From patchwork Fri Oct 21 10:21:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Li Zetao X-Patchwork-Id: 469 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4242:0:0:0:0:0 with SMTP id s2csp583681wrr; Fri, 21 Oct 2022 02:21:03 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7PFEssG6QMiti8Ui4WMMevGVIpbeiQIq8Uu90CpdBB4DwpIP5J0omwt73x3HSKCGRxPntR X-Received: by 2002:a05:6402:2791:b0:45d:3a94:3494 with SMTP id b17-20020a056402279100b0045d3a943494mr16087835ede.91.1666344063731; Fri, 21 Oct 2022 02:21:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666344063; cv=none; d=google.com; s=arc-20160816; b=Roch3No6oDGJGQ5JdtqYqiSDG80OdxxUGItQ4as7e0D7AlS0DgsWPl7rFgwUEjvDzJ jymXnkQrYN9XOe8z5K6GjAWOKO+gBu/EcUtrlXarCgBzXX/ajtEulv2GZdR2QsPu5kPr vOM48SW35CZIENlIdzZXb9bN8qNnwql4jjHa+hIcgRKKd7ey3UmOVsemXlJvehDgVz9U /ZQP061v4DzRZtjUpIlN6zeETwx5nmlWzSlrTQAZkyAs3oGnPtk6I91HSnPDk+PlyRBa eV37oTWQSQZpOvEWR3Aw52axbzu9G7h/ODhXSj6eVlusOuRFlK6sHT/pV54vLlb9LORb A5BA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=pwuCbbdXB6owgyk/atf0mXpRPCyvaenlHG0Vo8wayqs=; b=wFIuakWoIVAbHFCCswWvnalSPWgc5nzwuCN272Hec3sdpUOTbUUOuGN67gGn1ZVuqC 7sKxs3SJF4/Yytif+30x5wDobZv1+G7Nka3NK+IKvwdA/vRJk3PDjg7Iz9V317KT15u2 1D5tx0Ach7pLqSDpyRGl//kH+LdUZCMrzs5NRhIV3dNgtWyn8IRBreIZ+b3zCjrE0lke GENWLGY4I5EN7QMJ++odR7q8QpQzSs97kaiRFwQaEKa4B2N51JGtBgPVd8s5QleUNjSN oF48lg4U+F2lsqTaFW29NK8ex/DjLiiRhhJH2MPsEXyQI7AOZrQLPETNaklLXKshCo1G S2gA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gn28-20020a1709070d1c00b0078db6b965c7si20518680ejc.782.2022.10.21.02.20.37; Fri, 21 Oct 2022 02:21:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231224AbiJUJTf (ORCPT + 99 others); Fri, 21 Oct 2022 05:19:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46126 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231196AbiJUJTX (ORCPT ); Fri, 21 Oct 2022 05:19:23 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E351EA0 for ; Fri, 21 Oct 2022 02:19:21 -0700 (PDT) Received: from kwepemi500012.china.huawei.com (unknown [172.30.72.55]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4MtzLc5nVKzmVHS; Fri, 21 Oct 2022 17:14:32 +0800 (CST) Received: from huawei.com (10.175.101.6) by kwepemi500012.china.huawei.com (7.221.188.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Fri, 21 Oct 2022 17:19:18 +0800 From: Li Zetao To: , , , , , CC: , , , Subject: [PATCH 0/2] Fix use-after-free and kmemleak in ubi_resize_volume() Date: Fri, 21 Oct 2022 18:21:55 +0800 Message-ID: <20221021102157.1341807-1-lizetao1@huawei.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-Originating-IP: [10.175.101.6] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To kwepemi500012.china.huawei.com (7.221.188.12) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747288392998734306?= X-GMAIL-MSGID: =?utf-8?q?1747288392998734306?= This patchset fixes two memory usage issues. Patch 1 resolves the use-after-free issue, this is happening in volume resizing failed. In volume resizing process, the old eba table will be replaced by the new. But on error handing patch, the old eba will be freed, which causing an use-after-free fault when resizing volume next time. Patch 2 resolves the kmemleak issue, this is also happening in volume resizing failed. "new_eba_tbl" is created by ubi_eba_create_table() but destroyed by kfree(). Li Zetao (2): ubi: Fix use-after-free when volume resizing failed ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() drivers/mtd/ubi/vmt.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)