Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9047355pxu; Mon, 28 Dec 2020 05:21:15 -0800 (PST) X-Google-Smtp-Source: ABdhPJzme0UgzMgVk4ZeQtDfsauWWp8NnGWItuwB1irFxXPfuQENp8qHQeybw2SLHvdZSGrcr0sJ X-Received: by 2002:aa7:cf04:: with SMTP id a4mr42304615edy.99.1609161675669; Mon, 28 Dec 2020 05:21:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609161675; cv=none; d=google.com; s=arc-20160816; b=br8d+UJeqi5zuY3gyZn12RRXPXqGLasYsE2JStls2XsWTX2x+tEuuDDOXAn0w37pdP e+acJduTkOtYiaYkMEvkaM9bQmSistzmT1WxffZnvU2RVko6zjinzSuUYPrzDnSwyZEe onedEUJ467ye+bM1SjElvwhtqcWZlOjhVgja5e1qUqyV7wIQa6pucypFBuq5SPk8+7QS DlUNAnZWJyX2T5tPno2kF60mrz7ntEsLFQSCPNj0n8aKfZ7HfVPPMcc2xA4YSkokvVsc VfttwxGk0Hc2pOPezc11V6sy5UUKKOOk/PbtT7VL4IR4gQ6kAENZfDyFMoW/ZwgCMxNo gWAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=J1rDl1yWTu9M7qcDLHqNv9JbccynYVz0AW6OpZOsrxA=; b=T+gNG52nEOMXuw43a+KTM9W1Y/lqlHrweeI2/2AVNKxwWntoKQNip8haOkTkfme+l0 rpDpG6Rh6M3qxtjYM5J7ep9RdZw8b2wVOAQs/qLlu7Ohnku/8bf9xSSGsuYVQCGOIEMY ZdXwtMOQQves7k2JMdCzdL5+OIIu3SW0COTuPV97COl4Y+auAh1MiWNyeztz5mvbjj1/ rozA7en/vPlWj5ghGKTZy47sAS2z9Kta2gtdCGQeCxew0ezQQvoORgg1fttepq7ELKEI cprrF99gvv/N5zkTCyFyns3wIJXXmIBnylk20bxRt0GVTvLKQUq1YhkglB5WFIIgnA6j rrEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=zcBPz4QH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j22si19697736edh.496.2020.12.28.05.20.53; Mon, 28 Dec 2020 05:21:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=zcBPz4QH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387540AbgL1NSu (ORCPT + 99 others); Mon, 28 Dec 2020 08:18:50 -0500 Received: from mail.kernel.org ([198.145.29.99]:47074 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731163AbgL1NSr (ORCPT ); Mon, 28 Dec 2020 08:18:47 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id F309120728; Mon, 28 Dec 2020 13:18:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1609161511; bh=xCzLdZIJGpDeYRSRaM9qH/0dI37zodJo6aRBYCqnnmg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zcBPz4QH1RQyyxdet07d1QBTYOA1DgxdmCka/eOJdsi2TsxtsQMlYcEwT377L749h UqKZsVt/oJ2jJENZFGjhDTUV/WFLtWlBU90pFenN624cxDcGkR9v7jIj/NzYRp9OKz JgK4ynVzVSNOetSvRSCov347FltE7FMRE7iSef+Q= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Chunguang Xu , Theodore Tso , stable@kernel.org Subject: [PATCH 4.14 208/242] ext4: fix a memory leak of ext4_free_data Date: Mon, 28 Dec 2020 13:50:13 +0100 Message-Id: <20201228124914.915132835@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201228124904.654293249@linuxfoundation.org> References: <20201228124904.654293249@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Chunguang Xu commit cca415537244f6102cbb09b5b90db6ae2c953bdd upstream. When freeing metadata, we will create an ext4_free_data and insert it into the pending free list. After the current transaction is committed, the object will be freed. ext4_mb_free_metadata() will check whether the area to be freed overlaps with the pending free list. If true, return directly. At this time, ext4_free_data is leaked. Fortunately, the probability of this problem is small, since it only occurs if the file system is corrupted such that a block is claimed by more one inode and those inodes are deleted within a single jbd2 transaction. Signed-off-by: Chunguang Xu Link: https://lore.kernel.org/r/1604764698-4269-8-git-send-email-brookxu@tencent.com Signed-off-by: Theodore Ts'o Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman --- fs/ext4/mballoc.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -4718,6 +4718,7 @@ ext4_mb_free_metadata(handle_t *handle, ext4_group_first_block_no(sb, group) + EXT4_C2B(sbi, cluster), "Block already on to-be-freed list"); + kmem_cache_free(ext4_free_data_cachep, new_entry); return 0; } }