Hello Richard Weinberger,
The patch c16e73587ad6: "ubifs: Don't leak orphans on memory during
commit" from May 15, 2019, leads to the following static checker
warning:
fs/ubifs/orphan.c:231 ubifs_delete_orphan()
warn: 'orph' was already freed.
fs/ubifs/orphan.c
214 void ubifs_delete_orphan(struct ubifs_info *c, ino_t inum)
215 {
216 struct ubifs_orphan *orph, *child_orph, *tmp_o;
217
218 spin_lock(&c->orphan_lock);
219
220 orph = lookup_orphan(c, inum);
221 if (!orph) {
222 spin_unlock(&c->orphan_lock);
223 ubifs_err(c, "missing orphan ino %lu", (unsigned long)inum);
224 dump_stack();
225
226 return;
227 }
228
229 orphan_delete(c, orph);
^^^^
The "orph" pointer is sometimes free in orphan_delete().
230
231 list_for_each_entry_safe(child_orph, tmp_o, &orph->child_list, child_list) {
^^^^
use after free?
232 list_del(&child_orph->child_list);
233 orphan_delete(c, child_orph);
234 }
235
236 spin_unlock(&c->orphan_lock);
237 }
regards,
dan carpenter
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
[bug report] ubifs: Don't leak orphans on memory during commit
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [bug report] ubifs: Don't leak orphans on memory during commit
- From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
- Date: Tue, 21 May 2019 10:09:37 +0300
- Cc: linux-mtd@xxxxxxxxxxxxxxxxxxx
- User-agent: Mutt/1.10.1 (2018-07-13)
- Follow-Ups:
- Re: [bug report] ubifs: Don't leak orphans on memory during commit
- From: Richard Weinberger
- Re: [bug report] ubifs: Don't leak orphans on memory during commit
- Prev by Date: [PATCH 04/14] mtd: rawnand: gpmi: remove unused variable
- Next by Date: Re: [PATCH v3 00/14] Implement exec_op for GPMI nand driver
- Previous by thread: [PATCH v4 00/14] Implement exec_op for GPMI nand driver
- Next by thread: Re: [bug report] ubifs: Don't leak orphans on memory during commit
- Index(es):
 |