Patch "ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()" has been added to the 4.14-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()

to the 4.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ubi-fix-unreferenced-object-reported-by-kmemleak-in-.patch
and it can be found in the queue-4.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 3644bd58f73294993aa95982d04c187810350e64
Author: Li Zetao <lizetao1@xxxxxxxxxx>
Date:   Fri Oct 21 18:21:57 2022 +0800

    ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
    
    [ Upstream commit 1e591ea072df7211f64542a09482b5f81cb3ad27 ]
    
    There is a memory leaks problem reported by kmemleak:
    
    unreferenced object 0xffff888102007a00 (size 128):
      comm "ubirsvol", pid 32090, jiffies 4298464136 (age 2361.231s)
      hex dump (first 32 bytes):
    ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
    ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
      backtrace:
    [<ffffffff8176cecd>] __kmalloc+0x4d/0x150
    [<ffffffffa02a9a36>] ubi_eba_create_table+0x76/0x170 [ubi]
    [<ffffffffa029764e>] ubi_resize_volume+0x1be/0xbc0 [ubi]
    [<ffffffffa02a3321>] ubi_cdev_ioctl+0x701/0x1850 [ubi]
    [<ffffffff81975d2d>] __x64_sys_ioctl+0x11d/0x170
    [<ffffffff83c142a5>] do_syscall_64+0x35/0x80
    [<ffffffff83e0006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
    
    This is due to a mismatch between create and destroy interfaces, and
    in detail that "new_eba_tbl" created by ubi_eba_create_table() but
    destroyed by kfree(), while will causing "new_eba_tbl->entries" not
    freed.
    
    Fix it by replacing kfree(new_eba_tbl) with
    ubi_eba_destroy_table(new_eba_tbl)
    
    Fixes: 799dca34ac54 ("UBI: hide EBA internals")
    Signed-off-by: Li Zetao <lizetao1@xxxxxxxxxx>
    Reviewed-by: Zhihao Cheng <chengzhihao1@xxxxxxxxxx>
    Signed-off-by: Richard Weinberger <richard@xxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/mtd/ubi/vmt.c b/drivers/mtd/ubi/vmt.c
index bbf4b61733708..26dcffb624e87 100644
--- a/drivers/mtd/ubi/vmt.c
+++ b/drivers/mtd/ubi/vmt.c
@@ -521,7 +521,7 @@ int ubi_resize_volume(struct ubi_volume_desc *desc, int reserved_pebs)
 	return err;
 
 out_free:
-	kfree(new_eba_tbl);
+	ubi_eba_destroy_table(new_eba_tbl);
 	return err;
 }
 



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux