summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorPali Rohár <pali@kernel.org>2022-05-30 11:09:11 +0200
committerTom Rini <trini@konsulko.com>2022-07-08 09:05:47 -0400
commit69ca709d0fb001851f443b0b744c6d65bb6c22c1 (patch)
treef6a7c7a0fb49cd89317a65ade5aa4a296d81de15 /fs
parent54ee5ae84191aa7c53c9de709f6c66411d3e2dda (diff)
downloadu-boot-69ca709d0fb001851f443b0b744c6d65bb6c22c1.tar.gz
u-boot-69ca709d0fb001851f443b0b744c6d65bb6c22c1.tar.bz2
u-boot-69ca709d0fb001851f443b0b744c6d65bb6c22c1.zip
ubifs: Fix reference count leak in ubifsumount
Original ubifs code was designed that after ubifs_umount() call it is required to also call ubi_close_volume() which closes underlying UBI volume. But U-Boot ubifs modification have not implemented it properly which caused that ubifsumount command contains resource leak. It can be observed by calling simple sequence of commands: => ubi part mtd2 ubi0: attaching mtd2 ... => ubifsmount ubi0 => ubifsumount Unmounting UBIFS volume rootfs! => ubi detach ubi0 error: ubi_detach_mtd_dev: ubi0 reference count 1, destroy anyway ubi0: detaching mtd2 ubi0: mtd2 is detached Fix this issue by calling ubi_close_volume() and mutex_unlock() in directly in ubifs_umount() function before freeing U-Boot's global ubifs_sb. And remove duplicate calls of these two functions in remaining places. Note that when ubifs_umount() is not called then during error handling is still needed to call ubi_close_volume() and mutex_unlock. With this change ubifsumount command does not throw that error anymore: => ubi part rootfs ubi0: attaching mtd2 ... => ubifsmount ubi0 => ubifsumount Unmounting UBIFS volume rootfs! => ubi detach ubi0: detaching mtd2 ubi0: mtd2 is detached Signed-off-by: Pali Rohár <pali@kernel.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/ubifs/super.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index e3a4c0bca2..034c41a703 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -1757,6 +1757,8 @@ void ubifs_umount(struct ubifs_info *c)
kfree(c->bottom_up_buf);
ubifs_debugging_exit(c);
#ifdef __UBOOT__
+ ubi_close_volume(c->ubi);
+ mutex_unlock(&c->umount_mutex);
/* Finally free U-Boot's global copy of superblock */
if (ubifs_sb != NULL) {
free(ubifs_sb->s_fs_info);
@@ -2058,9 +2060,9 @@ static void ubifs_put_super(struct super_block *sb)
ubifs_umount(c);
#ifndef __UBOOT__
bdi_destroy(&c->bdi);
-#endif
ubi_close_volume(c->ubi);
mutex_unlock(&c->umount_mutex);
+#endif
}
#endif
@@ -2327,6 +2329,9 @@ static int ubifs_fill_super(struct super_block *sb, void *data, int silent)
out_umount:
ubifs_umount(c);
+#ifdef __UBOOT__
+ goto out;
+#endif
out_unlock:
mutex_unlock(&c->umount_mutex);
#ifndef __UBOOT__