On Mon, Jul 23, 2018 at 07:48:57PM +0300, Anton Vasilyev wrote: > static struct ro_vpd and rw_vpd are initialized by vpd_sections_init() > in vpd_probe() based on header's ro and rw sizes. > In vpd_remove() vpd_section_destroy() performs deinitialization based > on enabled flag, which is set to true by vpd_sections_init(). > This leads to call of vpd_section_destroy() on already destroyed section > for probe-release-probe-release sequence if first probe performs > ro_vpd initialization and second probe does not initialize it. > > The patch adds changing enabled flag on vpd_section_destroy. > > Found by Linux Driver Verification project (linuxtesting.org). > > Signed-off-by: Anton Vasilyev <vasil...@ispras.ru>
Good find. Reviewed-by: Dmitry Torokhov <dmitry.torok...@gmail.com> > --- > drivers/firmware/google/vpd.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/firmware/google/vpd.c b/drivers/firmware/google/vpd.c > index e9db895916c3..5347c17c7108 100644 > --- a/drivers/firmware/google/vpd.c > +++ b/drivers/firmware/google/vpd.c > @@ -246,6 +246,7 @@ static int vpd_section_destroy(struct vpd_section *sec) > sysfs_remove_bin_file(vpd_kobj, &sec->bin_attr); > kfree(sec->raw_name); > memunmap(sec->baseaddr); > + sec->enabled = false; > } > > return 0; > -- > 2.18.0 > Thanks. -- Dmitry
