From: Boris Brezillon <boris.brezillon@collabora.com>
To: Wenwen Wang <wenwen@cs.uga.edu>
Cc: Kate Stewart <kstewart@linuxfoundation.org>,
Vignesh Raghavendra <vigneshr@ti.com>,
Boris Brezillon <bbrezillon@kernel.org>,
Richard Weinberger <richard@nod.at>,
Randy Dunlap <rdunlap@infradead.org>,
open list <linux-kernel@vger.kernel.org>,
Frieder Schrempf <frieder.schrempf@kontron.de>,
Marek Vasut <marek.vasut@gmail.com>,
"open list:NAND FLASH SUBSYSTEM" <linux-mtd@lists.infradead.org>,
Miquel Raynal <miquel.raynal@bootlin.com>,
Thomas Gleixner <tglx@linutronix.de>,
Brian Norris <computersforpeace@gmail.com>,
David Woodhouse <dwmw2@infradead.org>
Subject: Re: [PATCH v2] mtd: rawnand: Fix a memory leak bug
Date: Mon, 26 Aug 2019 15:05:53 +0200 [thread overview]
Message-ID: <20190826150553.3f758c84@collabora.com> (raw)
In-Reply-To: <1566182765-7150-1-git-send-email-wenwen@cs.uga.edu>
On Sun, 18 Aug 2019 21:46:04 -0500
Wenwen Wang <wenwen@cs.uga.edu> wrote:
> In nand_scan_bbt(), a temporary buffer 'buf' is allocated through
> vmalloc(). However, if check_create() fails, 'buf' is not deallocated,
> leading to a memory leak bug. To fix this issue, free 'buf' before
> returning the error.
>
> Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
> ---
> drivers/mtd/nand/raw/nand_bbt.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/mtd/nand/raw/nand_bbt.c b/drivers/mtd/nand/raw/nand_bbt.c
> index 2ef15ef..96045d6 100644
> --- a/drivers/mtd/nand/raw/nand_bbt.c
> +++ b/drivers/mtd/nand/raw/nand_bbt.c
> @@ -1232,7 +1232,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
> if (!td) {
> if ((res = nand_memory_bbt(this, bd))) {
> pr_err("nand_bbt: can't scan flash and build the RAM-based BBT\n");
> - goto err;
> + goto err_free_bbt;
> }
> return 0;
> }
> @@ -1245,7 +1245,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
> buf = vmalloc(len);
> if (!buf) {
> res = -ENOMEM;
> - goto err;
> + goto err_free_bbt;
> }
>
> /* Is the bbt at a given page? */
> @@ -1258,7 +1258,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
>
> res = check_create(this, buf, bd);
I know it's too late, but calling
vfree(buf);
here
> if (res)
> - goto err;
> + goto err_free_buf;
>
> /* Prevent the bbt regions from erasing / writing */
> mark_bbt_region(this, td);
> @@ -1268,7 +1268,9 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
> vfree(buf);
instead of here would have fixed the leak without the need for an extra
err label.
> return 0;
>
> -err:
> +err_free_buf:
> + vfree(buf);
> +err_free_bbt:
> kfree(this->bbt);
> this->bbt = NULL;
> return res;
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
prev parent reply other threads:[~2019-08-26 13:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-19 2:46 [PATCH v2] mtd: rawnand: Fix a memory leak bug Wenwen Wang
2019-08-26 12:59 ` Miquel Raynal
2019-08-26 13:05 ` Boris Brezillon [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190826150553.3f758c84@collabora.com \
--to=boris.brezillon@collabora.com \
--cc=bbrezillon@kernel.org \
--cc=computersforpeace@gmail.com \
--cc=dwmw2@infradead.org \
--cc=frieder.schrempf@kontron.de \
--cc=kstewart@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=marek.vasut@gmail.com \
--cc=miquel.raynal@bootlin.com \
--cc=rdunlap@infradead.org \
--cc=richard@nod.at \
--cc=tglx@linutronix.de \
--cc=vigneshr@ti.com \
--cc=wenwen@cs.uga.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).