From: <gregkh@linuxfoundation.org>
To: catherine.hoang@oracle.com,chandanbabu@kernel.org,djwong@kernel.org,gregkh@linuxfoundation.org,leah.rumancik@gmail.com,leo.lilong@huawei.com,xfs-stable@lists.linux.dev
Cc: <stable-commits@vger.kernel.org>
Subject: Patch "xfs: fix perag leak when growfs fails" has been added to the 6.1-stable tree
Date: Sun, 16 Mar 2025 07:17:06 +0100 [thread overview]
Message-ID: <2025031606-defy-frill-d3ef@gregkh> (raw)
In-Reply-To: <20250313202550.2257219-26-leah.rumancik@gmail.com>
This is a note to let you know that I've just added the patch titled
xfs: fix perag leak when growfs fails
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
xfs-fix-perag-leak-when-growfs-fails.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
From stable+bounces-124382-greg=kroah.com@vger.kernel.org Thu Mar 13 21:26:44 2025
From: Leah Rumancik <leah.rumancik@gmail.com>
Date: Thu, 13 Mar 2025 13:25:45 -0700
Subject: xfs: fix perag leak when growfs fails
To: stable@vger.kernel.org
Cc: xfs-stable@lists.linux.dev, Long Li <leo.lilong@huawei.com>, "Darrick J. Wong" <djwong@kernel.org>, Chandan Babu R <chandanbabu@kernel.org>, Catherine Hoang <catherine.hoang@oracle.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Leah Rumancik <leah.rumancik@gmail.com>
Message-ID: <20250313202550.2257219-26-leah.rumancik@gmail.com>
From: Long Li <leo.lilong@huawei.com>
[ Upstream commit 7823921887750b39d02e6b44faafdd1cc617c651 ]
[ 6.1: resolved conflicts in xfs_ag.c and xfs_ag.h ]
During growfs, if new ag in memory has been initialized, however
sb_agcount has not been updated, if an error occurs at this time it
will cause perag leaks as follows, these new AGs will not been freed
during umount , because of these new AGs are not visible(that is
included in mp->m_sb.sb_agcount).
unreferenced object 0xffff88810be40200 (size 512):
comm "xfs_growfs", pid 857, jiffies 4294909093
hex dump (first 32 bytes):
00 c0 c1 05 81 88 ff ff 04 00 00 00 00 00 00 00 ................
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 381741e2):
[<ffffffff8191aef6>] __kmalloc+0x386/0x4f0
[<ffffffff82553e65>] kmem_alloc+0xb5/0x2f0
[<ffffffff8238dac5>] xfs_initialize_perag+0xc5/0x810
[<ffffffff824f679c>] xfs_growfs_data+0x9bc/0xbc0
[<ffffffff8250b90e>] xfs_file_ioctl+0x5fe/0x14d0
[<ffffffff81aa5194>] __x64_sys_ioctl+0x144/0x1c0
[<ffffffff83c3d81f>] do_syscall_64+0x3f/0xe0
[<ffffffff83e00087>] entry_SYSCALL_64_after_hwframe+0x62/0x6a
unreferenced object 0xffff88810be40800 (size 512):
comm "xfs_growfs", pid 857, jiffies 4294909093
hex dump (first 32 bytes):
20 00 00 00 00 00 00 00 57 ef be dc 00 00 00 00 .......W.......
10 08 e4 0b 81 88 ff ff 10 08 e4 0b 81 88 ff ff ................
backtrace (crc bde50e2d):
[<ffffffff8191b43a>] __kmalloc_node+0x3da/0x540
[<ffffffff81814489>] kvmalloc_node+0x99/0x160
[<ffffffff8286acff>] bucket_table_alloc.isra.0+0x5f/0x400
[<ffffffff8286bdc5>] rhashtable_init+0x405/0x760
[<ffffffff8238dda3>] xfs_initialize_perag+0x3a3/0x810
[<ffffffff824f679c>] xfs_growfs_data+0x9bc/0xbc0
[<ffffffff8250b90e>] xfs_file_ioctl+0x5fe/0x14d0
[<ffffffff81aa5194>] __x64_sys_ioctl+0x144/0x1c0
[<ffffffff83c3d81f>] do_syscall_64+0x3f/0xe0
[<ffffffff83e00087>] entry_SYSCALL_64_after_hwframe+0x62/0x6a
Factor out xfs_free_unused_perag_range() from xfs_initialize_perag(),
used for freeing unused perag within a specified range in error handling,
included in the error path of the growfs failure.
