* [PATCH RESEND] cachefiles: fix memory leak in cachefiles_add_cache()
@ 2024-02-17 8:14 Baokun Li
2024-02-18 3:15 ` Jingbo Xu
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Baokun Li @ 2024-02-17 8:14 UTC (permalink / raw)
To: netfs
Cc: dhowells, jlayton, linux-cachefs, linux-erofs, linux-fsdevel,
linux-kernel, libaokun1, stable
The following memory leak was reported after unbinding /dev/cachefiles:
==================================================================
unreferenced object 0xffff9b674176e3c0 (size 192):
comm "cachefilesd2", pid 680, jiffies 4294881224
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc ea38a44b):
[<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370
[<ffffffff8e917f86>] prepare_creds+0x26/0x2e0
[<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120
[<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0
[<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0
[<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520
[<ffffffff8ebc5069>] ksys_write+0x69/0xf0
[<ffffffff8f6d4662>] do_syscall_64+0x72/0x140
[<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76
==================================================================
Put the reference count of cache_cred in cachefiles_daemon_unbind() to
fix the problem. And also put cache_cred in cachefiles_add_cache() error
branch to avoid memory leaks.
Fixes: 9ae326a69004 ("CacheFiles: A cache that backs onto a mounted filesystem")
CC: stable@vger.kernel.org
Signed-off-by: Baokun Li <libaokun1@huawei.com>
---
fs/cachefiles/cache.c | 2 ++
fs/cachefiles/daemon.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/fs/cachefiles/cache.c b/fs/cachefiles/cache.c
index 7077f72e6f47..f449f7340aad 100644
--- a/fs/cachefiles/cache.c
+++ b/fs/cachefiles/cache.c
@@ -168,6 +168,8 @@ int cachefiles_add_cache(struct cachefiles_cache *cache)
dput(root);
error_open_root:
cachefiles_end_secure(cache, saved_cred);
+ put_cred(cache->cache_cred);
+ cache->cache_cred = NULL;
error_getsec:
fscache_relinquish_cache(cache_cookie);
cache->cache = NULL;
diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c
index 3f24905f4066..6465e2574230 100644
--- a/fs/cachefiles/daemon.c
+++ b/fs/cachefiles/daemon.c
@@ -816,6 +816,7 @@ static void cachefiles_daemon_unbind(struct cachefiles_cache *cache)
cachefiles_put_directory(cache->graveyard);
cachefiles_put_directory(cache->store);
mntput(cache->mnt);
+ put_cred(cache->cache_cred);
kfree(cache->rootdirname);
kfree(cache->secctx);
--
2.31.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH RESEND] cachefiles: fix memory leak in cachefiles_add_cache()
2024-02-17 8:14 [PATCH RESEND] cachefiles: fix memory leak in cachefiles_add_cache() Baokun Li
@ 2024-02-18 3:15 ` Jingbo Xu
2024-02-18 14:42 ` Jeff Layton
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Jingbo Xu @ 2024-02-18 3:15 UTC (permalink / raw)
To: Baokun Li, netfs
Cc: dhowells, jlayton, linux-cachefs, linux-erofs, linux-fsdevel,
linux-kernel, stable
On 2/17/24 4:14 PM, Baokun Li wrote:
> The following memory leak was reported after unbinding /dev/cachefiles:
>
> ==================================================================
> unreferenced object 0xffff9b674176e3c0 (size 192):
> comm "cachefilesd2", pid 680, jiffies 4294881224
> hex dump (first 32 bytes):
> 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace (crc ea38a44b):
> [<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370
> [<ffffffff8e917f86>] prepare_creds+0x26/0x2e0
> [<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120
> [<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0
> [<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0
> [<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520
> [<ffffffff8ebc5069>] ksys_write+0x69/0xf0
> [<ffffffff8f6d4662>] do_syscall_64+0x72/0x140
> [<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76
> ==================================================================
>
> Put the reference count of cache_cred in cachefiles_daemon_unbind() to
> fix the problem. And also put cache_cred in cachefiles_add_cache() error
> branch to avoid memory leaks.
>
> Fixes: 9ae326a69004 ("CacheFiles: A cache that backs onto a mounted filesystem")
> CC: stable@vger.kernel.org
> Signed-off-by: Baokun Li <libaokun1@huawei.com>
LGTM.
