projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b6c985d) | patch
mtd: rawnand: diskonchip: fix a potential double free in doc_probe
authorDinghao Liu <dinghao.liu@zju.edu.cn>
Thu, 14 Dec 2023 07:29:43 +0000 (15:29 +0800)
committerMiquel Raynal <miquel.raynal@bootlin.com>
Thu, 14 Dec 2023 15:42:01 +0000 (16:42 +0100)
commit2b8aa4c3e6a5d41b10b53da2017852f647d0345b
tree500da49b74efd27c350439d57852a819dc4cdba7tree | snapshot
parentb6c985dd9a2d5902e413c2e9ba5a770fbca12322commit | diff
mtd: rawnand: diskonchip: fix a potential double free in doc_probe

When nand_scan() fails, it has cleaned up related resources
in its error paths. Therefore, the following nand_cleanup()
may lead to a double-free. One possible trace is:

doc_probe
  |-> nand_scan
  |     |-> nand_scan_with_ids
  |           |-> nand_scan_tail
  |                 |-> kfree(chip->data_buf) [First free]
  |
  |-> nand_cleanup
        |-> kfree(chip->data_buf) [Double free here]

Fix this by removing nand_cleanup() on failure of
nand_scan().

Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20231214072946.10285-1-dinghao.liu@zju.edu.cn
drivers/mtd/nand/raw/diskonchip.c diff | blob | history
ep93xx device tree rework repo: git://git.maquefel.me/linux.git