linux-mtd.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Richard Weinberger <richard.weinberger@gmail.com>
To: Miquel Raynal <miquel.raynal@bootlin.com>
Cc: Vignesh Raghavendra <vigneshr@ti.com>,
	Tudor Ambarus <Tudor.Ambarus@microchip.com>,
	dedekind@infradead.org, Richard Weinberger <richard@nod.at>,
	Boris Brezillon <boris.brezillon@collabora.com>,
	linux-mtd@lists.infradead.org
Subject: Re: [PATCH 17/17] mtd: rawnand: nandsim: Reorganize ns_cleanup_module()
Date: Sun, 24 May 2020 23:37:13 +0200	[thread overview]
Message-ID: <CAFLxGvzU2ESxZ74cve9w=CLBY2v95MMMJqzOFEmCAhVHYF5VvA@mail.gmail.com> (raw)
In-Reply-To: <20200509191431.15862-18-miquel.raynal@bootlin.com>

On Sat, May 9, 2020 at 9:19 PM Miquel Raynal <miquel.raynal@bootlin.com> wrote:
>         ns_debugfs_remove(ns);
> -       ns_free(ns);    /* Free nandsim private resources */
> -       nand_release(chip); /* Unregister driver */
> -       kfree(ns);        /* Free other structures */
> -       ns_free_lists();
> +       WARN_ON(mtd_device_unregister(nsmtd));
> +       ns_free(ns);
> +       kfree(erase_block_wear);
> +       nand_cleanup(chip);
> +       list_for_each_safe(pos, n, &grave_pages) {
> +               kfree(list_entry(pos, struct grave_page, list));
> +               list_del(pos);

Are you sure you can use pos after freeing the entry?
Smells like use after free.

-- 
Thanks,
//richard

______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/

  reply	other threads:[~2020-05-24 21:37 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-09 19:14 [PATCH 00/17] Clean nandsim error path Miquel Raynal
2020-05-09 19:14 ` [PATCH 01/17] mtd: rawnand: nandsim: Consistent use of 'ns' instead of 'dev' Miquel Raynal
2020-05-09 19:14 ` [PATCH 02/17] mtd: rawnand: nandsim: Use octal permissions Miquel Raynal
2020-05-09 19:14 ` [PATCH 03/17] mtd: rawnand: nandsim: Use a consistent ns_ prefix for all functions Miquel Raynal
2020-05-09 19:14 ` [PATCH 04/17] mtd: rawnand: nandsim: Clean error handling Miquel Raynal
2020-05-09 19:14 ` [PATCH 05/17] mtd: rawnand: nandsim: Keep track of the created debugfs entries Miquel Raynal
2020-05-09 19:14 ` [PATCH 06/17] mtd: rawnand: nandsim: Remove debugfs entries at unload time Miquel Raynal
2020-05-09 20:43   ` Richard Weinberger
2020-05-09 22:29     ` Miquel Raynal
2020-05-24 21:27       ` Richard Weinberger
2020-05-24 21:33   ` Richard Weinberger
2020-05-24 22:14     ` Miquel Raynal
2020-05-09 19:14 ` [PATCH 07/17] mtd: rawnand: nandsim: Fix the two ns_alloc_device() error paths Miquel Raynal
2020-05-09 19:14 ` [PATCH 08/17] mtd: rawnand: nandsim: Free partition names on error in ns_init() Miquel Raynal
2020-05-09 19:14 ` [PATCH 09/17] mtd: rawnand: nandsim: Free the allocated device " Miquel Raynal
2020-05-09 19:14 ` [PATCH 10/17] mtd: rawnand: nandsim: Free the partition names in ns_free() Miquel Raynal
2020-05-09 19:14 ` [PATCH 11/17] mtd: rawnand: nandsim: Stop using nand_release() Miquel Raynal
2020-05-09 19:14 ` [PATCH 12/17] mtd: rawnand: nandsim: Use an additional label when freeing the nandsim object Miquel Raynal
2020-05-09 19:14 ` [PATCH 13/17] mtd: rawnand: nandsim: Free erase_block_wear on error Miquel Raynal
2020-05-09 19:14 ` [PATCH 14/17] mtd: rawnand: nandsim: Fix the label pointing on nand_cleanup() Miquel Raynal
2020-05-09 19:14 ` [PATCH 15/17] mtd: rawnand: nandsim: Manage lists on error in ns_init_module() Miquel Raynal
2020-05-24 21:39   ` Richard Weinberger
2020-05-09 19:14 ` [PATCH 16/17] mtd: rawnand: nandsim: Rename a label " Miquel Raynal
2020-05-09 19:14 ` [PATCH 17/17] mtd: rawnand: nandsim: Reorganize ns_cleanup_module() Miquel Raynal
2020-05-24 21:37   ` Richard Weinberger [this message]
2020-05-24 22:13     ` Miquel Raynal
2020-05-25  6:46       ` Boris Brezillon
2020-05-25  6:47         ` Boris Brezillon
2020-05-25  7:23           ` Miquel Raynal
2020-05-25  8:28             ` Miquel Raynal
2020-05-25  8:35               ` Boris Brezillon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAFLxGvzU2ESxZ74cve9w=CLBY2v95MMMJqzOFEmCAhVHYF5VvA@mail.gmail.com' \
    --to=richard.weinberger@gmail.com \
    --cc=Tudor.Ambarus@microchip.com \
    --cc=boris.brezillon@collabora.com \
    --cc=dedekind@infradead.org \
    --cc=linux-mtd@lists.infradead.org \
    --cc=miquel.raynal@bootlin.com \
    --cc=richard@nod.at \
    --cc=vigneshr@ti.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).