Fixes: 1c1c6ebcf528 ("xfs: Replace per-ag array with a radix tree")
Signed-off-by: Long Li <leo.lilong@huawei.com>
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Leah Rumancik <leah.rumancik@gmail.com>
Acked-by: "Darrick J. Wong" <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_ag.c | 34 +++++++++++++++++++++++++---------
fs/xfs/libxfs/xfs_ag.h | 3 +++
fs/xfs/xfs_fsops.c | 5 ++++-
3 files changed, 32 insertions(+), 10 deletions(-)
--- a/fs/xfs/libxfs/xfs_ag.c
+++ b/fs/xfs/libxfs/xfs_ag.c
@@ -259,6 +259,30 @@ xfs_agino_range(
return __xfs_agino_range(mp, xfs_ag_block_count(mp, agno), first, last);
}
+/*
+ * Free perag within the specified AG range, it is only used to free unused
+ * perags under the error handling path.
+ */
+void
+xfs_free_unused_perag_range(
+ struct xfs_mount *mp,
+ xfs_agnumber_t agstart,
+ xfs_agnumber_t agend)
+{
+ struct xfs_perag *pag;
+ xfs_agnumber_t index;
+
+ for (index = agstart; index < agend; index++) {
+ spin_lock(&mp->m_perag_lock);
+ pag = radix_tree_delete(&mp->m_perag_tree, index);
+ spin_unlock(&mp->m_perag_lock);
+ if (!pag)
+ break;
+ xfs_buf_hash_destroy(pag);
+ kmem_free(pag);
+ }
+}
+
int
xfs_initialize_perag(
struct xfs_mount *mp,
@@ -352,15 +376,7 @@ out_free_pag:
kmem_free(pag);
out_unwind_new_pags:
/* unwind any prior newly initialized pags */
- for (index = first_initialised; index < agcount; index++) {
- spin_lock(&mp->m_perag_lock);
- pag = radix_tree_delete(&mp->m_perag_tree, index);
- spin_unlock(&mp->m_perag_lock);
- if (!pag)
- break;
- xfs_buf_hash_destroy(pag);
- kmem_free(pag);
- }
+ xfs_free_unused_perag_range(mp, first_initialised, agcount);
return error;
}
--- a/fs/xfs/libxfs/xfs_ag.h
+++ b/fs/xfs/libxfs/xfs_ag.h
@@ -106,6 +106,9 @@ struct xfs_perag {
#endif /* __KERNEL__ */
};
+
+void xfs_free_unused_perag_range(struct xfs_mount *mp, xfs_agnumber_t agstart,
+ xfs_agnumber_t agend);
int xfs_initialize_perag(struct xfs_mount *mp, xfs_agnumber_t agcount,
xfs_rfsblock_t dcount, xfs_agnumber_t *maxagi);
int xfs_initialize_perag_data(struct xfs_mount *mp, xfs_agnumber_t agno);
--- a/fs/xfs/xfs_fsops.c
+++ b/fs/xfs/xfs_fsops.c
@@ -153,7 +153,7 @@ xfs_growfs_data_private(
(delta > 0 ? XFS_GROWFS_SPACE_RES(mp) : -delta), 0,
XFS_TRANS_RESERVE, &tp);
if (error)
- return error;
+ goto out_free_unused_perag;
last_pag = xfs_perag_get(mp, oagcount - 1);
if (delta > 0) {
@@ -227,6 +227,9 @@ xfs_growfs_data_private(
out_trans_cancel:
xfs_trans_cancel(tp);
+out_free_unused_perag:
+ if (nagcount > oagcount)
+ xfs_free_unused_perag_range(mp, oagcount, nagcount);
return error;
}
Patches currently in stable-queue which might be from leah.rumancik@gmail.com are
queue-6.1/xfs-fix-confusing-xfs_extent_item-variable-names.patch
queue-6.1/xfs-fix-32-bit-truncation-in-xfs_compute_rextslog.patch
queue-6.1/xfs-transfer-recovered-intent-item-ownership-in-iop_recover.patch
queue-6.1/xfs-initialise-di_crc-in-xfs_log_dinode.patch
queue-6.1/xfs-consider-minlen-sized-extents-in-xfs_rtallocate_extent_block.patch
queue-6.1/xfs-don-t-leak-recovered-attri-intent-items.patch
queue-6.1/xfs-remove-unused-fields-from-struct-xbtree_ifakeroot.patch
queue-6.1/xfs-fix-bounds-check-in-xfs_defer_agfl_block.patch
queue-6.1/xfs-ensure-logflagsp-is-initialized-in-xfs_bmap_del_extent_real.patch
queue-6.1/xfs-convert-rt-bitmap-extent-lengths-to-xfs_rtbxlen_t.patch
queue-6.1/xfs-pass-refcount-intent-directly-through-the-log-intent-code.patch
queue-6.1/xfs-fix-perag-leak-when-growfs-fails.patch
queue-6.1/xfs-pass-the-xfs_defer_pending-object-to-iop_recover.patch
queue-6.1/xfs-update-dir3-leaf-block-metadata-after-swap.patch
queue-6.1/xfs-use-deferred-frees-for-btree-block-freeing.patch
queue-6.1/xfs-make-rextslog-computation-consistent-with-mkfs.patch
queue-6.1/xfs-pass-xfs_extent_free_item-directly-through-the-log-intent-code.patch
