From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Li Zetao <lizetao1@huawei.com>,
Joseph Qi <joseph.qi@linux.alibaba.com>,
Mark Fasheh <mark@fasheh.com>, Joel Becker <jlbec@evilplan.org>,
Junxiao Bi <junxiao.bi@oracle.com>,
Changwei Ge <gechangwei@live.cn>, Gang He <ghe@suse.com>,
Jun Piao <piaojun@huawei.com>,
Andrew Morton <akpm@linux-foundation.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.15 10/93] ocfs2: fix memory leak in ocfs2_mount_volume()
Date: Wed, 12 Apr 2023 10:33:11 +0200 [thread overview]
Message-ID: <20230412082823.473889874@linuxfoundation.org> (raw)
In-Reply-To: <20230412082823.045155996@linuxfoundation.org>
From: Li Zetao <ocfs2-devel@oss.oracle.com>
[ Upstream commit ce2fcf1516d674a174d9b34d1e1024d64de9fba3 ]
There is a memory leak reported by kmemleak:
unreferenced object 0xffff88810cc65e60 (size 32):
comm "mount.ocfs2", pid 23753, jiffies 4302528942 (age 34735.105s)
hex dump (first 32 bytes):
10 00 00 00 00 00 00 00 00 01 01 01 01 01 01 01 ................
01 01 01 01 01 01 01 01 00 00 00 00 00 00 00 00 ................
backtrace:
[<ffffffff8170f73d>] __kmalloc+0x4d/0x150
[<ffffffffa0ac3f51>] ocfs2_compute_replay_slots+0x121/0x330 [ocfs2]
[<ffffffffa0b65165>] ocfs2_check_volume+0x485/0x900 [ocfs2]
[<ffffffffa0b68129>] ocfs2_mount_volume.isra.0+0x1e9/0x650 [ocfs2]
[<ffffffffa0b7160b>] ocfs2_fill_super+0xe0b/0x1740 [ocfs2]
[<ffffffff818e1fe2>] mount_bdev+0x312/0x400
[<ffffffff819a086d>] legacy_get_tree+0xed/0x1d0
[<ffffffff818de82d>] vfs_get_tree+0x7d/0x230
[<ffffffff81957f92>] path_mount+0xd62/0x1760
[<ffffffff81958a5a>] do_mount+0xca/0xe0
[<ffffffff81958d3c>] __x64_sys_mount+0x12c/0x1a0
[<ffffffff82f26f15>] do_syscall_64+0x35/0x80
[<ffffffff8300006a>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
This call stack is related to two problems. Firstly, the ocfs2 super uses
"replay_map" to trace online/offline slots, in order to recover offline
slots during recovery and mount. But when ocfs2_truncate_log_init()
returns an error in ocfs2_mount_volume(), the memory of "replay_map" will
not be freed in error handling path. Secondly, the memory of "replay_map"
will not be freed if d_make_root() returns an error in ocfs2_fill_super().
But the memory of "replay_map" will be freed normally when completing
recovery and mount in ocfs2_complete_mount_recovery().
Fix the first problem by adding error handling path to free "replay_map"
when ocfs2_truncate_log_init() fails. And fix the second problem by
calling ocfs2_free_replay_slots(osb) in the error handling path
"out_dismount". In addition, since ocfs2_free_replay_slots() is static,
it is necessary to remove its static attribute and declare it in header
file.
Link: https://lkml.kernel.org/r/20221109074627.2303950-1-lizetao1@huawei.com
Fixes: 9140db04ef18 ("ocfs2: recover orphans in offline slots during recovery and mount")
Signed-off-by: Li Zetao <lizetao1@huawei.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ocfs2/journal.c | 2 +-
fs/ocfs2/journal.h | 1 +
fs/ocfs2/super.c | 5 ++++-
3 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/fs/ocfs2/journal.c b/fs/ocfs2/journal.c
index 4f15750aac5d5..86864a90de2cd 100644
--- a/fs/ocfs2/journal.c
+++ b/fs/ocfs2/journal.c
@@ -157,7 +157,7 @@ static void ocfs2_queue_replay_slots(struct ocfs2_super *osb,
replay_map->rm_state = REPLAY_DONE;
}
-static void ocfs2_free_replay_slots(struct ocfs2_super *osb)
+void ocfs2_free_replay_slots(struct ocfs2_super *osb)
{
struct ocfs2_replay_map *replay_map = osb->replay_map;
diff --git a/fs/ocfs2/journal.h b/fs/ocfs2/journal.h
index d158acb8b38a8..a54f20bce9fef 100644
--- a/fs/ocfs2/journal.h
+++ b/fs/ocfs2/journal.h
@@ -150,6 +150,7 @@ int ocfs2_recovery_init(struct ocfs2_super *osb);
void ocfs2_recovery_exit(struct ocfs2_super *osb);
int ocfs2_compute_replay_slots(struct ocfs2_super *osb);
+void ocfs2_free_replay_slots(struct ocfs2_super *osb);
/*
* Journal Control:
* Initialize, Load, Shutdown, Wipe a journal.
diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c
index 64795f836550f..db38b424f7a1a 100644
--- a/fs/ocfs2/super.c
+++ b/fs/ocfs2/super.c
@@ -1160,6 +1160,7 @@ static int ocfs2_fill_super(struct super_block *sb, void *data, int silent)
out_dismount:
atomic_set(&osb->vol_state, VOLUME_DISABLED);
wake_up(&osb->osb_mount_event);
+ ocfs2_free_replay_slots(osb);
ocfs2_dismount_volume(sb, 1);
goto out;
@@ -1825,12 +1826,14 @@ static int ocfs2_mount_volume(struct super_block *sb)
status = ocfs2_truncate_log_init(osb);
if (status < 0) {
mlog_errno(status);
- goto out_system_inodes;
+ goto out_check_volume;
}
ocfs2_super_unlock(osb, 1);
return 0;
+out_check_volume:
+ ocfs2_free_replay_slots(osb);
out_system_inodes:
if (osb->local_alloc_state == OCFS2_LA_ENABLED)
ocfs2_shutdown_local_alloc(osb);
--
2.39.2
next prev parent reply other threads:[~2023-04-12 8:35 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-12 8:33 [PATCH 5.15 00/93] 5.15.107-rc1 review Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 01/93] soc: sifive: ccache: Rename SiFive L2 cache to Composable cache Greg Kroah-Hartman
2023-04-12 9:36 ` Conor Dooley
2023-04-12 10:14 ` Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 02/93] soc: sifive: ccache: determine the cache level from dts Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 03/93] soc: sifive: ccache: reduce printing on init Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 04/93] soc: sifive: ccache: use pr_fmt() to remove CCACHE: prefixes Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 05/93] soc: sifive: ccache: fix missing iounmap() in error path in sifive_ccache_init() Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 06/93] soc: sifive: ccache: fix missing free_irq() " Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 07/93] soc: sifive: ccache: fix missing of_node_put() " Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 08/93] ocfs2: ocfs2_mount_volume does cleanup job before return error Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 09/93] ocfs2: rewrite error handling of ocfs2_fill_super Greg Kroah-Hartman
2023-04-12 8:33 ` Greg Kroah-Hartman [this message]
2023-04-12 8:33 ` [PATCH 5.15 11/93] NFSD: Fix sparse warning Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 12/93] NFSD: pass range end to vfs_fsync_range() instead of count Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 13/93] RDMA/irdma: Do not request 2-level PBLEs for CQ alloc Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 14/93] platform/x86: int3472: Split into 2 drivers Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 15/93] platform/x86: int3472/discrete: Ensure the clk/power enable pins are in output mode Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 16/93] iavf: return errno code instead of status code Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 17/93] iavf/iavf_main: actually log ->src mask when talking about it Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 18/93] serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 19/93] serial: exar: Add support for Sealevel 7xxxC serial cards Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 20/93] drm/amdgpu: Prevent race between late signaled fences and GPU reset Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 21/93] drm/amdgpu: fix amdgpu_job_free_resources v2 Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 22/93] bpf: hash map, avoid deadlock with suitable hash mask Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 23/93] gpio: GPIO_REGMAP: select REGMAP instead of depending on it Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 24/93] Drivers: vmbus: Check for channel allocation before looking up relids Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 25/93] pwm: cros-ec: Explicitly set .polarity in .get_state() Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 26/93] pwm: sprd: " Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 27/93] KVM: s390: pv: fix external interruption loop not always detected Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 28/93] wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 29/93] net: qrtr: combine nameservice into main module Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 30/93] net: qrtr: Fix a refcount bug in qrtr_recvmsg() Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 31/93] NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 32/93] icmp: guard against too small mtu Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 33/93] net: dont let netpoll invoke NAPI if in xmit context Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 34/93] net: dsa: mv88e6xxx: Reset mv88e6393x force WD event bit Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 35/93] sctp: check send stream number after wait_for_sndbuf Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 36/93] net: qrtr: Do not do DEL_SERVER broadcast after DEL_CLIENT Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 37/93] ipv6: Fix an uninit variable access bug in __ip6_make_skb() Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 38/93] platform/x86: think-lmi: Fix memory leak when showing current settings Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 39/93] platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 40/93] platform/x86: think-lmi: Clean up display of current_value on Thinkstation Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 41/93] gpio: davinci: Add irq chip flag to skip set wake Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 42/93] net: ethernet: ti: am65-cpsw: Fix mdio cleanup in probe Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 43/93] net: stmmac: fix up RX flow hash indirection table when setting channels Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 44/93] sunrpc: only free unix grouplist after