From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DFA11EC0; Sun, 16 Mar 2025 06:17:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742105849; cv=none; b=hrO9kW/LzLmlJAJRQlZR0q8FJX4KIo3jYFm4nyJXJlPuXPlBH+ZLo0JzUWRoL/8Lqqzzt/S3L6ToMt21TNEJXTaWNIGRLtxhry2YEpw1I9VIlm/K5Wvo4yrYBAzn/KCgRZrfY13AQRhRJH9doxTm2oEzw+5dC2HNrcpi7ev63I0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1742105849; c=relaxed/simple; bh=/5XhddNLa+ByWo4ZdlV71gmKmBEUWsGmYa2jbUgwDqg=; h=Subject:To:Cc:From:Date:In-Reply-To:Message-ID:MIME-Version: Content-Type; b=Blo6TUaMS+Nrr5osUp79jAnCPotsOqAVeE3YUFmx+20l1sKXEBwuMTSpDFifGeBCcFq6OIImen5apVtBfG040xzThKkkEHSClZEJiXQjqQ6S4NAtCP812K/d7HUc473UgQrOa0U2RPSnlJvAzsHZZM+KNmX08Y7QjXrO3f2kYHs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=foHFiWfy; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="foHFiWfy" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6697BC4CEDD; Sun, 16 Mar 2025 06:17:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1742105848; bh=/5XhddNLa+ByWo4ZdlV71gmKmBEUWsGmYa2jbUgwDqg=; h=Subject:To:Cc:From:Date:In-Reply-To:From; b=foHFiWfyEGCttgfm9zSBOcLDQDlYMJLeu/7Fp9sTW4QFWfcXlMkLU+FR8ghfmP9nQ o10pjBSAlBjhstWjeafK8bCS0tUt/mpMHnfbJ8IAZY3Xi1BV0go4GddSA2RYm2+5nK 6xKipQcMwznYSMASMJRPpRzqxhEliH4M5unZMDeM= Subject: Patch "xfs: fix perag leak when growfs fails" has been added to the 6.1-stable tree To: catherine.hoang@oracle.com,chandanbabu@kernel.org,djwong@kernel.org,gregkh@linuxfoundation.org,leah.rumancik@gmail.com,leo.lilong@huawei.com,xfs-stable@lists.linux.dev Cc: From: Date: Sun, 16 Mar 2025 07:17:06 +0100 In-Reply-To: <20250313202550.2257219-26-leah.rumancik@gmail.com> Message-ID: <2025031606-defy-frill-d3ef@gregkh> Precedence: bulk X-Mailing-List: xfs-stable@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit X-stable: commit X-Patchwork-Hint: ignore This is a note to let you know that I've just added the patch titled xfs: fix perag leak when growfs fails to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: xfs-fix-perag-leak-when-growfs-fails.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From stable+bounces-124382-greg=kroah.com@vger.kernel.org Thu Mar 13 21:26:44 2025 From: Leah Rumancik Date: Thu, 13 Mar 2025 13:25:45 -0700 Subject: xfs: fix perag leak when growfs fails To: stable@vger.kernel.org Cc: xfs-stable@lists.linux.dev, Long Li , "Darrick J. Wong" , Chandan Babu R , Catherine Hoang , Greg Kroah-Hartman , Leah Rumancik Message-ID: <20250313202550.2257219-26-leah.rumancik@gmail.com> From: Long Li [ Upstream commit 7823921887750b39d02e6b44faafdd1cc617c651 ] [ 6.1: resolved conflicts in xfs_ag.c and xfs_ag.h ] During growfs, if new ag in memory has been initialized, however sb_agcount has not been updated, if an error occurs at this time it will cause perag leaks as follows, these new AGs will not been freed during umount , because of these new AGs are not visible(that is included in mp->m_sb.sb_agcount). unreferenced object 0xffff88810be40200 (size 512): comm "xfs_growfs", pid 857, jiffies 4294909093 hex dump (first 32 bytes): 00 c0 c1 05 81 88 ff ff 04 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 381741e2): [] __kmalloc+0x386/0x4f0 [] kmem_alloc+0xb5/0x2f0 [] xfs_initialize_perag+0xc5/0x810 [] xfs_growfs_data+0x9bc/0xbc0 [] xfs_file_ioctl+0x5fe/0x14d0 [] __x64_sys_ioctl+0x144/0x1c0 [] do_syscall_64+0x3f/0xe0 [] entry_SYSCALL_64_after_hwframe+0x62/0x6a unreferenced object 0xffff88810be40800 (size 512): comm "xfs_growfs", pid 857, jiffies 4294909093 hex dump (first 32 bytes): 20 00 00 00 00 00 00 00 57 ef be dc 00 00 00 00 .......W....... 10 08 e4 0b 81 88 ff ff 10 08 e4 0b 81 88 ff ff ................ backtrace (crc bde50e2d): [] __kmalloc_node+0x3da/0x540 [] kvmalloc_node+0x99/0x160 [] bucket_table_alloc.isra.0+0x5f/0x400 [] rhashtable_init+0x405/0x760 [] xfs_initialize_perag+0x3a3/0x810 [] xfs_growfs_data+0x9bc/0xbc0 [] xfs_file_ioctl+0x5fe/0x14d0 [] __x64_sys_ioctl+0x144/0x1c0 [] do_syscall_64+0x3f/0xe0 [] entry_SYSCALL_64_after_hwframe+0x62/0x6a Factor out xfs_free_unused_perag_range() from xfs_initialize_perag(), used for freeing unused perag within a specified range in error handling, included in the error path of the growfs failure. Fixes: 1c1c6ebcf528 ("xfs: Replace per-ag array with a radix tree") Signed-off-by: Long Li Reviewed-by: "Darrick J. Wong" Signed-off-by: Chandan Babu R Signed-off-by: Catherine Hoang Acked-by: Darrick J. Wong Signed-off-by: Greg Kroah-Hartman Signed-off-by: Leah Rumancik Acked-by: "Darrick J. Wong" Signed-off-by: Greg Kroah-Hartman --- fs/xfs/libxfs/xfs_ag.c | 34 +++++++++++++++++++++++++--------- fs/xfs/libxfs/xfs_ag.h | 3 +++ fs/xfs/xfs_fsops.c | 5 ++++- 3 files changed, 32 insertions(+), 10 deletions(-) --- a/fs/xfs/libxfs/xfs_ag.c +++ b/fs/xfs/libxfs/xfs_ag.c @@ -259,6 +259,30 @@ xfs_agino_range( return __xfs_agino_range(mp, xfs_ag_block_count(mp, agno), first, last); } +/* + * Free perag within the specified AG range, it is only used to free unused + * perags under the error handling path. + */ +void +xfs_free_unused_perag_range( + struct xfs_mount *mp, + xfs_agnumber_t agstart, + xfs_agnumber_t agend) +{ + struct xfs_perag *pag; + xfs_agnumber_t index; + + for (index = agstart; index < agend; index++) { + spin_lock(&mp->m_perag_lock); + pag = radix_tree_delete(&mp->m_perag_tree, index); + spin_unlock(&mp->m_perag_lock); + if (!pag) + break; + xfs_buf_hash_destroy(pag); + kmem_free(pag); + } +} + int xfs_initialize_perag( struct xfs_mount *mp, @@ -352,15 +376,7 @@ out_free_pag: kmem_free(pag); out_unwind_new_pags: /* unwind any prior newly initialized pags */ - for (index = first_initialised; index < agcount; index++) { - spin_lock(&mp->m_perag_lock); - pag = radix_tree_delete(&mp->m_perag_tree, index); - spin_unlock(&mp->m_perag_lock); - if (!pag) - break; - xfs_buf_hash_destroy(pag); - kmem_free(pag); - } + xfs_free_unused_perag_range(mp, first_initialised, agcount); return error; } --- a/fs/xfs/libxfs/xfs_ag.h +++ b/fs/xfs/libxfs/xfs_ag.h @@ -106,6 +106,9 @@ struct xfs_perag { #endif /* __KERNEL__ */ }; + +void xfs_free_unused_perag_range(struct xfs_mount *mp, xfs_agnumber_t agstart, + xfs_agnumber_t agend); int xfs_initialize_perag(struct xfs_mount *mp, xfs_agnumber_t agcount, xfs_rfsblock_t dcount, xfs_agnumber_t *maxagi); int xfs_initialize_perag_data(struct xfs_mount *mp, xfs_agnumber_t agno); --- a/fs/xfs/xfs_fsops.c +++ b/fs/xfs/xfs_fsops.c @@ -153,7 +153,7 @@ xfs_growfs_data_private( (delta > 0 ? XFS_GROWFS_SPACE_RES(mp) : -delta), 0, XFS_TRANS_RESERVE, &tp); if (error) - return error; + goto out_free_unused_perag; last_pag = xfs_perag_get(mp, oagcount - 1); if (delta > 0) { @@ -227,6 +227,9 @@ xfs_growfs_data_private( out_trans_cancel: xfs_trans_cancel(tp); +out_free_unused_perag: + if (nagcount > oagcount) + xfs_free_unused_perag_range(mp, oagcount, nagcount); return error; } Patches currently in stable-queue which might be from leah.rumancik@gmail.com are queue-6.1/xfs-fix-confusing-xfs_extent_item-variable-names.patch queue-6.1/xfs-fix-32-bit-truncation-in-xfs_compute_rextslog.patch queue-6.1/xfs-transfer-recovered-intent-item-ownership-in-iop_recover.patch queue-6.1/xfs-initialise-di_crc-in-xfs_log_dinode.patch queue-6.1/xfs-consider-minlen-sized-extents-in-xfs_rtallocate_extent_block.patch queue-6.1/xfs-don-t-leak-recovered-attri-intent-items.patch queue-6.1/xfs-remove-unused-fields-from-struct-xbtree_ifakeroot.patch queue-6.1/xfs-fix-bounds-check-in-xfs_defer_agfl_block.patch queue-6.1/xfs-ensure-logflagsp-is-initialized-in-xfs_bmap_del_extent_real.patch queue-6.1/xfs-convert-rt-bitmap-extent-lengths-to-xfs_rtbxlen_t.patch queue-6.1/xfs-pass-refcount-intent-directly-through-the-log-intent-code.patch queue-6.1/xfs-fix-perag-leak-when-growfs-fails.patch queue-6.1/xfs-pass-the-xfs_defer_pending-object-to-iop_recover.patch queue-6.1/xfs-update-dir3-leaf-block-metadata-after-swap.patch queue-6.1/xfs-use-deferred-frees-for-btree-block-freeing.patch queue-6.1/xfs-make-rextslog-computation-consistent-with-mkfs.patch queue-6.1/xfs-pass-xfs_extent_free_item-directly-through-the-log-intent-code.patch queue-6.1/xfs-move-the-xfs_rtbitmap.c-declarations-to-xfs_rtbitmap.h.patch queue-6.1/xfs-recompute-growfsrtfree-transaction-reservation-while-growing-rt-volume.patch queue-6.1/xfs-reserve-less-log-space-when-recovering-log-intent-items.patch queue-6.1/xfs-pass-the-xfs_bmbt_irec-directly-through-the-log-intent-code.patch queue-6.1/xfs-force-all-buffers-to-be-written-during-btree-bulk-load.patch queue-6.1/xfs-reset-xfs_attr_incomplete-filter-on-node-removal.patch queue-6.1/xfs-add-lock-protection-when-remove-perag-from-radix-tree.patch queue-6.1/xfs-use-xfs_defer_pending-objects-to-recover-intent-items.patch queue-6.1/xfs-pass-per-ag-references-to-xfs_free_extent.patch queue-6.1/xfs-validate-block-number-being-freed-before-adding-to-xefi.patch queue-6.1/xfs-don-t-allow-overly-small-or-large-realtime-volumes.patch queue-6.1/xfs-remove-conditional-building-of-rt-geometry-validator-functions.patch