Reviewed-by: Jingbo Xu <jefflexu@linux.alibaba.com>
> ---
> fs/cachefiles/cache.c | 2 ++
> fs/cachefiles/daemon.c | 1 +
> 2 files changed, 3 insertions(+)
>
> diff --git a/fs/cachefiles/cache.c b/fs/cachefiles/cache.c
> index 7077f72e6f47..f449f7340aad 100644
> --- a/fs/cachefiles/cache.c
> +++ b/fs/cachefiles/cache.c
> @@ -168,6 +168,8 @@ int cachefiles_add_cache(struct cachefiles_cache *cache)
> dput(root);
> error_open_root:
> cachefiles_end_secure(cache, saved_cred);
> + put_cred(cache->cache_cred);
> + cache->cache_cred = NULL;
> error_getsec:
> fscache_relinquish_cache(cache_cookie);
> cache->cache = NULL;
> diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c
> index 3f24905f4066..6465e2574230 100644
> --- a/fs/cachefiles/daemon.c
> +++ b/fs/cachefiles/daemon.c
> @@ -816,6 +816,7 @@ static void cachefiles_daemon_unbind(struct cachefiles_cache *cache)
> cachefiles_put_directory(cache->graveyard);
> cachefiles_put_directory(cache->store);
> mntput(cache->mnt);
> + put_cred(cache->cache_cred);
>
> kfree(cache->rootdirname);
> kfree(cache->secctx);
--
Thanks,
Jingbo
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH RESEND] cachefiles: fix memory leak in cachefiles_add_cache()
2024-02-17 8:14 [PATCH RESEND] cachefiles: fix memory leak in cachefiles_add_cache() Baokun Li
2024-02-18 3:15 ` Jingbo Xu
@ 2024-02-18 14:42 ` Jeff Layton
2024-02-19 13:00 ` David Howells
2024-02-20 8:46 ` Christian Brauner
3 siblings, 0 replies; 5+ messages in thread
From: Jeff Layton @ 2024-02-18 14:42 UTC (permalink / raw)
To: Baokun Li, netfs
Cc: dhowells, linux-cachefs, linux-erofs, linux-fsdevel, linux-kernel,
stable
On Sat, 2024-02-17 at 16:14 +0800, Baokun Li wrote:
> The following memory leak was reported after unbinding /dev/cachefiles:
>
> ==================================================================
> unreferenced object 0xffff9b674176e3c0 (size 192):
> comm "cachefilesd2", pid 680, jiffies 4294881224
> hex dump (first 32 bytes):
> 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace (crc ea38a44b):
> [<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370
> [<ffffffff8e917f86>] prepare_creds+0x26/0x2e0
> [<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120
> [<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0
> [<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0
> [<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520
> [<ffffffff8ebc5069>] ksys_write+0x69/0xf0
> [<ffffffff8f6d4662>] do_syscall_64+0x72/0x140
> [<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76
> ==================================================================
>
> Put the reference count of cache_cred in cachefiles_daemon_unbind() to
> fix the problem. And also put cache_cred in cachefiles_add_cache() error
> branch to avoid memory leaks.
>
> Fixes: 9ae326a69004 ("CacheFiles: A cache that backs onto a mounted filesystem")
> CC: stable@vger.kernel.org
> Signed-off-by: Baokun Li <libaokun1@huawei.com>
> ---
> fs/cachefiles/cache.c | 2 ++
> fs/cachefiles/daemon.c | 1 +
> 2 files changed, 3 insertions(+)
>
> diff --git a/fs/cachefiles/cache.c b/fs/cachefiles/cache.c
> index 7077f72e6f47..f449f7340aad 100644
> --- a/fs/cachefiles/cache.c
> +++ b/fs/cachefiles/cache.c
> @@ -168,6 +168,8 @@ int cachefiles_add_cache(struct cachefiles_cache *cache)
> dput(root);
> error_open_root:
> cachefiles_end_secure(cache, saved_cred);
> + put_cred(cache->cache_cred);
> + cache->cache_cred = NULL;
> error_getsec:
> fscache_relinquish_cache(cache_cookie);
> cache->cache = NULL;
> diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c
> index 3f24905f4066..6465e2574230 100644
> --- a/fs/cachefiles/daemon.c
> +++ b/fs/cachefiles/daemon.c
> @@ -816,6 +816,7 @@ static void cachefiles_daemon_unbind(struct cachefiles_cache *cache)
> cachefiles_put_directory(cache->graveyard);
> cachefiles_put_directory(cache->store);
> mntput(cache->mnt);
> + put_cred(cache->cache_cred);
>
> kfree(cache->rootdirname);
> kfree(cache->secctx);
Looks reasonable to me too. Nice catch:
Reviewed-by: Jeff Layton <jlayton@kernel.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH RESEND] cachefiles: fix memory leak in cachefiles_add_cache()
2024-02-17 8:14 [PATCH RESEND] cachefiles: fix memory leak in cachefiles_add_cache() Baokun Li
2024-02-18 3:15 ` Jingbo Xu
2024-02-18 14:42 ` Jeff Layton
@ 2024-02-19 13:00 ` David Howells
2024-02-20 8:46 ` Christian Brauner
3 siblings, 0 replies; 5+ messages in thread
From: David Howells @ 2024-02-19 13:00 UTC (permalink / raw)
To: Christian Brauner
Cc: dhowells, netfs, jlayton, Baokun Li, linux-cachefs, linux-erofs,
linux-fsdevel, linux-kernel, stable
Hi Christian,
Could you take this through your VFS tree please?
