[PATCH] ubifs: Fix memory leak of bud->log_hash

[Zhihao Cheng]

在 2023/7/18 20:41, Vincent Whitchurch 写道:
> Ensure that the allocated bud->log_hash (if any) is freed in all cases
> when the bud itself is freed, to fix this leak caught by kmemleak:
> 
>   # keyctl add logon foo:bar data @s
>   # echo clear > /sys/kernel/debug/kmemleak
>   # mount -t ubifs /dev/ubi0_0 mnt -o auth_hash_name=sha256,auth_key=foo:bar
>   # echo a > mnt/x
>   # umount mnt
>   # mount -t ubifs /dev/ubi0_0 mnt -o auth_hash_name=sha256,auth_key=foo:bar
>   # umount mnt
>   # sleep 5
>   # echo scan > /sys/kernel/debug/kmemleak
>   # echo scan > /sys/kernel/debug/kmemleak
>   # cat /sys/kernel/debug/kmemleak
>   unreferenced object 0xff... (size 128):
>     comm "mount"
>     backtrace:
>       __kmalloc
>       __ubifs_hash_get_desc+0x5d/0xe0 ubifs
>       ubifs_replay_journal
>       ubifs_mount
>       ...
> 
> Fixes: da8ef65f9573 ("ubifs: Authenticate replayed journal")
> Signed-off-by: Vincent Whitchurch <vincent.whitchurch at axis.com>
> ---
>   fs/ubifs/super.c | 5 ++++-
>   1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
> index 32cb14759796..0ef8c1f3d760 100644
> --- a/fs/ubifs/super.c
> +++ b/fs/ubifs/super.c
> @@ -923,8 +923,10 @@ static void free_buds(struct ubifs_info *c)
>   {
>   	struct ubifs_bud *bud, *n;
>   
> -	rbtree_postorder_for_each_entry_safe(bud, n, &c->buds, rb)
> +	rbtree_postorder_for_each_entry_safe(bud, n, &c->buds, rb) {
> +		kfree(bud->log_hash);
>   		kfree(bud);
> +	}
>   }
>   
>   /**
> @@ -1193,6 +1195,7 @@ static void destroy_journal(struct ubifs_info *c)
>   
>   		bud = list_entry(c->old_buds.next, struct ubifs_bud, list);
>   		list_del(&bud->list);
> +		kfree(bud->log_hash);
>   		kfree(bud);
>   	}
>   	ubifs_destroy_idx_gc(c);
> 
> ---
> base-commit: fdf0eaf11452d72945af31804e2a1048ee1b574c
> change-id: 20230718-ubifs-replay-auth-leak-9b395b83196f
> 
> Best regards,

Reviewed-by: Zhihao Cheng <chengzhihao1 at huawei.com>