Re: [PATCH 1/2] mtd/nand : don't free the global data fsl_lbc_ctrl_dev->nand... | linuxppc-dev

[PATCH 1/2] mtd/nand : don't free the global data fsl_lbc_ctrl_dev->nand in fsl_elbc_chip_remove() · <hidden> · 2011-06-28
[PATCH 2/2] mtd/nand : workaround for Freescale FCM to support large-page Nand chip · <hidden> · 2011-06-28
RE: [PATCH 2/2] mtd/nand : workaround for Freescale FCM to supportlarge-page Nand chip · Mike Hench <hidden> · 2011-06-28
Re: [PATCH 2/2] mtd/nand : workaround for Freescale FCM to supportlarge-page Nand chip · Scott Wood <hidden> · 2011-06-28
Re: [PATCH 2/2] mtd/nand : workaround for Freescale FCM to support large-page Nand chip · Artem Bityutskiy <dedekind1@gmail.com> · 2011-06-29
Re: [PATCH 2/2] mtd/nand : workaround for Freescale FCM to support large-page Nand chip · Scott Wood <hidden> · 2011-06-29
Re: [PATCH 2/2] mtd/nand : workaround for Freescale FCM to support large-page Nand chip · Artem Bityutskiy <dedekind1@gmail.com> · 2011-06-30
Re: [PATCH 1/2] mtd/nand : don't free the global data fsl_lbc_ctrl_dev->nand in fsl_elbc_chip_remove() · Artem Bityutskiy <dedekind1@gmail.com> · 2011-06-29
Re: [PATCH 1/2] mtd/nand : don't free the global data fsl_lbc_ctrl_dev->nand in fsl_elbc_chip_remove() · Scott Wood <hidden> · 2011-06-29
Re: [PATCH 1/2] mtd/nand : don't free the global data fsl_lbc_ctrl_dev->nand in fsl_elbc_chip_remove() · Artem Bityutskiy <dedekind1@gmail.com> · 2011-06-30
Re: [PATCH 1/2] mtd/nand : don't free the global data fsl_lbc_ctrl_dev->nand in fsl_elbc_chip_remove() · Scott Wood <hidden> · 2011-06-30
Re: [PATCH 1/2] mtd/nand : don't free the global data fsl_lbc_ctrl_dev->nand in fsl_elbc_chip_remove() · Artem Bityutskiy <dedekind1@gmail.com> · 2011-07-01
Re: [PATCH 1/2] mtd/nand : don't free the global data fsl_lbc_ctrl_dev->nand in fsl_elbc_chip_remove() · Scott Wood <hidden> · 2011-07-01
Re: [PATCH 1/2] mtd/nand : don't free the global data fsl_lbc_ctrl_dev->nand in fsl_elbc_chip_remove() · Artem Bityutskiy <dedekind1@gmail.com> · 2011-07-06

Re: [PATCH 1/2] mtd/nand : don't free the global data fsl_lbc_ctrl_dev->nand in fsl_elbc_chip_remove()

From: Scott Wood <hidden>
Date: 2011-07-01 16:14:55

On Fri, 1 Jul 2011 08:40:21 +0300
Artem Bityutskiy [off-list ref] wrote:

On Thu, 2011-06-30 at 11:26 -0500, Scott Wood wrote:

quoted

If the NULL assignment is dropped, consider what happens if the
fsl_elbc_nand module is removed then reinserted.  On reinsertion, it
will
see a non-NULL fsl_lbc_ctrl_dev->nand, and will skip allocating a new
one.
Then you're referencing freed memory.

Oh, then this sounds like a separate bug. Removing the module should
kill everything, and re-inserging the module should have zero
dependencies on the previous states...

fsl_lbc_ctrl_dev (and thus the fsl_lbc_ctrl_dev->nand pointer) is not part
of the module, it is part of arch/powerpc/sysdev/fsl_lbc.c.  NAND isn't the
only thing that elbc does.  Since there can be multiple NAND chips, which
are separately probed, the first chip (under a lock) creates the NAND state
that is shared among the chips, and the last one removed destroys it.

Anyway, if you think the original patch is OK, I can put it to my tree.

I think it's OK.  The loop also needs to be removed, so the remove callback
operates only on the particular chip it's called on, but that's a separate
bug.

-Scott

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help