From e7e4afbb645005b32ec506671a91c10059491e55 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sun, 28 Apr 2013 17:01:56 +0000 Subject: [PATCH] kernel: fix a memory leak in split_rootfs_data() allocate_partition() copies all the content of dpart into a new struct. SVN-Revision: 36475 --- .../patches-3.8/400-rootfs_split.patch | 31 ++++++------------- .../patches-3.9/400-rootfs_split.patch | 31 ++++++------------- 2 files changed, 20 insertions(+), 42 deletions(-) diff --git a/target/linux/generic/patches-3.8/400-rootfs_split.patch b/target/linux/generic/patches-3.8/400-rootfs_split.patch index b43ac9c5a6c..88929fd3fad 100644 --- a/target/linux/generic/patches-3.8/400-rootfs_split.patch +++ b/target/linux/generic/patches-3.8/400-rootfs_split.patch @@ -35,7 +35,7 @@ /* * MTD methods which simply translate the effective address and pass through -@@ -613,6 +615,155 @@ int mtd_del_partition(struct mtd_info *m +@@ -613,6 +615,144 @@ int mtd_del_partition(struct mtd_info *m } EXPORT_SYMBOL_GPL(mtd_del_partition); @@ -88,7 +88,7 @@ + +static int split_rootfs_data(struct mtd_info *master, struct mtd_info *rpart, const struct mtd_partition *part) +{ -+ struct mtd_partition *dpart; ++ struct mtd_partition dpart; + struct mtd_part *slave = NULL; + struct mtd_part *spart; + int ret, split_offset = 0; @@ -101,27 +101,16 @@ + if (split_offset <= 0) + return 0; + -+ dpart = kmalloc(sizeof(*part)+sizeof(ROOTFS_SPLIT_NAME)+1, GFP_KERNEL); -+ if (dpart == NULL) { -+ printk(KERN_INFO "split_squashfs: no memory for partition \"%s\"\n", -+ ROOTFS_SPLIT_NAME); -+ return -ENOMEM; -+ } -+ -+ memcpy(dpart, part, sizeof(*part)); -+ dpart->name = (unsigned char *)&dpart[1]; -+ strcpy(dpart->name, ROOTFS_SPLIT_NAME); -+ -+ dpart->size = rpart->size - (split_offset - spart->offset); -+ dpart->offset = split_offset; ++ memcpy(&dpart, part, sizeof(dpart)); ++ dpart.name = ROOTFS_SPLIT_NAME; + -+ if (dpart == NULL) -+ return 1; ++ dpart.size = rpart->size - (split_offset - spart->offset); ++ dpart.offset = split_offset; + + printk(KERN_INFO "mtd: partition \"%s\" created automatically, ofs=%llX, len=%llX \n", -+ ROOTFS_SPLIT_NAME, dpart->offset, dpart->size); ++ ROOTFS_SPLIT_NAME, dpart.offset, dpart.size); + -+ slave = allocate_partition(master, dpart, 0, split_offset); ++ slave = allocate_partition(master, &dpart, 0, split_offset); + if (IS_ERR(slave)) + return PTR_ERR(slave); + mutex_lock(&mtd_partitions_mutex); @@ -191,7 +180,7 @@ /* * This function, given a master MTD object and a partition table, creates * and registers slave MTD objects which are bound to the master according to -@@ -629,6 +780,9 @@ int add_mtd_partitions(struct mtd_info * +@@ -629,6 +769,9 @@ int add_mtd_partitions(struct mtd_info * struct mtd_part *slave; uint64_t cur_offset = 0; int i; @@ -201,7 +190,7 @@ printk(KERN_NOTICE "Creating %d MTD partitions on \"%s\":\n", nbparts, master->name); -@@ -643,12 +797,53 @@ int add_mtd_partitions(struct mtd_info * +@@ -643,12 +786,53 @@ int add_mtd_partitions(struct mtd_info * add_mtd_device(&slave->mtd); diff --git a/target/linux/generic/patches-3.9/400-rootfs_split.patch b/target/linux/generic/patches-3.9/400-rootfs_split.patch index b43ac9c5a6c..88929fd3fad 100644 --- a/target/linux/generic/patches-3.9/400-rootfs_split.patch +++ b/target/linux/generic/patches-3.9/400-rootfs_split.patch @@ -35,7 +35,7 @@ /* * MTD methods which simply translate the effective address and pass through -@@ -613,6 +615,155 @@ int mtd_del_partition(struct mtd_info *m +@@ -613,6 +615,144 @@ int mtd_del_partition(struct mtd_info *m } EXPORT_SYMBOL_GPL(mtd_del_partition); @@ -88,7 +88,7 @@ + +static int split_rootfs_data(struct mtd_info *master, struct mtd_info *rpart, const struct mtd_partition *part) +{ -+ struct mtd_partition *dpart; ++ struct mtd_partition dpart; + struct mtd_part *slave = NULL; + struct mtd_part *spart; + int ret, split_offset = 0; @@ -101,27 +101,16 @@ + if (split_offset <= 0) + return 0; + -+ dpart = kmalloc(sizeof(*part)+sizeof(ROOTFS_SPLIT_NAME)+1, GFP_KERNEL); -+ if (dpart == NULL) { -+ printk(KERN_INFO "split_squashfs: no memory for partition \"%s\"\n", -+ ROOTFS_SPLIT_NAME); -+ return -ENOMEM; -+ } -+ -+ memcpy(dpart, part, sizeof(*part)); -+ dpart->name = (unsigned char *)&dpart[1]; -+ strcpy(dpart->name, ROOTFS_SPLIT_NAME); -+ -+ dpart->size = rpart->size - (split_offset - spart->offset); -+ dpart->offset = split_offset; ++ memcpy(&dpart, part, sizeof(dpart)); ++ dpart.name = ROOTFS_SPLIT_NAME; + -+ if (dpart == NULL) -+ return 1; ++ dpart.size = rpart->size - (split_offset - spart->offset); ++ dpart.offset = split_offset; + + printk(KERN_INFO "mtd: partition \"%s\" created automatically, ofs=%llX, len=%llX \n", -+ ROOTFS_SPLIT_NAME, dpart->offset, dpart->size); ++ ROOTFS_SPLIT_NAME, dpart.offset, dpart.size); + -+ slave = allocate_partition(master, dpart, 0, split_offset); ++ slave = allocate_partition(master, &dpart, 0, split_offset); + if (IS_ERR(slave)) + return PTR_ERR(slave); + mutex_lock(&mtd_partitions_mutex); @@ -191,7 +180,7 @@ /* * This function, given a master MTD object and a partition table, creates * and registers slave MTD objects which are bound to the master according to -@@ -629,6 +780,9 @@ int add_mtd_partitions(struct mtd_info * +@@ -629,6 +769,9 @@ int add_mtd_partitions(struct mtd_info * struct mtd_part *slave; uint64_t cur_offset = 0; int i; @@ -201,7 +190,7 @@ printk(KERN_NOTICE "Creating %d MTD partitions on \"%s\":\n", nbparts, master->name); -@@ -643,12 +797,53 @@ int add_mtd_partitions(struct mtd_info * +@@ -643,12 +786,53 @@ int add_mtd_partitions(struct mtd_info * add_mtd_device(&slave->mtd); -- 2.30.2