From nobody Sun Nov 24 08:39:33 2024 Received: from out-187.mta0.migadu.com (out-187.mta0.migadu.com [91.218.175.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D8BA1D31BE for ; Wed, 6 Nov 2024 08:29:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.187 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730881766; cv=none; b=IGs2M241ifXVhGhq5xOzgyLgk/nCmss1kHinLhwrA9OVUur5OQQeSKlj+oJ9gZLXJqvZSTgk05glvmd/LcLr//MAEdJm+5YqtCxpe6rgHTJDo9XYW+MQtvGRzz/XMzEzyVagXOT1gNEExR+JPl3uOvXKIELwd3Lr9Zfqzw5gCRk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730881766; c=relaxed/simple; bh=dFAyRipysVrCgOj8DXzwHoyujxvKsoICM3nwPjVcmqI=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=qejJUl5XBN5IphdO7aabBv/bkxg0obPHHf1yAKOgPSUs/nhOrlxs7nvlV/I9yiZZGsLLSjyznt717WBthmym5hzc+b0scdSlefqfU7yFO+9XZ3Bg8UaiOwVuG+hk9u2RUFVutA8BqzW+Fn4A8nZlGQt1dh1DJdic5Ihp/13w6+E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=JEGbDi7b; arc=none smtp.client-ip=91.218.175.187 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="JEGbDi7b" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1730881759; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=J0MmFoNY0AUSMi5mGDKglkbROXPa2f8IVFEWY6n5zbw=; b=JEGbDi7bsOHGQcm+XGK35sJWvbTdtJYeyf7ctyYqm9NdQPkTlFhewTGQbi7VzFTPvXbLV0 FsRCdes73e70GrOyLMUSGU3+PVfoTBs5nnmMlRsnoErKIUOg4DFF3T9Q2USqOjwOyIf04q S9cL1p3i2sksZbidWKZsUNZFXDf+nrM= From: Hao Ge To: jack@suse.cz, sandeen@redhat.com Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Hao Ge Subject: [PATCH] isofs: avoid memory leak in iocharset Date: Wed, 6 Nov 2024 16:28:41 +0800 Message-Id: <20241106082841.51773-1-hao.ge@linux.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" From: Hao Ge A memleak was found as below: unreferenced object 0xffff0000d10164d8 (size 8): comm "pool-udisksd", pid 108217, jiffies 4295408555 hex dump (first 8 bytes): 75 74 66 38 00 cc cc cc utf8.... backtrace (crc de430d31): [] kmemleak_alloc+0xb8/0xc8 [] __kmalloc_node_track_caller_noprof+0x380/0x474 [] kstrdup+0x70/0xfc [] isofs_parse_param+0x228/0x2c0 [isofs] [] vfs_parse_fs_param+0xf4/0x164 [] vfs_parse_fs_string+0x8c/0xd4 [] vfs_parse_monolithic_sep+0xb0/0xfc [] generic_parse_monolithic+0x30/0x3c [] parse_monolithic_mount_data+0x40/0x4c [] path_mount+0x6c4/0x9ec [] do_mount+0xac/0xc4 [] __arm64_sys_mount+0x16c/0x2b0 [] invoke_syscall+0x7c/0x104 [] el0_svc_common.constprop.1+0xe0/0x104 [] do_el0_svc+0x2c/0x38 [] el0_svc+0x3c/0x1b8 The opt->iocharset is freed inside the isofs_fill_super function, But there may be situations where it's not possible to enter this function. For example, in the get_tree_bdev_flags function,when encountering the situation where "Can't mount, would change RO state," In such a case, isofs_fill_super will not have the opportunity to be called,which means that opt->iocharset will not have the chance to be freed,ultimately leading to a memory leak. Let's move the memory freeing of opt->iocharset into isofs_free_fc function. Fixes: 1b17a46c9243 ("isofs: convert isofs to use the new mount API") Signed-off-by: Hao Ge Reviewed-by: Eric Sandeen --- fs/isofs/inode.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c index f50311a6b429..47038e660812 100644 --- a/fs/isofs/inode.c +++ b/fs/isofs/inode.c @@ -948,8 +948,6 @@ static int isofs_fill_super(struct super_block *s, stru= ct fs_context *fc) goto out_no_inode; } =20 - kfree(opt->iocharset); - return 0; =20 /* @@ -987,7 +985,6 @@ static int isofs_fill_super(struct super_block *s, stru= ct fs_context *fc) brelse(bh); brelse(pri_bh); out_freesbi: - kfree(opt->iocharset); kfree(sbi); s->s_fs_info =3D NULL; return error; @@ -1528,7 +1525,10 @@ static int isofs_get_tree(struct fs_context *fc) =20 static void isofs_free_fc(struct fs_context *fc) { - kfree(fc->fs_private); + struct isofs_options *opt =3D fc->fs_private; + + kfree(opt->iocharset); + kfree(opt); } =20 static const struct fs_context_operations isofs_context_ops =3D { --=20 2.25.1