From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Ryusuke Konishi <konishi.ryusuke@gmail.com>,
syzbot+7381dc4ad60658ca4c05@syzkaller.appspotmail.com,
Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH 6.0 03/34] nilfs2: fix leak of nilfs_root in case of writer thread creation failure
Date: Thu, 13 Oct 2022 19:52:41 +0200 [thread overview]
Message-ID: <20221013175146.607406794@linuxfoundation.org> (raw)
In-Reply-To: <20221013175146.507746257@linuxfoundation.org>
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit d0d51a97063db4704a5ef6bc978dddab1636a306 upstream.
If nilfs_attach_log_writer() failed to create a log writer thread, it
frees a data structure of the log writer without any cleanup. After
commit e912a5b66837 ("nilfs2: use root object to get ifile"), this causes
a leak of struct nilfs_root, which started to leak an ifile metadata inode
and a kobject on that struct.
In addition, if the kernel is booted with panic_on_warn, the above
ifile metadata inode leak will cause the following panic when the
nilfs2 kernel module is removed:
kmem_cache_destroy nilfs2_inode_cache: Slab cache still has objects when
called from nilfs_destroy_cachep+0x16/0x3a [nilfs2]
WARNING: CPU: 8 PID: 1464 at mm/slab_common.c:494 kmem_cache_destroy+0x138/0x140
...
RIP: 0010:kmem_cache_destroy+0x138/0x140
Code: 00 20 00 00 e8 a9 55 d8 ff e9 76 ff ff ff 48 8b 53 60 48 c7 c6 20 70 65 86 48 c7 c7 d8 69 9c 86 48 8b 4c 24 28 e8 ef 71 c7 00 <0f> 0b e9 53 ff ff ff c3 48 81 ff ff 0f 00 00 77 03 31 c0 c3 53 48
...
Call Trace:
<TASK>
? nilfs_palloc_freev.cold.24+0x58/0x58 [nilfs2]
nilfs_destroy_cachep+0x16/0x3a [nilfs2]
exit_nilfs_fs+0xa/0x1b [nilfs2]
__x64_sys_delete_module+0x1d9/0x3a0
? __sanitizer_cov_trace_pc+0x1a/0x50
? syscall_trace_enter.isra.19+0x119/0x190
do_syscall_64+0x34/0x80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
...
</TASK>
Kernel panic - not syncing: panic_on_warn set ...
This patch fixes these issues by calling nilfs_detach_log_writer() cleanup
function if spawning the log writer thread fails.
Link: https://lkml.kernel.org/r/20221007085226.57667-1-konishi.ryusuke@gmail.com
Fixes: e912a5b66837 ("nilfs2: use root object to get ifile")
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+7381dc4ad60658ca4c05@syzkaller.appspotmail.com
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/segment.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/fs/nilfs2/segment.c
+++ b/fs/nilfs2/segment.c
@@ -2786,10 +2786,9 @@ int nilfs_attach_log_writer(struct super
inode_attach_wb(nilfs->ns_bdev->bd_inode, NULL);
err = nilfs_segctor_start_thread(nilfs->ns_writer);
- if (err) {
- kfree(nilfs->ns_writer);
- nilfs->ns_writer = NULL;
- }
+ if (unlikely(err))
+ nilfs_detach_log_writer(sb);
+
return err;
}
next prev parent reply other threads:[~2022-10-13 18:24 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-13 17:52 [PATCH 6.0 00/34] 6.0.2-rc1 review Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 01/34] nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 02/34] nilfs2: fix use-after-free bug of struct nilfs_root Greg Kroah-Hartman
2022-10-13 17:52 ` Greg Kroah-Hartman [this message]
2022-10-13 17:52 ` [PATCH 6.0 04/34] nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 05/34] nvme-pci: set min_align_mask before calculating max_hw_sectors Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 06/34] random: restore O_NONBLOCK support Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 07/34] random: clamp credited irq bits to maximum mixed Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 08/34] ALSA: hda: Fix position reporting on Poulsbo Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 09/34] ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 10/34] efi: Correct Macmini DMI match in uefi cert quirk Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 11/34] scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 12/34] scsi: qla2xxx: Fix response queue handler reading stale packets Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 13/34] scsi: stex: Properly zero out the passthrough command structure Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 14/34] USB: serial: qcserial: add new usb-id for Dell branded EM7455 Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 15/34] Revert "USB: fixup for merge issue with "usb: dwc3: Dont switch OTG -> peripheral if extcon is present"" Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 16/34] Revert "usb: dwc3: Dont switch OTG -> peripheral if extcon is present" Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 17/34] Revert "powerpc/rtas: Implement reentrant rtas call" Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 18/34] Revert "crypto: qat - reduce size of mapped region" Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 19/34] random: avoid reading two cache lines on irq randomness Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 20/34] random: use expired timer rather than wq for mixing fast pool Greg Kroah-Hartman
2022-10-13 17:52 ` [PATCH 6.0 21/34] wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 6.0 22/34] wifi: cfg80211/mac80211: reject bad MBSSID elements Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 6.0 23/34] wifi: mac80211: fix MBSSID parsing use-after-free Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 6.0 24/34] wifi: cfg80211: ensure length byte is present before access Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 6.0 25/34] wifi: cfg80211: fix BSS refcounting bugs Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 6.0 26/34] wifi: cfg80211: avoid nontransmitted BSS list corruption Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 6.0 27/34] wifi: mac80211_hwsim: avoid mac80211 warning on bad rate Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 6.0 28/34] wifi: mac80211: fix crash in beacon protection for P2P-device Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 6.0 29/34] wifi: cfg80211: update hidden BSSes to avoid WARN_ON Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 6.0 30/34] mctp: prevent double key removal and unref Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 6.0 31/34] Input: xpad - add supported devices as contributed on github Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 6.0 32/34] Input: xpad - fix wireless 360 controller breaking after suspend Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 6.0 33/34] misc: pci_endpoint_test: Aggregate params checking for xfer Greg Kroah-Hartman
2022-10-13 17:53 ` [PATCH 6.0 34/34] misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic Greg Kroah-Hartman
2022-10-13 21:14 ` [PATCH 6.0 00/34] 6.0.2-rc1 review Justin Forbes
2022-10-13 21:28 ` Florian Fainelli
2022-10-14 0:09 ` Slade Watkins
2022-10-14 4:33 ` Ron Economos
2022-10-14 7:57 ` Bagas Sanjaya
2022-10-14 8:31 ` Naresh Kamboju
2022-10-14 12:15 ` Sudip Mukherjee (Codethink)
2022-10-14 12:23 ` Luna Jernberg
2022-10-14 14:51 ` Shuah Khan
2022-10-14 15:57 ` Jon Hunter
2022-10-14 18:17 ` Fenil Jain
2022-10-14 18:39 ` Allen Pais
2022-10-14 23:08 ` Guenter Roeck
2022-10-15 1:33 ` Rudi Heitbaum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221013175146.607406794@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=konishi.ryusuke@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+7381dc4ad60658ca4c05@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).