queue-6.1/xfs-move-the-xfs_rtbitmap.c-declarations-to-xfs_rtbitmap.h.patch
queue-6.1/xfs-recompute-growfsrtfree-transaction-reservation-while-growing-rt-volume.patch
queue-6.1/xfs-reserve-less-log-space-when-recovering-log-intent-items.patch
queue-6.1/xfs-pass-the-xfs_bmbt_irec-directly-through-the-log-intent-code.patch
queue-6.1/xfs-force-all-buffers-to-be-written-during-btree-bulk-load.patch
queue-6.1/xfs-reset-xfs_attr_incomplete-filter-on-node-removal.patch
queue-6.1/xfs-add-lock-protection-when-remove-perag-from-radix-tree.patch
queue-6.1/xfs-use-xfs_defer_pending-objects-to-recover-intent-items.patch
queue-6.1/xfs-pass-per-ag-references-to-xfs_free_extent.patch
queue-6.1/xfs-validate-block-number-being-freed-before-adding-to-xefi.patch
queue-6.1/xfs-don-t-allow-overly-small-or-large-realtime-volumes.patch
queue-6.1/xfs-remove-conditional-building-of-rt-geometry-validator-functions.patch
next prev parent reply other threads:[~2025-03-16 6:17 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-13 20:25 [PATCH 6.1 00/29] patches for 6.1.y from 6.8 Leah Rumancik
2025-03-13 20:25 ` [PATCH 6.1 01/29] xfs: pass refcount intent directly through the log intent code Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: pass refcount intent directly through the log intent code" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 02/29] xfs: pass xfs_extent_free_item directly through the log intent code Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: pass xfs_extent_free_item directly through the log intent code" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 03/29] xfs: fix confusing xfs_extent_item variable names Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: fix confusing xfs_extent_item variable names" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 04/29] xfs: pass the xfs_bmbt_irec directly through the log intent code Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: pass the xfs_bmbt_irec directly through the log intent code" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 05/29] xfs: pass per-ag references to xfs_free_extent Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: pass per-ag references to xfs_free_extent" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 06/29] xfs: validate block number being freed before adding to xefi Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: validate block number being freed before adding to xefi" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 07/29] xfs: fix bounds check in xfs_defer_agfl_block() Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: fix bounds check in xfs_defer_agfl_block()" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 08/29] xfs: use deferred frees for btree block freeing Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: use deferred frees for btree block freeing" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 09/29] xfs: reserve less log space when recovering log intent items Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: reserve less log space when recovering log intent items" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 10/29] xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 11/29] xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 12/29] xfs: consider minlen sized extents in xfs_rtallocate_extent_block Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: consider minlen sized extents in xfs_rtallocate_extent_block" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 13/29] xfs: don't leak recovered attri intent items Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: don't leak recovered attri intent items" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 14/29] xfs: use xfs_defer_pending objects to recover intent items Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: use xfs_defer_pending objects to recover intent items" has been added to the 6.1-stable tree gregkh
