UBI: fix memory leak when use fastmap
When use ubi fastmap, there is a memory leak which will make destroy_ai()
called in ubi_attach fail.
The following patch base on linux-3.9-rc6 fix this problem.
diff -uprN old_ubi/attach.c new_ubi/attach.c
--- old_ubi/attach.c 2013-04-08 03:49:54.000000000 +0000
+++ new_ubi/attach.c 2013-04-16 03:22:47.343750000 +0000
@@ -1212,6 +1212,30 @@ static void destroy_ai(struct ubi_attach
kfree(ai);
}
+static struct ubi_attach_info *alloc_ai(const char *slab_name)
+{
+ struct ubi_attach_info *ai;
+
+ ai = kzalloc(sizeof(struct ubi_attach_info), GFP_KERNEL);
+ if (!ai)
+ return ai;
+
+ INIT_LIST_HEAD(&ai->corr);
+ INIT_LIST_HEAD(&ai->free);
+ INIT_LIST_HEAD(&ai->erase);
+ INIT_LIST_HEAD(&ai->alien);
+ ai->volumes = RB_ROOT;
+ ai->aeb_slab_cache = kmem_cache_create(slab_name,
+ sizeof(struct
ubi_ainf_peb),
+ 0, 0, NULL);
+ if (!ai->aeb_slab_cache) {
+ kfree(ai);
+ ai = NULL;
+ }
+
+ return ai;
+}
+
/**
* scan_all - scan entire MTD device.
* @ubi: UBI device description object
@@ -1315,8 +1339,13 @@ static int scan_fast(struct ubi_device *
int err, pnum, fm_anchor = -1;
unsigned long long max_sqnum = 0;
+ struct ubi_attach_info *fastmap_temp_ai = NULL;
err = -ENOMEM;
+ fastmap_temp_ai = alloc_ai("ubi_scan_fastmap_slab_cache");
+ if (!fastmap_temp_ai)
+ goto out;
+
ech = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL);
if (!ech)
goto out;
@@ -1331,7 +1360,7 @@ static int scan_fast(struct ubi_device *
cond_resched();
dbg_gen("process PEB %d", pnum);
- err = scan_peb(ubi, ai, pnum, &vol_id, &sqnum);
+ err = scan_peb(ubi, fastmap_temp_ai, pnum, &vol_id,
&sqnum);
if (err < 0)
goto out_vidh;
@@ -1343,6 +1372,7 @@ static int scan_fast(struct ubi_device *
ubi_free_vid_hdr(ubi, vidh);
kfree(ech);
+ destroy_ai(fastmap_temp_ai);
if (fm_anchor < 0)
return UBI_NO_FASTMAP;
@@ -1351,6 +1381,7 @@ static int scan_fast(struct ubi_device *
out_vidh:
ubi_free_vid_hdr(ubi, vidh);
+ destroy_ai(fastmap_temp_ai);
out_ech:
kfree(ech);
out:
@@ -1359,29 +1390,6 @@ out:
#endif
-static struct ubi_attach_info *alloc_ai(const char *slab_name)
-{
- struct ubi_attach_info *ai;
-
- ai = kzalloc(sizeof(struct ubi_attach_info), GFP_KERNEL);
- if (!ai)
- return ai;
-
- INIT_LIST_HEAD(&ai->corr);
- INIT_LIST_HEAD(&ai->free);
- INIT_LIST_HEAD(&ai->erase);
- INIT_LIST_HEAD(&ai->alien);
- ai->volumes = RB_ROOT;
- ai->aeb_slab_cache = kmem_cache_create(slab_name,
- sizeof(struct
ubi_ainf_peb),
- 0, 0, NULL);
- if (!ai->aeb_slab_cache) {
- kfree(ai);
- ai = NULL;
- }
-
- return ai;
-}
/**
* ubi_attach - attach an MTD device.
@@ -1419,7 +1427,7 @@ int ubi_attach(struct ubi_device *ubi, i
return -ENOMEM;
}
- err = scan_all(ubi, ai, UBI_FM_MAX_START);
+ err = scan_all(ubi, ai, 0);
}
}
#else
diff -uprN old_ubi/fastmap.c new_ubi/fastmap.c
--- old_ubi/fastmap.c 2013-04-08 03:49:54.000000000 +0000
+++ new_ubi/fastmap.c 2013-04-16 03:22:17.468750000 +0000
@@ -552,21 +552,8 @@ static int ubi_attach_fastmap(struct ubi
INIT_LIST_HEAD(&used);
INIT_LIST_HEAD(&free);
INIT_LIST_HEAD(&eba_orphans);
- INIT_LIST_HEAD(&ai->corr);
- INIT_LIST_HEAD(&ai->free);
- INIT_LIST_HEAD(&ai->erase);
- INIT_LIST_HEAD(&ai->alien);
- ai->volumes = RB_ROOT;
ai->min_ec = UBI_MAX_ERASECOUNTER;
- ai->aeb_slab_cache = kmem_cache_create("ubi_ainf_peb_slab",
- sizeof(struct
ubi_ainf_peb),
- 0, 0, NULL);
- if (!ai->aeb_slab_cache) {
- ret = -ENOMEM;
- goto fail;
- }
-
fmsb = (struct ubi_fm_sb *)(fm_raw);
ai->max_sqnum = fmsb->sqnum;
fm_pos += sizeof(struct ubi_fm_sb);
Signed-off-by: Wang bo <[email protected]>
Tested-by: Wang bo <[email protected]>
Reviewed-by: Cui Yunfeng <[email protected]>