From: Dan Carpenter <dan.carpenter@oracle.com>
To: richard@nod.at
Cc: linux-mtd@lists.infradead.org
Subject: [bug report] ubifs: Don't leak orphans on memory during commit
Date: Tue, 21 May 2019 10:09:37 +0300 [thread overview]
Message-ID: <20190521070937.GA10654@mwanda> (raw)
Hello Richard Weinberger,
The patch c16e73587ad6: "ubifs: Don't leak orphans on memory during
commit" from May 15, 2019, leads to the following static checker
warning:
fs/ubifs/orphan.c:231 ubifs_delete_orphan()
warn: 'orph' was already freed.
fs/ubifs/orphan.c
214 void ubifs_delete_orphan(struct ubifs_info *c, ino_t inum)
215 {
216 struct ubifs_orphan *orph, *child_orph, *tmp_o;
217
218 spin_lock(&c->orphan_lock);
219
220 orph = lookup_orphan(c, inum);
221 if (!orph) {
222 spin_unlock(&c->orphan_lock);
223 ubifs_err(c, "missing orphan ino %lu", (unsigned long)inum);
224 dump_stack();
225
226 return;
227 }
228
229 orphan_delete(c, orph);
^^^^
The "orph" pointer is sometimes free in orphan_delete().
230
231 list_for_each_entry_safe(child_orph, tmp_o, &orph->child_list, child_list) {
^^^^
use after free?
232 list_del(&child_orph->child_list);
233 orphan_delete(c, child_orph);
234 }
235
236 spin_unlock(&c->orphan_lock);
237 }
regards,
dan carpenter
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
next reply other threads:[~2019-05-21 7:10 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-21 7:09 Dan Carpenter [this message]
2019-05-21 7:22 ` [bug report] ubifs: Don't leak orphans on memory during commit Richard Weinberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190521070937.GA10654@mwanda \
--to=dan.carpenter@oracle.com \
--cc=linux-mtd@lists.infradead.org \
--cc=richard@nod.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.