[PATCH 0/3] btrfs-progs: fix memory leaks related to zone/RST

[PATCH 0/3] btrfs-progs: fix memory leaks related to zone/RST

[Qu Wenruo]

Just give a full test run (except libbtrfsutil run) with D=asan, all kinds of
memory leaks related to zone/RST are exposed.

Fix them one by one.

Qu Wenruo (3):
  btrfs-progs: fix a memory leak in btrfs_prepare_device() for zoned
    devices
  btrfs-progs: fix a memory leak in btrfs_load_block_group_zone_info()
  btrfs-progs: fix a memory leak in __btrfs_map_block() after RST lookup
    failure

 common/device-utils.c   |  4 ++--
 kernel-shared/volumes.c |  6 ++++--
 kernel-shared/zoned.c   |  3 ++-
 kernel-shared/zoned.h   | 10 ++++++++++
 4 files changed, 18 insertions(+), 5 deletions(-)

--
2.54.0

[PATCH 1/3] btrfs-progs: fix a memory leak in btrfs_prepare_device() for zoned devices

[Qu Wenruo]

[BUG]
With D=asan compiling option enabled, the test case mkfs/025 fails with
the following asan report triggered:

====== RUN CHECK root_helper /home/adam/btrfs-progs/mkfs.btrfs -d single -m single /dev/nullb0 /dev/nullb1 /dev/nullb2 /dev/nullb3 /dev/nullb4 /dev/nullb5 /dev/nullb6 /dev/nullb7 /dev/nullb8 /dev/nullb9

=================================================================
==185235==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 20480 byte(s) in 10 object(s) allocated from:
    #0 0x7ffa8d7205dd in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:74
    #1 0x55e960f93d53 in report_zones kernel-shared/zoned.c:365
    #2 0x55e960f9a9f1 in btrfs_get_zone_info kernel-shared/zoned.c:1465
    #3 0x55e960fa0d37 in btrfs_prepare_device common/device-utils.c:253
    #4 0x55e960eb14ee in prepare_one_device mkfs/main.c:1156
    #5 0x7ffa8d65e11a in asan_thread_start /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:239
    #6 0x7ffa8d29698a  (/usr/lib/libc.so.6+0x9698a) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)

Direct leak of 18432 byte(s) in 9 object(s) allocated from:
    #0 0x7ffa8d7205dd in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:74
    #1 0x55e960f93d53 in report_zones kernel-shared/zoned.c:365
    #2 0x55e960f9a9f1 in btrfs_get_zone_info kernel-shared/zoned.c:1465
    #3 0x55e960f9a847 in btrfs_get_dev_zone_info kernel-shared/zoned.c:1431
    #4 0x55e960f9a6d2 in btrfs_get_dev_zone_info_all_devices kernel-shared/zoned.c:1408
    #5 0x55e960eb9b7d in main mkfs/main.c:2383
    #6 0x7ffa8d227634  (/usr/lib/libc.so.6+0x27634) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #7 0x7ffa8d2276e8 in __libc_start_main (/usr/lib/libc.so.6+0x276e8) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #8 0x55e960ea8fa4 in _start (/home/adam/btrfs-progs/mkfs.btrfs+0x3cfa4) (BuildId: 3def50571e3d23304fbe357251f52f4428140607)

