+ ubi-dereference-after-kfree-in-create_vtbl-2.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The patch titled
     UBI: dereference after kfree in create_vtbl
has been added to the -mm tree.  Its filename is
     ubi-dereference-after-kfree-in-create_vtbl-2.patch

*** Remember to use Documentation/SubmitChecklist when testing your code ***

See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this

------------------------------------------------------
Subject: UBI: dereference after kfree in create_vtbl
From: "Satyam Sharma" <satyam.sharma@xxxxxxxxx>

Fix write_error logic in drivers/mtd/ubi/vtbl.c:create_vtbl().  On a write
failure, we add the corrupted physical eraseblock to the corrupted list,
and then attempt to retry (upto a maximum of 5 times).  Also, fix an oops
by pushing kfree(new_seb) below after dereferencing it for
ubi_scan_add_to_list().

Signed-off-by: Satyam Sharma <ssatyam@xxxxxxxxxxxxxx>
Signed-off-by: Florin Malita <fmalita@xxxxxxxxx>
Cc: Artem Bityutskiy <dedekind@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 drivers/mtd/ubi/vtbl.c |    8 +++-----
 1 files changed, 3 insertions(+), 5 deletions(-)

diff -puN drivers/mtd/ubi/vtbl.c~ubi-dereference-after-kfree-in-create_vtbl-2 drivers/mtd/ubi/vtbl.c
--- a/drivers/mtd/ubi/vtbl.c~ubi-dereference-after-kfree-in-create_vtbl-2
+++ a/drivers/mtd/ubi/vtbl.c
@@ -317,14 +317,12 @@ retry:
 	return err;
 
 write_error:
-	kfree(new_seb);
 	/* May be this physical eraseblock went bad, try to pick another one */
-	if (++tries <= 5) {
-		err = ubi_scan_add_to_list(si, new_seb->pnum, new_seb->ec,
-					   &si->corr);
+	err = ubi_scan_add_to_list(si, new_seb->pnum, new_seb->ec, &si->corr);
+	kfree(new_seb);
+	if (++tries <= 5)
 		if (!err)
 			goto retry;
-	}
 out_free:
 	ubi_free_vid_hdr(ubi, vid_hdr);
 	return err;
_

Patches currently in -mm which might be from satyam.sharma@xxxxxxxxx are

origin.patch
ubi-dereference-after-kfree-in-create_vtbl-2.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Kernel Newbies FAQ]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux