Re: [PATCH] jffs2: free jffs2_sb_info through jffs2_kill_sb()

2018-10-16 Thread Boris Brezillon
On Tue, 16 Oct 2018 18:26:34 +0800 Hou Tao wrote: > On 2018/10/16 14:41, Richard Weinberger wrote: > > On Tue, Oct 16, 2018 at 7:53 AM Hou Tao wrote: > >> > >> ping ? > >> > >> On 2018/10/6 17:09, Hou Tao wrote: > >>> When an invalid mount option is passed to jffs2, jffs2_parse_options() >

Re: [PATCH] jffs2: free jffs2_sb_info through jffs2_kill_sb()

2018-10-16 Thread Boris Brezillon
On Tue, 16 Oct 2018 18:26:34 +0800 Hou Tao wrote: > On 2018/10/16 14:41, Richard Weinberger wrote: > > On Tue, Oct 16, 2018 at 7:53 AM Hou Tao wrote: > >> > >> ping ? > >> > >> On 2018/10/6 17:09, Hou Tao wrote: > >>> When an invalid mount option is passed to jffs2, jffs2_parse_options() >

Re: [PATCH] jffs2: free jffs2_sb_info through jffs2_kill_sb()

2018-10-16 Thread Hou Tao
On 2018/10/16 14:41, Richard Weinberger wrote: > On Tue, Oct 16, 2018 at 7:53 AM Hou Tao wrote: >> >> ping ? >> >> On 2018/10/6 17:09, Hou Tao wrote: >>> When an invalid mount option is passed to jffs2, jffs2_parse_options() >>> will fail and jffs2_sb_info will be freed, but then jffs2_sb_info

Re: [PATCH] jffs2: free jffs2_sb_info through jffs2_kill_sb()

2018-10-16 Thread Hou Tao
On 2018/10/16 14:41, Richard Weinberger wrote: > On Tue, Oct 16, 2018 at 7:53 AM Hou Tao wrote: >> >> ping ? >> >> On 2018/10/6 17:09, Hou Tao wrote: >>> When an invalid mount option is passed to jffs2, jffs2_parse_options() >>> will fail and jffs2_sb_info will be freed, but then jffs2_sb_info

Re: [PATCH] jffs2: free jffs2_sb_info through jffs2_kill_sb()

2018-10-16 Thread Richard Weinberger
On Tue, Oct 16, 2018 at 7:53 AM Hou Tao wrote: > > ping ? > > On 2018/10/6 17:09, Hou Tao wrote: > > When an invalid mount option is passed to jffs2, jffs2_parse_options() > > will fail and jffs2_sb_info will be freed, but then jffs2_sb_info will > > be used (use-after-free) and freeed

Re: [PATCH] jffs2: free jffs2_sb_info through jffs2_kill_sb()

2018-10-16 Thread Richard Weinberger
On Tue, Oct 16, 2018 at 7:53 AM Hou Tao wrote: > > ping ? > > On 2018/10/6 17:09, Hou Tao wrote: > > When an invalid mount option is passed to jffs2, jffs2_parse_options() > > will fail and jffs2_sb_info will be freed, but then jffs2_sb_info will > > be used (use-after-free) and freeed

Re: [PATCH] jffs2: free jffs2_sb_info through jffs2_kill_sb()

2018-10-15 Thread Hou Tao
ping ? On 2018/10/6 17:09, Hou Tao wrote: > When an invalid mount option is passed to jffs2, jffs2_parse_options() > will fail and jffs2_sb_info will be freed, but then jffs2_sb_info will > be used (use-after-free) and freeed (double-free) in jffs2_kill_sb(). > > Fix it by removing the buggy

Re: [PATCH] jffs2: free jffs2_sb_info through jffs2_kill_sb()

2018-10-15 Thread Hou Tao
ping ? On 2018/10/6 17:09, Hou Tao wrote: > When an invalid mount option is passed to jffs2, jffs2_parse_options() > will fail and jffs2_sb_info will be freed, but then jffs2_sb_info will > be used (use-after-free) and freeed (double-free) in jffs2_kill_sb(). > > Fix it by removing the buggy

[PATCH] jffs2: free jffs2_sb_info through jffs2_kill_sb()

2018-10-06 Thread Hou Tao
When an invalid mount option is passed to jffs2, jffs2_parse_options() will fail and jffs2_sb_info will be freed, but then jffs2_sb_info will be used (use-after-free) and freeed (double-free) in jffs2_kill_sb(). Fix it by removing the buggy invocation of kfree() when getting invalid mount

[PATCH] jffs2: free jffs2_sb_info through jffs2_kill_sb()

2018-10-06 Thread Hou Tao
When an invalid mount option is passed to jffs2, jffs2_parse_options() will fail and jffs2_sb_info will be freed, but then jffs2_sb_info will be used (use-after-free) and freeed (double-free) in jffs2_kill_sb(). Fix it by removing the buggy invocation of kfree() when getting invalid mount