All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] ubifs: Fix reference count leak in ubifsumount
@ 2022-05-23 21:35 Pali Rohár
  2022-05-30  9:09 ` [PATCH v2] " Pali Rohár
  0 siblings, 1 reply; 3+ messages in thread
From: Pali Rohár @ 2022-05-23 21:35 UTC (permalink / raw)
  To: u-boot

Original ubifs code was designed that after ubifs_umount() call it is
required to also call ubi_close_volume() which closes underlying UBI
volume. But U-Boot ubifs modification have not implemented it properly
which caused that ubifsumount command contains resource leak. It can be
observed by calling simple sequence of commands:

  => ubi part mtd2
  ubi0: attaching mtd2
  ...
  => ubifsmount ubi0
  => ubifsumount
  Unmounting UBIFS volume rootfs!
  => ubi detach
  ubi0 error: ubi_detach_mtd_dev: ubi0 reference count 1, destroy anyway
  ubi0: detaching mtd2
  ubi0: mtd2 is detached

Fix this issue by calling ubi_close_volume() and mutex_unlock() in
directly in ubifs_umount() function before freeing U-Boot's global
ubifs_sb. And remove duplicate calls of these two functions in remaining
places. With this change ubifsumount command does not throw that error
anymore.

  => ubi part rootfs
  ubi0: attaching mtd2
  ...
  => ubifsmount ubi0
  => ubifsumount
  Unmounting UBIFS volume rootfs!
  => ubi detach
  ubi0: detaching mtd2
  ubi0: mtd2 is detached

Signed-off-by: Pali Rohár <pali@kernel.org>
---
 fs/ubifs/super.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index e3a4c0bca270..7677dcc2a140 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -1757,6 +1757,8 @@ void ubifs_umount(struct ubifs_info *c)
 	kfree(c->bottom_up_buf);
 	ubifs_debugging_exit(c);
 #ifdef __UBOOT__
+	ubi_close_volume(c->ubi);
+	mutex_unlock(&c->umount_mutex);
 	/* Finally free U-Boot's global copy of superblock */
 	if (ubifs_sb != NULL) {
 		free(ubifs_sb->s_fs_info);
@@ -2058,9 +2060,9 @@ static void ubifs_put_super(struct super_block *sb)
 	ubifs_umount(c);
 #ifndef __UBOOT__
 	bdi_destroy(&c->bdi);
-#endif
 	ubi_close_volume(c->ubi);
 	mutex_unlock(&c->umount_mutex);
+#endif
 }
 #endif
 
@@ -2328,13 +2330,13 @@ static int ubifs_fill_super(struct super_block *sb, void *data, int silent)
 out_umount:
 	ubifs_umount(c);
 out_unlock:
-	mutex_unlock(&c->umount_mutex);
 #ifndef __UBOOT__
+	mutex_unlock(&c->umount_mutex);
 out_bdi:
 	bdi_destroy(&c->bdi);
 out_close:
-#endif
 	ubi_close_volume(c->ubi);
+#endif
 out:
 	return err;
 }
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* [PATCH v2] ubifs: Fix reference count leak in ubifsumount
  2022-05-23 21:35 [PATCH] ubifs: Fix reference count leak in ubifsumount Pali Rohár
@ 2022-05-30  9:09 ` Pali Rohár
  2022-07-08 16:38   ` Tom Rini
  0 siblings, 1 reply; 3+ messages in thread
From: Pali Rohár @ 2022-05-30  9:09 UTC (permalink / raw)
  To: u-boot

Original ubifs code was designed that after ubifs_umount() call it is
required to also call ubi_close_volume() which closes underlying UBI
volume. But U-Boot ubifs modification have not implemented it properly
which caused that ubifsumount command contains resource leak. It can be
observed by calling simple sequence of commands:

  => ubi part mtd2
  ubi0: attaching mtd2
  ...
  => ubifsmount ubi0
  => ubifsumount
  Unmounting UBIFS volume rootfs!
  => ubi detach
  ubi0 error: ubi_detach_mtd_dev: ubi0 reference count 1, destroy anyway
  ubi0: detaching mtd2
  ubi0: mtd2 is detached

Fix this issue by calling ubi_close_volume() and mutex_unlock() in
directly in ubifs_umount() function before freeing U-Boot's global
ubifs_sb. And remove duplicate calls of these two functions in remaining
places. Note that when ubifs_umount() is not called then during error
handling is still needed to call ubi_close_volume() and mutex_unlock.

