From patchwork Mon May 23 21:35:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Pali_Roh=C3=A1r?= X-Patchwork-Id: 1634779 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256 header.s=k20201202 header.b=logPBdZe; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4L6VzB0fP8z9sGS for ; Tue, 24 May 2022 07:37:07 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 220A280885; Mon, 23 May 2022 23:37:00 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="logPBdZe"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4AD01839BE; Mon, 23 May 2022 23:36:58 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id A4CFC80167 for ; Mon, 23 May 2022 23:36:55 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=kernel.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=pali@kernel.org Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A6F3D61510 for ; Mon, 23 May 2022 21:36:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3D642C385AA for ; Mon, 23 May 2022 21:36:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1653341813; bh=4AdJqm+mSFSxLMOCHJMmxnWlit+ldj3g7SyhcHKsg0Q=; h=From:To:Subject:Date:From; b=logPBdZesBD69nkkNleLc2A2PggLnocxMxsUoiJX8MduMSnMjC6Eemzigx6/+xXo8 tfB5orrYiH/nHmcMHkK8jlgWsAI7CGkHzVGP2l4pdw2SrYHqJ0rylwFC7GdxwOp5aS tR63MMKjwlMx/L77Wg7/T/BGZbU8/jk/Pkrfk9tYGnDMH2QzF4c64/OTxvHm8h3o+J iwmlMu/oFcHwyQLHDG84Wa9raeF5xwSeozkLTjP7ci6Tm1Ajn8pBWO2my7+k4ibKTb G/+dwXoLTnReBfUD+IfjGWecFVuakely7Edi1IdFgq12shOhMAXmeGTLmtlzEQRYZ/ 7X2ZbiIov8zvQ== Received: by pali.im (Postfix) id 74A53A43; Mon, 23 May 2022 23:36:50 +0200 (CEST) From: =?utf-8?q?Pali_Roh=C3=A1r?= To: u-boot@lists.denx.de Subject: [PATCH] ubifs: Fix reference count leak in ubifsumount Date: Mon, 23 May 2022 23:35:50 +0200 Message-Id: <20220523213550.14570-1-pali@kernel.org> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Original ubifs code was designed that after ubifs_umount() call it is required to also call ubi_close_volume() which closes underlying UBI volume. But U-Boot ubifs modification have not implemented it properly which caused that ubifsumount command contains resource leak. It can be observed by calling simple sequence of commands: => ubi part mtd2 ubi0: attaching mtd2 ... => ubifsmount ubi0 => ubifsumount Unmounting UBIFS volume rootfs! => ubi detach ubi0 error: ubi_detach_mtd_dev: ubi0 reference count 1, destroy anyway ubi0: detaching mtd2 ubi0: mtd2 is detached Fix this issue by calling ubi_close_volume() and mutex_unlock() in directly in ubifs_umount() function before freeing U-Boot's global ubifs_sb. And remove duplicate calls of these two functions in remaining places. With this change ubifsumount command does not throw that error anymore. => ubi part rootfs ubi0: attaching mtd2 ... => ubifsmount ubi0 => ubifsumount Unmounting UBIFS volume rootfs! => ubi detach ubi0: detaching mtd2 ubi0: mtd2 is detached Signed-off-by: Pali Rohár --- fs/ubifs/super.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c index e3a4c0bca270..7677dcc2a140 100644 --- a/fs/ubifs/super.c +++ b/fs/ubifs/super.c @@ -1757,6 +1757,8 @@ void ubifs_umount(struct ubifs_info *c) kfree(c->bottom_up_buf); ubifs_debugging_exit(c); #ifdef __UBOOT__ + ubi_close_volume(c->ubi); + mutex_unlock(&c->umount_mutex); /* Finally free U-Boot's global copy of superblock */ if (ubifs_sb != NULL) { free(ubifs_sb->s_fs_info); @@ -2058,9 +2060,9 @@ static void ubifs_put_super(struct super_block *sb) ubifs_umount(c); #ifndef __UBOOT__ bdi_destroy(&c->bdi); -#endif ubi_close_volume(c->ubi); mutex_unlock(&c->umount_mutex); +#endif } #endif @@ -2328,13 +2330,13 @@ static int ubifs_fill_super(struct super_block *sb, void *data, int silent) out_umount: ubifs_umount(c); out_unlock: - mutex_unlock(&c->umount_mutex); #ifndef __UBOOT__ + mutex_unlock(&c->umount_mutex); out_bdi: bdi_destroy(&c->bdi); out_close: -#endif ubi_close_volume(c->ubi); +#endif out: return err; }