On Thu, 30 Jun 2011 14:53:13 +0300 Artem Bityutskiy <dedeki...@gmail.com> wrote:
> On Wed, 2011-06-29 at 11:45 -0500, Scott Wood wrote: > > If we're freeing fsl_lbc_ctrl, we'd better get rid of references to it... > > Yes, on the one hand this is a good defensive programming practice, on > the other hand it hides double-free bugs. Like this patch fixes a > double-free bug, and why it was noticed before? I thought may be because > of this NULL assignment? I'm not sure how the NULL assignment was hiding anything here. It was probably hidden only because nobody tested it with suitable debug options enabled since the code was last reorganized. If the NULL assignment is dropped, consider what happens if the fsl_elbc_nand module is removed then reinserted. On reinsertion, it will see a non-NULL fsl_lbc_ctrl_dev->nand, and will skip allocating a new one. Then you're referencing freed memory. Looking more closely, the MAX_BANKS loop should be removed. Since the reorganization, the platform device represents one chip, not the controller, so we should only be removing that one chip. -Scott _______________________________________________ Linuxppc-dev mailing list Linuxppc-dev@lists.ozlabs.org https://lists.ozlabs.org/listinfo/linuxppc-dev
