diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-09-21 20:10:16 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-09-21 20:10:16 +0200 |
commit | 104c0d6bc43e10ba84931c45b67e2c76c9c67f68 (patch) | |
tree | ea80d62d9e5cc112b89928435be6be94673c0f39 /fs/jffs2 | |
parent | Merge tag 'for-linus-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/gi... (diff) | |
parent | jffs2: Fix memory leak in jffs2_scan_eraseblock() error path (diff) | |
download | linux-104c0d6bc43e10ba84931c45b67e2c76c9c67f68.tar.xz linux-104c0d6bc43e10ba84931c45b67e2c76c9c67f68.zip |
Merge tag 'upstream-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs
Pull UBI, UBIFS and JFFS2 updates from Richard Weinberger:
"UBI:
- Be less stupid when placing a fastmap anchor
- Try harder to get an empty PEB in case of contention
- Make ubiblock to warn if image is not a multiple of 512
UBIFS:
- Various fixes in error paths
JFFS2:
- Various fixes in error paths"
* tag 'upstream-5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs:
jffs2: Fix memory leak in jffs2_scan_eraseblock() error path
jffs2: Remove jffs2_gc_fetch_page and jffs2_gc_release_page
jffs2: Fix possible null-pointer dereferences in jffs2_add_frag_to_fragtree()
ubi: block: Warn if volume size is not multiple of 512
ubifs: Fix memory leak bug in alloc_ubifs_info() error path
ubifs: Fix memory leak in __ubifs_node_verify_hmac error path
ubifs: Fix memory leak in read_znode() error path
ubi: ubi_wl_get_peb: Increase the number of attempts while getting PEB
ubi: Don't do anchor move within fastmap area
ubifs: Remove redundant assignment to pointer fname
Diffstat (limited to 'fs/jffs2')
-rw-r--r-- | fs/jffs2/fs.c | 27 | ||||
-rw-r--r-- | fs/jffs2/gc.c | 21 | ||||
-rw-r--r-- | fs/jffs2/nodelist.c | 2 | ||||
-rw-r--r-- | fs/jffs2/os-linux.h | 3 | ||||
-rw-r--r-- | fs/jffs2/scan.c | 5 |
5 files changed, 18 insertions, 40 deletions
diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c index 05fe6cf5f1ac..ab8cdd9e9325 100644 --- a/fs/jffs2/fs.c +++ b/fs/jffs2/fs.c @@ -682,33 +682,6 @@ struct jffs2_inode_info *jffs2_gc_fetch_inode(struct jffs2_sb_info *c, return JFFS2_INODE_INFO(inode); } -unsigned char *jffs2_gc_fetch_page(struct jffs2_sb_info *c, - struct jffs2_inode_info *f, - unsigned long offset, - unsigned long *priv) -{ - struct inode *inode = OFNI_EDONI_2SFFJ(f); - struct page *pg; - - pg = read_cache_page(inode->i_mapping, offset >> PAGE_SHIFT, - jffs2_do_readpage_unlock, inode); - if (IS_ERR(pg)) - return (void *)pg; - - *priv = (unsigned long)pg; - return kmap(pg); -} - -void jffs2_gc_release_page(struct jffs2_sb_info *c, - unsigned char *ptr, - unsigned long *priv) -{ - struct page *pg = (void *)*priv; - - kunmap(pg); - put_page(pg); -} - static int jffs2_flash_setup(struct jffs2_sb_info *c) { int ret = 0; diff --git a/fs/jffs2/gc.c b/fs/jffs2/gc.c index 9ed0f26cf023..373b3b7c9f44 100644 --- a/fs/jffs2/gc.c +++ b/fs/jffs2/gc.c @@ -1165,12 +1165,13 @@ static int jffs2_garbage_collect_dnode(struct jffs2_sb_info *c, struct jffs2_era struct jffs2_inode_info *f, struct jffs2_full_dnode *fn, uint32_t start, uint32_t end) { + struct inode *inode = OFNI_EDONI_2SFFJ(f); struct jffs2_full_dnode *new_fn; struct jffs2_raw_inode ri; uint32_t alloclen, offset, orig_end, orig_start; int ret = 0; unsigned char *comprbuf = NULL, *writebuf; - unsigned long pg; + struct page *page; unsigned char *pg_ptr; memset(&ri, 0, sizeof(ri)); @@ -1325,15 +1326,18 @@ static int jffs2_garbage_collect_dnode(struct jffs2_sb_info *c, struct jffs2_era * end up here trying to GC the *same* page that jffs2_write_begin() is * trying to write out, read_cache_page() will not deadlock. */ mutex_unlock(&f->sem); - pg_ptr = jffs2_gc_fetch_page(c, f, start, &pg); - mutex_lock(&f->sem); - - if (IS_ERR(pg_ptr)) { + page = read_cache_page(inode->i_mapping, start >> PAGE_SHIFT, + jffs2_do_readpage_unlock, inode); + if (IS_ERR(page)) { pr_warn("read_cache_page() returned error: %ld\n", - PTR_ERR(pg_ptr)); - return PTR_ERR(pg_ptr); + PTR_ERR(page)); + mutex_lock(&f->sem); + return PTR_ERR(page); } + pg_ptr = kmap(page); + mutex_lock(&f->sem); + offset = start; while(offset < orig_end) { uint32_t datalen; @@ -1396,6 +1400,7 @@ static int jffs2_garbage_collect_dnode(struct jffs2_sb_info *c, struct jffs2_era } } - jffs2_gc_release_page(c, pg_ptr, &pg); + kunmap(page); + put_page(page); return ret; } diff --git a/fs/jffs2/nodelist.c b/fs/jffs2/nodelist.c index b86c78d178c6..021a4a2190ee 100644 --- a/fs/jffs2/nodelist.c +++ b/fs/jffs2/nodelist.c @@ -226,7 +226,7 @@ static int jffs2_add_frag_to_fragtree(struct jffs2_sb_info *c, struct rb_root *r lastend = this->ofs + this->size; } else { dbg_fragtree2("lookup gave no frag\n"); - lastend = 0; + return -EINVAL; } /* See if we ran off the end of the fragtree */ diff --git a/fs/jffs2/os-linux.h b/fs/jffs2/os-linux.h index 21071fc2975d..ef1cfa61549e 100644 --- a/fs/jffs2/os-linux.h +++ b/fs/jffs2/os-linux.h @@ -183,9 +183,6 @@ unsigned char *jffs2_gc_fetch_page(struct jffs2_sb_info *c, struct jffs2_inode_info *f, unsigned long offset, unsigned long *priv); -void jffs2_gc_release_page(struct jffs2_sb_info *c, - unsigned char *pg, - unsigned long *priv); void jffs2_flash_cleanup(struct jffs2_sb_info *c); diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c index 90431dd613b8..5f7e284e0df3 100644 --- a/fs/jffs2/scan.c +++ b/fs/jffs2/scan.c @@ -527,8 +527,11 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo err = jffs2_fill_scan_buf(c, sumptr, jeb->offset + c->sector_size - sumlen, sumlen - buf_len); - if (err) + if (err) { + if (sumlen > buf_size) + kfree(sumptr); return err; + } } } |