From: Brian Gix <brian.gix@intel.com>
To: linux-bluetooth@vger.kernel.org
Cc: inga.stotland@intel.com, brian.gix@intel.com,
michal.lowas-rzechonek@silvair.com
Subject: [PATCH BlueZ v2 1/1] mesh: Fix double-free
Date: Wed, 20 May 2020 09:20:05 -0700 [thread overview]
Message-ID: <20200520162005.838134-2-brian.gix@intel.com> (raw)
In-Reply-To: <20200520162005.838134-1-brian.gix@intel.com>
Fixing a prior memory leak created a double-free error when destroying
the NVM sorage of a node. We have two situations where we want to
discard a nodes dytnamic memory:
1. When the node is being deleted at runtime. This causes release of
both dynamic memory and NVM storage.
2. During shutdown, we release dynamic memory only.
This patch ensures that after node deletion releases dynamic memory,
the pointers to it are cleared, avoiding a second free attempt.
---
mesh/mesh-config-json.c | 2 +-
mesh/mesh-config.h | 2 +-
mesh/node.c | 3 +--
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/mesh/mesh-config-json.c b/mesh/mesh-config-json.c
index 6567d761c..0f125b95e 100644
--- a/mesh/mesh-config-json.c
+++ b/mesh/mesh-config-json.c
@@ -2309,7 +2309,7 @@ bool mesh_config_load_nodes(const char *cfgdir_name, mesh_config_node_func_t cb,
return true;
}
-void mesh_config_destroy(struct mesh_config *cfg)
+void mesh_config_release_nvm(struct mesh_config *cfg)
{
char *node_dir, *node_name;
char uuid[33];
diff --git a/mesh/mesh-config.h b/mesh/mesh-config.h
index 25002f5a7..d55bcb991 100644
--- a/mesh/mesh-config.h
+++ b/mesh/mesh-config.h
@@ -114,7 +114,7 @@ typedef bool (*mesh_config_node_func_t)(struct mesh_config_node *node,
bool mesh_config_load_nodes(const char *cfgdir_name, mesh_config_node_func_t cb,
void *user_data);
void mesh_config_release(struct mesh_config *cfg);
-void mesh_config_destroy(struct mesh_config *cfg);
+void mesh_config_release_nvm(struct mesh_config *cfg);
bool mesh_config_save(struct mesh_config *cfg, bool no_wait,
mesh_config_status_func_t cb, void *user_data);
struct mesh_config *mesh_config_create(const char *cfgdir_name,
diff --git a/mesh/node.c b/mesh/node.c
index 2b4b3a563..a675c831d 100644
--- a/mesh/node.c
+++ b/mesh/node.c
@@ -352,8 +352,7 @@ void node_remove(struct mesh_node *node)
l_queue_remove(nodes, node);
- if (node->cfg)
- mesh_config_destroy(node->cfg);
+ mesh_config_release_nvm(node->cfg);
free_node_resources(node);
}
--
2.25.4
prev parent reply other threads:[~2020-05-20 16:20 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-20 16:20 [PATCH BlueZ v2 0/1] mesh: firx double-free Brian Gix
2020-05-20 16:20 ` Brian Gix [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200520162005.838134-2-brian.gix@intel.com \
--to=brian.gix@intel.com \
--cc=inga.stotland@intel.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=michal.lowas-rzechonek@silvair.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.