* [PATCH BlueZ v2 0/1] mesh: firx double-free
@ 2020-05-20 16:20 Brian Gix
2020-05-20 16:20 ` [PATCH BlueZ v2 1/1] mesh: Fix double-free Brian Gix
0 siblings, 1 reply; 2+ messages in thread
From: Brian Gix @ 2020-05-20 16:20 UTC (permalink / raw)
To: linux-bluetooth; +Cc: inga.stotland, brian.gix, michal.lowas-rzechonek
v1: corrected the double-free
v2: Sets a single free point for node->cfg data, and reduce the scope
and rename mesh_config_destroy() to mesh_release_nvm(). This is cleaner
because all node dynamic resources are discarded elsewhere, and should
not be combined with releasing of NVM.
Brian Gix (1):
mesh: Fix double-free
mesh/mesh-config-json.c | 2 +-
mesh/mesh-config.h | 2 +-
mesh/node.c | 3 +--
3 files changed, 3 insertions(+), 4 deletions(-)
--
2.25.4
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH BlueZ v2 1/1] mesh: Fix double-free
2020-05-20 16:20 [PATCH BlueZ v2 0/1] mesh: firx double-free Brian Gix
@ 2020-05-20 16:20 ` Brian Gix
0 siblings, 0 replies; 2+ messages in thread
From: Brian Gix @ 2020-05-20 16:20 UTC (permalink / raw)
To: linux-bluetooth; +Cc: inga.stotland, brian.gix, michal.lowas-rzechonek
Fixing a prior memory leak created a double-free error when destroying
the NVM sorage of a node. We have two situations where we want to
discard a nodes dytnamic memory:
1. When the node is being deleted at runtime. This causes release of
both dynamic memory and NVM storage.
2. During shutdown, we release dynamic memory only.
This patch ensures that after node deletion releases dynamic memory,
the pointers to it are cleared, avoiding a second free attempt.
---
mesh/mesh-config-json.c | 2 +-
mesh/mesh-config.h | 2 +-
mesh/node.c | 3 +--
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/mesh/mesh-config-json.c b/mesh/mesh-config-json.c
index 6567d761c..0f125b95e 100644
--- a/mesh/mesh-config-json.c
+++ b/mesh/mesh-config-json.c
@@ -2309,7 +2309,7 @@ bool mesh_config_load_nodes(const char *cfgdir_name, mesh_config_node_func_t cb,
return true;
}
-void mesh_config_destroy(struct mesh_config *cfg)
+void mesh_config_release_nvm(struct mesh_config *cfg)
{
char *node_dir, *node_name;
char uuid[33];
diff --git a/mesh/mesh-config.h b/mesh/mesh-config.h
index 25002f5a7..d55bcb991 100644
--- a/mesh/mesh-config.h
+++ b/mesh/mesh-config.h
@@ -114,7 +114,7 @@ typedef bool (*mesh_config_node_func_t)(struct mesh_config_node *node,
bool mesh_config_load_nodes(const char *cfgdir_name, mesh_config_node_func_t cb,
void *user_data);
void mesh_config_release(struct mesh_config *cfg);
-void mesh_config_destroy(struct mesh_config *cfg);
+void mesh_config_release_nvm(struct mesh_config *cfg);
bool mesh_config_save(struct mesh_config *cfg, bool no_wait,
mesh_config_status_func_t cb, void *user_data);
struct mesh_config *mesh_config_create(const char *cfgdir_name,
diff --git a/mesh/node.c b/mesh/node.c
index 2b4b3a563..a675c831d 100644
--- a/mesh/node.c
+++ b/mesh/node.c
@@ -352,8 +352,7 @@ void node_remove(struct mesh_node *node)
l_queue_remove(nodes, node);
- if (node->cfg)
- mesh_config_destroy(node->cfg);
+ mesh_config_release_nvm(node->cfg);
free_node_resources(node);
}
--
2.25.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-05-20 16:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-20 16:20 [PATCH BlueZ v2 0/1] mesh: firx double-free Brian Gix
2020-05-20 16:20 ` [PATCH BlueZ v2 1/1] mesh: Fix double-free Brian Gix
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).