From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Qu Wenruo <wqu@suse.com>,
Johannes Thumshirn <johannes.thumshirn@wdc.com>,
David Sterba <dsterba@suse.com>
Subject: [PATCH 4.19 045/103] btrfs: fix memory leak in qgroup accounting
Date: Wed, 22 Jan 2020 10:29:01 +0100 [thread overview]
Message-ID: <20200122092810.614009389@linuxfoundation.org> (raw)
In-Reply-To: <20200122092803.587683021@linuxfoundation.org>
From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
commit 26ef8493e1ab771cb01d27defca2fa1315dc3980 upstream.
When running xfstests on the current btrfs I get the following splat from
kmemleak:
unreferenced object 0xffff88821b2404e0 (size 32):
comm "kworker/u4:7", pid 26663, jiffies 4295283698 (age 8.776s)
hex dump (first 32 bytes):
01 00 00 00 00 00 00 00 10 ff fd 26 82 88 ff ff ...........&....
10 ff fd 26 82 88 ff ff 20 ff fd 26 82 88 ff ff ...&.... ..&....
backtrace:
[<00000000f94fd43f>] ulist_alloc+0x25/0x60 [btrfs]
[<00000000fd023d99>] btrfs_find_all_roots_safe+0x41/0x100 [btrfs]
[<000000008f17bd32>] btrfs_find_all_roots+0x52/0x70 [btrfs]
[<00000000b7660afb>] btrfs_qgroup_rescan_worker+0x343/0x680 [btrfs]
[<0000000058e66778>] btrfs_work_helper+0xac/0x1e0 [btrfs]
[<00000000f0188930>] process_one_work+0x1cf/0x350
[<00000000af5f2f8e>] worker_thread+0x28/0x3c0
[<00000000b55a1add>] kthread+0x109/0x120
[<00000000f88cbd17>] ret_from_fork+0x35/0x40
This corresponds to:
(gdb) l *(btrfs_find_all_roots_safe+0x41)
0x8d7e1 is in btrfs_find_all_roots_safe (fs/btrfs/backref.c:1413).
1408
1409 tmp = ulist_alloc(GFP_NOFS);
1410 if (!tmp)
1411 return -ENOMEM;
1412 *roots = ulist_alloc(GFP_NOFS);
1413 if (!*roots) {
1414 ulist_free(tmp);
1415 return -ENOMEM;
1416 }
1417
Following the lifetime of the allocated 'roots' ulist, it gets freed
again in btrfs_qgroup_account_extent().
But this does not happen if the function is called with the
'BTRFS_FS_QUOTA_ENABLED' flag cleared, then btrfs_qgroup_account_extent()
does a short leave and directly returns.
Instead of directly returning we should jump to the 'out_free' in order to
free all resources as expected.
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
[ add comment ]
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/qgroup.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -2055,8 +2055,12 @@ int btrfs_qgroup_account_extent(struct b
u64 nr_old_roots = 0;
int ret = 0;
+ /*
+ * If quotas get disabled meanwhile, the resouces need to be freed and
+ * we can't just exit here.
+ */
if (!test_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags))
- return 0;
+ goto out_free;
if (new_roots) {
if (!maybe_fs_roots(new_roots))
next prev parent reply other threads:[~2020-01-22 9:47 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-22 9:28 [PATCH 4.19 000/103] 4.19.98-stable review Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 001/103] ARM: dts: meson8: fix the size of the PMU registers Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 002/103] clk: qcom: gcc-sdm845: Add missing flag to votable GDSCs Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 003/103] dt-bindings: reset: meson8b: fix duplicate reset IDs Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 004/103] ARM: dts: imx6q-dhcom: fix rtc compatible Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 005/103] clk: Dont try to enable critical clocks if prepare failed Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 006/103] ASoC: msm8916-wcd-digital: Reset RX interpolation path after use Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 007/103] iio: buffer: align the size of scan bytes to size of the largest element Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 008/103] USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 009/103] USB: serial: option: Add support for Quectel RM500Q Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 010/103] USB: serial: opticon: fix control-message timeouts Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 011/103] USB: serial: option: add support for Quectel RM500Q in QDL mode Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 012/103] USB: serial: suppress driver bind attributes Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 013/103] USB: serial: ch341: handle unbound port at reset_resume Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 014/103] USB: serial: io_edgeport: handle unbound ports on URB completion Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 015/103] USB: serial: io_edgeport: add missing active-port sanity check Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 016/103] USB: serial: keyspan: handle unbound ports Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 017/103] USB: serial: quatech2: " Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 018/103] scsi: fnic: fix invalid stack access Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 019/103] scsi: mptfusion: Fix double fetch bug in ioctl Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 020/103] ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 021/103] ASoC: msm8916-wcd-analog: Fix MIC BIAS Internal1 Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 022/103] ARM: dts: imx6q-dhcom: Fix SGTL5000 VDDIO regulator connection Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 023/103] ALSA: dice: fix fallback from protocol extension into limited functionality Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 024/103] ALSA: seq: Fix racy access for queue timer in proc read Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 025/103] ALSA: usb-audio: fix sync-ep altsetting sanity check Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 026/103] arm64: dts: allwinner: a64: olinuxino: Fix SDIO supply regulator Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 027/103] Fix built-in early-load Intel microcode alignment Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 028/103] block: fix an integer overflow in logical block size Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 029/103] ARM: dts: am571x-idk: Fix gpios property to have the correct gpio number Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 030/103] LSM: generalize flag passing to security_capable Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 031/103] ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 032/103] usb: core: hub: Improved device recognition on remote wakeup Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 033/103] x86/resctrl: Fix an imbalance in domain_remove_cpu() Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 034/103] x86/CPU/AMD: Ensure clearing of SME/SEV features is maintained Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 035/103] x86/efistub: Disable paging at mixed mode entry Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 036/103] drm/i915: Add missing include file <linux/math64.h> Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 037/103] x86/resctrl: Fix potential memory leak Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 038/103] perf hists: Fix variable names inconsistency in hists__for_each() macro Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 039/103] perf report: Fix incorrectly added dimensions as switch perf data file Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 040/103] mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD alignment Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 041/103] mm: memcg/slab: call flush_memcg_workqueue() only if memcg workqueue is valid Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 042/103] btrfs: rework arguments of btrfs_unlink_subvol Greg Kroah-Hartman
