Ensure that the allocated bud->log_hash (if any) is freed in all cases
when the bud itself is freed, to fix this leak caught by kmemleak:
# keyctl add logon foo:bar data @s
# echo clear > /sys/kernel/debug/kmemleak
# mount -t ubifs /dev/ubi0_0 mnt -o auth_hash_name=sha256,auth_key=foo:bar
# echo a > mnt/x
# umount mnt
# mount -t ubifs /dev/ubi0_0 mnt -o auth_hash_name=sha256,auth_key=foo:bar
# umount mnt
# sleep 5
# echo scan > /sys/kernel/debug/kmemleak
# echo scan > /sys/kernel/debug/kmemleak
# cat /sys/kernel/debug/kmemleak
unreferenced object 0xff... (size 128):
comm "mount"
backtrace:
__kmalloc
__ubifs_hash_get_desc+0x5d/0xe0 ubifs
ubifs_replay_journal
ubifs_mount
...
Fixes: da8ef65f9573 ("ubifs: Authenticate replayed journal")
Signed-off-by: Vincent Whitchurch <[email protected]>
---
fs/ubifs/super.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index 32cb14759796..0ef8c1f3d760 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -923,8 +923,10 @@ static void free_buds(struct ubifs_info *c)
{
struct ubifs_bud *bud, *n;
- rbtree_postorder_for_each_entry_safe(bud, n, &c->buds, rb)
+ rbtree_postorder_for_each_entry_safe(bud, n, &c->buds, rb) {
+ kfree(bud->log_hash);
kfree(bud);
+ }
}
/**
@@ -1193,6 +1195,7 @@ static void destroy_journal(struct ubifs_info *c)
bud = list_entry(c->old_buds.next, struct ubifs_bud, list);
list_del(&bud->list);
+ kfree(bud->log_hash);
kfree(bud);
}
ubifs_destroy_idx_gc(c);
---
base-commit: fdf0eaf11452d72945af31804e2a1048ee1b574c
change-id: 20230718-ubifs-replay-auth-leak-9b395b83196f
Best regards,
--
Vincent Whitchurch <[email protected]>