All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] ubi: fix memory leak from ubi->fm_anchor
@ 2020-01-14  9:33 quanyang.wang
  2020-02-03  8:37 ` Quanyang Wang
  0 siblings, 1 reply; 6+ messages in thread
From: quanyang.wang @ 2020-01-14  9:33 UTC (permalink / raw)
  To: richard, miquel.raynal, vigneshr; +Cc: linux-mtd, linux-kernel, quanyang.wang

From: Quanyang Wang <quanyang.wang@windriver.com>

Some ubi_wl_entry are allocated in erase_aeb() and one of them is
assigned to ubi->fm_anchor in __erase_worker(). And it should be freed
like others which are freed in tree_destroy(). Otherwise, it will
cause a memory leak:

unreferenced object 0xbc094318 (size 24):
  comm "ubiattach", pid 491, jiffies 4294954015 (age 420.110s)
  hex dump (first 24 bytes):
    30 43 09 bc 00 00 00 00 00 00 00 00 01 00 00 00  0C..............
    02 00 00 00 04 00 00 00                          ........
  backtrace:
    [<6c2d5089>] erase_aeb+0x28/0xc8
    [<a1c68fb1>] ubi_wl_init+0x1d8/0x4a8
    [<d4f408f8>] ubi_attach+0xffc/0x10d0
    [<add3b5d8>] ubi_attach_mtd_dev+0x5b4/0x9fc
    [<d375a11c>] ctrl_cdev_ioctl+0xb8/0x1d8
    [<72b250f2>] vfs_ioctl+0x28/0x3c
    [<b80095d7>] do_vfs_ioctl+0xb0/0x798
    [<bf9ef69e>] ksys_ioctl+0x58/0x74
    [<5355bdbe>] ret_fast_syscall+0x0/0x54
    [<90c6c3ca>] 0x7eadf854

Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com>
---
 drivers/mtd/ubi/wl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c
index 5d77a38dba54..a5e9d1e4dc34 100644
--- a/drivers/mtd/ubi/wl.c
+++ b/drivers/mtd/ubi/wl.c
@@ -1885,6 +1885,7 @@ int ubi_wl_init(struct ubi_device *ubi, struct ubi_attach_info *ai)
 	tree_destroy(ubi, &ubi->used);
 	tree_destroy(ubi, &ubi->free);
 	tree_destroy(ubi, &ubi->scrub);
+	wl_entry_destroy(ubi, ubi->fm_anchor);
 	kfree(ubi->lookuptbl);
 	return err;
 }
@@ -1920,6 +1921,7 @@ void ubi_wl_close(struct ubi_device *ubi)
 	tree_destroy(ubi, &ubi->erroneous);
 	tree_destroy(ubi, &ubi->free);
 	tree_destroy(ubi, &ubi->scrub);
+	wl_entry_destroy(ubi, ubi->fm_anchor);
 	kfree(ubi->lookuptbl);
 }
 
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [PATCH] ubi: fix memory leak from ubi->fm_anchor
  2020-01-14  9:33 [PATCH] ubi: fix memory leak from ubi->fm_anchor quanyang.wang
@ 2020-02-03  8:37 ` Quanyang Wang
  2020-02-07 15:54     ` Richard Weinberger
  0 siblings, 1 reply; 6+ messages in thread
From: Quanyang Wang @ 2020-02-03  8:37 UTC (permalink / raw)
  To: richard, miquel.raynal, vigneshr; +Cc: linux-mtd, linux-kernel

Ping?

