mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
UBI: fix memory leak
ubi_free_volume() function sets ubi->volumes[] to NULL, so ubi_eba_close() is useless, it does not free what has to be freed. So zap it and free vol->eba_tbl at the volume release function. Pointed-out-by: Adrian Hunter <ext-adrian.hunter@nokia.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
This commit is contained in:
parent
cadb40ccc1
commit
abc5e92262
4 changed files with 9 additions and 29 deletions
|
@ -840,7 +840,6 @@ int ubi_attach_mtd_dev(struct mtd_info *mtd, int ubi_num, int vid_hdr_offset)
|
|||
out_uif:
|
||||
uif_close(ubi);
|
||||
out_detach:
|
||||
ubi_eba_close(ubi);
|
||||
ubi_wl_close(ubi);
|
||||
vfree(ubi->vtbl);
|
||||
out_free:
|
||||
|
@ -903,7 +902,6 @@ int ubi_detach_mtd_dev(int ubi_num, int anyway)
|
|||
kthread_stop(ubi->bgt_thread);
|
||||
|
||||
uif_close(ubi);
|
||||
ubi_eba_close(ubi);
|
||||
ubi_wl_close(ubi);
|
||||
vfree(ubi->vtbl);
|
||||
put_mtd_device(ubi->mtd);
|
||||
|
|
|
@ -1233,20 +1233,3 @@ out_free:
|
|||
}
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
* ubi_eba_close - close EBA unit.
|
||||
* @ubi: UBI device description object
|
||||
*/
|
||||
void ubi_eba_close(const struct ubi_device *ubi)
|
||||
{
|
||||
int i, num_volumes = ubi->vtbl_slots + UBI_INT_VOL_COUNT;
|
||||
|
||||
dbg_eba("close EBA unit");
|
||||
|
||||
for (i = 0; i < num_volumes; i++) {
|
||||
if (!ubi->volumes[i])
|
||||
continue;
|
||||
kfree(ubi->volumes[i]->eba_tbl);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -477,7 +477,6 @@ int ubi_eba_atomic_leb_change(struct ubi_device *ubi, struct ubi_volume *vol,
|
|||
int ubi_eba_copy_leb(struct ubi_device *ubi, int from, int to,
|
||||
struct ubi_vid_hdr *vid_hdr);
|
||||
int ubi_eba_init_scan(struct ubi_device *ubi, struct ubi_scan_info *si);
|
||||
void ubi_eba_close(const struct ubi_device *ubi);
|
||||
|
||||
/* wl.c */
|
||||
int ubi_wl_get_peb(struct ubi_device *ubi, int dtype);
|
||||
|
|
|
@ -127,6 +127,7 @@ static void vol_release(struct device *dev)
|
|||
{
|
||||
struct ubi_volume *vol = container_of(dev, struct ubi_volume, dev);
|
||||
|
||||
kfree(vol->eba_tbl);
|
||||
kfree(vol);
|
||||
}
|
||||
|
||||
|
@ -201,7 +202,7 @@ static void volume_sysfs_close(struct ubi_volume *vol)
|
|||
*/
|
||||
int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req)
|
||||
{
|
||||
int i, err, vol_id = req->vol_id, dont_free = 0;
|
||||
int i, err, vol_id = req->vol_id, do_free = 1;
|
||||
struct ubi_volume *vol;
|
||||
struct ubi_vtbl_record vtbl_rec;
|
||||
uint64_t bytes;
|
||||
|
@ -365,14 +366,14 @@ int ubi_create_volume(struct ubi_device *ubi, struct ubi_mkvol_req *req)
|
|||
|
||||
out_sysfs:
|
||||
/*
|
||||
* We have registered our device, we should not free the volume*
|
||||
* We have registered our device, we should not free the volume
|
||||
* description object in this function in case of an error - it is
|
||||
* freed by the release function.
|
||||
*
|
||||
* Get device reference to prevent the release function from being
|
||||
* called just after sysfs has been closed.
|
||||
*/
|
||||
dont_free = 1;
|
||||
do_free = 0;
|
||||
get_device(&vol->dev);
|
||||
volume_sysfs_close(vol);
|
||||
out_gluebi:
|
||||
|
@ -382,17 +383,18 @@ out_gluebi:
|
|||
out_cdev:
|
||||
cdev_del(&vol->cdev);
|
||||
out_mapping:
|
||||
kfree(vol->eba_tbl);
|
||||
if (do_free)
|
||||
kfree(vol->eba_tbl);
|
||||
out_acc:
|
||||
spin_lock(&ubi->volumes_lock);
|
||||
ubi->rsvd_pebs -= vol->reserved_pebs;
|
||||
ubi->avail_pebs += vol->reserved_pebs;
|
||||
out_unlock:
|
||||
spin_unlock(&ubi->volumes_lock);
|
||||
if (dont_free)
|
||||
put_device(&vol->dev);
|
||||
else
|
||||
if (do_free)
|
||||
kfree(vol);
|
||||
else
|
||||
put_device(&vol->dev);
|
||||
ubi_err("cannot create volume %d, error %d", vol_id, err);
|
||||
return err;
|
||||
}
|
||||
|
@ -445,8 +447,6 @@ int ubi_remove_volume(struct ubi_volume_desc *desc)
|
|||
goto out_err;
|
||||
}
|
||||
|
||||
kfree(vol->eba_tbl);
|
||||
vol->eba_tbl = NULL;
|
||||
cdev_del(&vol->cdev);
|
||||
volume_sysfs_close(vol);
|
||||
|
||||
|
|
Loading…
Reference in a new issue