Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit abc5e922 authored by Artem Bityutskiy's avatar Artem Bityutskiy
Browse files

UBI: fix memory leak 



ubi_free_volume() function sets ubi->volumes[] to NULL, so
ubi_eba_close() is useless, it does not free what has to be freed.
So zap it and free vol->eba_tbl at the volume release function.

Pointed-out-by: default avatarAdrian Hunter <ext-adrian.hunter@nokia.com>
Signed-off-by: default avatarArtem Bityutskiy <Artem.Bityutskiy@nokia.com>
parent cadb40cc

drivers/mtd/ubi/build.c

+0 −2
Original line number Diff line number Diff line
@@ -840,7 +840,6 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num, int vid_hdr_offset) 
out_uif:

	uif_close(ubi);

out_detach:

	ubi_eba_close(ubi);

	ubi_wl_close(ubi);

	vfree(ubi->vtbl);

out_free:
@@ -903,7 +902,6 @@ int ubi_detach_mtd_dev(int ubi_num, int anyway) 
		kthread_stop(ubi->bgt_thread);



	uif_close(ubi);

	ubi_eba_close(ubi);

	ubi_wl_close(ubi);

	vfree(ubi->vtbl);

	put_mtd_device(ubi->mtd);

drivers/mtd/ubi/eba.c

+0 −17
Original line number Diff line number Diff line
@@ -1233,20 +1233,3 @@ out_free: 
	}

	return err;

}
 


/**

 * ubi_eba_close - close EBA unit.

 * @ubi: UBI device description object

 */

void ubi_eba_close(const struct ubi_device *ubi)

{

	int i, num_volumes = ubi->vtbl_slots + UBI_INT_VOL_COUNT;



	dbg_eba("close EBA unit");



	for (i = 0; i < num_volumes; i++) {

		if (!ubi->volumes[i])

			continue;

		kfree(ubi->volumes[i]->eba_tbl);

	}

}

drivers/mtd/ubi/ubi.h

+0 −1
Original line number Diff line number Diff line
@@ -477,7 +477,6 @@ int ubi_eba_atomic_leb_change(struct ubi_device *ubi, struct ubi_volume *vol, 
int ubi_eba_copy_leb(struct ubi_device *ubi, int from, int to,

		     struct ubi_vid_hdr *vid_hdr);

int ubi_eba_init_scan(struct ubi_device *ubi, struct ubi_scan_info *si);

void ubi_eba_close(const struct ubi_device *ubi);



/* wl.c */

int ubi_wl_get_peb(struct ubi_device *ubi, int dtype);

drivers/mtd/ubi/vmt.c

+9 −9
Original line number Diff line number Diff line
@@ -127,6 +127,7 @@ static void vol_release(struct device *dev) 
{

	struct ubi_volume *vol = container_of(dev, struct ubi_volume, dev);



	kfree(vol->eba_tbl);

	kfree(vol);

}
@@ -201,7 +202,7 @@ static void volume_sysfs_close(struct ubi_volume *vol) 
 */

int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req)

{

	int i, err, vol_id = req->vol_id, dont_free = 0;

	int i, err, vol_id = req->vol_id, do_free = 1;

	struct ubi_volume *vol;

	struct ubi_vtbl_record vtbl_rec;

	uint64_t bytes;
@@ -365,14 +366,14 @@ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req) 


out_sysfs:

	/*

	 * We have registered our device, we should not free the volume*

	 * We have registered our device, we should not free the volume

	 * description object in this function in case of an error - it is

	 * freed by the release function.

	 *

	 * Get device reference to prevent the release function from being

	 * called just after sysfs has been closed.

	 */

	dont_free = 1;

	do_free = 0;

	get_device(&vol->dev);

	volume_sysfs_close(vol);

out_gluebi:
@@ -382,6 +383,7 @@ out_gluebi: 
out_cdev:

	cdev_del(&vol->cdev);

out_mapping:

	if (do_free)

		kfree(vol->eba_tbl);

out_acc:

	spin_lock(&ubi->volumes_lock);
@@ -389,10 +391,10 @@ out_acc: 
	ubi->avail_pebs += vol->reserved_pebs;

out_unlock:

	spin_unlock(&ubi->volumes_lock);

	if (dont_free)

		put_device(&vol->dev);

	else

	if (do_free)

		kfree(vol);

	else

		put_device(&vol->dev);

	ubi_err("cannot create volume %d, error %d", vol_id, err);

	return err;

}
@@ -445,8 +447,6 @@ int ubi_remove_volume(struct ubi_volume_desc *desc) 
			goto out_err;

	}



	kfree(vol->eba_tbl);

	vol->eba_tbl = NULL;

	cdev_del(&vol->cdev);

	volume_sysfs_close(vol);