* [PATCH linux-4.19.y] VFS: Fix fuseblk memory leak caused by mount concurrency
@ 2021-10-13 4:01 ChenXiaoSong
2021-10-13 8:33 ` chenxiaosong (A)
0 siblings, 1 reply; 2+ messages in thread
From: ChenXiaoSong @ 2021-10-13 4:01 UTC (permalink / raw)
To: viro, stable, gregkh
Cc: linux-fsdevel, linux-kernel, dhowells, yukuai3, yi.zhang, chenxiaosong2
If two processes mount same superblock, memory leak occurs:
CPU0 | CPU1
do_new_mount | do_new_mount
fs_set_subtype | fs_set_subtype
kstrdup |
| kstrdup
memrory leak |
Fix this by moving fs_set_subtype to mount_fs before up_write(&sb->s_umount).
Linus's tree already have refactoring patchset [1], one of them can fix this bug:
c30da2e981a7 (fuse: convert to use the new mount API)
Since we did not merge the refactoring patchset in this branch, I create this patch.
[1] https://patchwork.kernel.org/project/linux-fsdevel/patch/20190903113640.7984-3-mszeredi@redhat.com/
Fixes: 9d412a43c3b2 (vfs: split off vfsmount-related parts of vfs_kern_mount())
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>
---
fs/namespace.c | 26 --------------------------
fs/super.c | 30 ++++++++++++++++++++++++++++++
2 files changed, 30 insertions(+), 26 deletions(-)
diff --git a/fs/namespace.c b/fs/namespace.c
index 2f3c6a0350a8..556fdd3b6a4e 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2402,29 +2402,6 @@ static int do_move_mount(struct path *path, const char *old_name)
return err;
}
-static struct vfsmount *fs_set_subtype(struct vfsmount *mnt, const char *fstype)
-{
- int err;
- const char *subtype = strchr(fstype, '.');
- if (subtype) {
- subtype++;
- err = -EINVAL;
- if (!subtype[0])
- goto err;
- } else
- subtype = "";
-
- mnt->mnt_sb->s_subtype = kstrdup(subtype, GFP_KERNEL);
- err = -ENOMEM;
- if (!mnt->mnt_sb->s_subtype)
- goto err;
- return mnt;
-
- err:
- mntput(mnt);
- return ERR_PTR(err);
-}
-
/*
* add a mount into a namespace's mount tree
*/
@@ -2490,9 +2467,6 @@ static int do_new_mount(struct path *path, const char *fstype, int sb_flags,
return -ENODEV;
mnt = vfs_kern_mount(type, sb_flags, name, data);
- if (!IS_ERR(mnt) && (type->fs_flags & FS_HAS_SUBTYPE) &&
- !mnt->mnt_sb->s_subtype)
- mnt = fs_set_subtype(mnt, fstype);
put_filesystem(type);
if (IS_ERR(mnt))
diff --git a/fs/super.c b/fs/super.c
index 9fb4553c46e6..b181878753bb 100644
--- a/fs/super.c
+++ b/fs/super.c
@@ -1240,6 +1240,30 @@ struct dentry *mount_single(struct file_system_type *fs_type,
}
EXPORT_SYMBOL(mount_single);
+static int fs_set_subtype(struct super_block *sb)
+{
+ int err;
+ const char *fstype = sb->s_type->name;
+ const char *subtype = strchr(fstype, '.');
+ if (subtype) {
+ subtype++;
+ err = -EINVAL;
+ if (!subtype[0])
+ goto err;
+ } else {
+ subtype = "";
+ }
+
+ sb->s_subtype = kstrdup(subtype, GFP_KERNEL);
+ err = -ENOMEM;
+ if (!sb->s_subtype)
+ goto err;
+ return 0;
+
+err:
+ return err;
+}
+
struct dentry *
mount_fs(struct file_system_type *type, int flags, const char *name, void *data)
{
@@ -1289,6 +1313,12 @@ mount_fs(struct file_system_type *type, int flags, const char *name, void *data)
WARN((sb->s_maxbytes < 0), "%s set sb->s_maxbytes to "
"negative value (%lld)\n", type->name, sb->s_maxbytes);
+ if ((sb->s_type->fs_flags & FS_HAS_SUBTYPE) && !sb->s_subtype) {
+ error = fs_set_subtype(sb);
+ if (error)
+ goto out_sb;
+ }
+
up_write(&sb->s_umount);
free_secdata(secdata);
return root;
--
2.25.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH linux-4.19.y] VFS: Fix fuseblk memory leak caused by mount concurrency
2021-10-13 4:01 [PATCH linux-4.19.y] VFS: Fix fuseblk memory leak caused by mount concurrency ChenXiaoSong
@ 2021-10-13 8:33 ` chenxiaosong (A)
0 siblings, 0 replies; 2+ messages in thread
From: chenxiaosong (A) @ 2021-10-13 8:33 UTC (permalink / raw)
To: viro, stable, gregkh
Cc: linux-fsdevel, linux-kernel, dhowells, yukuai3, yi.zhang
Please ignore this patch.
