diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2022-03-31 16:09:41 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2022-03-31 16:09:41 -0700 |
commit | a87a08e3bf2decaed29c4dfde3916676f9b966a8 (patch) | |
tree | 7ecb4d9e18b48971217435615a05be0b73b3507c /fs/jffs2 | |
parent | 3d198e42ce25cb1d58ff7052c036407271ebfb51 (diff) | |
parent | 705757274599e2e064dd3054aabc74e8af31a095 (diff) | |
download | linux-stable-a87a08e3bf2decaed29c4dfde3916676f9b966a8.tar.gz linux-stable-a87a08e3bf2decaed29c4dfde3916676f9b966a8.tar.bz2 linux-stable-a87a08e3bf2decaed29c4dfde3916676f9b966a8.zip |
Merge tag 'for-linus-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs
Pull JFFS2, UBI and UBIFS updates from Richard Weinberger:
"JFFS2:
- Fixes for various memory issues
UBI:
- Fix for a race condition in cdev ioctl handler
UBIFS:
- Fixes for O_TMPFILE and whiteout handling
- Fixes for various memory issues"
* tag 'for-linus-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/ubifs:
ubifs: rename_whiteout: correct old_dir size computing
jffs2: fix memory leak in jffs2_scan_medium
jffs2: fix memory leak in jffs2_do_mount_fs
jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
fs/jffs2: fix comments mentioning i_mutex
ubi: fastmap: Return error code if memory allocation fails in add_aeb()
ubifs: Fix to add refcount once page is set private
ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
ubifs: Rectify space amount budget for mkdir/tmpfile operations
ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work
ubifs: Rename whiteout atomically
ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
ubifs: Fix wrong number of inodes locked by ui_mutex in ubifs_inode comment
ubifs: Fix deadlock in concurrent rename whiteout and inode writeback
ubifs: rename_whiteout: Fix double free for whiteout_ui->data
ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
Diffstat (limited to 'fs/jffs2')
-rw-r--r-- | fs/jffs2/build.c | 4 | ||||
-rw-r--r-- | fs/jffs2/fs.c | 2 | ||||
-rw-r--r-- | fs/jffs2/jffs2_fs_i.h | 4 | ||||
-rw-r--r-- | fs/jffs2/scan.c | 6 |
4 files changed, 10 insertions, 6 deletions
diff --git a/fs/jffs2/build.c b/fs/jffs2/build.c index b288c8ae1236..837cd55fd4c5 100644 --- a/fs/jffs2/build.c +++ b/fs/jffs2/build.c @@ -415,13 +415,15 @@ int jffs2_do_mount_fs(struct jffs2_sb_info *c) jffs2_free_ino_caches(c); jffs2_free_raw_node_refs(c); ret = -EIO; - goto out_free; + goto out_sum_exit; } jffs2_calc_trigger_levels(c); return 0; + out_sum_exit: + jffs2_sum_exit(c); out_free: kvfree(c->blocks); diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c index 2ac410477c4f..71f03a5d36ed 100644 --- a/fs/jffs2/fs.c +++ b/fs/jffs2/fs.c @@ -603,8 +603,8 @@ out_root: jffs2_free_ino_caches(c); jffs2_free_raw_node_refs(c); kvfree(c->blocks); - out_inohash: jffs2_clear_xattr_subsystem(c); + out_inohash: kfree(c->inocache_list); out_wbuf: jffs2_flash_cleanup(c); diff --git a/fs/jffs2/jffs2_fs_i.h b/fs/jffs2/jffs2_fs_i.h index 2e4a86763c07..93a2951538ce 100644 --- a/fs/jffs2/jffs2_fs_i.h +++ b/fs/jffs2/jffs2_fs_i.h @@ -18,11 +18,11 @@ #include <linux/mutex.h> struct jffs2_inode_info { - /* We need an internal mutex similar to inode->i_mutex. + /* We need an internal mutex similar to inode->i_rwsem. Unfortunately, we can't used the existing one, because either the GC would deadlock, or we'd have to release it before letting GC proceed. Or we'd have to put ugliness - into the GC code so it didn't attempt to obtain the i_mutex + into the GC code so it didn't attempt to obtain the i_rwsem for the inode(s) which are already locked */ struct mutex sem; diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c index b676056826be..29671e33a171 100644 --- a/fs/jffs2/scan.c +++ b/fs/jffs2/scan.c @@ -136,7 +136,7 @@ int jffs2_scan_medium(struct jffs2_sb_info *c) if (!s) { JFFS2_WARNING("Can't allocate memory for summary\n"); ret = -ENOMEM; - goto out; + goto out_buf; } } @@ -275,13 +275,15 @@ int jffs2_scan_medium(struct jffs2_sb_info *c) } ret = 0; out: + jffs2_sum_reset_collected(s); + kfree(s); + out_buf: if (buf_size) kfree(flashbuf); #ifndef __ECOS else mtd_unpoint(c->mtd, 0, c->mtd->size); #endif - kfree(s); return ret; } |