diff mbox series

[RESEND,8/8] ext4: fix a memory leak of ext4_free_data

Message ID 1604764698-4269-8-git-send-email-brookxu@tencent.com
State New
Headers show
Series [RESEND,1/8] ext4: use ext4_assert() to replace J_ASSERT() | expand

Commit Message

brookxu Nov. 7, 2020, 3:58 p.m. UTC
From: Chunguang Xu <brookxu@tencent.com>

When freeing metadata, we will create an ext4_free_data and
insert it into the pending free list. After the current
transaction is committed, the object will be freed.

ext4_mb_free_metadata() will check whether the area to be
freed overlaps with the pending free list. If true, return
directly. At this time, ext4_free_data is leaked. Fortunately,
the probability of this problem is relatively small, maybe we
should fix this problem.

Signed-off-by: Chunguang Xu <brookxu@tencent.com>
---
 fs/ext4/mballoc.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Theodore Ts'o Dec. 9, 2020, 7:29 p.m. UTC | #1
On Sat, Nov 07, 2020 at 11:58:18PM +0800, Chunguang Xu wrote:
> From: Chunguang Xu <brookxu@tencent.com>
> 
> When freeing metadata, we will create an ext4_free_data and
> insert it into the pending free list. After the current
> transaction is committed, the object will be freed.
> 
> ext4_mb_free_metadata() will check whether the area to be
> freed overlaps with the pending free list. If true, return
> directly. At this time, ext4_free_data is leaked. Fortunately,
> the probability of this problem is relatively small, maybe we
> should fix this problem.
> 
> Signed-off-by: Chunguang Xu <brookxu@tencent.com>

Thanks, applied.  I added an explanatory note that the leak would only
happen when the file system is corrupted (a block claimed by more than
one inode, with those inodes deleted within a single jbd2 transaction).

    	   	      	     	     	    - Ted
diff mbox series

Patch

diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index d8704fe..03b4522 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -5146,6 +5146,7 @@  int ext4_metadata_block_overlaps(struct super_block *sb,
 				ext4_group_first_block_no(sb, group) +
 				EXT4_C2B(sbi, cluster),
 				"Block already on to-be-freed list");
+			kmem_cache_free(ext4_free_data_cachep, new_entry);
 			return 0;
 		}
 	}