subject:"\[PATCH\] dm\: spi\: Fix spi_free_slave\(\) freed memory write"

Re: [PATCH] dm: spi: Fix spi_free_slave() freed memory write

2020-12-23 Thread Simon Glass

On Wed, 16 Dec 2020 at 04:12, Niel Fourie  wrote:
>
> Remove setting slave->dev to NULL after the device_remove() call.
>
> The slave pointer points to dev->parent_priv, which has already
> been freed by device_free(), called from device_remove() in the
> preceding line. Writing to slave->dev may cause corruption of the
> dlmalloc free chunk forward pointer of the previously freed chunk.
>
> Signed-off-by: Niel Fourie 
> Cc: Simon Glass 
> ---
>  drivers/spi/spi-uclass.c | 1 -
>  1 file changed, 1 deletion(-)

Reviewed-by: Simon Glass 

Applied to u-boot-dm/next, thanks!

Re: [PATCH] dm: spi: Fix spi_free_slave() freed memory write

2020-12-18 Thread Simon Glass

On Wed, 16 Dec 2020 at 04:12, Niel Fourie  wrote:
>
> Remove setting slave->dev to NULL after the device_remove() call.
>
> The slave pointer points to dev->parent_priv, which has already
> been freed by device_free(), called from device_remove() in the
> preceding line. Writing to slave->dev may cause corruption of the
> dlmalloc free chunk forward pointer of the previously freed chunk.
>
> Signed-off-by: Niel Fourie 
> Cc: Simon Glass 
> ---
>  drivers/spi/spi-uclass.c | 1 -
>  1 file changed, 1 deletion(-)

Reviewed-by: Simon Glass

[PATCH] dm: spi: Fix spi_free_slave() freed memory write

2020-12-16 Thread Niel Fourie

Remove setting slave->dev to NULL after the device_remove() call.

The slave pointer points to dev->parent_priv, which has already
been freed by device_free(), called from device_remove() in the
preceding line. Writing to slave->dev may cause corruption of the
dlmalloc free chunk forward pointer of the previously freed chunk.

Signed-off-by: Niel Fourie 
Cc: Simon Glass 
---
 drivers/spi/spi-uclass.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/spi/spi-uclass.c b/drivers/spi/spi-uclass.c
index 55a8eed8901..a16ac9280fd 100644
--- a/drivers/spi/spi-uclass.c
+++ b/drivers/spi/spi-uclass.c
@@ -428,7 +428,6 @@ struct spi_slave *spi_setup_slave(unsigned int busnum, 
unsigned int cs,
 void spi_free_slave(struct spi_slave *slave)
 {
device_remove(slave->dev, DM_REMOVE_NORMAL);
-   slave->dev = NULL;
 }
 
 int spi_slave_ofdata_to_platdata(struct udevice *dev,
-- 
2.28.0

Re: [PATCH] dm: spi: Fix spi_free_slave() freed memory write

Re: [PATCH] dm: spi: Fix spi_free_slave() freed memory write

[PATCH] dm: spi: Fix spi_free_slave() freed memory write

3 matches

Site Navigation

Mail list logo

Footer information