The patch titled
UBI: dereference after kfree in create_vtbl
has been removed from the -mm tree. Its filename was
ubi-dereference-after-kfree-in-create_vtbl-2.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
Subject: UBI: dereference after kfree in create_vtbl
From: "Satyam Sharma" <satyam.sharma@xxxxxxxxx>
Fix write_error logic in drivers/mtd/ubi/vtbl.c:create_vtbl(). On a write
failure, we add the corrupted physical eraseblock to the corrupted list,
and then attempt to retry (upto a maximum of 5 times). Also, fix an oops
by pushing kfree(new_seb) below after dereferencing it for
ubi_scan_add_to_list().
Signed-off-by: Satyam Sharma <ssatyam@xxxxxxxxxxxxxx>
Signed-off-by: Florin Malita <fmalita@xxxxxxxxx>
Cc: Artem Bityutskiy <dedekind@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
drivers/mtd/ubi/vtbl.c | 8 +++-----
1 files changed, 3 insertions(+), 5 deletions(-)
diff -puN drivers/mtd/ubi/vtbl.c~ubi-dereference-after-kfree-in-create_vtbl-2 drivers/mtd/ubi/vtbl.c
--- a/drivers/mtd/ubi/vtbl.c~ubi-dereference-after-kfree-in-create_vtbl-2
+++ a/drivers/mtd/ubi/vtbl.c
@@ -317,14 +317,12 @@ retry:
return err;
write_error:
- kfree(new_seb);
/* May be this physical eraseblock went bad, try to pick another one */
- if (++tries <= 5) {
- err = ubi_scan_add_to_list(si, new_seb->pnum, new_seb->ec,
- &si->corr);
+ err = ubi_scan_add_to_list(si, new_seb->pnum, new_seb->ec, &si->corr);
+ kfree(new_seb);
+ if (++tries <= 5)
if (!err)
goto retry;
- }
out_free:
ubi_free_vid_hdr(ubi, vid_hdr);
return err;
_
Patches currently in -mm which might be from satyam.sharma@xxxxxxxxx are
origin.patch
git-ubi.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
