From: cem@kernel.org
To: linux-xfs@vger.kernel.org
Cc: djwong@kernel.org, hch@lst.de
Subject: [PATCH 45/67] xfs: fix perag leak when growfs fails
Date: Mon, 22 Apr 2024 18:26:07 +0200 [thread overview]
Message-ID: <20240422163832.858420-47-cem@kernel.org> (raw)
In-Reply-To: <20240422163832.858420-2-cem@kernel.org>
From: Long Li <leo.lilong@huawei.com>
Source kernel commit: 7823921887750b39d02e6b44faafdd1cc617c651
During growfs, if new ag in memory has been initialized, however
sb_agcount has not been updated, if an error occurs at this time it
will cause perag leaks as follows, these new AGs will not been freed
during umount , because of these new AGs are not visible(that is
included in mp->m_sb.sb_agcount).
unreferenced object 0xffff88810be40200 (size 512):
comm "xfs_growfs", pid 857, jiffies 4294909093
hex dump (first 32 bytes):
00 c0 c1 05 81 88 ff ff 04 00 00 00 00 00 00 00 ................
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 381741e2):
[<ffffffff8191aef6>] __kmalloc+0x386/0x4f0
[<ffffffff82553e65>] kmem_alloc+0xb5/0x2f0
[<ffffffff8238dac5>] xfs_initialize_perag+0xc5/0x810
[<ffffffff824f679c>] xfs_growfs_data+0x9bc/0xbc0
[<ffffffff8250b90e>] xfs_file_ioctl+0x5fe/0x14d0
[<ffffffff81aa5194>] __x64_sys_ioctl+0x144/0x1c0
[<ffffffff83c3d81f>] do_syscall_64+0x3f/0xe0
[<ffffffff83e00087>] entry_SYSCALL_64_after_hwframe+0x62/0x6a
unreferenced object 0xffff88810be40800 (size 512):
comm "xfs_growfs", pid 857, jiffies 4294909093
hex dump (first 32 bytes):
20 00 00 00 00 00 00 00 57 ef be dc 00 00 00 00 .......W.......
10 08 e4 0b 81 88 ff ff 10 08 e4 0b 81 88 ff ff ................
backtrace (crc bde50e2d):
[<ffffffff8191b43a>] __kmalloc_node+0x3da/0x540
[<ffffffff81814489>] kvmalloc_node+0x99/0x160
[<ffffffff8286acff>] bucket_table_alloc.isra.0+0x5f/0x400
[<ffffffff8286bdc5>] rhashtable_init+0x405/0x760
[<ffffffff8238dda3>] xfs_initialize_perag+0x3a3/0x810
[<ffffffff824f679c>] xfs_growfs_data+0x9bc/0xbc0
[<ffffffff8250b90e>] xfs_file_ioctl+0x5fe/0x14d0
[<ffffffff81aa5194>] __x64_sys_ioctl+0x144/0x1c0
[<ffffffff83c3d81f>] do_syscall_64+0x3f/0xe0
[<ffffffff83e00087>] entry_SYSCALL_64_after_hwframe+0x62/0x6a
Factor out xfs_free_unused_perag_range() from xfs_initialize_perag(),
used for freeing unused perag within a specified range in error handling,
included in the error path of the growfs failure.
Fixes: 1c1c6ebcf528 ("xfs: Replace per-ag array with a radix tree")
Signed-off-by: Long Li <leo.lilong@huawei.com>
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Carlos Maiolino <cem@kernel.org>
---
libxfs/xfs_ag.c | 36 ++++++++++++++++++++++++++----------
libxfs/xfs_ag.h | 2 ++
2 files changed, 28 insertions(+), 10 deletions(-)
diff --git a/libxfs/xfs_ag.c b/libxfs/xfs_ag.c
index 1dbc01b97..0556d5547 100644
--- a/libxfs/xfs_ag.c
+++ b/libxfs/xfs_ag.c
@@ -330,6 +330,31 @@ xfs_agino_range(
return __xfs_agino_range(mp, xfs_ag_block_count(mp, agno), first, last);
}
+/*
+ * Free perag within the specified AG range, it is only used to free unused
+ * perags under the error handling path.
