21 Nov
2018
21 Nov
'18
7:47 a.m.
Hello Boris,
Am 19.11.2018 um 21:59 schrieb Boris Brezillon:
The DM implementation of spi_flash_free() does not unregister the MTD device before removing the spi dev object. This leads to a use-after-free bug when the MTD device is later accessed by a MTD user (observed when attaching the device to UBI after env_sf_load() has called spi_flash_free()).
Implement ->remove() and call spi_flash_mtd_unregister() from there.
Fixes: 9fe6d8716e09 ("mtd, spi: Add MTD layer driver") Signed-off-by: Boris Brezillon boris.brezillon@bootlin.com
Changes in v3:
- New patch
drivers/mtd/spi/sf_probe.c | 9 +++++++++ 1 file changed, 9 insertions(+)
Tested-by: Heiko Schocher hs@denx.de
bye, Heiko
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-52 Fax: +49-8142-66989-80 Email: hs@denx.de