[v2] mtd: rawnand: Fix a memory leak bug

Message ID	1566182765-7150-1-git-send-email-wenwen@cs.uga.edu
State	Accepted
Headers	show Return-Path: <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Wenwen Wang <wenwen@cs.uga.edu> To: Wenwen Wang <wenwen@cs.uga.edu> Subject: [PATCH v2] mtd: rawnand: Fix a memory leak bug Date: Sun, 18 Aug 2019 21:46:04 -0500 Message-Id: <1566182765-7150-1-git-send-email-wenwen@cs.uga.edu> summary: Content analysis details: (0.5 points) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.161.66 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (wenwenict[at]gmail.com) 0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different Precedence: list Cc: Kate Stewart <kstewart@linuxfoundation.org>, Vignesh Raghavendra <vigneshr@ti.com>, Boris Brezillon <bbrezillon@kernel.org>, Richard Weinberger <richard@nod.at>, Randy Dunlap <rdunlap@infradead.org>, open list <linux-kernel@vger.kernel.org>, Frieder Schrempf <frieder.schrempf@kontron.de>, Marek Vasut <marek.vasut@gmail.com>, "open list:NAND FLASH SUBSYSTEM" <linux-mtd@lists.infradead.org>, Miquel Raynal <miquel.raynal@bootlin.com>, Thomas Gleixner <tglx@linutronix.de>, Brian Norris <computersforpeace@gmail.com>, David Woodhouse <dwmw2@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org> Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	[v2] mtd: rawnand: Fix a memory leak bug \| expand [v2] mtd: rawnand: Fix a memory leak bug

Message ID

1566182765-7150-1-git-send-email-wenwen@cs.uga.edu

State

Accepted

Headers

From: Wenwen Wang <wenwen@cs.uga.edu>
To: Wenwen Wang <wenwen@cs.uga.edu>
Subject: [PATCH v2] mtd: rawnand: Fix a memory leak bug
Date: Sun, 18 Aug 2019 21:46:04 -0500
Message-Id: <1566182765-7150-1-git-send-email-wenwen@cs.uga.edu>
Precedence: list
Cc: Kate Stewart <kstewart@linuxfoundation.org>,
	Vignesh Raghavendra <vigneshr@ti.com>,
	Boris Brezillon <bbrezillon@kernel.org>, 
	Richard Weinberger <richard@nod.at>,
	Randy Dunlap <rdunlap@infradead.org>, 
	open list <linux-kernel@vger.kernel.org>,
	Frieder Schrempf <frieder.schrempf@kontron.de>,
	Marek Vasut <marek.vasut@gmail.com>,
	"open list:NAND FLASH SUBSYSTEM" <linux-mtd@lists.infradead.org>,
	Miquel Raynal <miquel.raynal@bootlin.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Brian Norris <computersforpeace@gmail.com>,
	David Woodhouse <dwmw2@infradead.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org>
Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

[v2] mtd: rawnand: Fix a memory leak bug | expand

Commit Message

Wenwen Wang Aug. 19, 2019, 2:46 a.m. UTC

In nand_scan_bbt(), a temporary buffer 'buf' is allocated through
vmalloc(). However, if check_create() fails, 'buf' is not deallocated,
leading to a memory leak bug. To fix this issue, free 'buf' before
returning the error.

Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
---
 drivers/mtd/nand/raw/nand_bbt.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

Comments

Miquel Raynal Aug. 26, 2019, 12:59 p.m. UTC | #1

On Mon, 2019-08-19 at 02:46:04 UTC, Wenwen Wang wrote:
> In nand_scan_bbt(), a temporary buffer 'buf' is allocated through
> vmalloc(). However, if check_create() fails, 'buf' is not deallocated,
> leading to a memory leak bug. To fix this issue, free 'buf' before
> returning the error.
> 
> Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>

Applied to https://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux.git nand/next, thanks.

Miquel

Boris Brezillon Aug. 26, 2019, 1:05 p.m. UTC | #2

On Sun, 18 Aug 2019 21:46:04 -0500
Wenwen Wang <wenwen@cs.uga.edu> wrote:

> In nand_scan_bbt(), a temporary buffer 'buf' is allocated through
> vmalloc(). However, if check_create() fails, 'buf' is not deallocated,
> leading to a memory leak bug. To fix this issue, free 'buf' before
> returning the error.
> 
> Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
> ---
>  drivers/mtd/nand/raw/nand_bbt.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/mtd/nand/raw/nand_bbt.c b/drivers/mtd/nand/raw/nand_bbt.c
> index 2ef15ef..96045d6 100644
> --- a/drivers/mtd/nand/raw/nand_bbt.c
> +++ b/drivers/mtd/nand/raw/nand_bbt.c
> @@ -1232,7 +1232,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
>  	if (!td) {
>  		if ((res = nand_memory_bbt(this, bd))) {
>  			pr_err("nand_bbt: can't scan flash and build the RAM-based BBT\n");
> -			goto err;
> +			goto err_free_bbt;
>  		}
>  		return 0;
>  	}
> @@ -1245,7 +1245,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
>  	buf = vmalloc(len);
>  	if (!buf) {
>  		res = -ENOMEM;
> -		goto err;
> +		goto err_free_bbt;
>  	}
>  
>  	/* Is the bbt at a given page? */
> @@ -1258,7 +1258,7 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
>  
>  	res = check_create(this, buf, bd);

I know it's too late, but calling

	vfree(buf);

here

>  	if (res)
> -		goto err;
> +		goto err_free_buf;
>  
>  	/* Prevent the bbt regions from erasing / writing */
>  	mark_bbt_region(this, td);
> @@ -1268,7 +1268,9 @@ static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
>  	vfree(buf);

instead of here would have fixed the leak without the need for an extra
err label.

>  	return 0;
>  
> -err:
> +err_free_buf:
> +	vfree(buf);
> +err_free_bbt:
>  	kfree(this->bbt);
>  	this->bbt = NULL;
>  	return res;

diff --git a/drivers/mtd/nand/raw/nand_bbt.c b/drivers/mtd/nand/raw/nand_bbt.c
index 2ef15ef..96045d6 100644
--- a/drivers/mtd/nand/raw/nand_bbt.c
+++ b/drivers/mtd/nand/raw/nand_bbt.c
@@ -1232,7 +1232,7 @@  static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
 	if (!td) {
 		if ((res = nand_memory_bbt(this, bd))) {
 			pr_err("nand_bbt: can't scan flash and build the RAM-based BBT\n");
-			goto err;
+			goto err_free_bbt;
 		}
 		return 0;
 	}
@@ -1245,7 +1245,7 @@  static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
 	buf = vmalloc(len);
 	if (!buf) {
 		res = -ENOMEM;
-		goto err;
+		goto err_free_bbt;
 	}
 
 	/* Is the bbt at a given page? */
@@ -1258,7 +1258,7 @@  static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
 
 	res = check_create(this, buf, bd);
 	if (res)
-		goto err;
+		goto err_free_buf;
 
 	/* Prevent the bbt regions from erasing / writing */
 	mark_bbt_region(this, td);
@@ -1268,7 +1268,9 @@  static int nand_scan_bbt(struct nand_chip *this, struct nand_bbt_descr *bd)
 	vfree(buf);
 	return 0;
 
-err:
+err_free_buf:
+	vfree(buf);
+err_free_bbt:
 	kfree(this->bbt);
 	this->bbt = NULL;
 	return res;

[v2] mtd: rawnand: Fix a memory leak bug

Commit Message

Comments

Patch