+ */
+void
+xfs_free_unused_perag_range(
+ struct xfs_mount *mp,
+ xfs_agnumber_t agstart,
+ xfs_agnumber_t agend)
+{
+ struct xfs_perag *pag;
+ xfs_agnumber_t index;
+
+ for (index = agstart; index < agend; index++) {
+ spin_lock(&mp->m_perag_lock);
+ pag = radix_tree_delete(&mp->m_perag_tree, index);
+ spin_unlock(&mp->m_perag_lock);
+ if (!pag)
+ break;
+ xfs_buf_hash_destroy(pag);
+ xfs_defer_drain_free(&pag->pag_intents_drain);
+ kmem_free(pag);
+ }
+}
+
int
xfs_initialize_perag(
struct xfs_mount *mp,
@@ -429,16 +454,7 @@ out_free_pag:
kmem_free(pag);
out_unwind_new_pags:
/* unwind any prior newly initialized pags */
- for (index = first_initialised; index < agcount; index++) {
- spin_lock(&mp->m_perag_lock);
- pag = radix_tree_delete(&mp->m_perag_tree, index);
- spin_unlock(&mp->m_perag_lock);
- if (!pag)
- break;
- xfs_buf_hash_destroy(pag);
- xfs_defer_drain_free(&pag->pag_intents_drain);
- kmem_free(pag);
- }
+ xfs_free_unused_perag_range(mp, first_initialised, agcount);
return error;
}
diff --git a/libxfs/xfs_ag.h b/libxfs/xfs_ag.h
index 67c3260ee..4b343c4fa 100644
--- a/libxfs/xfs_ag.h
+++ b/libxfs/xfs_ag.h
@@ -143,6 +143,8 @@ __XFS_AG_OPSTATE(prefers_metadata, PREFERS_METADATA)
__XFS_AG_OPSTATE(allows_inodes, ALLOWS_INODES)
__XFS_AG_OPSTATE(agfl_needs_reset, AGFL_NEEDS_RESET)
+void xfs_free_unused_perag_range(struct xfs_mount *mp, xfs_agnumber_t agstart,
+ xfs_agnumber_t agend);
int xfs_initialize_perag(struct xfs_mount *mp, xfs_agnumber_t agcount,
xfs_rfsblock_t dcount, xfs_agnumber_t *maxagi);
int xfs_initialize_perag_data(struct xfs_mount *mp, xfs_agnumber_t agno);
--
2.44.0
next prev parent reply other threads:[~2024-04-22 16:40 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-22 16:25 [PATCH 00/67] libxfs: Sync to Linux 6.8 cem
2024-04-22 16:25 ` [PATCH 01/67] xfs: use xfs_defer_pending objects to recover intent items cem
2024-04-22 16:25 ` [PATCH 02/67] xfs: recreate work items when recovering " cem
2024-04-22 16:25 ` [PATCH 03/67] xfs: use xfs_defer_finish_one to finish recovered work items cem
2024-04-22 16:25 ` [PATCH 04/67] xfs: move ->iop_recover to xfs_defer_op_type cem
2024-04-22 16:25 ` [PATCH 05/67] xfs: hoist intent done flag setting to ->finish_item callsite cem
2024-04-22 16:25 ` [PATCH 06/67] xfs: hoist ->create_intent boilerplate to its callsite cem
2024-04-22 16:25 ` [PATCH 07/67] xfs: use xfs_defer_create_done for the relogging operation cem
2024-04-22 16:25 ` [PATCH 08/67] xfs: clean out XFS_LI_DIRTY setting boilerplate from ->iop_relog cem
2024-04-22 16:25 ` [PATCH 09/67] xfs: hoist xfs_trans_add_item calls to defer ops functions cem
2024-04-22 16:25 ` [PATCH 10/67] xfs: move ->iop_relog to struct xfs_defer_op_type cem
2024-04-22 16:25 ` [PATCH 11/67] xfs: make rextslog computation consistent with mkfs cem
