[RESEND,8/8] ext4: fix a memory leak of ext4_free_data

Message ID	1604764698-4269-8-git-send-email-brookxu@tencent.com
State	New
Headers	show Return-Path: <linux-ext4-owner@vger.kernel.org> From: Chunguang Xu <brookxu.cn@gmail.com> To: tytso@mit.edu, adilger.kernel@dilger.ca Cc: linux-ext4@vger.kernel.org Subject: [PATCH RESEND 8/8] ext4: fix a memory leak of ext4_free_data Date: Sat, 7 Nov 2020 23:58:18 +0800 Message-Id: <1604764698-4269-8-git-send-email-brookxu@tencent.com> In-Reply-To: <1604764698-4269-1-git-send-email-brookxu@tencent.com> References: <1604764698-4269-1-git-send-email-brookxu@tencent.com> Precedence: bulk
Series	[RESEND,1/8] ext4: use ext4_assert() to replace J_ASSERT() \| expand [RESEND,1/8] ext4: use ext4_assert() to replace J_ASSERT() [RESEND,2/8] ext4: remove redundant mb_regenerate_buddy() [RESEND,3/8] ext4: simplify the code of mb_find_order_for_block [RESEND,4/8] ext4: add the gdt block of meta_bg to system_zone [RESEND,5/8] ext4: update ext4_data_block_valid related comments [6/8] ext4: add a helper function to validate metadata block [RESEND,7/8] ext4: delete invalid code inside ext4_xattr_block_set() [RESEND,8/8] ext4: fix a memory leak of ext4_free_data

Message ID

1604764698-4269-8-git-send-email-brookxu@tencent.com

State

New

Headers

From: Chunguang Xu <brookxu.cn@gmail.com>
To: tytso@mit.edu, adilger.kernel@dilger.ca
Cc: linux-ext4@vger.kernel.org
Subject: [PATCH RESEND 8/8] ext4: fix a memory leak of ext4_free_data
Date: Sat,  7 Nov 2020 23:58:18 +0800
Message-Id: <1604764698-4269-8-git-send-email-brookxu@tencent.com>
In-Reply-To: <1604764698-4269-1-git-send-email-brookxu@tencent.com>
References: <1604764698-4269-1-git-send-email-brookxu@tencent.com>
Precedence: bulk

Series

[RESEND,1/8] ext4: use ext4_assert() to replace J_ASSERT() | expand

Commit Message

brookxu Nov. 7, 2020, 3:58 p.m. UTC

From: Chunguang Xu <brookxu@tencent.com>

When freeing metadata, we will create an ext4_free_data and
insert it into the pending free list. After the current
transaction is committed, the object will be freed.

ext4_mb_free_metadata() will check whether the area to be
freed overlaps with the pending free list. If true, return
directly. At this time, ext4_free_data is leaked. Fortunately,
the probability of this problem is relatively small, maybe we
should fix this problem.

Signed-off-by: Chunguang Xu <brookxu@tencent.com>
---
 fs/ext4/mballoc.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Theodore Ts'o Dec. 9, 2020, 7:29 p.m. UTC | #1

On Sat, Nov 07, 2020 at 11:58:18PM +0800, Chunguang Xu wrote:
> From: Chunguang Xu <brookxu@tencent.com>
> 
> When freeing metadata, we will create an ext4_free_data and
> insert it into the pending free list. After the current
> transaction is committed, the object will be freed.
> 
> ext4_mb_free_metadata() will check whether the area to be
> freed overlaps with the pending free list. If true, return
> directly. At this time, ext4_free_data is leaked. Fortunately,
> the probability of this problem is relatively small, maybe we
> should fix this problem.
> 
> Signed-off-by: Chunguang Xu <brookxu@tencent.com>

Thanks, applied.  I added an explanatory note that the leak would only
happen when the file system is corrupted (a block claimed by more than
one inode, with those inodes deleted within a single jbd2 transaction).

    	   	      	     	     	    - Ted

diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index d8704fe..03b4522 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -5146,6 +5146,7 @@  int ext4_metadata_block_overlaps(struct super_block *sb,
 				ext4_group_first_block_no(sb, group) +
 				EXT4_C2B(sbi, cluster),
 				"Block already on to-be-freed list");
+			kmem_cache_free(ext4_free_data_cachep, new_entry);
 			return 0;
 		}
 	}

[RESEND,8/8] ext4: fix a memory leak of ext4_free_data

Commit Message

Comments

Patch