在 2021/10/13 12:01, ChenXiaoSong 写道:
> If two processes mount same superblock, memory leak occurs:
>
> CPU0 | CPU1
> do_new_mount | do_new_mount
> fs_set_subtype | fs_set_subtype
> kstrdup |
> | kstrdup
> memrory leak |
>
> Fix this by moving fs_set_subtype to mount_fs before up_write(&sb->s_umount).
>
> Linus's tree already have refactoring patchset [1], one of them can fix this bug:
> c30da2e981a7 (fuse: convert to use the new mount API)
>
> Since we did not merge the refactoring patchset in this branch, I create this patch.
>
> [1] https://patchwork.kernel.org/project/linux-fsdevel/patch/20190903113640.7984-3-mszeredi@redhat.com/
>
> Fixes: 9d412a43c3b2 (vfs: split off vfsmount-related parts of vfs_kern_mount())
> Cc: David Howells <dhowells@redhat.com>
> Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>
> ---
> fs/namespace.c | 26 --------------------------
> fs/super.c | 30 ++++++++++++++++++++++++++++++
> 2 files changed, 30 insertions(+), 26 deletions(-)
>
> diff --git a/fs/namespace.c b/fs/namespace.c
> index 2f3c6a0350a8..556fdd3b6a4e 100644
> --- a/fs/namespace.c
> +++ b/fs/namespace.c
> @@ -2402,29 +2402,6 @@ static int do_move_mount(struct path *path, const char *old_name)
> return err;
> }
>
> -static struct vfsmount *fs_set_subtype(struct vfsmount *mnt, const char *fstype)
> -{
> - int err;
> - const char *subtype = strchr(fstype, '.');
> - if (subtype) {
> - subtype++;
> - err = -EINVAL;
> - if (!subtype[0])
> - goto err;
> - } else
> - subtype = "";
> -
> - mnt->mnt_sb->s_subtype = kstrdup(subtype, GFP_KERNEL);
> - err = -ENOMEM;
> - if (!mnt->mnt_sb->s_subtype)
> - goto err;
> - return mnt;
> -
> - err:
> - mntput(mnt);
> - return ERR_PTR(err);
> -}
> -
> /*
> * add a mount into a namespace's mount tree
> */
> @@ -2490,9 +2467,6 @@ static int do_new_mount(struct path *path, const char *fstype, int sb_flags,
> return -ENODEV;
>
> mnt = vfs_kern_mount(type, sb_flags, name, data);
> - if (!IS_ERR(mnt) && (type->fs_flags & FS_HAS_SUBTYPE) &&
> - !mnt->mnt_sb->s_subtype)
> - mnt = fs_set_subtype(mnt, fstype);
>
> put_filesystem(type);
> if (IS_ERR(mnt))
> diff --git a/fs/super.c b/fs/super.c
> index 9fb4553c46e6..b181878753bb 100644
> --- a/fs/super.c
> +++ b/fs/super.c
> @@ -1240,6 +1240,30 @@ struct dentry *mount_single(struct file_system_type *fs_type,
> }
> EXPORT_SYMBOL(mount_single);
>
> +static int fs_set_subtype(struct super_block *sb)
> +{
> + int err;
> + const char *fstype = sb->s_type->name;
> + const char *subtype = strchr(fstype, '.');
> + if (subtype) {
> + subtype++;
> + err = -EINVAL;
> + if (!subtype[0])
> + goto err;
> + } else {
> + subtype = "";
> + }
> +
> + sb->s_subtype = kstrdup(subtype, GFP_KERNEL);
> + err = -ENOMEM;
> + if (!sb->s_subtype)
> + goto err;
> + return 0;
> +
> +err:
> + return err;
> +}
> +
> struct dentry *
> mount_fs(struct file_system_type *type, int flags, const char *name, void *data)
> {
> @@ -1289,6 +1313,12 @@ mount_fs(struct file_system_type *type, int flags, const char *name, void *data)
> WARN((sb->s_maxbytes < 0), "%s set sb->s_maxbytes to "
> "negative value (%lld)\n", type->name, sb->s_maxbytes);
>
> + if ((sb->s_type->fs_flags & FS_HAS_SUBTYPE) && !sb->s_subtype) {
> + error = fs_set_subtype(sb);
> + if (error)
> + goto out_sb;
> + }
> +
> up_write(&sb->s_umount);
> free_secdata(secdata);
> return root;
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-10-13 8:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-13 4:01 [PATCH linux-4.19.y] VFS: Fix fuseblk memory leak caused by mount concurrency ChenXiaoSong
2021-10-13 8:33 ` chenxiaosong (A)
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.