2025-03-21 8:39 ` [PATCH 6.1 14/29] xfs: use xfs_defer_pending objects to recover intent items Fedor Pchelkin
2025-03-21 17:42 ` Leah Rumancik
2025-03-22 14:27 ` Fedor Pchelkin
2025-03-24 0:29 ` Leah Rumancik
2025-03-24 8:53 ` Fedor Pchelkin
2025-03-24 21:10 ` Leah Rumancik
2025-03-25 11:50 ` Greg Kroah-Hartman
2025-03-13 20:25 ` [PATCH 6.1 15/29] xfs: pass the xfs_defer_pending object to iop_recover Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: pass the xfs_defer_pending object to iop_recover" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 16/29] xfs: transfer recovered intent item ownership in ->iop_recover Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: transfer recovered intent item ownership in ->iop_recover" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 17/29] xfs: make rextslog computation consistent with mkfs Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: make rextslog computation consistent with mkfs" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 18/29] xfs: fix 32-bit truncation in xfs_compute_rextslog Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: fix 32-bit truncation in xfs_compute_rextslog" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 19/29] xfs: don't allow overly small or large realtime volumes Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: don't allow overly small or large realtime volumes" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 20/29] xfs: remove unused fields from struct xbtree_ifakeroot Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: remove unused fields from struct xbtree_ifakeroot" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 21/29] xfs: recompute growfsrtfree transaction reservation while growing rt volume Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: recompute growfsrtfree transaction reservation while growing rt volume" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 22/29] xfs: force all buffers to be written during btree bulk load Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: force all buffers to be written during btree bulk load" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 23/29] xfs: initialise di_crc in xfs_log_dinode Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: initialise di_crc in xfs_log_dinode" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 24/29] xfs: add lock protection when remove perag from radix tree Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: add lock protection when remove perag from radix tree" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 25/29] xfs: fix perag leak when growfs fails Leah Rumancik
2025-03-16 6:17 ` gregkh [this message]
2025-03-13 20:25 ` [PATCH 6.1 26/29] xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 27/29] xfs: update dir3 leaf block metadata after swap Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: update dir3 leaf block metadata after swap" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 28/29] xfs: reset XFS_ATTR_INCOMPLETE filter on node removal Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: reset XFS_ATTR_INCOMPLETE filter on node removal" has been added to the 6.1-stable tree gregkh
2025-03-13 20:25 ` [PATCH 6.1 29/29] xfs: remove conditional building of rt geometry validator functions Leah Rumancik
2025-03-16 6:17 ` Patch "xfs: remove conditional building of rt geometry validator functions" has been added to the 6.1-stable tree gregkh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2025031606-defy-frill-d3ef@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=catherine.hoang@oracle.com \
--cc=chandanbabu@kernel.org \
--cc=djwong@kernel.org \
--cc=leah.rumancik@gmail.com \
--cc=leo.lilong@huawei.com \
--cc=stable-commits@vger.kernel.org \
--cc=xfs-stable@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox