Patch "Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"" has been added to the 4.14-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sat, 06 May 2023 16:00:06 +0900

This is a note to let you know that I've just added the patch titled

    Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"

to the 4.14-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     revert-ubifs-dirty_cow_znode-fix-memleak-in-error-handling-path.patch
and it can be found in the queue-4.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 7d01cb27f6aebc54efbe28d8961a973b8f795b13 Mon Sep 17 00:00:00 2001
From: Zhihao Cheng <chengzhihao1@xxxxxxxxxx>
Date: Wed, 1 Mar 2023 20:29:18 +0800
Subject: Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"

From: Zhihao Cheng <chengzhihao1@xxxxxxxxxx>

commit 7d01cb27f6aebc54efbe28d8961a973b8f795b13 upstream.

This reverts commit 122deabfe1428 (ubifs: dirty_cow_znode: Fix memleak
in error handling path).
After commit 122deabfe1428 applied, if insert_old_idx() failed, old
index neither exists in TNC nor in old-index tree. Which means that
old index node could be overwritten in layout_leb_in_gaps(), then
ubifs image will be corrupted in power-cut.

Fixes: 122deabfe1428 (ubifs: dirty_cow_znode: Fix memleak ... path)
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Zhihao Cheng <chengzhihao1@xxxxxxxxxx>
Signed-off-by: Richard Weinberger <richard@xxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/ubifs/tnc.c |    9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

--- a/fs/ubifs/tnc.c
+++ b/fs/ubifs/tnc.c
@@ -279,18 +279,11 @@ static struct ubifs_znode *dirty_cow_zno
 	if (zbr->len) {
 		err = insert_old_idx(c, zbr->lnum, zbr->offs);
 		if (unlikely(err))
-			/*
-			 * Obsolete znodes will be freed by tnc_destroy_cnext()
-			 * or free_obsolete_znodes(), copied up znodes should
-			 * be added back to tnc and freed by
-			 * ubifs_destroy_tnc_subtree().
-			 */
-			goto out;
+			return ERR_PTR(err);
 		err = add_idx_dirt(c, zbr->lnum, zbr->len);
 	} else
 		err = 0;
 
-out:
 	zbr->znode = zn;
 	zbr->lnum = 0;
 	zbr->offs = 0;


Patches currently in stable-queue which might be from chengzhihao1@xxxxxxxxxx are

queue-4.14/ubi-fix-return-value-overwrite-issue-in-try_write_vid_and_data.patch
queue-4.14/ubifs-free-memory-for-tmpfile-name.patch
queue-4.14/revert-ubifs-dirty_cow_znode-fix-memleak-in-error-handling-path.patch