On 1/14/20 5:33 PM, quanyang.wang@windriver.com wrote:
> From: Quanyang Wang <quanyang.wang@windriver.com>
>
> Some ubi_wl_entry are allocated in erase_aeb() and one of them is
> assigned to ubi->fm_anchor in __erase_worker(). And it should be freed
> like others which are freed in tree_destroy(). Otherwise, it will
> cause a memory leak:
>
> unreferenced object 0xbc094318 (size 24):
>    comm "ubiattach", pid 491, jiffies 4294954015 (age 420.110s)
>    hex dump (first 24 bytes):
>      30 43 09 bc 00 00 00 00 00 00 00 00 01 00 00 00  0C..............
>      02 00 00 00 04 00 00 00                          ........
>    backtrace:
>      [<6c2d5089>] erase_aeb+0x28/0xc8
>      [<a1c68fb1>] ubi_wl_init+0x1d8/0x4a8
>      [<d4f408f8>] ubi_attach+0xffc/0x10d0
>      [<add3b5d8>] ubi_attach_mtd_dev+0x5b4/0x9fc
>      [<d375a11c>] ctrl_cdev_ioctl+0xb8/0x1d8
>      [<72b250f2>] vfs_ioctl+0x28/0x3c
>      [<b80095d7>] do_vfs_ioctl+0xb0/0x798
>      [<bf9ef69e>] ksys_ioctl+0x58/0x74
>      [<5355bdbe>] ret_fast_syscall+0x0/0x54
>      [<90c6c3ca>] 0x7eadf854
>
> Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com>
> ---
>   drivers/mtd/ubi/wl.c | 2 ++
>   1 file changed, 2 insertions(+)
>
> diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c
> index 5d77a38dba54..a5e9d1e4dc34 100644
> --- a/drivers/mtd/ubi/wl.c
> +++ b/drivers/mtd/ubi/wl.c
> @@ -1885,6 +1885,7 @@ int ubi_wl_init(struct ubi_device *ubi, struct ubi_attach_info *ai)
>   	tree_destroy(ubi, &ubi->used);
>   	tree_destroy(ubi, &ubi->free);
>   	tree_destroy(ubi, &ubi->scrub);
> +	wl_entry_destroy(ubi, ubi->fm_anchor);
>   	kfree(ubi->lookuptbl);
>   	return err;
>   }
> @@ -1920,6 +1921,7 @@ void ubi_wl_close(struct ubi_device *ubi)
>   	tree_destroy(ubi, &ubi->erroneous);
>   	tree_destroy(ubi, &ubi->free);
>   	tree_destroy(ubi, &ubi->scrub);
> +	wl_entry_destroy(ubi, ubi->fm_anchor);
>   	kfree(ubi->lookuptbl);
>   }
>   

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] ubi: fix memory leak from ubi->fm_anchor
  2020-02-03  8:37 ` Quanyang Wang
@ 2020-02-07 15:54     ` Richard Weinberger
  0 siblings, 0 replies; 6+ messages in thread
From: Richard Weinberger @ 2020-02-07 15:54 UTC (permalink / raw)
  To: Quanyang Wang
  Cc: Richard Weinberger, Miquel Raynal, Vignesh Raghavendra,
	linux-mtd, LKML, Sascha Hauer

On Mon, Feb 3, 2020 at 10:14 AM Quanyang Wang
<quanyang.wang@windriver.com> wrote:
>
> Ping?
>
> On 1/14/20 5:33 PM, quanyang.wang@windriver.com wrote:
> > From: Quanyang Wang <quanyang.wang@windriver.com>
> >
> > Some ubi_wl_entry are allocated in erase_aeb() and one of them is
> > assigned to ubi->fm_anchor in __erase_worker(). And it should be freed
> > like others which are freed in tree_destroy(). Otherwise, it will
> > cause a memory leak:
> >
> > unreferenced object 0xbc094318 (size 24):
> >    comm "ubiattach", pid 491, jiffies 4294954015 (age 420.110s)
> >    hex dump (first 24 bytes):
> >      30 43 09 bc 00 00 00 00 00 00 00 00 01 00 00 00  0C..............
> >      02 00 00 00 04 00 00 00                          ........
> >    backtrace:
> >      [<6c2d5089>] erase_aeb+0x28/0xc8
> >      [<a1c68fb1>] ubi_wl_init+0x1d8/0x4a8
> >      [<d4f408f8>] ubi_attach+0xffc/0x10d0
> >      [<add3b5d8>] ubi_attach_mtd_dev+0x5b4/0x9fc
> >      [<d375a11c>] ctrl_cdev_ioctl+0xb8/0x1d8
> >      [<72b250f2>] vfs_ioctl+0x28/0x3c
> >      [<b80095d7>] do_vfs_ioctl+0xb0/0x798
> >      [<bf9ef69e>] ksys_ioctl+0x58/0x74
> >      [<5355bdbe>] ret_fast_syscall+0x0/0x54
> >      [<90c6c3ca>] 0x7eadf854
> >
> > Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com>
> > ---
> >   drivers/mtd/ubi/wl.c | 2 ++
> >   1 file changed, 2 insertions(+)

Good catch!
Fixes: f9c34bb52997 ("ubi: Fix producing anchor PEBs")