With this change ubifsumount command does not throw that error anymore:

  => ubi part rootfs
  ubi0: attaching mtd2
  ...
  => ubifsmount ubi0
  => ubifsumount
  Unmounting UBIFS volume rootfs!
  => ubi detach
  ubi0: detaching mtd2
  ubi0: mtd2 is detached

Signed-off-by: Pali Rohár <pali@kernel.org>
---
Changes in v2:
* Fix error handling in ubifs_fill_super()
---
 fs/ubifs/super.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index e3a4c0bca270..034c41a70356 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -1757,6 +1757,8 @@ void ubifs_umount(struct ubifs_info *c)
 	kfree(c->bottom_up_buf);
 	ubifs_debugging_exit(c);
 #ifdef __UBOOT__
+	ubi_close_volume(c->ubi);
+	mutex_unlock(&c->umount_mutex);
 	/* Finally free U-Boot's global copy of superblock */
 	if (ubifs_sb != NULL) {
 		free(ubifs_sb->s_fs_info);
@@ -2058,9 +2060,9 @@ static void ubifs_put_super(struct super_block *sb)
 	ubifs_umount(c);
 #ifndef __UBOOT__
 	bdi_destroy(&c->bdi);
-#endif
 	ubi_close_volume(c->ubi);
 	mutex_unlock(&c->umount_mutex);
+#endif
 }
 #endif
 
@@ -2327,6 +2329,9 @@ static int ubifs_fill_super(struct super_block *sb, void *data, int silent)
 
 out_umount:
 	ubifs_umount(c);
+#ifdef __UBOOT__
+	goto out;
+#endif
 out_unlock:
 	mutex_unlock(&c->umount_mutex);
 #ifndef __UBOOT__
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH v2] ubifs: Fix reference count leak in ubifsumount
  2022-05-30  9:09 ` [PATCH v2] " Pali Rohár
@ 2022-07-08 16:38   ` Tom Rini
  0 siblings, 0 replies; 3+ messages in thread
From: Tom Rini @ 2022-07-08 16:38 UTC (permalink / raw)
  To: Pali Rohár; +Cc: u-boot

[-- Attachment #1: Type: text/plain, Size: 1460 bytes --]

On Mon, May 30, 2022 at 11:09:11AM +0200, Pali Rohár wrote:

> Original ubifs code was designed that after ubifs_umount() call it is
> required to also call ubi_close_volume() which closes underlying UBI
> volume. But U-Boot ubifs modification have not implemented it properly
> which caused that ubifsumount command contains resource leak. It can be
> observed by calling simple sequence of commands:
> 
>   => ubi part mtd2
>   ubi0: attaching mtd2
>   ...
>   => ubifsmount ubi0
>   => ubifsumount
>   Unmounting UBIFS volume rootfs!
>   => ubi detach
>   ubi0 error: ubi_detach_mtd_dev: ubi0 reference count 1, destroy anyway
>   ubi0: detaching mtd2
>   ubi0: mtd2 is detached
> 
> Fix this issue by calling ubi_close_volume() and mutex_unlock() in
> directly in ubifs_umount() function before freeing U-Boot's global
> ubifs_sb. And remove duplicate calls of these two functions in remaining
> places. Note that when ubifs_umount() is not called then during error
> handling is still needed to call ubi_close_volume() and mutex_unlock.
> 
> With this change ubifsumount command does not throw that error anymore:
> 
>   => ubi part rootfs
>   ubi0: attaching mtd2
>   ...
>   => ubifsmount ubi0
>   => ubifsumount
>   Unmounting UBIFS volume rootfs!
>   => ubi detach
>   ubi0: detaching mtd2
>   ubi0: mtd2 is detached
> 
> Signed-off-by: Pali Rohár <pali@kernel.org>

Applied to u-boot/next, thanks!

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-07-08 16:38 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-23 21:35 [PATCH] ubifs: Fix reference count leak in ubifsumount Pali Rohár
2022-05-30  9:09 ` [PATCH v2] " Pali Rohár
2022-07-08 16:38   ` Tom Rini

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.