From f5095240a53e608e9cc724d0f2595c404e2de3bc Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sun, 28 Apr 2013 17:01:56 +0000 Subject: kernel: fix a memory leak in split_rootfs_data() allocate_partition() copies all the content of dpart into a new struct. git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36475 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- .../generic/patches-3.8/400-rootfs_split.patch | 31 +++++++--------------- .../generic/patches-3.9/400-rootfs_split.patch | 31 +++++++--------------- 2 files changed, 20 insertions(+), 42 deletions(-) diff --git a/target/linux/generic/patches-3.8/400-rootfs_split.patch b/target/linux/generic/patches-3.8/400-rootfs_split.patch index b43ac9c5a6..88929fd3fa 100644 --- a/target/linux/generic/patches-3.8/400-rootfs_split.patch +++ b/target/linux/generic/patches-3.8/400-rootfs_split.patch @@ -35,7 +35,7 @@ /* * MTD methods which simply translate the effective address and pass through -@@ -613,6 +615,155 @@ int mtd_del_partition(struct mtd_info *m +@@ -613,6 +615,144 @@ int mtd_del_partition(struct mtd_info *m } EXPORT_SYMBOL_GPL(mtd_del_partition); @@ -88,7 +88,7 @@ + +static int split_rootfs_data(struct mtd_info *master, struct mtd_info *rpart, const struct mtd_partition *part) +{ -+ struct mtd_partition *dpart; ++ struct mtd_partition dpart; + struct mtd_part *slave = NULL; + struct mtd_part *spart; + int ret, split_offset = 0; @@ -101,27 +101,16 @@ + if (split_offset <= 0) + return 0; + -+ dpart = kmalloc(sizeof(*part)+sizeof(ROOTFS_SPLIT_NAME)+1, GFP_KERNEL); -+ if (dpart == NULL) { -+ printk(KERN_INFO "split_squashfs: no memory for partition \"%s\"\n", -+ ROOTFS_SPLIT_NAME); -+ return -ENOMEM; -+ } -+ -+ memcpy(dpart, part, sizeof(*part)); -+ dpart->name = (unsigned char *)&dpart[1]; -+ strcpy(dpart->name, ROOTFS_SPLIT_NAME); -+ -+ dpart->size = rpart->size - (split_offset - spart->offset); -+ dpart->offset = split_offset; ++ memcpy(&dpart, part, sizeof(dpart)); ++ dpart.name = ROOTFS_SPLIT_NAME; + -+ if (dpart == NULL) -+ return 1; ++ dpart.size = rpart->size - (split_offset - spart->offset); ++ dpart.offset = split_offset; + + printk(KERN_INFO "mtd: partition \"%s\" created automatically, ofs=%llX, len=%llX \n", -+ ROOTFS_SPLIT_NAME, dpart->offset, dpart->size); ++ ROOTFS_SPLIT_NAME, dpart.offset, dpart.size); + -+ slave = allocate_partition(master, dpart, 0, split_offset); ++ slave = allocate_partition(master, &dpart, 0, split_offset); + if (IS_ERR(slave)) + return PTR_ERR(slave); + mutex_lock(&mtd_partitions_mutex); @@ -191,7 +180,7 @@ /* * This function, given a master MTD object and a partition table, creates * and registers slave MTD objects which are bound to the master according to -@@ -629,6 +780,9 @@ int add_mtd_partitions(struct mtd_info * +@@ -629,6 +769,9 @@ int add_mtd_partitions(struct mtd_info * struct mtd_part *slave; uint64_t cur_offset = 0; int i; @@ -201,7 +190,7 @@ printk(KERN_NOTICE "Creating %d MTD partitions on \"%s\":\n", nbparts, master->name); -@@ -643,12 +797,53 @@ int add_mtd_partitions(struct mtd_info * +@@ -643,12 +786,53 @@ int add_mtd_partitions(struct mtd_info * add_mtd_device(&slave->mtd); diff --git a/target/linux/generic/patches-3.9/400-rootfs_split.patch b/target/linux/generic/patches-3.9/400-rootfs_split.patch index b43ac9c5a6..88929fd3fa 100644 --- a/target/linux/generic/patches-3.9/400-rootfs_split.patch +++ b/target/linux/generic/patches-3.9/400-rootfs_split.patch @@ -35,7 +35,7 @@ /* * MTD methods which simply translate the effective address and pass through -@@ -613,6 +615,155 @@ int mtd_del_partition(struct mtd_info *m +@@ -613,6 +615,144 @@ int mtd_del_partition(struct mtd_info *m } EXPORT_SYMBOL_GPL(mtd_del_partition); @@ -88,7 +88,7 @@ + +static int split_rootfs_data(struct mtd_info *master, struct mtd_info *rpart, const struct mtd_partition *part) +{ -+ struct mtd_partition *dpart; ++ struct mtd_partition dpart; + struct mtd_part *slave = NULL; + struct mtd_part *spart; + int ret, split_offset = 0; @@ -101,27 +101,16 @@ + if (split_offset <= 0) + return 0; + -+ dpart = kmalloc(sizeof(*part)+sizeof(ROOTFS_SPLIT_NAME)+1, GFP_KERNEL); -+ if (dpart == NULL) { -+ printk(KERN_INFO "split_squashfs: no memory for partition \"%s\"\n", -+ ROOTFS_SPLIT_NAME); -+ return -ENOMEM; -+ } -+ -+ memcpy(dpart, part, sizeof(*part)); -+ dpart->name = (unsigned char *)&dpart[1]; -+ strcpy(dpart->name, ROOTFS_SPLIT_NAME); -+ -+ dpart->size = rpart->size - (split_offset - spart->offset); -+ dpart->offset = split_offset; ++ memcpy(&dpart, part, sizeof(dpart)); ++ dpart.name = ROOTFS_SPLIT_NAME; + -+ if (dpart == NULL) -+ return 1; ++ dpart.size = rpart->size - (split_offset - spart->offset); ++ dpart.offset = split_offset; + + printk(KERN_INFO "mtd: partition \"%s\" created automatically, ofs=%llX, len=%llX \n", -+ ROOTFS_SPLIT_NAME, dpart->offset, dpart->size); ++ ROOTFS_SPLIT_NAME, dpart.offset, dpart.size); + -+ slave = allocate_partition(master, dpart, 0, split_offset); ++ slave = allocate_partition(master, &dpart, 0, split_offset); + if (IS_ERR(slave)) + return PTR_ERR(slave); + mutex_lock(&mtd_partitions_mutex); @@ -191,7 +180,7 @@ /* * This function, given a master MTD object and a partition table, creates * and registers slave MTD objects which are bound to the master according to -@@ -629,6 +780,9 @@ int add_mtd_partitions(struct mtd_info * +@@ -629,6 +769,9 @@ int add_mtd_partitions(struct mtd_info * struct mtd_part *slave; uint64_t cur_offset = 0; int i; @@ -201,7 +190,7 @@ printk(KERN_NOTICE "Creating %d MTD partitions on \"%s\":\n", nbparts, master->name); -@@ -643,12 +797,53 @@ int add_mtd_partitions(struct mtd_info * +@@ -643,12 +786,53 @@ int add_mtd_partitions(struct mtd_info * add_mtd_device(&slave->mtd); -- cgit v1.2.3