* [PATCH] mtd: rawnand: Fix a memory leak bug
@ 2019-08-18 7:28 Wenwen Wang
2019-08-18 21:35 ` kbuild test robot
0 siblings, 1 reply; 2+ messages in thread
From: Wenwen Wang @ 2019-08-18 7:28 UTC (permalink / raw)
To: Wenwen Wang
Cc: Miquel Raynal, Richard Weinberger, David Woodhouse, Brian Norris,
Marek Vasut, Vignesh Raghavendra, Boris Brezillon,
Frieder Schrempf, Greg Kroah-Hartman, Allison Randal,
Randy Dunlap, Thomas Gleixner, open list:NAND FLASH SUBSYSTEM,
open list
In nand_scan_bbt(), a temporary buffer 'buf' is allocated through
vmalloc(). However, if check_create() fails, 'buf' is not deallocated,
leading to a memory leak bug. To fix this issue, free 'buf' before
returning the error.
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
---
drivers/mtd/nand/raw/nand_bbt.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/mtd/nand/raw/nand_bbt.c b/drivers/mtd/nand/raw/nand_bbt.c
index 2ef15ef..864a00a 100644
--- a/drivers/mtd/nand/raw/nand_bbt.c
+++ b/drivers/mtd/nand/raw/nand_bbt.c
@@ -1245,7 +1245,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
buf = vmalloc(len);
if (!buf) {
res = -ENOMEM;
- goto err;
+ goto err_free_bbt;
}
/* Is the bbt at a given page? */
@@ -1258,7 +1258,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
res = check_create(this, buf, bd);
if (res)
- goto err;
+ goto err_free_buf;
/* Prevent the bbt regions from erasing / writing */
mark_bbt_region(this, td);
@@ -1268,7 +1268,9 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
vfree(buf);
return 0;
-err:
+err_free_buf:
+ vfree(buf);
+err_free_bbt:
kfree(this->bbt);
this->bbt = NULL;
return res;
--
2.7.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] mtd: rawnand: Fix a memory leak bug
2019-08-18 7:28 [PATCH] mtd: rawnand: Fix a memory leak bug Wenwen Wang
@ 2019-08-18 21:35 ` kbuild test robot
0 siblings, 0 replies; 2+ messages in thread
From: kbuild test robot @ 2019-08-18 21:35 UTC (permalink / raw)
To: Wenwen Wang
Cc: kbuild-all, Wenwen Wang, Miquel Raynal, Richard Weinberger,
David Woodhouse, Brian Norris, Marek Vasut, Vignesh Raghavendra,
Boris Brezillon, Frieder Schrempf, Greg Kroah-Hartman,
Allison Randal, Randy Dunlap, Thomas Gleixner,
open list:NAND FLASH SUBSYSTEM, open list
[-- Attachment #1: Type: text/plain, Size: 10923 bytes --]
Hi Wenwen,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on linus/master]
[cannot apply to v5.3-rc4 next-20190816]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Wenwen-Wang/mtd-rawnand-Fix-a-memory-leak-bug/20190819-045011
config: sparc64-allmodconfig (attached as .config)
compiler: sparc64-linux-gcc (GCC) 7.4.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
GCC_VERSION=7.4.0 make.cross ARCH=sparc64
If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
drivers/mtd/nand/raw/nand_bbt.c: In function 'nand_scan_bbt':
>> drivers/mtd/nand/raw/nand_bbt.c:1235:4: error: label 'err' used but not defined
goto err;
^~~~
vim +/err +1235 drivers/mtd/nand/raw/nand_bbt.c
7cba7b14fe1799 drivers/mtd/nand/nand_bbt.c Sebastian Andrzej Siewior 2010-09-30 1198
7cba7b14fe1799 drivers/mtd/nand/nand_bbt.c Sebastian Andrzej Siewior 2010-09-30 1199 /**
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1200 * nand_scan_bbt - [NAND Interface] scan, find, read and maybe create bad block table(s)
0813621ba898aa drivers/mtd/nand/raw/nand_bbt.c Boris Brezillon 2018-11-11 1201 * @this: the NAND device
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1202 * @bd: descriptor for the good/bad block search pattern
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1203 *
8b6e50c9eba8bf drivers/mtd/nand/nand_bbt.c Brian Norris 2011-05-25 1204 * The function checks, if a bad block table(s) is/are already available. If
8b6e50c9eba8bf drivers/mtd/nand/nand_bbt.c Brian Norris 2011-05-25 1205 * not it scans the device for manufacturer marked good / bad blocks and writes
8b6e50c9eba8bf drivers/mtd/nand/nand_bbt.c Brian Norris 2011-05-25 1206 * the bad block table(s) to the selected place.
