[U-Boot] [PATCH v3 10/11] mtd: sf: Unregister the MTD device prior to removing the spi_flash obj
Heiko Schocher
hs at denx.de
Wed Nov 21 06:47:06 UTC 2018
Hello Boris,
Am 19.11.2018 um 21:59 schrieb Boris Brezillon:
> The DM implementation of spi_flash_free() does not unregister the MTD
> device before removing the spi dev object. This leads to a use-after-free
> bug when the MTD device is later accessed by a MTD user (observed when
> attaching the device to UBI after env_sf_load() has called
> spi_flash_free()).
>
> Implement ->remove() and call spi_flash_mtd_unregister() from there.
>
> Fixes: 9fe6d8716e09 ("mtd, spi: Add MTD layer driver")
> Signed-off-by: Boris Brezillon <boris.brezillon at bootlin.com>
> ---
> Changes in v3:
> - New patch
> ---
> drivers/mtd/spi/sf_probe.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
Tested-by: Heiko Schocher <hs at denx.de>
bye,
Heiko
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: +49-8142-66989-52 Fax: +49-8142-66989-80 Email: hs at denx.de
More information about the U-Boot
mailing list