> The following memory leak was reported after unbinding /dev/cachefiles:
>
> ==================================================================
> unreferenced object 0xffff9b674176e3c0 (size 192):
> comm "cachefilesd2", pid 680, jiffies 4294881224
> hex dump (first 32 bytes):
> 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace (crc ea38a44b):
> [<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370
> [<ffffffff8e917f86>] prepare_creds+0x26/0x2e0
> [<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120
> [<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0
> [<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0
> [<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520
> [<ffffffff8ebc5069>] ksys_write+0x69/0xf0
> [<ffffffff8f6d4662>] do_syscall_64+0x72/0x140
> [<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76
> ==================================================================
>
> Put the reference count of cache_cred in cachefiles_daemon_unbind() to
> fix the problem. And also put cache_cred in cachefiles_add_cache() error
> branch to avoid memory leaks.
>
> Fixes: 9ae326a69004 ("CacheFiles: A cache that backs onto a mounted filesystem")
> CC: stable@vger.kernel.org
> Signed-off-by: Baokun Li <libaokun1@huawei.com>
and add:
Reviewed-by: Jingbo Xu <jefflexu@linux.alibaba.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Acked-by: David Howells <dhowells@redhat.com>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH RESEND] cachefiles: fix memory leak in cachefiles_add_cache()
2024-02-17 8:14 [PATCH RESEND] cachefiles: fix memory leak in cachefiles_add_cache() Baokun Li
` (2 preceding siblings ...)
2024-02-19 13:00 ` David Howells
@ 2024-02-20 8:46 ` Christian Brauner
3 siblings, 0 replies; 5+ messages in thread
From: Christian Brauner @ 2024-02-20 8:46 UTC (permalink / raw)
To: netfs, Baokun Li, dhowells
Cc: Christian Brauner, jlayton, linux-cachefs, linux-erofs,
linux-fsdevel, linux-kernel, stable
On Sat, 17 Feb 2024 16:14:31 +0800, Baokun Li wrote:
> The following memory leak was reported after unbinding /dev/cachefiles:
>
> ==================================================================
> unreferenced object 0xffff9b674176e3c0 (size 192):
> comm "cachefilesd2", pid 680, jiffies 4294881224
> hex dump (first 32 bytes):
> 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace (crc ea38a44b):
> [<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370
> [<ffffffff8e917f86>] prepare_creds+0x26/0x2e0
> [<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120
> [<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0
> [<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0
> [<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520
> [<ffffffff8ebc5069>] ksys_write+0x69/0xf0
> [<ffffffff8f6d4662>] do_syscall_64+0x72/0x140
> [<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76
> ==================================================================
>
> [...]
Sorry for the delay, David.
---
Applied to the vfs.fixes branch of the vfs/vfs.git tree.
Patches in the vfs.fixes branch should appear in linux-next soon.
Please report any outstanding bugs that were missed during review in a
new review to the original patch series allowing us to drop it.
It's encouraged to provide Acked-bys and Reviewed-bys even though the
patch has now been applied. If possible patch trailers will be updated.
Note that commit hashes shown below are subject to change due to rebase,
trailer updates or similar. If in doubt, please check the listed branch.
tree: https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
branch: vfs.fixes
[1/1] cachefiles: fix memory leak in cachefiles_add_cache()
https://git.kernel.org/vfs/vfs/c/e21a2f17566c
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-02-20 8:47 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-17 8:14 [PATCH RESEND] cachefiles: fix memory leak in cachefiles_add_cache() Baokun Li
2024-02-18 3:15 ` Jingbo Xu
2024-02-18 14:42 ` Jeff Layton
2024-02-19 13:00 ` David Howells
2024-02-20 8:46 ` Christian Brauner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).