Re: [PATCH 17/17] mtd: rawnand: nandsim: Reorganize ns_cleanup_module()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Richard,

Richard Weinberger <richard.weinberger@xxxxxxxxx> wrote on Sun, 24 May
2020 23:37:13 +0200:

> On Sat, May 9, 2020 at 9:19 PM Miquel Raynal <miquel.raynal@xxxxxxxxxxx> wrote:
> >         ns_debugfs_remove(ns);
> > -       ns_free(ns);    /* Free nandsim private resources */
> > -       nand_release(chip); /* Unregister driver */
> > -       kfree(ns);        /* Free other structures */
> > -       ns_free_lists();
> > +       WARN_ON(mtd_device_unregister(nsmtd));
> > +       ns_free(ns);
> > +       kfree(erase_block_wear);
> > +       nand_cleanup(chip);
> > +       list_for_each_safe(pos, n, &grave_pages) {
> > +               kfree(list_entry(pos, struct grave_page, list));
> > +               list_del(pos);  
> 
> Are you sure you can use pos after freeing the entry?
> Smells like use after free.
> 

Mmmmh, I should probably invert those two lines, first call list_del()
and then call kfree() on list_entry().

Thanks for noticing!
Miquèl

______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux