| From a29852be492d61001d86c6ebf5fff9b93d7b4be9 Mon Sep 17 00:00:00 2001 |
| From: Richard Weinberger <richard@nod.at> |
| Date: Mon, 30 Jan 2012 18:20:13 +0100 |
| Subject: UBI: fix error handling in ubi_scan() |
| |
| From: Richard Weinberger <richard@nod.at> |
| |
| commit a29852be492d61001d86c6ebf5fff9b93d7b4be9 upstream. |
| |
| Two bad things can happen in ubi_scan(): |
| 1. If kmem_cache_create() fails we jump to out_si and call |
| ubi_scan_destroy_si() which calls kmem_cache_destroy(). |
| But si->scan_leb_slab is NULL. |
| 2. If process_eb() fails we jump to out_vidh, call |
| kmem_cache_destroy() and ubi_scan_destroy_si() which calls |
| again kmem_cache_destroy(). |
| |
| Signed-off-by: Richard Weinberger <richard@nod.at> |
| Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/mtd/ubi/scan.c | 8 ++++---- |
| 1 file changed, 4 insertions(+), 4 deletions(-) |
| |
| --- a/drivers/mtd/ubi/scan.c |
| +++ b/drivers/mtd/ubi/scan.c |
| @@ -1174,7 +1174,7 @@ struct ubi_scan_info *ubi_scan(struct ub |
| |
| ech = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL); |
| if (!ech) |
| - goto out_slab; |
| + goto out_si; |
| |
| vidh = ubi_zalloc_vid_hdr(ubi, GFP_KERNEL); |
| if (!vidh) |
| @@ -1235,8 +1235,6 @@ out_vidh: |
| ubi_free_vid_hdr(ubi, vidh); |
| out_ech: |
| kfree(ech); |
| -out_slab: |
| - kmem_cache_destroy(si->scan_leb_slab); |
| out_si: |
| ubi_scan_destroy_si(si); |
| return ERR_PTR(err); |
| @@ -1325,7 +1323,9 @@ void ubi_scan_destroy_si(struct ubi_scan |
| } |
| } |
| |
| - kmem_cache_destroy(si->scan_leb_slab); |
| + if (si->scan_leb_slab) |
| + kmem_cache_destroy(si->scan_leb_slab); |
| + |
| kfree(si); |
| } |
| |