RCU settles Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 45/93] NFSD: callback request does not use correct credential for AUTH_SYS Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 46/93] ice: fix wrong fallback logic for FDIR Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 47/93] ice: Reset FDIR counter in FDIR init stage Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 48/93] ethtool: reset #lanes when lanes is omitted Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 49/93] gve: Secure enough bytes in the first TX desc for all TCP pkts Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 50/93] kbuild: refactor single builds of *.ko Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 51/93] usb: xhci: tegra: fix sleep in atomic call Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 52/93] xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 53/93] usb: cdnsp: Fixes error: uninitialized symbol len Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 54/93] usb: dwc3: pci: add support for the Intel Meteor Lake-S Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 55/93] USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 56/93] usb: typec: altmodes/displayport: Fix configure initial pin assignment Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 57/93] USB: serial: option: add Telit FE990 compositions Greg Kroah-Hartman
2023-04-12 8:33 ` [PATCH 5.15 58/93] USB: serial: option: add Quectel RM500U-CN modem Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 59/93] iio: adis16480: select CONFIG_CRC32 Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 60/93] iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 61/93] iio: dac: cio-dac: Fix max DAC write value check for 12-bit Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 62/93] iio: light: cm32181: Unregister second I2C client if present Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 63/93] tty: serial: sh-sci: Fix transmit end interrupt handler Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 64/93] tty: serial: sh-sci: Fix Rx on RZ/G2L SCI Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 65/93] tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 66/93] nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 67/93] nilfs2: fix sysfs interface lifetime Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 68/93] dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 69/93] ksmbd: do not call kvmalloc() with __GFP_NORETRY | __GFP_NO_WARN Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 70/93] ALSA: hda/realtek: Add quirk for Clevo X370SNW Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 71/93] coresight: etm4x: Do not access TRCIDR1 for identification Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 72/93] coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 73/93] iio: adc: ad7791: fix IRQ flags Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 74/93] scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 75/93] scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 76/93] smb3: allow deferred close timeout to be configurable Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 77/93] smb3: lower default deferred close timeout to address perf regression Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 78/93] cifs: sanitize paths in cifs_update_super_prepath Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 79/93] perf/core: Fix the same task check in perf_event_set_output Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 80/93] ftrace: Mark get_lock_parent_ip() __always_inline Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 81/93] ftrace: Fix issue that direct->addr not restored in modify_ftrace_direct() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 82/93] fs: drop peer group ids under namespace lock Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 83/93] can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 84/93] can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 85/93] tracing: Free error logs of tracing instances Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 86/93] ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 87/93] mm: vmalloc: avoid warn_alloc noise caused by fatal signal Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 88/93] drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 89/93] drm/nouveau/disp: Support more modes by checking with lower bpc Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 90/93] ring-buffer: Fix race while reader and writer are on the same page Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 91/93] mm/swap: fix swap_info_struct race between swapoff and get_swap_pages() Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 92/93] drm/bridge: lt9611: Fix PLL being unable to lock Greg Kroah-Hartman
2023-04-12 8:34 ` [PATCH 5.15 93/93] mm: take a page reference when removing device exclusive entries Greg Kroah-Hartman
2023-04-12 16:53 ` [PATCH 5.15 00/93] 5.15.107-rc1 review Florian Fainelli
2023-04-12 19:41 ` Shuah Khan
2023-04-12 20:41 ` Guenter Roeck
2023-04-12 21:47 ` [PATCH 5.15 00/93] 5.15.107-rc1 review (possible amdgpu regression) Eddie Chapman
2023-04-13 14:46 ` Greg Kroah-Hartman
2023-06-07 22:24 ` Eddie Chapman
2023-04-13 2:04 ` [PATCH 5.15 00/93] 5.15.107-rc1 review Bagas Sanjaya
2023-04-13 13:28 ` Ron Economos
2023-04-13 14:18 ` Naresh Kamboju
2023-04-13 14:51 ` Harshit Mogalapalli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230412082823.473889874@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=gechangwei@live.cn \
--cc=ghe@suse.com \
--cc=jlbec@evilplan.org \
--cc=joseph.qi@linux.alibaba.com \
--cc=junxiao.bi@oracle.com \
--cc=lizetao1@huawei.com \
--cc=mark@fasheh.com \
--cc=patches@lists.linux.dev \
--cc=piaojun@huawei.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox