Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp4192288ybg; Tue, 29 Oct 2019 03:35:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqypPB/eAU2RAM0lVIKJ2FwukNHhNQvIBe6E/viZfD41utkIiqS58YV3+QELQzTTv9j4MBwT X-Received: by 2002:a17:906:d972:: with SMTP id rp18mr2478689ejb.179.1572345340639; Tue, 29 Oct 2019 03:35:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572345340; cv=none; d=google.com; s=arc-20160816; b=KBbV5EXRE2RKD5LY0q/b+Iky1OjU41CfqLqOEbw3sDPVcaQCmYYYT6lHNx6twCS54t OvJFz0j/8YFXaIbtayHb0jP9UNpxO3cgqDZL0BHAG73WuoPv4opJrdPM6qzLKT10uliT RB1QVx+4siI+D6a6SA5U1EWr4Xx/nr/O4jFHEICyHBE6ln/VIE0nVJnw+JILtxbdIPrd YdzF9Xj9Ou7BKjSNsDWq5Bhf4n+HhDcXYG1ClOyb1NkEwx1Om7Yfu7sZ4bFOUumt7B8L ST8Yj6fJm/FYUyH7/N/BxEYBPJZLeyPFbhQncMdcpK+eHry3TPVcqR1Z3V6ngmSukFGH b/PA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=Q5KFmakyN99RcIsdj/ksnYzumfetHZDcprZW4Y3o+tE=; b=GuoB94Nd8ScsFrXSKsrUSVAEpyLWvs3vEVn1QYY+O4SkAYmKAtG+dAaL185uO0dlma W5ZWnDKKVhygNZ3TQjmJR7QjQtFrDw9R8cMUVmATLfH1COArsAaOz4wHAFYYFLZbJ+nb 8PB26l1FhV6D/QKBLhxfDjU06Y5Fj4j5HjSqXgEpAy4qGNjDMnNJ2VjIMsjI6HEeehk5 xsJD9mBpE9PK7r7jknJyt0S8mGOzEOl/50CpjzdWgZrp1LKuC4jprzKrppxjSuEKw2Dh KjYQ2dC9ir+Ol3f7OcGI/8yjYhC6hTAzF9KgHSgg8Li/cIl54zMVzCECuFhY6Hdf4D1l tttg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u24si6474384ejr.220.2019.10.29.03.35.17; Tue, 29 Oct 2019 03:35:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732534AbfJ2JVK (ORCPT + 99 others); Tue, 29 Oct 2019 05:21:10 -0400 Received: from metis.ext.pengutronix.de ([85.220.165.71]:34051 "EHLO metis.ext.pengutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727752AbfJ2JVJ (ORCPT ); Tue, 29 Oct 2019 05:21:09 -0400 Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0]) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1iPNgQ-00044P-FT; Tue, 29 Oct 2019 10:20:58 +0100 Received: from sha by ptx.hi.pengutronix.de with local (Exim 4.89) (envelope-from ) id 1iPNgP-0002iK-23; Tue, 29 Oct 2019 10:20:57 +0100 Date: Tue, 29 Oct 2019 10:20:57 +0100 From: Sascha Hauer To: Zhihao Cheng Cc: richard@nod.at, dedekind1@gmail.com, yi.zhang@huawei.com, linux-mtd@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] ubifs: do_kill_orphans: Fix a memory leak bug Message-ID: <20191029092057.fsklsibqrmbmacar@pengutronix.de> References: <1572339670-68694-1-git-send-email-chengzhihao1@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1572339670-68694-1-git-send-email-chengzhihao1@huawei.com> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-IRC: #ptxdist @freenode X-Accept-Language: de,en X-Accept-Content-Type: text/plain X-Uptime: 10:14:52 up 113 days, 15:25, 93 users, load average: 0.01, 0.09, 0.12 User-Agent: NeoMutt/20170113 (1.7.2) X-SA-Exim-Connect-IP: 2001:67c:670:100:1d::c0 X-SA-Exim-Mail-From: sha@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-kernel@vger.kernel.org Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 29, 2019 at 05:01:10PM +0800, Zhihao Cheng wrote: > If there are more than one valid snod on the sleb->nodes list, > do_kill_orphans will malloc ino more than once without releasing > previous ino's memory. Finally, it will trigger memory leak. > > Fixes: ee1438ce5dc4 ("ubifs: Check link count of inodes when...") > Signed-off-by: Zhihao Cheng > Signed-off-by: zhangyi (F) > --- > fs/ubifs/orphan.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/fs/ubifs/orphan.c b/fs/ubifs/orphan.c > index 3b4b411..f211ed3 100644 > --- a/fs/ubifs/orphan.c > +++ b/fs/ubifs/orphan.c > @@ -673,9 +673,11 @@ static int do_kill_orphans(struct ubifs_info *c, struct ubifs_scan_leb *sleb, > if (first) > first = 0; > > - ino = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS); > - if (!ino) > - return -ENOMEM; > + if (!ino) { > + ino = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS); > + if (!ino) > + return -ENOMEM; > + } This solves only part of the problem. There are several places in the loop that just return instead of jumping to out_free. These need to be fixed as well. I am not sure if it's worth it to allocate ino on demand. It would be more straight forward to allocate it once initially before the loop. Not sure though what Richard prefers. Regards, Sascha -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |