +0200
Miquel Raynal <miquel.raynal@bootlin.com> wrote:

> Miquel Raynal <miquel.raynal@bootlin.com> wrote on Mon, 25 May 2020
> 09:23:15 +0200:
> 
> > Hi Boris,
> > 
> > Boris Brezillon <boris.brezillon@collabora.com> wrote on Mon, 25 May
> > 2020 08:47:35 +0200:
> >   
> > > On Mon, 25 May 2020 08:46:37 +0200
> > > Boris Brezillon <boris.brezillon@collabora.com> wrote:
> > >     
> > > > On Mon, 25 May 2020 00:13:28 +0200
> > > > Miquel Raynal <miquel.raynal@bootlin.com> wrote:
> > > >       
> > > > > Hi Richard,
> > > > > 
> > > > > Richard Weinberger <richard.weinberger@gmail.com> wrote on Sun, 24 May
> > > > > 2020 23:37:13 +0200:
> > > > >         
> > > > > > On Sat, May 9, 2020 at 9:19 PM Miquel Raynal <miquel.raynal@bootlin.com> wrote:          
> > > > > > >         ns_debugfs_remove(ns);
> > > > > > > -       ns_free(ns);    /* Free nandsim private resources */
> > > > > > > -       nand_release(chip); /* Unregister driver */
> > > > > > > -       kfree(ns);        /* Free other structures */
> > > > > > > -       ns_free_lists();
> > > > > > > +       WARN_ON(mtd_device_unregister(nsmtd));
> > > > > > > +       ns_free(ns);
> > > > > > > +       kfree(erase_block_wear);
> > > > > > > +       nand_cleanup(chip);
> > > > > > > +       list_for_each_safe(pos, n, &grave_pages) {
> > > > > > > +               kfree(list_entry(pos, struct grave_page, list));
> > > > > > > +               list_del(pos);            
> > > > > > 
> > > > > > Are you sure you can use pos after freeing the entry?
> > > > > > Smells like use after free.
> > > > > >           
> > > > > 
> > > > > Mmmmh, I should probably invert those two lines, first call list_del()
> > > > > and then call kfree() on list_entry().        
> > > > 
> > > > You can also use  list_for_each_entry_safe():    
> > 
> > I usually use this helper, but I guess I copy/pasted the below lines
> > from somewhere else in this file... I'll use list_for_each_entry_safe().  
> 
> Actually, grave_pages, weak_pages and weak_blocks are three structures
> of different types, that's why they called kfree() directly on
> list_entry() -> to avoid having to declare 6 different pointers. I'll
> stick to the same presentation than ns_free_lists then.

Hm, okay. I guess having the init/cleanup split is sub-functions would
be cleaner, but it's not like we want to invest time in nandsim, so I'm
fine with the list_for_each_safe().

______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/

      reply	other threads:[~2020-05-25  8:35 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-09 19:14 [PATCH 00/17] Clean nandsim error path Miquel Raynal
2020-05-09 19:14 ` [PATCH 01/17] mtd: rawnand: nandsim: Consistent use of 'ns' instead of 'dev' Miquel Raynal
2020-05-09 19:14 ` [PATCH 02/17] mtd: rawnand: nandsim: Use octal permissions Miquel Raynal
2020-05-09 19:14 ` [PATCH 03/17] mtd: rawnand: nandsim: Use a consistent ns_ prefix for all functions Miquel Raynal
2020-05-09 19:14 ` [PATCH 04/17] mtd: rawnand: nandsim: Clean error handling Miquel Raynal
2020-05-09 19:14 ` [PATCH 05/17] mtd: rawnand: nandsim: Keep track of the created debugfs entries Miquel Raynal
2020-05-09 19:14 ` [PATCH 06/17] mtd: rawnand: nandsim: Remove debugfs entries at unload time Miquel Raynal
2020-05-09 20:43   ` Richard Weinberger
2020-05-09 22:29     ` Miquel Raynal
2020-05-24 21:27       ` Richard Weinberger
2020-05-24 21:33   ` Richard Weinberger
2020-05-24 22:14     ` Miquel Raynal
2020-05-09 19:14 ` [PATCH 07/17] mtd: rawnand: nandsim: Fix the two ns_alloc_device() error paths Miquel Raynal
2020-05-09 19:14 ` [PATCH 08/17] mtd: rawnand: nandsim: Free partition names on error in ns_init() Miquel Raynal
2020-05-09 19:14 ` [PATCH 09/17] mtd: rawnand: nandsim: Free the allocated device " Miquel Raynal
2020-05-09 19:14 ` [PATCH 10/17] mtd: rawnand: nandsim: Free the partition names in ns_free() Miquel Raynal
2020-05-09 19:14 ` [PATCH 11/17] mtd: rawnand: nandsim: Stop using nand_release() Miquel Raynal
2020-05-09 19:14 ` [PATCH 12/17] mtd: rawnand: nandsim: Use an additional label when freeing the nandsim object Miquel Raynal
2020-05-09 19:14 ` [PATCH 13/17] mtd: rawnand: nandsim: Free erase_block_wear on error Miquel Raynal
2020-05-09 19:14 ` [PATCH 14/17] mtd: rawnand: nandsim: Fix the label pointing on nand_cleanup() Miquel Raynal
2020-05-09 19:14 ` [PATCH 15/17] mtd: rawnand: nandsim: Manage lists on error in ns_init_module() Miquel Raynal
2020-05-24 21:39   ` Richard Weinberger
2020-05-09 19:14 ` [PATCH 16/17] mtd: rawnand: nandsim: Rename a label " Miquel Raynal
2020-05-09 19:14 ` [PATCH 17/17] mtd: rawnand: nandsim: Reorganize ns_cleanup_module() Miquel Raynal
2020-05-24 21:37   ` Richard Weinberger
2020-05-24 22:13     ` Miquel Raynal
2020-05-25  6:46       ` Boris Brezillon
2020-05-25  6:47         ` Boris Brezillon
2020-05-25  7:23           ` Miquel Raynal
2020-05-25  8:28             ` Miquel Raynal
2020-05-25  8:35               ` Boris Brezillon [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200525103502.2b838933@collabora.com \
    --to=boris.brezillon@collabora.com \
    --cc=Tudor.Ambarus@microchip.com \
    --cc=dedekind@infradead.org \
    --cc=linux-mtd@lists.infradead.org \
    --cc=miquel.raynal@bootlin.com \
    --cc=richard.weinberger@gmail.com \
    --cc=richard@nod.at \
    --cc=vigneshr@ti.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).