Direct leak of 2048 byte(s) in 1 object(s) allocated from:
    #0 0x7ffa8d7205dd in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:74
    #1 0x55e960f93d53 in report_zones kernel-shared/zoned.c:365
    #2 0x55e960f9a9f1 in btrfs_get_zone_info kernel-shared/zoned.c:1465
    #3 0x55e960f9a847 in btrfs_get_dev_zone_info kernel-shared/zoned.c:1431
    #4 0x55e960f9a6d2 in btrfs_get_dev_zone_info_all_devices kernel-shared/zoned.c:1408
    #5 0x55e960f0d0f0 in __open_ctree_fd kernel-shared/disk-io.c:1665
    #6 0x55e960f0d9d8 in open_ctree_fs_info kernel-shared/disk-io.c:1733
    #7 0x55e960eb88f2 in main mkfs/main.c:2254
    #8 0x7ffa8d227634  (/usr/lib/libc.so.6+0x27634) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #9 0x7ffa8d2276e8 in __libc_start_main (/usr/lib/libc.so.6+0x276e8) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #10 0x55e960ea8fa4 in _start (/home/adam/btrfs-progs/mkfs.btrfs+0x3cfa4) (BuildId: 3def50571e3d23304fbe357251f52f4428140607)
...

[CAUSE]
In btrfs_prepare_device(), we call btrfs_get_zone_info() which allocated
space for zinfo, then later report_zones() allocates zinfo::zones and
zinfo::active_zones.

But we only free zinfo itself, not the zones nor active_zones pointers,
leading to the above leak.

[FIX]
Introduce a helper, btrfs_free_zoned_device_info() to do the proper free
of a btrfs_zoned_device_info structure.

Fixes: 58ec59389263 ("btrfs-progs: zoned: support resetting zoned device")
Signed-off-by: Qu Wenruo <wqu@suse.com>
---
 common/device-utils.c   |  4 ++--
 kernel-shared/volumes.c |  2 +-
 kernel-shared/zoned.c   |  2 +-
 kernel-shared/zoned.h   | 10 ++++++++++
 4 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/common/device-utils.c b/common/device-utils.c
index 9dfc50211955..63240c1f5130 100644
--- a/common/device-utils.c
+++ b/common/device-utils.c
@@ -302,12 +302,12 @@ int btrfs_prepare_device(int fd, const char *file, u64 *byte_count_ret,
 		goto err;
 	}
 
-	free(zinfo);
+	btrfs_free_zoned_device_info(zinfo);
 	*byte_count_ret = byte_count;
 	return 0;
 
 err:
-	free(zinfo);
+	btrfs_free_zoned_device_info(zinfo);
 	return 1;
 }
 
diff --git a/kernel-shared/volumes.c b/kernel-shared/volumes.c
index a54ea4dd1fbd..c3d113b6e3b1 100644
--- a/kernel-shared/volumes.c
+++ b/kernel-shared/volumes.c
@@ -648,7 +648,7 @@ again:
 		/* free the memory */
 		kfree(device->name);
 		kfree(device->label);
-		kfree(device->zone_info);
+		btrfs_free_zoned_device_info(device->zone_info);
 		kfree(device);
 	}
 
diff --git a/kernel-shared/zoned.c b/kernel-shared/zoned.c
index 18fb7eb511d3..1757b195560a 100644
--- a/kernel-shared/zoned.c
+++ b/kernel-shared/zoned.c
@@ -1464,7 +1464,7 @@ int btrfs_get_zone_info(int fd, const char *file,
 	/* Get zone information */
 	ret = report_zones(fd, file, zinfo);
 	if (ret != 0) {
-		kfree(zinfo);
+		btrfs_free_zoned_device_info(zinfo);
 		return ret;
 	}
 	*zinfo_ret = zinfo;
diff --git a/kernel-shared/zoned.h b/kernel-shared/zoned.h
index d004ff16f198..2d01da7d83e8 100644
--- a/kernel-shared/zoned.h
+++ b/kernel-shared/zoned.h
@@ -83,6 +83,16 @@ enum btrfs_zoned_model zoned_model(const char *file);
 u64 zone_size(const char *file);
 int btrfs_get_zone_info(int fd, const char *file,
 			struct btrfs_zoned_device_info **zinfo);
+
+static inline void btrfs_free_zoned_device_info(struct btrfs_zoned_device_info *zinfo)
+{
+	if (!zinfo)
+		return;
+	free(zinfo->zones);
+	free(zinfo->active_zones);
+	free(zinfo);
+}
+
 int btrfs_get_dev_zone_info_all_devices(struct btrfs_fs_info *fs_info);
 int btrfs_check_zoned_mode(struct btrfs_fs_info *fs_info);
 
