Hi Boris, On Fri, Dec 11, 2015 at 11:03:05PM +0100, Boris Brezillon wrote: > On Thu, 10 Dec 2015 16:40:08 -0800 > Brian Norris <computersforpeace@xxxxxxxxx> wrote: > > On Thu, Dec 10, 2015 at 08:59:45AM +0100, Boris Brezillon wrote: > > > Unregister the NAND device from the NAND subsystem when removing a denali > > > NAND controller, otherwise the MTD attached to the NAND device is still > > > exposed by the MTD layer, and accesses to this device will likely crash > > > the system. > > > > > > Signed-off-by: Boris Brezillon <boris.brezillon@xxxxxxxxxxxxxxxxxx> > > > Cc: <stable@xxxxxxxxxxxxxxx> #3.8+ > > > > Does this follow these rules, from > > Documentation/stable_kernel_rules.txt? > > > > - It must be obviously correct and tested. > > > > - It must fix a real bug that bothers people (not a, "This could be a > > problem..." type thing). > > Sorry to bring the "stable or not stable (that is the question :-))" > debate back, but after thinking a bit more about the implications of > this missing nand_release() call, I think it is worth backporting the > fix to all stable kernels. > The reason is, it can potentially introduce a security hole, because if > the mtd device is not unregister but the underlying mtd object is freed > and the kernel reuses the same memory region for a different object, > the MTD layer will possibly call one of the mtd->_method() function, > and this field might point to another completely different function. > > You'll say that denali devices are probably never removed and this is > the reason why people have never seen this problem before, which would > be a good reason to not bother backporting the patch. > But, given that the driver can be compiled as a module (the user can > possibly load/unload it, which will in turn create/destroy the > NAND/MTD device), and that the denali controller can be exposed through > a PCI bus (which, AFAIK is hotpluggable), I really think this fix > should be sent to stable. That's all well and good, but still nobody has told me they've tested this. I've pushed your v5 (+ comments, + ack) to l2-mtd.git. If it gets testing and this request is made again at that point, we can easily send it to stable after it hits Linus' tree. See option 2 in Documentation/stable_kernel_rules.txt. You can even send the email yourself, just CC me and anyone else relevant. I'll ack it if it's been tested. Regards, Brian _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