2024-04-22 16:25 ` [PATCH 12/67] xfs: fix 32-bit truncation in xfs_compute_rextslog cem
2024-04-22 16:25 ` [PATCH 13/67] xfs: don't allow overly small or large realtime volumes cem
2024-04-22 16:25 ` [PATCH 14/67] xfs: elide ->create_done calls for unlogged deferred work cem
2024-04-22 16:25 ` [PATCH 15/67] xfs: don't append work items to logged xfs_defer_pending objects cem
2024-04-22 16:25 ` [PATCH 16/67] xfs: allow pausing of pending deferred work items cem
2024-04-22 16:25 ` [PATCH 17/67] xfs: remove __xfs_free_extent_later cem
2024-04-22 16:25 ` [PATCH 18/67] xfs: automatic freeing of freshly allocated unwritten space cem
2024-04-22 16:25 ` [PATCH 19/67] xfs: remove unused fields from struct xbtree_ifakeroot cem
2024-04-22 16:25 ` [PATCH 20/67] xfs: force small EFIs for reaping btree extents cem
2024-04-22 16:25 ` [PATCH 21/67] xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real cem
2024-04-22 16:25 ` [PATCH 22/67] xfs: update dir3 leaf block metadata after swap cem
2024-04-22 16:25 ` [PATCH 23/67] xfs: extract xfs_da_buf_copy() helper function cem
2024-04-22 16:25 ` [PATCH 24/67] xfs: move xfs_ondisk.h to libxfs/ cem
2024-04-22 16:25 ` [PATCH 25/67] xfs: consolidate the xfs_attr_defer_* helpers cem
2024-04-22 16:25 ` [PATCH 26/67] xfs: store an ops pointer in struct xfs_defer_pending cem
2024-04-22 16:25 ` [PATCH 27/67] xfs: pass the defer ops instead of type to xfs_defer_start_recovery cem
2024-04-22 16:25 ` [PATCH 28/67] xfs: pass the defer ops directly to xfs_defer_add cem
2024-04-22 16:25 ` [PATCH 29/67] xfs: force all buffers to be written during btree bulk load cem
2024-04-22 16:25 ` [PATCH 30/67] xfs: set XBF_DONE on newly formatted btree block that are ready for writing cem
2024-04-22 16:25 ` [PATCH 31/67] xfs: read leaf blocks when computing keys for bulkloading into node blocks cem
2024-04-22 16:25 ` [PATCH 32/67] xfs: move btree bulkload record initialization to ->get_record implementations cem
2024-04-22 16:25 ` [PATCH 33/67] xfs: constrain dirty buffers while formatting a staged btree cem
2024-04-22 16:25 ` [PATCH 34/67] xfs: repair free space btrees cem
2024-04-22 16:25 ` [PATCH 35/67] xfs: repair inode btrees cem
2024-04-22 16:25 ` [PATCH 36/67] xfs: repair refcount btrees cem
2024-04-22 16:25 ` [PATCH 37/67] xfs: dont cast to char * for XFS_DFORK_*PTR macros cem
2024-04-22 16:26 ` [PATCH 38/67] xfs: set inode sick state flags when we zap either ondisk fork cem
2024-04-22 16:26 ` [PATCH 39/67] xfs: zap broken inode forks cem
2024-04-22 16:26 ` [PATCH 40/67] xfs: repair inode fork block mapping data structures cem
2024-04-22 16:26 ` [PATCH 41/67] xfs: create a ranged query function for refcount btrees cem
2024-04-22 16:26 ` [PATCH 42/67] xfs: create a new inode fork block unmap helper cem
