[U-Boot] [PATCH v3 10/11] mtd: sf: Unregister the MTD device prior to removing the spi_flash obj
Jagan Teki
jagan at amarulasolutions.com
Thu Nov 22 07:06:44 UTC 2018
On Tue, Nov 20, 2018 at 2:37 AM Boris Brezillon
<boris.brezillon at bootlin.com> wrote:
>
> The DM implementation of spi_flash_free() does not unregister the MTD
> device before removing the spi dev object. This leads to a use-after-free
> bug when the MTD device is later accessed by a MTD user (observed when
> attaching the device to UBI after env_sf_load() has called
> spi_flash_free()).
>
> Implement ->remove() and call spi_flash_mtd_unregister() from there.
>
> Fixes: 9fe6d8716e09 ("mtd, spi: Add MTD layer driver")
> Signed-off-by: Boris Brezillon <boris.brezillon at bootlin.com>
> ---
Reviewed-by: Jagan Teki <jagan at openedev.com>
More information about the U-Boot
mailing list