From patchwork Thu Jun 28 14:45:46 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: ubi: fastmap: Do not free 'ai' in 'scan_all()'
From: Shmulik Ladkani <shmulik.ladkani@gmail.com>
X-Patchwork-Id: 167892
Message-Id: <20120628174546.491954e2@pixies.home.jungo.com>
To: Richard Weinberger <richard@nod.at>
Cc: nyoushchenko@mvista.com,
 Artem Bityutskiy <artem.bityutskiy@linux.intel.com>,
 linux-kernel@vger.kernel.org, Adrian Hunter <adrian.hunter@intel.com>,
 Heinz.Egger@linutronix.de, thomas.wucher@linutronix.de,
 linux-mtd@lists.infradead.org, tim.bird@am.sony.com, tglx@linutronix.de, 
 Marius.Mazarel@ugal.ro
Date: Thu, 28 Jun 2012 17:45:46 +0300

From: Shmulik Ladkani <shmulik.ladkani@gmail.com>

Do not call 'destroy_ai(ai)' at error handling of 'scan_all', since:
- 'ai' is allocated in 'ubi_attach' (the caller of scan_all) and
  provided as an argument. It's not scan_all's responsibility to free it
- It is not consistent with scan_all's sister function
  'ubi_attach_fastmap()' which does not free the given 'ai'
- It will cause a double free as 'ubi_attach' (the caller of scan_all)
  already destroys 'ai' in case of an error

Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>

---
- compile tested

diff --git a/drivers/mtd/ubi/attach.c b/drivers/mtd/ubi/attach.c
index 019fbd3..8a339e4 100644
--- a/drivers/mtd/ubi/attach.c
+++ b/drivers/mtd/ubi/attach.c
@@ -1152,11 +1152,11 @@ static int scan_all(struct ubi_device *ubi, struct ubi_attach_info *ai)
 					       sizeof(struct ubi_ainf_peb),
 					       0, 0, NULL);
 	if (!ai->aeb_slab_cache)
-		goto out_ai;
+		return -ENOMEM;
 
 	ech = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL);
 	if (!ech)
-		goto out_ai;
+		return -ENOMEM;
 
 	vidh = ubi_zalloc_vid_hdr(ubi, GFP_KERNEL);
 	if (!vidh)
@@ -1218,8 +1218,6 @@ out_vidh:
 	ubi_free_vid_hdr(ubi, vidh);
 out_ech:
 	kfree(ech);
-out_ai:
-	destroy_ai(ai);
 	return err;
 }