2024-04-22 16:26 ` [PATCH 43/67] xfs: improve dquot iteration for scrub cem
2024-04-22 16:26 ` [PATCH 44/67] xfs: add lock protection when remove perag from radix tree cem
2024-04-22 16:26 ` cem [this message]
2024-04-22 16:26 ` [PATCH 46/67] xfs: remove the xfs_alloc_arg argument to xfs_bmap_btalloc_accounting cem
2024-04-22 16:26 ` [PATCH 47/67] xfs: also use xfs_bmap_btalloc_accounting for RT allocations cem
2024-04-22 16:26 ` [PATCH 48/67] xfs: return -ENOSPC from xfs_rtallocate_* cem
2024-04-22 16:26 ` [PATCH 49/67] xfs: indicate if xfs_bmap_adjacent changed ap->blkno cem
2024-04-22 16:26 ` [PATCH 50/67] xfs: move xfs_rtget_summary to xfs_rtbitmap.c cem
2024-04-22 16:26 ` [PATCH 51/67] xfs: split xfs_rtmodify_summary_int cem
2024-04-22 16:26 ` [PATCH 52/67] xfs: remove rt-wrappers from xfs_format.h cem
2024-04-22 16:26 ` [PATCH 53/67] xfs: remove XFS_RTMIN/XFS_RTMAX cem
2024-04-22 16:26 ` [PATCH 54/67] xfs: make if_data a void pointer cem
2024-04-22 16:26 ` [PATCH 55/67] xfs: return if_data from xfs_idata_realloc cem
2024-04-22 16:26 ` [PATCH 56/67] xfs: move the xfs_attr_sf_lookup tracepoint cem
2024-04-22 16:26 ` [PATCH 57/67] xfs: simplify xfs_attr_sf_findname cem
2024-04-22 16:26 ` [PATCH 58/67] xfs: remove xfs_attr_shortform_lookup cem
2024-04-22 16:26 ` [PATCH 59/67] xfs: use xfs_attr_sf_findname in xfs_attr_shortform_getvalue cem
2024-04-22 16:26 ` [PATCH 60/67] xfs: remove struct xfs_attr_shortform cem
2024-04-22 16:26 ` [PATCH 61/67] xfs: remove xfs_attr_sf_hdr_t cem
2024-04-22 16:26 ` [PATCH 62/67] xfs: turn the XFS_DA_OP_REPLACE checks in xfs_attr_shortform_addname into asserts cem
2024-04-22 16:26 ` [PATCH 63/67] xfs: fix a use after free in xfs_defer_finish_recovery cem
2024-04-22 16:26 ` [PATCH 64/67] xfs: use the op name in trace_xlog_intent_recovery_failed cem
2024-04-22 16:26 ` [PATCH 65/67] xfs: fix backwards logic in xfs_bmap_alloc_account cem
2024-04-22 16:26 ` [PATCH 66/67] xfs: reset XFS_ATTR_INCOMPLETE filter on node removal cem
2024-04-22 16:26 ` [PATCH 67/67] xfs: remove conditional building of rt geometry validator functions cem
-- strict thread matches above, loose matches on Subject: below --
2024-04-17 21:16 [PATCHSET 04/11] libxfs: sync with 6.8 Darrick J. Wong
2024-04-17 21:33 ` [PATCH 45/67] xfs: fix perag leak when growfs fails Darrick J. Wong
2024-03-26 2:55 [PATCHSET 02/18] libxfs: sync with 6.8 Darrick J. Wong
2024-03-26 3:14 ` [PATCH 45/67] xfs: fix perag leak when growfs fails Darrick J. Wong
2024-03-13 1:47 [PATCHSET 02/10] libxfs: sync with 6.8 Darrick J. Wong
2024-03-13 2:04 ` [PATCH 45/67] xfs: fix perag leak when growfs fails Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240422163832.858420-47-cem@kernel.org \
--to=cem@kernel.org \
--cc=djwong@kernel.org \
--cc=hch@lst.de \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox