From: Boris Brezillon <boris.brezillon@collabora.com>
To: Wenwen Wang <wenwen@cs.uga.edu>
Cc: Kate Stewart <kstewart@linuxfoundation.org>,
Vignesh Raghavendra <vigneshr@ti.com>,
Boris Brezillon <bbrezillon@kernel.org>,
Richard Weinberger <richard@nod.at>,
Randy Dunlap <rdunlap@infradead.org>,
open list <linux-kernel@vger.kernel.org>,
Frieder Schrempf <frieder.schrempf@kontron.de>,
Marek Vasut <marek.vasut@gmail.com>,
"open list:NAND FLASH SUBSYSTEM" <linux-mtd@lists.infradead.org>,
Miquel Raynal <miquel.raynal@bootlin.com>,
Thomas Gleixner <tglx@linutronix.de>,
Brian Norris <computersforpeace@gmail.com>,
David Woodhouse <dwmw2@infradead.org>
Subject: Re: [PATCH v2] mtd: rawnand: Fix a memory leak bug
Date: Mon, 26 Aug 2019 15:05:53 +0200 [thread overview]
Message-ID: <20190826150553.3f758c84@collabora.com> (raw)
In-Reply-To: <1566182765-7150-1-git-send-email-wenwen@cs.uga.edu>
On Sun, 18 Aug 2019 21:46:04 -0500
Wenwen Wang <wenwen@cs.uga.edu> wrote:
> In nand_scan_bbt(), a temporary buffer 'buf' is allocated through
> vmalloc(). However, if check_create() fails, 'buf' is not deallocated,
> leading to a memory leak bug. To fix this issue, free 'buf' before
> returning the error.
>
> Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
> ---
> drivers/mtd/nand/raw/nand_bbt.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/mtd/nand/raw/nand_bbt.c b/drivers/mtd/nand/raw/nand_bbt.c
> index 2ef15ef..96045d6 100644
> --- a/drivers/mtd/nand/raw/nand_bbt.c
> +++ b/drivers/mtd/nand/raw/nand_bbt.c
> @@ -1232,7 +1232,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
> if (!td) {
> if ((res = nand_memory_bbt(this, bd))) {
> pr_err("nand_bbt: can't scan flash and build the RAM-based BBT\n");
> - goto err;
> + goto err_free_bbt;
> }
> return 0;
> }
> @@ -1245,7 +1245,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
> buf = vmalloc(len);
> if (!buf) {
> res = -ENOMEM;
> - goto err;
> + goto err_free_bbt;
> }
>
> /* Is the bbt at a given page? */
> @@ -1258,7 +1258,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
>
> res = check_create(this, buf, bd);
I know it's too late, but calling
vfree(buf);
here
> if (res)
> - goto err;
> + goto err_free_buf;
>
> /* Prevent the bbt regions from erasing / writing */
> mark_bbt_region(this, td);
> @@ -1268,7 +1268,9 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
> vfree(buf);
instead of here would have fixed the leak without the need for an extra
err label.
> return 0;
>
> -err:
> +err_free_buf:
> + vfree(buf);
> +err_free_bbt:
> kfree(this->bbt);
> this->bbt = NULL;
> return res;
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
WARNING: multiple messages have this Message-ID (diff)
From: Boris Brezillon <boris.brezillon@collabora.com>
To: Wenwen Wang <wenwen@cs.uga.edu>
Cc: Miquel Raynal <miquel.raynal@bootlin.com>,
Richard Weinberger <richard@nod.at>,
David Woodhouse <dwmw2@infradead.org>,
Brian Norris <computersforpeace@gmail.com>,
Marek Vasut <marek.vasut@gmail.com>,
Vignesh Raghavendra <vigneshr@ti.com>,
Boris Brezillon <bbrezillon@kernel.org>,
Frieder Schrempf <frieder.schrempf@kontron.de>,
Thomas Gleixner <tglx@linutronix.de>,
Kate Stewart <kstewart@linuxfoundation.org>,
Randy Dunlap <rdunlap@infradead.org>,
linux-mtd@lists.infradead.org (open list:NAND FLASH SUBSYSTEM),
linux-kernel@vger.kernel.org (open list)
Subject: Re: [PATCH v2] mtd: rawnand: Fix a memory leak bug
Date: Mon, 26 Aug 2019 15:05:53 +0200 [thread overview]
Message-ID: <20190826150553.3f758c84@collabora.com> (raw)
In-Reply-To: <1566182765-7150-1-git-send-email-wenwen@cs.uga.edu>
On Sun, 18 Aug 2019 21:46:04 -0500
Wenwen Wang <wenwen@cs.uga.edu> wrote:
> In nand_scan_bbt(), a temporary buffer 'buf' is allocated through
> vmalloc(). However, if check_create() fails, 'buf' is not deallocated,
> leading to a memory leak bug. To fix this issue, free 'buf' before
> returning the error.
>
> Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
> ---
> drivers/mtd/nand/raw/nand_bbt.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/mtd/nand/raw/nand_bbt.c b/drivers/mtd/nand/raw/nand_bbt.c
> index 2ef15ef..96045d6 100644
> --- a/drivers/mtd/nand/raw/nand_bbt.c
> +++ b/drivers/mtd/nand/raw/nand_bbt.c
> @@ -1232,7 +1232,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
> if (!td) {
> if ((res = nand_memory_bbt(this, bd))) {
> pr_err("nand_bbt: can't scan flash and build the RAM-based BBT\n");
> - goto err;
> + goto err_free_bbt;
> }
> return 0;
> }
> @@ -1245,7 +1245,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
> buf = vmalloc(len);
> if (!buf) {
> res = -ENOMEM;
> - goto err;
> + goto err_free_bbt;
> }
>
> /* Is the bbt at a given page? */
> @@ -1258,7 +1258,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
>
> res = check_create(this, buf, bd);
I know it's too late, but calling
vfree(buf);
here
> if (res)
> - goto err;
> + goto err_free_buf;
>
> /* Prevent the bbt regions from erasing / writing */
> mark_bbt_region(this, td);
> @@ -1268,7 +1268,9 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
> vfree(buf);
instead of here would have fixed the leak without the need for an extra
err label.
> return 0;
>
> -err:
> +err_free_buf:
> + vfree(buf);
> +err_free_bbt:
> kfree(this->bbt);
> this->bbt = NULL;
> return res;
next prev parent reply other threads:[~2019-08-26 13:06 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-19 2:46 [PATCH v2] mtd: rawnand: Fix a memory leak bug Wenwen Wang
2019-08-19 2:46 ` Wenwen Wang
2019-08-26 12:59 ` Miquel Raynal
2019-08-26 12:59 ` Miquel Raynal
2019-08-26 13:05 ` Boris Brezillon [this message]
2019-08-26 13:05 ` Boris Brezillon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190826150553.3f758c84@collabora.com \
--to=boris.brezillon@collabora.com \
--cc=bbrezillon@kernel.org \
--cc=computersforpeace@gmail.com \
--cc=dwmw2@infradead.org \
--cc=frieder.schrempf@kontron.de \
--cc=kstewart@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=marek.vasut@gmail.com \
--cc=miquel.raynal@bootlin.com \
--cc=rdunlap@infradead.org \
--cc=richard@nod.at \
--cc=tglx@linutronix.de \
--cc=vigneshr@ti.com \
--cc=wenwen@cs.uga.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.