---
Thanks,
//richard

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] ubi: fix memory leak from ubi->fm_anchor
@ 2020-02-07 15:54     ` Richard Weinberger
  0 siblings, 0 replies; 6+ messages in thread
From: Richard Weinberger @ 2020-02-07 15:54 UTC (permalink / raw)
  To: Quanyang Wang
  Cc: Vignesh Raghavendra, Richard Weinberger, Sascha Hauer, LKML,
	linux-mtd, Miquel Raynal

On Mon, Feb 3, 2020 at 10:14 AM Quanyang Wang
<quanyang.wang@windriver.com> wrote:
>
> Ping?
>
> On 1/14/20 5:33 PM, quanyang.wang@windriver.com wrote:
> > From: Quanyang Wang <quanyang.wang@windriver.com>
> >
> > Some ubi_wl_entry are allocated in erase_aeb() and one of them is
> > assigned to ubi->fm_anchor in __erase_worker(). And it should be freed
> > like others which are freed in tree_destroy(). Otherwise, it will
> > cause a memory leak:
> >
> > unreferenced object 0xbc094318 (size 24):
> >    comm "ubiattach", pid 491, jiffies 4294954015 (age 420.110s)
> >    hex dump (first 24 bytes):
> >      30 43 09 bc 00 00 00 00 00 00 00 00 01 00 00 00  0C..............
> >      02 00 00 00 04 00 00 00                          ........
> >    backtrace:
> >      [<6c2d5089>] erase_aeb+0x28/0xc8
> >      [<a1c68fb1>] ubi_wl_init+0x1d8/0x4a8
> >      [<d4f408f8>] ubi_attach+0xffc/0x10d0
> >      [<add3b5d8>] ubi_attach_mtd_dev+0x5b4/0x9fc
> >      [<d375a11c>] ctrl_cdev_ioctl+0xb8/0x1d8
> >      [<72b250f2>] vfs_ioctl+0x28/0x3c
> >      [<b80095d7>] do_vfs_ioctl+0xb0/0x798
> >      [<bf9ef69e>] ksys_ioctl+0x58/0x74
> >      [<5355bdbe>] ret_fast_syscall+0x0/0x54
> >      [<90c6c3ca>] 0x7eadf854
> >
> > Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com>
> > ---
> >   drivers/mtd/ubi/wl.c | 2 ++
> >   1 file changed, 2 insertions(+)

Good catch!
Fixes: f9c34bb52997 ("ubi: Fix producing anchor PEBs")

---
Thanks,
//richard

______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] ubi: fix memory leak from ubi->fm_anchor
  2020-02-07 15:54     ` Richard Weinberger
@ 2020-02-08  3:00       ` Hou Tao
  -1 siblings, 0 replies; 6+ messages in thread
From: Hou Tao @ 2020-02-08  3:00 UTC (permalink / raw)
  To: Richard Weinberger, Quanyang Wang
  Cc: Vignesh Raghavendra, Richard Weinberger, Sascha Hauer, LKML,
	linux-mtd, Miquel Raynal

Hi,

The same problem has already been fixed by the patch in the following link early:

https://lore.kernel.org/linux-mtd/0000000000006d0a820599366088@google.com/T/#medffabe29b65eb5feb387bff84c6ec7ad235c310

I will send a v2 next week.

Regards,
Tao

On 2020/2/7 23:54, Richard Weinberger wrote:
> On Mon, Feb 3, 2020 at 10:14 AM Quanyang Wang
> <quanyang.wang@windriver.com> wrote:
>>
>> Ping?
>>
>> On 1/14/20 5:33 PM, quanyang.wang@windriver.com wrote:
>>> From: Quanyang Wang <quanyang.wang@windriver.com>
>>>
>>> Some ubi_wl_entry are allocated in erase_aeb() and one of them is
>>> assigned to ubi->fm_anchor in __erase_worker(). And it should be freed
>>> like others which are freed in tree_destroy(). Otherwise, it will
>>> cause a memory leak:
>>>
>>> unreferenced object 0xbc094318 (size 24):
>>>    comm "ubiattach", pid 491, jiffies 4294954015 (age 420.110s)
>>>    hex dump (first 24 bytes):
>>>      30 43 09 bc 00 00 00 00 00 00 00 00 01 00 00 00  0C..............
>>>      02 00 00 00 04 00 00 00                          ........
>>>    backtrace:
>>>      [<6c2d5089>] erase_aeb+0x28/0xc8
>>>      [<a1c68fb1>] ubi_wl_init+0x1d8/0x4a8
>>>      [<d4f408f8>] ubi_attach+0xffc/0x10d0
>>>      [<add3b5d8>] ubi_attach_mtd_dev+0x5b4/0x9fc
>>>      [<d375a11c>] ctrl_cdev_ioctl+0xb8/0x1d8
>>>      [<72b250f2>] vfs_ioctl+0x28/0x3c
>>>      [<b80095d7>] do_vfs_ioctl+0xb0/0x798
>>>      [<bf9ef69e>] ksys_ioctl+0x58/0x74
>>>      [<5355bdbe>] ret_fast_syscall+0x0/0x54
>>>      [<90c6c3ca>] 0x7eadf854
>>>
>>> Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com>
>>> ---
>>>   drivers/mtd/ubi/wl.c | 2 ++
>>>   1 file changed, 2 insertions(+)
> 
> Good catch!
> Fixes: f9c34bb52997 ("ubi: Fix producing anchor PEBs")
> 
> ---
> Thanks,
> //richard
> 
> ______________________________________________________
> Linux MTD discussion mailing list
> http://lists.infradead.org/mailman/listinfo/linux-mtd/
> 
> 