-- 
2.54.0

[PATCH 2/3] btrfs-progs: fix a memory leak in btrfs_load_block_group_zone_info()

[Qu Wenruo]

[BUG]
With the previous btrfs_zoned_device_info memory leak fixed, the test
case mkfs/025 still fails with extra memory leaks:

====== RUN CHECK /home/adam/btrfs-progs/mkfs.btrfs -d single -m single /dev/nullb0 /dev/nullb1 /dev/nullb2 /dev/nullb3 /dev/nullb4 /dev/nullb5 /dev/nullb6 /dev/nullb7 /dev/nullb8 /dev/nullb9

=================================================================
==4392==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f5561b205dd in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:74
    #1 0x5568792ba42a in bitmap_zalloc kernel-lib/bitmap.h:19
    #2 0x5568792c24c0 in btrfs_load_block_group_zone_info kernel-shared/zoned.c:1227
    #3 0x556879256b02 in btrfs_add_block_group kernel-shared/extent-tree.c:3025
    #4 0x5568792572ba in btrfs_make_block_group kernel-shared/extent-tree.c:3094
    #5 0x5568791d3d7b in create_metadata_block_groups mkfs/main.c:162
    #6 0x5568791e1a52 in main mkfs/main.c:2263
    #7 0x7f5561627634  (/usr/lib/libc.so.6+0x27634) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #8 0x7f55616276e8 in __libc_start_main (/usr/lib/libc.so.6+0x276e8) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #9 0x5568791d1fa4 in _start (/home/adam/btrfs-progs/mkfs.btrfs+0x3cfa4) (BuildId: dd46ced75e977e88e3b77290546834407f113fba)

Direct leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f5561b205dd in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:74
    #1 0x5568792ba42a in bitmap_zalloc kernel-lib/bitmap.h:19
    #2 0x5568792c24c0 in btrfs_load_block_group_zone_info kernel-shared/zoned.c:1227
    #3 0x556879256b02 in btrfs_add_block_group kernel-shared/extent-tree.c:3025
    #4 0x5568792572ba in btrfs_make_block_group kernel-shared/extent-tree.c:3094
    #5 0x5568791d446d in create_data_block_groups mkfs/main.c:222
    #6 0x5568791e1ea7 in main mkfs/main.c:2297
    #7 0x7f5561627634  (/usr/lib/libc.so.6+0x27634) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #8 0x7f55616276e8 in __libc_start_main (/usr/lib/libc.so.6+0x276e8) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #9 0x5568791d1fa4 in _start (/home/adam/btrfs-progs/mkfs.btrfs+0x3cfa4) (BuildId: dd46ced75e977e88e3b77290546834407f113fba)

Direct leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x7f5561b205dd in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:74
    #1 0x5568792ba42a in bitmap_zalloc kernel-lib/bitmap.h:19
    #2 0x5568792c24c0 in btrfs_load_block_group_zone_info kernel-shared/zoned.c:1227
    #3 0x556879256b02 in btrfs_add_block_group kernel-shared/extent-tree.c:3025
    #4 0x5568792572ba in btrfs_make_block_group kernel-shared/extent-tree.c:3094
    #5 0x5568791d446d in create_data_block_groups mkfs/main.c:222
    #6 0x5568791e1ffe in main mkfs/main.c:2305
    #7 0x7f5561627634  (/usr/lib/libc.so.6+0x27634) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #8 0x7f55616276e8 in __libc_start_main (/usr/lib/libc.so.6+0x276e8) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #9 0x5568791d1fa4 in _start (/home/adam/btrfs-progs/mkfs.btrfs+0x3cfa4) (BuildId: dd46ced75e977e88e3b77290546834407f113fba)

[CAUSE]
Inside btrfs_load_block_group_zone_info() we allocated an @active bitmap
using bitmap_zalloc(), and use that bitmap for updating @zone_info.

