leandrof/u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ubifs: Fix reference count leak in ubifsumount

Browse Source 
Original ubifs code was designed that after ubifs_umount() call it is
required to also call ubi_close_volume() which closes underlying UBI
volume. But U-Boot ubifs modification have not implemented it properly
which caused that ubifsumount command contains resource leak. It can be
observed by calling simple sequence of commands:

  => ubi part mtd2
  ubi0: attaching mtd2
  ...
  => ubifsmount ubi0
  => ubifsumount
  Unmounting UBIFS volume rootfs!
  => ubi detach
  ubi0 error: ubi_detach_mtd_dev: ubi0 reference count 1, destroy anyway
  ubi0: detaching mtd2
  ubi0: mtd2 is detached

Fix this issue by calling ubi_close_volume() and mutex_unlock() in
directly in ubifs_umount() function before freeing U-Boot's global
ubifs_sb. And remove duplicate calls of these two functions in remaining
places. Note that when ubifs_umount() is not called then during error
handling is still needed to call ubi_close_volume() and mutex_unlock.

With this change ubifsumount command does not throw that error anymore:

  => ubi part rootfs
  ubi0: attaching mtd2
  ...
  => ubifsmount ubi0
  => ubifsumount
  Unmounting UBIFS volume rootfs!
  => ubi detach
  ubi0: detaching mtd2
  ubi0: mtd2 is detached

Signed-off-by: Pali Rohár <pali@kernel.org>
This commit is contained in:
Pali Rohár 2022-05-30 11:09:11 +02:00 committed by Tom Rini
parent 54ee5ae841
commit 69ca709d0f
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
fs/ubifs/super.c
View File

@ -1757,6 +1757,8 @@ void ubifs_umount(struct ubifs_info *c)
kfree(c->bottom_up_buf);
ubifs_debugging_exit(c);
#ifdef __UBOOT__
ubi_close_volume(c->ubi);
mutex_unlock(&c->umount_mutex);
/* Finally free U-Boot's global copy of superblock */
if (ubifs_sb != NULL) {
free(ubifs_sb->s_fs_info);
@ -2058,9 +2060,9 @@ static void ubifs_put_super(struct super_block *sb)
ubifs_umount(c);
#ifndef __UBOOT__
bdi_destroy(&c->bdi);
#endif
ubi_close_volume(c->ubi);
mutex_unlock(&c->umount_mutex);
#endif
}
#endif
@ -2327,6 +2329,9 @@ static int ubifs_fill_super(struct super_block *sb, void *data, int silent)
out_umount:
ubifs_umount(c);
#ifdef __UBOOT__
goto out;
#endif
out_unlock:
mutex_unlock(&c->umount_mutex);
#ifndef __UBOOT__