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH] ubi: fix memory leak from ubi->fm_anchor
@ 2020-02-08  3:00       ` Hou Tao
  0 siblings, 0 replies; 6+ messages in thread
From: Hou Tao @ 2020-02-08  3:00 UTC (permalink / raw)
  To: Richard Weinberger, Quanyang Wang
  Cc: Vignesh Raghavendra, Richard Weinberger, Sascha Hauer, LKML,
	linux-mtd, Miquel Raynal

Hi,

The same problem has already been fixed by the patch in the following link early:

https://lore.kernel.org/linux-mtd/0000000000006d0a820599366088@google.com/T/#medffabe29b65eb5feb387bff84c6ec7ad235c310

I will send a v2 next week.

Regards,
Tao

On 2020/2/7 23:54, Richard Weinberger wrote:
> On Mon, Feb 3, 2020 at 10:14 AM Quanyang Wang
> <quanyang.wang@windriver.com> wrote:
>>
>> Ping?
>>
>> On 1/14/20 5:33 PM, quanyang.wang@windriver.com wrote:
>>> From: Quanyang Wang <quanyang.wang@windriver.com>
>>>
>>> Some ubi_wl_entry are allocated in erase_aeb() and one of them is
>>> assigned to ubi->fm_anchor in __erase_worker(). And it should be freed
>>> like others which are freed in tree_destroy(). Otherwise, it will
>>> cause a memory leak:
>>>
>>> unreferenced object 0xbc094318 (size 24):
>>>    comm "ubiattach", pid 491, jiffies 4294954015 (age 420.110s)
>>>    hex dump (first 24 bytes):
>>>      30 43 09 bc 00 00 00 00 00 00 00 00 01 00 00 00  0C..............
>>>      02 00 00 00 04 00 00 00                          ........
>>>    backtrace:
>>>      [<6c2d5089>] erase_aeb+0x28/0xc8
>>>      [<a1c68fb1>] ubi_wl_init+0x1d8/0x4a8
>>>      [<d4f408f8>] ubi_attach+0xffc/0x10d0
>>>      [<add3b5d8>] ubi_attach_mtd_dev+0x5b4/0x9fc
>>>      [<d375a11c>] ctrl_cdev_ioctl+0xb8/0x1d8
>>>      [<72b250f2>] vfs_ioctl+0x28/0x3c
>>>      [<b80095d7>] do_vfs_ioctl+0xb0/0x798
>>>      [<bf9ef69e>] ksys_ioctl+0x58/0x74
>>>      [<5355bdbe>] ret_fast_syscall+0x0/0x54
>>>      [<90c6c3ca>] 0x7eadf854
>>>
>>> Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com>
>>> ---
>>>   drivers/mtd/ubi/wl.c | 2 ++
>>>   1 file changed, 2 insertions(+)
> 
> Good catch!
> Fixes: f9c34bb52997 ("ubi: Fix producing anchor PEBs")
> 
> ---
> Thanks,
> //richard
> 
> ______________________________________________________
> Linux MTD discussion mailing list
> http://lists.infradead.org/mailman/listinfo/linux-mtd/
> 
> 


______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-02-08  3:00 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-14  9:33 [PATCH] ubi: fix memory leak from ubi->fm_anchor quanyang.wang
2020-02-03  8:37 ` Quanyang Wang
2020-02-07 15:54   ` Richard Weinberger
2020-02-07 15:54     ` Richard Weinberger
2020-02-08  3:00     ` Hou Tao
2020-02-08  3:00       ` Hou Tao

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.