Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp322234ybg; Mon, 1 Jun 2020 02:14:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxbsWshxychuctp6kguS7N3fWqNuxa0ENWSymAzm2nV+52198GyfOrocDyAGvvNIJPrSXbt X-Received: by 2002:a50:fd04:: with SMTP id i4mr21158456eds.43.1591002859154; Mon, 01 Jun 2020 02:14:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591002859; cv=none; d=google.com; s=arc-20160816; b=q01nUAHfjTNzoOOlvM9T3sb2cK/lytc7LnfhJ8ZMKHSivZG88vFRUJ6aJMLiJy31us Jidj+iX7nSImr1WENQ/Yutg66Lk/4fd0Pj2TCjaQ7k0ohglFm7tHOVgaxReJwYw8MTIq qqnA9na+Rb/ACIVb4GLmCuF3HeZOZ36YU76ASrv9AZT13l2RPKCJ3rFWIKQuUWFrt0VA hPU8yxR0cnB/5EyTQdAGBl3R3xpuoE77iXSlxMl3cwOTqKz+VsUtVSWiagIMDQAaG72O nPeCgdzkkyn3Jwbi4S8+7OR5mjN4l/Iggy7eQYiGjZ84zlNelN8pPO8oZzO4HUoeDsM+ jmvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=RZYzU+iBg7WgLHkyXGyxGTVE7wQAEoKWLpT4jefdrNY=; b=JSSlor7RsnQ2v8DSDz0qqMu2bxEedV4vmqXLULYQST+/+8nS97p3ewMurA6C8V1eaH 8hg6LPOFSqi/Xh42+SxN79ANcp4q8PQfZvgamPegU8ecLwhvUAs7pK+KsWN68Ipqn8v+ VrePWveA1qallWJWaJ3Iii9NccPcyicMAundyD9sZjnIOPdJC2+SvP/Wvtp0ek1C/97u uE9pCp/tWX9C8YS9Ox2/q2SFQsuqdCHkq6CM/Dh2BrSj4n500f/EUQDuSHeZkQ7DE7qr 75ou1t08BJlNNzAcDd46m769ALJxfIRfNjJzLOiDmzLzdMGqLCso0/hZoVZ9VOaAJeiM xLtg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y24si2990590eju.288.2020.06.01.02.13.56; Mon, 01 Jun 2020 02:14:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726073AbgFAJMI (ORCPT + 99 others); Mon, 1 Jun 2020 05:12:08 -0400 Received: from szxga05-in.huawei.com ([45.249.212.191]:5319 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725778AbgFAJMI (ORCPT ); Mon, 1 Jun 2020 05:12:08 -0400 Received: from DGGEMS403-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id ADBEF49AA1705597C5FD; Mon, 1 Jun 2020 17:12:05 +0800 (CST) Received: from huawei.com (10.175.104.175) by DGGEMS403-HUB.china.huawei.com (10.3.19.203) with Microsoft SMTP Server id 14.3.487.0; Mon, 1 Jun 2020 17:11:54 +0800 From: Zhihao Cheng To: , CC: , , Subject: [PATCH] ubi: fastmap: Don't produce the initial anchor PEB when fastmap is disabled Date: Mon, 1 Jun 2020 17:11:34 +0800 Message-ID: <20200601091134.3794265-1-chengzhihao1@huawei.com> X-Mailer: git-send-email 2.25.4 MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.175.104.175] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Following process triggers a memleak caused by forgetting to release the initial anchor PEB (CONFIG_MTD_UBI_FASTMAP is disabled): 1. attach -> __erase_worker -> produce the initial anchor PEB 2. detach -> ubi_fastmap_close (Do nothing, it should have released the initial anchor PEB) Don't produce the initial anchor PEB in __erase_worker() when fastmap is disabled. Signed-off-by: Zhihao Cheng Fixes: f9c34bb529975fe ("ubi: Fix producing anchor PEBs") Reported-by: syzbot+d9aab50b1154e3d163f5@syzkaller.appspotmail.com --- drivers/mtd/ubi/wl.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c index 5146cce5fe32..5ebe1084a8e7 100644 --- a/drivers/mtd/ubi/wl.c +++ b/drivers/mtd/ubi/wl.c @@ -1079,13 +1079,19 @@ static int __erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk) if (!err) { spin_lock(&ubi->wl_lock); - if (!ubi->fm_anchor && e->pnum < UBI_FM_MAX_START) { +#ifdef CONFIG_MTD_UBI_FASTMAP + if (!ubi->fm_disabled && !ubi->fm_anchor && + e->pnum < UBI_FM_MAX_START) { ubi->fm_anchor = e; ubi->fm_do_produce_anchor = 0; } else { wl_tree_add(e, &ubi->free); ubi->free_count++; } +#else + wl_tree_add(e, &ubi->free); + ubi->free_count++; +#endif spin_unlock(&ubi->wl_lock); -- 2.25.4