* [PATCH] ubifs: Fix reference count leak in ubifsumount
@ 2022-05-23 21:35 Pali Rohár
2022-05-30 9:09 ` [PATCH v2] " Pali Rohár
0 siblings, 1 reply; 3+ messages in thread
From: Pali Rohár @ 2022-05-23 21:35 UTC (permalink / raw)
To: u-boot
Original ubifs code was designed that after ubifs_umount() call it is
required to also call ubi_close_volume() which closes underlying UBI
volume. But U-Boot ubifs modification have not implemented it properly
which caused that ubifsumount command contains resource leak. It can be
observed by calling simple sequence of commands:
=> ubi part mtd2
ubi0: attaching mtd2
...
=> ubifsmount ubi0
=> ubifsumount
Unmounting UBIFS volume rootfs!
=> ubi detach
ubi0 error: ubi_detach_mtd_dev: ubi0 reference count 1, destroy anyway
ubi0: detaching mtd2
ubi0: mtd2 is detached
Fix this issue by calling ubi_close_volume() and mutex_unlock() in
directly in ubifs_umount() function before freeing U-Boot's global
ubifs_sb. And remove duplicate calls of these two functions in remaining
places. With this change ubifsumount command does not throw that error
anymore.
=> ubi part rootfs
ubi0: attaching mtd2
...
=> ubifsmount ubi0
=> ubifsumount
Unmounting UBIFS volume rootfs!
=> ubi detach
ubi0: detaching mtd2
ubi0: mtd2 is detached
Signed-off-by: Pali Rohár <pali@kernel.org>
---
fs/ubifs/super.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index e3a4c0bca270..7677dcc2a140 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -1757,6 +1757,8 @@ void ubifs_umount(struct ubifs_info *c)
kfree(c->bottom_up_buf);
ubifs_debugging_exit(c);
#ifdef __UBOOT__
+ ubi_close_volume(c->ubi);
+ mutex_unlock(&c->umount_mutex);
/* Finally free U-Boot's global copy of superblock */
if (ubifs_sb != NULL) {
free(ubifs_sb->s_fs_info);
@@ -2058,9 +2060,9 @@ static void ubifs_put_super(struct super_block *sb)
ubifs_umount(c);
#ifndef __UBOOT__
bdi_destroy(&c->bdi);
-#endif
ubi_close_volume(c->ubi);
mutex_unlock(&c->umount_mutex);
+#endif
}
#endif
@@ -2328,13 +2330,13 @@ static int ubifs_fill_super(struct super_block *sb, void *data, int silent)
out_umount:
ubifs_umount(c);
out_unlock:
- mutex_unlock(&c->umount_mutex);
#ifndef __UBOOT__
+ mutex_unlock(&c->umount_mutex);
out_bdi:
bdi_destroy(&c->bdi);
out_close:
-#endif
ubi_close_volume(c->ubi);
+#endif
out:
return err;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH v2] ubifs: Fix reference count leak in ubifsumount
2022-05-23 21:35 [PATCH] ubifs: Fix reference count leak in ubifsumount Pali Rohár
@ 2022-05-30 9:09 ` Pali Rohár
2022-07-08 16:38 ` Tom Rini
0 siblings, 1 reply; 3+ messages in thread
From: Pali Rohár @ 2022-05-30 9:09 UTC (permalink / raw)
To: u-boot
Original ubifs code was designed that after ubifs_umount() call it is
required to also call ubi_close_volume() which closes underlying UBI
volume. But U-Boot ubifs modification have not implemented it properly
which caused that ubifsumount command contains resource leak. It can be
observed by calling simple sequence of commands:
=> ubi part mtd2
ubi0: attaching mtd2
...
=> ubifsmount ubi0
=> ubifsumount
Unmounting UBIFS volume rootfs!
=> ubi detach
ubi0 error: ubi_detach_mtd_dev: ubi0 reference count 1, destroy anyway
ubi0: detaching mtd2
ubi0: mtd2 is detached
Fix this issue by calling ubi_close_volume() and mutex_unlock() in
directly in ubifs_umount() function before freeing U-Boot's global
ubifs_sb. And remove duplicate calls of these two functions in remaining
places. Note that when ubifs_umount() is not called then during error
handling is still needed to call ubi_close_volume() and mutex_unlock.
With this change ubifsumount command does not throw that error anymore:
=> ubi part rootfs
ubi0: attaching mtd2
...
=> ubifsmount ubi0
=> ubifsumount
Unmounting UBIFS volume rootfs!
=> ubi detach
ubi0: detaching mtd2
ubi0: mtd2 is detached
Signed-off-by: Pali Rohár <pali@kernel.org>
---
Changes in v2:
* Fix error handling in ubifs_fill_super()
---
fs/ubifs/super.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index e3a4c0bca270..034c41a70356 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -1757,6 +1757,8 @@ void ubifs_umount(struct ubifs_info *c)
kfree(c->bottom_up_buf);
ubifs_debugging_exit(c);
#ifdef __UBOOT__
+ ubi_close_volume(c->ubi);
+ mutex_unlock(&c->umount_mutex);
/* Finally free U-Boot's global copy of superblock */
if (ubifs_sb != NULL) {
free(ubifs_sb->s_fs_info);
@@ -2058,9 +2060,9 @@ static void ubifs_put_super(struct super_block *sb)
ubifs_umount(c);
#ifndef __UBOOT__
bdi_destroy(&c->bdi);
-#endif
ubi_close_volume(c->ubi);
mutex_unlock(&c->umount_mutex);
+#endif
}
#endif
@@ -2327,6 +2329,9 @@ static int ubifs_fill_super(struct super_block *sb, void *data, int silent)
out_umount:
ubifs_umount(c);
+#ifdef __UBOOT__
+ goto out;
+#endif
out_unlock:
mutex_unlock(&c->umount_mutex);
#ifndef __UBOOT__
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v2] ubifs: Fix reference count leak in ubifsumount
2022-05-30 9:09 ` [PATCH v2] " Pali Rohár
@ 2022-07-08 16:38 ` Tom Rini
0 siblings, 0 replies; 3+ messages in thread
From: Tom Rini @ 2022-07-08 16:38 UTC (permalink / raw)
To: Pali Rohár; +Cc: u-boot
[-- Attachment #1: Type: text/plain, Size: 1460 bytes --]
On Mon, May 30, 2022 at 11:09:11AM +0200, Pali Rohár wrote:
> Original ubifs code was designed that after ubifs_umount() call it is
> required to also call ubi_close_volume() which closes underlying UBI
> volume. But U-Boot ubifs modification have not implemented it properly
> which caused that ubifsumount command contains resource leak. It can be
> observed by calling simple sequence of commands:
>
> => ubi part mtd2
> ubi0: attaching mtd2
> ...
> => ubifsmount ubi0
> => ubifsumount
> Unmounting UBIFS volume rootfs!
> => ubi detach
> ubi0 error: ubi_detach_mtd_dev: ubi0 reference count 1, destroy anyway
> ubi0: detaching mtd2
> ubi0: mtd2 is detached
>
> Fix this issue by calling ubi_close_volume() and mutex_unlock() in
> directly in ubifs_umount() function before freeing U-Boot's global
> ubifs_sb. And remove duplicate calls of these two functions in remaining
> places. Note that when ubifs_umount() is not called then during error
> handling is still needed to call ubi_close_volume() and mutex_unlock.
>
> With this change ubifsumount command does not throw that error anymore:
>
> => ubi part rootfs
> ubi0: attaching mtd2
> ...
> => ubifsmount ubi0
> => ubifsumount
> Unmounting UBIFS volume rootfs!
> => ubi detach
> ubi0: detaching mtd2
> ubi0: mtd2 is detached
>
> Signed-off-by: Pali Rohár <pali@kernel.org>
Applied to u-boot/next, thanks!
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-07-08 16:38 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-23 21:35 [PATCH] ubifs: Fix reference count leak in ubifsumount Pali Rohár
2022-05-30 9:09 ` [PATCH v2] " Pali Rohár
2022-07-08 16:38 ` Tom Rini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.