From owner-svn-src-head@freebsd.org Fri Feb 16 15:41:05 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E2818F1EA49; Fri, 16 Feb 2018 15:41:04 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 946F08059B; Fri, 16 Feb 2018 15:41:04 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8C0F27952; Fri, 16 Feb 2018 15:41:04 +0000 (UTC) (envelope-from markj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w1GFf4mP061500; Fri, 16 Feb 2018 15:41:04 GMT (envelope-from markj@FreeBSD.org) Received: (from markj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w1GFf3UY061493; Fri, 16 Feb 2018 15:41:03 GMT (envelope-from markj@FreeBSD.org) Message-Id: <201802161541.w1GFf3UY061493@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: markj set sender to markj@FreeBSD.org using -f From: Mark Johnston Date: Fri, 16 Feb 2018 15:41:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r329375 - in head: lib/libufs stand/libsa sys/geom sys/geom/journal sys/geom/label sys/ufs/ffs X-SVN-Group: head X-SVN-Commit-Author: markj X-SVN-Commit-Paths: in head: lib/libufs stand/libsa sys/geom sys/geom/journal sys/geom/label sys/ufs/ffs X-SVN-Commit-Revision: 329375 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2018 15:41:05 -0000 Author: markj Date: Fri Feb 16 15:41:03 2018 New Revision: 329375 URL: https://svnweb.freebsd.org/changeset/base/329375 Log: Fix a memory leak introduced in r328426. ffs_sbget() may return a superblock buffer even if it fails, so the caller must be prepared to free it in this case. Moreover, when tasting alternate superblock locations in a loop, ffs_sbget()'s readfunc callback must free the previously allocated buffer. Reported and tested by: pho Reviewed by: kib (previous version) Differential Revision: https://reviews.freebsd.org/D14390 Modified: head/lib/libufs/sblock.c head/stand/libsa/ufs.c head/sys/geom/geom_io.c head/sys/geom/journal/g_journal_ufs.c head/sys/geom/label/g_label_ufs.c head/sys/ufs/ffs/ffs_subr.c head/sys/ufs/ffs/ffs_vfsops.c Modified: head/lib/libufs/sblock.c ============================================================================== --- head/lib/libufs/sblock.c Fri Feb 16 15:38:22 2018 (r329374) +++ head/lib/libufs/sblock.c Fri Feb 16 15:41:03 2018 (r329375) @@ -150,6 +150,7 @@ use_pread(void *devfd, off_t loc, void **bufp, int siz int fd; fd = *(int *)devfd; + free(*bufp); if ((*bufp = malloc(size)) == NULL) return (ENOSPC); if (pread(fd, *bufp, size, loc) != size) Modified: head/stand/libsa/ufs.c ============================================================================== --- head/stand/libsa/ufs.c Fri Feb 16 15:38:22 2018 (r329374) +++ head/stand/libsa/ufs.c Fri Feb 16 15:41:03 2018 (r329375) @@ -687,6 +687,7 @@ ufs_use_sa_read(void *devfd, off_t loc, void **bufp, i int error; f = (struct open_file *)devfd; + free(*bufp); if ((*bufp = malloc(size)) == NULL) return (ENOSPC); error = (f->f_dev->dv_strategy)(f->f_devdata, F_READ, loc / DEV_BSIZE, Modified: head/sys/geom/geom_io.c ============================================================================== --- head/sys/geom/geom_io.c Fri Feb 16 15:38:22 2018 (r329374) +++ head/sys/geom/geom_io.c Fri Feb 16 15:41:03 2018 (r329375) @@ -966,6 +966,8 @@ g_use_g_read_data(void *devfd, off_t loc, void **bufp, */ if (loc % cp->provider->sectorsize != 0) return (ENOENT); + if (*bufp != NULL) + g_free(*bufp); *bufp = g_read_data(cp, loc, size, NULL); if (*bufp == NULL) return (ENOENT); Modified: head/sys/geom/journal/g_journal_ufs.c ============================================================================== --- head/sys/geom/journal/g_journal_ufs.c Fri Feb 16 15:38:22 2018 (r329374) +++ head/sys/geom/journal/g_journal_ufs.c Fri Feb 16 15:41:03 2018 (r329375) @@ -70,10 +70,13 @@ g_journal_ufs_dirty(struct g_consumer *cp) struct fs *fs; int error; + fs = NULL; if (SBLOCKSIZE % cp->provider->sectorsize != 0 || ffs_sbget(cp, &fs, -1, NULL, g_use_g_read_data) != 0) { GJ_DEBUG(0, "Cannot find superblock to mark file system %s " "as dirty.", cp->provider->name); + if (fs != NULL) + g_free(fs); return; } GJ_DEBUG(0, "clean=%d flags=0x%x", fs->fs_clean, fs->fs_flags); Modified: head/sys/geom/label/g_label_ufs.c ============================================================================== --- head/sys/geom/label/g_label_ufs.c Fri Feb 16 15:38:22 2018 (r329374) +++ head/sys/geom/label/g_label_ufs.c Fri Feb 16 15:41:03 2018 (r329375) @@ -75,9 +75,14 @@ g_label_ufs_taste_common(struct g_consumer *cp, char * pp = cp->provider; label[0] = '\0'; + fs = NULL; if (SBLOCKSIZE % pp->sectorsize != 0 || - ffs_sbget(cp, &fs, -1, NULL, g_use_g_read_data) != 0) + ffs_sbget(cp, &fs, -1, NULL, g_use_g_read_data) != 0) { + if (fs != NULL) + g_free(fs); return; + } + /* * Check for magic. We also need to check if file system size * is almost equal to providers size, because sysinstall(8) Modified: head/sys/ufs/ffs/ffs_subr.c ============================================================================== --- head/sys/ufs/ffs/ffs_subr.c Fri Feb 16 15:38:22 2018 (r329374) +++ head/sys/ufs/ffs/ffs_subr.c Fri Feb 16 15:41:03 2018 (r329375) @@ -172,6 +172,7 @@ ffs_sbget(void *devfd, struct fs **fsp, off_t altsuper int32_t *lp; char *buf; + *fsp = NULL; if (altsuperblock != -1) { if ((ret = readsuper(devfd, fsp, altsuperblock, readfunc)) != 0) return (ret); @@ -209,9 +210,11 @@ ffs_sbget(void *devfd, struct fs **fsp, off_t altsuper size = fs->fs_bsize; if (i + fs->fs_frag > blks) size = (blks - i) * fs->fs_fsize; + buf = NULL; ret = (*readfunc)(devfd, dbtob(fsbtodb(fs, fs->fs_csaddr + i)), (void **)&buf, size); if (ret) { + UFS_FREE(buf, filltype); UFS_FREE(fs->fs_csp, filltype); fs->fs_csp = NULL; return (ret); Modified: head/sys/ufs/ffs/ffs_vfsops.c ============================================================================== --- head/sys/ufs/ffs/ffs_vfsops.c Fri Feb 16 15:38:22 2018 (r329374) +++ head/sys/ufs/ffs/ffs_vfsops.c Fri Feb 16 15:41:03 2018 (r329375) @@ -1075,6 +1075,7 @@ ffs_use_bread(void *devfd, off_t loc, void **bufp, int struct buf *bp; int error; + free(*bufp, M_UFSMNT); *bufp = malloc(size, M_UFSMNT, M_WAITOK); if ((error = bread((struct vnode *)devfd, btodb(loc), size, NOCRED, &bp)) != 0) {