Message ID | 1566182765-7150-1-git-send-email-wenwen@cs.uga.edu |
---|---|
State | Accepted |
Headers | show |
Series | [v2] mtd: rawnand: Fix a memory leak bug | expand |
On Mon, 2019-08-19 at 02:46:04 UTC, Wenwen Wang wrote: > In nand_scan_bbt(), a temporary buffer 'buf' is allocated through > vmalloc(). However, if check_create() fails, 'buf' is not deallocated, > leading to a memory leak bug. To fix this issue, free 'buf' before > returning the error. > > Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> Applied to https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git nand/next, thanks. Miquel
On Sun, 18 Aug 2019 21:46:04 -0500 Wenwen Wang <wenwen@cs.uga.edu> wrote: > In nand_scan_bbt(), a temporary buffer 'buf' is allocated through > vmalloc(). However, if check_create() fails, 'buf' is not deallocated, > leading to a memory leak bug. To fix this issue, free 'buf' before > returning the error. > > Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> > --- > drivers/mtd/nand/raw/nand_bbt.c | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > diff --git a/drivers/mtd/nand/raw/nand_bbt.c b/drivers/mtd/nand/raw/nand_bbt.c > index 2ef15ef..96045d6 100644 > --- a/drivers/mtd/nand/raw/nand_bbt.c > +++ b/drivers/mtd/nand/raw/nand_bbt.c > @@ -1232,7 +1232,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd) > if (!td) { > if ((res = nand_memory_bbt(this, bd))) { > pr_err("nand_bbt: can't scan flash and build the RAM-based BBT\n"); > - goto err; > + goto err_free_bbt; > } > return 0; > } > @@ -1245,7 +1245,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd) > buf = vmalloc(len); > if (!buf) { > res = -ENOMEM; > - goto err; > + goto err_free_bbt; > } > > /* Is the bbt at a given page? */ > @@ -1258,7 +1258,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd) > > res = check_create(this, buf, bd); I know it's too late, but calling vfree(buf); here > if (res) > - goto err; > + goto err_free_buf; > > /* Prevent the bbt regions from erasing / writing */ > mark_bbt_region(this, td); > @@ -1268,7 +1268,9 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd) > vfree(buf); instead of here would have fixed the leak without the need for an extra err label. > return 0; > > -err: > +err_free_buf: > + vfree(buf); > +err_free_bbt: > kfree(this->bbt); > this->bbt = NULL; > return res;
diff --git a/drivers/mtd/nand/raw/nand_bbt.c b/drivers/mtd/nand/raw/nand_bbt.c index 2ef15ef..96045d6 100644 --- a/drivers/mtd/nand/raw/nand_bbt.c +++ b/drivers/mtd/nand/raw/nand_bbt.c @@ -1232,7 +1232,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd) if (!td) { if ((res = nand_memory_bbt(this, bd))) { pr_err("nand_bbt: can't scan flash and build the RAM-based BBT\n"); - goto err; + goto err_free_bbt; } return 0; } @@ -1245,7 +1245,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd) buf = vmalloc(len); if (!buf) { res = -ENOMEM; - goto err; + goto err_free_bbt; } /* Is the bbt at a given page? */ @@ -1258,7 +1258,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd) res = check_create(this, buf, bd); if (res) - goto err; + goto err_free_buf; /* Prevent the bbt regions from erasing / writing */ mark_bbt_region(this, td); @@ -1268,7 +1268,9 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd) vfree(buf); return 0; -err: +err_free_buf: + vfree(buf); +err_free_bbt: kfree(this->bbt); this->bbt = NULL; return res;
In nand_scan_bbt(), a temporary buffer 'buf' is allocated through vmalloc(). However, if check_create() fails, 'buf' is not deallocated, leading to a memory leak bug. To fix this issue, free 'buf' before returning the error. Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> --- drivers/mtd/nand/raw/nand_bbt.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)