2020-01-22 9:28 ` [PATCH 4.19 043/103] btrfs: fix invalid removal of root ref Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 044/103] btrfs: do not delete mismatched root refs Greg Kroah-Hartman
2020-01-22 9:29 ` Greg Kroah-Hartman [this message]
2020-01-22 9:29 ` [PATCH 4.19 046/103] mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 047/103] ARM: dts: imx6qdl: Add Engicam i.Core 1.5 MX6 Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 048/103] ARM: dts: imx6q-icore-mipi: Use 1.5 version of i.Core MX6DL Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 049/103] ARM: dts: imx7: Fix Toradex Colibri iMX7S 256MB NAND flash support Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 050/103] net: stmmac: 16KB buffer must be 16 byte aligned Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 051/103] net: stmmac: Enable 16KB buffer size Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 052/103] mm/huge_memory.c: make __thp_get_unmapped_area static Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 053/103] mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD alignment Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 054/103] arm64: dts: agilex/stratix10: fix pmu interrupt numbers Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 055/103] bpf: Fix incorrect verifier simulation of ARSH under ALU32 Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 056/103] cfg80211: fix deadlocks in autodisconnect work Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 057/103] cfg80211: fix memory leak in cfg80211_cqm_rssi_update Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 058/103] cfg80211: fix page refcount issue in A-MSDU decap Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 059/103] netfilter: fix a use-after-free in mtype_destroy() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 060/103] netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 061/103] netfilter: nft_tunnel: fix null-attribute check Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 062/103] netfilter: nf_tables: remove WARN and add NLA_STRING upper limits Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 063/103] netfilter: nf_tables: store transaction list locally while requesting module Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 064/103] netfilter: nf_tables: fix flowtable list del corruption Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 065/103] NFC: pn533: fix bulk-message timeout Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 066/103] batman-adv: Fix DAT candidate selection on little endian systems Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 067/103] macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 068/103] hv_netvsc: Fix memory leak when removing rndis device Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 069/103] net: dsa: tag_qca: fix doubled Tx statistics Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 070/103] net: hns: fix soft lockup when there is not enough memory Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 071/103] net: usb: lan78xx: limit size of local TSO packets Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 072/103] net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 073/103] ptp: free ptp device pin descriptors properly Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 074/103] r8152: add missing endpoint sanity check Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 075/103] tcp: fix marked lost packets not being retransmitted Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 076/103] sh_eth: check sh_eth_cpu_data::dual_port when dumping registers Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 077/103] mlxsw: spectrum: Wipe xstats.backlog of down ports Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 078/103] mlxsw: spectrum_qdisc: Include MC TCs in Qdisc counters Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 079/103] xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 080/103] tcp: refine rule to allow EPOLLOUT generation under mem pressure Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 081/103] irqchip: Place CONFIG_SIFIVE_PLIC into the menu Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 082/103] cw1200: Fix a signedness bug in cw1200_load_firmware() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 083/103] arm64: dts: meson-gxl-s905x-khadas-vim: fix gpio-keys-polled node Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 084/103] cfg80211: check for set_wiphy_params Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 085/103] tick/sched: Annotate lockless access to last_jiffies_update Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 086/103] arm64: dts: marvell: Fix CP110 NAND controller node multi-line comment alignment Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 087/103] Revert "arm64: dts: juno: add dma-ranges property" Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 088/103] mtd: devices: fix mchp23k256 read and write Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 089/103] drm/nouveau/bar/nv50: check bar1 vmm return value Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 090/103] drm/nouveau/bar/gf100: ensure BAR is mapped Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 091/103] drm/nouveau/mmu: qualify vmm during dtor Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 092/103] reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 093/103] scsi: esas2r: unlock on error in esas2r_nvram_read_direct() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 094/103] scsi: qla4xxx: fix double free bug Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 095/103] scsi: bnx2i: fix potential use after free Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 096/103] scsi: target: core: Fix a pr_debug() argument Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 097/103] scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 098/103] scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 099/103] scsi: core: scsi_trace: Use get_unaligned_be*() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 100/103] perf probe: Fix wrong address verification Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 101/103] clk: sprd: Use IS_ERR() to validate the return value of syscon_regmap_lookup_by_phandle() Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 102/103] regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id Greg Kroah-Hartman
2020-01-22 9:29 ` [PATCH 4.19 103/103] hwmon: (pmbus/ibm-cffps) Switch LEDs to blocking brightness call Greg Kroah-Hartman
2020-01-22 14:58 ` [PATCH 4.19 000/103] 4.19.98-stable review Jon Hunter
2020-01-22 17:03 ` Naresh Kamboju
2020-01-22 19:00 ` Guenter Roeck
2020-01-22 20:53 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200122092810.614009389@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dsterba@suse.com \
--cc=johannes.thumshirn@wdc.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=wqu@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).