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1207 *
8b6e50c9eba8bf drivers/mtd/nand/nand_bbt.c Brian Norris 2011-05-25 1208 * The bad block table memory is allocated here. It must be freed by calling
8b6e50c9eba8bf drivers/mtd/nand/nand_bbt.c Brian Norris 2011-05-25 1209 * the nand_free_bbt function.
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1210 */
0813621ba898aa drivers/mtd/nand/raw/nand_bbt.c Boris Brezillon 2018-11-11 1211 static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1212 {
0813621ba898aa drivers/mtd/nand/raw/nand_bbt.c Boris Brezillon 2018-11-11 1213 struct mtd_info *mtd = nand_to_mtd(this);
83c59542d0af36 drivers/mtd/nand/nand_bbt.c Brian Norris 2015-02-28 1214 int len, res;
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1215 uint8_t *buf;
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1216 struct nand_bbt_descr *td = this->bbt_td;
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1217 struct nand_bbt_descr *md = this->bbt_md;
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1218
192db1caa253c0 drivers/mtd/nand/nand_bbt.c Sheng Yong 2015-07-31 1219 len = (mtd->size >> (this->bbt_erase_shift + 2)) ? : 1;
8b6e50c9eba8bf drivers/mtd/nand/nand_bbt.c Brian Norris 2011-05-25 1220 /*
8b6e50c9eba8bf drivers/mtd/nand/nand_bbt.c Brian Norris 2011-05-25 1221 * Allocate memory (2bit per block) and clear the memory bad block
8b6e50c9eba8bf drivers/mtd/nand/nand_bbt.c Brian Norris 2011-05-25 1222 * table.
8b6e50c9eba8bf drivers/mtd/nand/nand_bbt.c Brian Norris 2011-05-25 1223 */
95b93a0cd46682 drivers/mtd/nand/nand_bbt.c Burman Yan 2006-11-15 1224 this->bbt = kzalloc(len, GFP_KERNEL);
0870066d7e6c85 drivers/mtd/nand/nand_bbt.c Brian Norris 2011-06-07 1225 if (!this->bbt)
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1226 return -ENOMEM;
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1227
8b6e50c9eba8bf drivers/mtd/nand/nand_bbt.c Brian Norris 2011-05-25 1228 /*
8b6e50c9eba8bf drivers/mtd/nand/nand_bbt.c Brian Norris 2011-05-25 1229 * If no primary table decriptor is given, scan the device to build a
8b6e50c9eba8bf drivers/mtd/nand/nand_bbt.c Brian Norris 2011-05-25 1230 * memory based bad block table.
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1231 */
eeada24da8bd23 drivers/mtd/nand/nand_bbt.c Artem B. Bityuckiy 2005-02-11 1232 if (!td) {
0813621ba898aa drivers/mtd/nand/raw/nand_bbt.c Boris Brezillon 2018-11-11 1233 if ((res = nand_memory_bbt(this, bd))) {
d037021953922e drivers/mtd/nand/nand_bbt.c Brian Norris 2011-07-19 1234 pr_err("nand_bbt: can't scan flash and build the RAM-based BBT\n");
83c59542d0af36 drivers/mtd/nand/nand_bbt.c Brian Norris 2015-02-28 @1235 goto err;
eeada24da8bd23 drivers/mtd/nand/nand_bbt.c Artem B. Bityuckiy 2005-02-11 1236 }
83c59542d0af36 drivers/mtd/nand/nand_bbt.c Brian Norris 2015-02-28 1237 return 0;
eeada24da8bd23 drivers/mtd/nand/nand_bbt.c Artem B. Bityuckiy 2005-02-11 1238 }
0813621ba898aa drivers/mtd/nand/raw/nand_bbt.c Boris Brezillon 2018-11-11 1239 verify_bbt_descr(this, td);
0813621ba898aa drivers/mtd/nand/raw/nand_bbt.c Boris Brezillon 2018-11-11 1240 verify_bbt_descr(this, md);
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1241
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1242 /* Allocate a temporary buffer for one eraseblock incl. oob */
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1243 len = (1 << this->bbt_erase_shift);
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1244 len += (len >> this->page_shift) * mtd->oobsize;
c3f8abf481c2d2 drivers/mtd/nand/nand_bbt.c David Woodhouse 2006-05-13 1245 buf = vmalloc(len);
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1246 if (!buf) {
83c59542d0af36 drivers/mtd/nand/nand_bbt.c Brian Norris 2015-02-28 1247 res = -ENOMEM;
1aa329cde62a37 drivers/mtd/nand/raw/nand_bbt.c Wenwen Wang 2019-08-18 1248 goto err_free_bbt;
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1249 }
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1250
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1251 /* Is the bbt at a given page? */
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1252 if (td->options & NAND_BBT_ABSPAGE) {
0813621ba898aa drivers/mtd/nand/raw/nand_bbt.c Boris Brezillon 2018-11-11 1253 read_abs_bbts(this, buf, td, md);
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1254 } else {
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1255 /* Search the bad block table using a pattern in oob */
0813621ba898aa drivers/mtd/nand/raw/nand_bbt.c Boris Brezillon 2018-11-11 1256 search_read_bbts(this, buf, td, md);
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1257 }
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1258
0813621ba898aa drivers/mtd/nand/raw/nand_bbt.c Boris Brezillon 2018-11-11 1259 res = check_create(this, buf, bd);
83c59542d0af36 drivers/mtd/nand/nand_bbt.c Brian Norris 2015-02-28 1260 if (res)
1aa329cde62a37 drivers/mtd/nand/raw/nand_bbt.c Wenwen Wang 2019-08-18 1261 goto err_free_buf;
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1262
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1263 /* Prevent the bbt regions from erasing / writing */
0813621ba898aa drivers/mtd/nand/raw/nand_bbt.c Boris Brezillon 2018-11-11 1264 mark_bbt_region(this, td);
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1265 if (md)
0813621ba898aa drivers/mtd/nand/raw/nand_bbt.c Boris Brezillon 2018-11-11 1266 mark_bbt_region(this, md);
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1267
c3f8abf481c2d2 drivers/mtd/nand/nand_bbt.c David Woodhouse 2006-05-13 1268 vfree(buf);
83c59542d0af36 drivers/mtd/nand/nand_bbt.c Brian Norris 2015-02-28 1269 return 0;
83c59542d0af36 drivers/mtd/nand/nand_bbt.c Brian Norris 2015-02-28 1270
1aa329cde62a37 drivers/mtd/nand/raw/nand_bbt.c Wenwen Wang 2019-08-18 1271 err_free_buf:
1aa329cde62a37 drivers/mtd/nand/raw/nand_bbt.c Wenwen Wang 2019-08-18 1272 vfree(buf);
1aa329cde62a37 drivers/mtd/nand/raw/nand_bbt.c Wenwen Wang 2019-08-18 1273 err_free_bbt:
83c59542d0af36 drivers/mtd/nand/nand_bbt.c Brian Norris 2015-02-28 1274 kfree(this->bbt);
83c59542d0af36 drivers/mtd/nand/nand_bbt.c Brian Norris 2015-02-28 1275 this->bbt = NULL;
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1276 return res;
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1277 }
^1da177e4c3f41 drivers/mtd/nand/nand_bbt.c Linus Torvalds 2005-04-16 1278
:::::: The code at line 1235 was first introduced by commit
:::::: 83c59542d0af36d6331e11869cd3d8197dec1551 mtd: nand_bbt: unify/fix error handling in nand_scan_bbt()
:::::: TO: Brian Norris <computersforpeace@gmail.com>
:::::: CC: Brian Norris <computersforpeace@gmail.com>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 58668 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-18 21:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-18 7:28 [PATCH] mtd: rawnand: Fix a memory leak bug Wenwen Wang
2019-08-18 21:35 ` kbuild test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).