diff options
| author | Pali Rohár <pali@kernel.org> | 2022-05-30 11:09:11 +0200 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2022-07-08 09:05:47 -0400 |
| commit | 69ca709d0fb001851f443b0b744c6d65bb6c22c1 (patch) | |
| tree | f6a7c7a0fb49cd89317a65ade5aa4a296d81de15 | |
| parent | 54ee5ae84191aa7c53c9de709f6c66411d3e2dda (diff) | |
| download | u-boot-69ca709d0fb001851f443b0b744c6d65bb6c22c1.zip u-boot-69ca709d0fb001851f443b0b744c6d65bb6c22c1.tar.gz u-boot-69ca709d0fb001851f443b0b744c6d65bb6c22c1.tar.bz2 | |
ubifs: Fix reference count leak in ubifsumount
Original ubifs code was designed that after ubifs_umount() call it is
required to also call ubi_close_volume() which closes underlying UBI
volume. But U-Boot ubifs modification have not implemented it properly
which caused that ubifsumount command contains resource leak. It can be
observed by calling simple sequence of commands:
=> ubi part mtd2
ubi0: attaching mtd2
...
=> ubifsmount ubi0
=> ubifsumount
Unmounting UBIFS volume rootfs!
=> ubi detach
ubi0 error: ubi_detach_mtd_dev: ubi0 reference count 1, destroy anyway
ubi0: detaching mtd2
ubi0: mtd2 is detached
Fix this issue by calling ubi_close_volume() and mutex_unlock() in
directly in ubifs_umount() function before freeing U-Boot's global
ubifs_sb. And remove duplicate calls of these two functions in remaining
places. Note that when ubifs_umount() is not called then during error
handling is still needed to call ubi_close_volume() and mutex_unlock.
With this change ubifsumount command does not throw that error anymore:
=> ubi part rootfs
ubi0: attaching mtd2
...
=> ubifsmount ubi0
=> ubifsumount
Unmounting UBIFS volume rootfs!
=> ubi detach
ubi0: detaching mtd2
ubi0: mtd2 is detached
Signed-off-by: Pali Rohár <pali@kernel.org>
| -rw-r--r-- | fs/ubifs/super.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c index e3a4c0b..034c41a 100644 --- a/fs/ubifs/super.c +++ b/fs/ubifs/super.c @@ -1757,6 +1757,8 @@ void ubifs_umount(struct ubifs_info *c) kfree(c->bottom_up_buf); ubifs_debugging_exit(c); #ifdef __UBOOT__ + ubi_close_volume(c->ubi); + mutex_unlock(&c->umount_mutex); /* Finally free U-Boot's global copy of superblock */ if (ubifs_sb != NULL) { free(ubifs_sb->s_fs_info); @@ -2058,9 +2060,9 @@ static void ubifs_put_super(struct super_block *sb) ubifs_umount(c); #ifndef __UBOOT__ bdi_destroy(&c->bdi); -#endif ubi_close_volume(c->ubi); mutex_unlock(&c->umount_mutex); +#endif } #endif @@ -2327,6 +2329,9 @@ static int ubifs_fill_super(struct super_block *sb, void *data, int silent) out_umount: ubifs_umount(c); +#ifdef __UBOOT__ + goto out; +#endif out_unlock: mutex_unlock(&c->umount_mutex); #ifndef __UBOOT__ |