However after everything is done we only freed @zone_info, not @active
bitmap, causing the above memory leak.

[FIX]
Free @active bitmap inside btrfs_load_block_group_zone_info().

Fixes: 6936ffa265c7 ("btrfs-progs: zoned: activate block group on loading")
Signed-off-by: Qu Wenruo <wqu@suse.com>
---
 kernel-shared/zoned.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel-shared/zoned.c b/kernel-shared/zoned.c
index 1757b195560a..8a9d1f38c37d 100644
--- a/kernel-shared/zoned.c
+++ b/kernel-shared/zoned.c
@@ -1302,6 +1302,7 @@ out:
 	if (!ret)
 		cache->write_offset = cache->alloc_offset;
 
+	kfree(active);
 	kfree(zone_info);
 	return ret;
 }
-- 
2.54.0

[PATCH 3/3] btrfs-progs: fix a memory leak in __btrfs_map_block() after RST lookup failure

[Qu Wenruo]

[BUG]
With all previous memory leaks fixed, now mkfs/030 fails with the
following memory leak:

====== RUN CHECK /home/adam/btrfs-progs/mkfs.btrfs -f -O zoned -d dup -m single /dev/nullb0 /dev/nullb1 /dev/nullb2 /dev/nullb3
WARNING: DUP is not recommended on filesystem with multiple devices
WARNING: DUP may not actually lead to 2 copies on the device, see manual page

=================================================================
==48914==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 144 byte(s) in 1 object(s) allocated from:
    #0 0x7fe9247205dd in calloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:74
    #1 0x5587da350c9a in __btrfs_map_block kernel-shared/volumes.c:2236
    #2 0x5587da34f4b9 in btrfs_map_block kernel-shared/volumes.c:2002
    #3 0x5587da279470 in queue_discard_logical mkfs/main.c:1355
    #4 0x5587da27a01b in discard_free_space mkfs/main.c:1453
    #5 0x5587da2825a8 in main mkfs/main.c:2587
    #6 0x7fe924227634  (/usr/lib/libc.so.6+0x27634) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #7 0x7fe9242276e8 in __libc_start_main (/usr/lib/libc.so.6+0x276e8) (BuildId: 2f722da304c0a508c891285e6840199c35019c8d)
    #8 0x5587da26ffa4 in _start (/home/adam/btrfs-progs/mkfs.btrfs+0x3cfa4) (BuildId: 67b730427c6a4739addff9bd31ecd89b1b5ae11a)

[CAUSE]
In __btrfs_map_block() if the fs has raid-stripe-tree enabled, we need
to do one extra mapping to get the physical address.

However btrfs_stripe_tree_logical_to_physical() can fail, and if that
function failed, we error out without freeing @multi we have allocated,
resulting the above memory leak.

[FIX]
Do the proper error handling before erroring out after
btrfs_stripe_tree_logical_to_physical() failure.

Fixes: a9fd50f85fdd ("btrfs-progs: read stripe tree when mapping blocks")
Signed-off-by: Qu Wenruo <wqu@suse.com>
---
 kernel-shared/volumes.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel-shared/volumes.c b/kernel-shared/volumes.c
index c3d113b6e3b1..f35b59bcc20e 100644
--- a/kernel-shared/volumes.c
+++ b/kernel-shared/volumes.c
@@ -2396,8 +2396,10 @@ again:
 
 			ret = btrfs_stripe_tree_logical_to_physical(fs_info, logical,
 								    &multi->stripes[i]);
-			if (ret)
+			if (ret) {
+				kfree(multi);
 				return ret;
+			}
 		} else {
 			multi->stripes[i].physical =
 				map->stripes[stripe_index].physical +
-- 
2.54.0