From patchwork Thu Aug 20 09:20:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265309 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D35BC433E1 for ; Thu, 20 Aug 2020 13:29:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2EDCC208A9 for ; Thu, 20 Aug 2020 13:29:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597930144; bh=wp8G5LoikT6tMvWTrOAsmUvkum57qThOs0SmGsnDMmE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=TQ1QKNtMaV+RyAksVCn7PFtg8GYiMyxCazA1phVimZYXvFw1l8WxPj055Xs09WOBJ 6egk/uVbPs/UrE4OLDKAISUbn6xfqFSJAF6QVH2ltodA2FbCYb/NQrD4gC0Ckghbb9 s3Kdj4HKhS2PP4jOeWGm1LilCGVD5Dr5D4WnyrXo= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728396AbgHTJdE (ORCPT ); Thu, 20 Aug 2020 05:33:04 -0400 Received: from mail.kernel.org ([198.145.29.99]:43094 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728236AbgHTJbi (ORCPT ); Thu, 20 Aug 2020 05:31:38 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9337122B3F; Thu, 20 Aug 2020 09:31:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597915898; bh=wp8G5LoikT6tMvWTrOAsmUvkum57qThOs0SmGsnDMmE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jHg4W3l6z93G80sxfHYFssGiWTOf3pRCVpzsSvJJ+mbowONt1j7a8A6MXS4iME8eC wCz2rMzYrPi3ocl34AOQn9vWdzMwLTpWYnvYpMbZNB1fuXpzVCc0C31nQcxdOURNDa QkbI3mgPQugCXO42e1tMkmcEfbT24rW2TH6x3U7E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Zhihao Cheng , Sascha Hauer , syzbot+d9aab50b1154e3d163f5@syzkaller.appspotmail.com, Richard Weinberger , Sasha Levin Subject: [PATCH 5.8 174/232] ubi: fastmap: Dont produce the initial next anchor PEB when fastmap is disabled Date: Thu, 20 Aug 2020 11:20:25 +0200 Message-Id: <20200820091621.246072260@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200820091612.692383444@linuxfoundation.org> References: <20200820091612.692383444@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Zhihao Cheng [ Upstream commit 3b185255bb2f34fa6927619b9ef27f192a3d9f5a ] Following process triggers a memleak caused by forgetting to release the initial next anchor PEB (CONFIG_MTD_UBI_FASTMAP is disabled): 1. attach -> __erase_worker -> produce the initial next anchor PEB 2. detach -> ubi_fastmap_close (Do nothing, it should have released the initial next anchor PEB) Don't produce the initial next anchor PEB in __erase_worker() when fastmap is disabled. Signed-off-by: Zhihao Cheng Suggested-by: Sascha Hauer Fixes: f9c34bb529975fe ("ubi: Fix producing anchor PEBs") Reported-by: syzbot+d9aab50b1154e3d163f5@syzkaller.appspotmail.com Signed-off-by: Richard Weinberger Signed-off-by: Sasha Levin --- drivers/mtd/ubi/wl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/ubi/wl.c b/drivers/mtd/ubi/wl.c index 27636063ed1bb..42cac572f82dc 100644 --- a/drivers/mtd/ubi/wl.c +++ b/drivers/mtd/ubi/wl.c @@ -1086,7 +1086,8 @@ static int __erase_worker(struct ubi_device *ubi, struct ubi_work *wl_wrk) if (!err) { spin_lock(&ubi->wl_lock); - if (!ubi->fm_next_anchor && e->pnum < UBI_FM_MAX_START) { + if (!ubi->fm_disabled && !ubi->fm_next_anchor && + e->pnum < UBI_FM_MAX_START) { /* Abort anchor production, if needed it will be * enabled again in the wear leveling started below. */