Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9177893pxu; Mon, 28 Dec 2020 08:30:59 -0800 (PST) X-Google-Smtp-Source: ABdhPJyZHBkxJheWklnFAwCSUOj5581OUC8UYIfjjGM6yeNXzyb+WlprTzSJFpHBXuG3nxIECdxG X-Received: by 2002:a17:907:3e23:: with SMTP id hp35mr42665442ejc.254.1609173059283; Mon, 28 Dec 2020 08:30:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609173059; cv=none; d=google.com; s=arc-20160816; b=CcbTHrb7e1Op6bE+Rwota47/XLQDyvcda7uxOJCveCnY4lfU1a1LBOvcbrh3kKsrce 9qLIuvyvH9VytBJNa4Blay0ZEdRIZhdM9pCSzL0IDHx6fS4syfY1+IJ1klBrPhrdTDxV vgQ5rbXLBVNgtER097c8zZVov/Cwo1Zokc7LO+SFTOhCjW8gDSNnfrzp9FBNTXct8xpK 0N0leM43LRq15mM+DCQf8DD2TLm4jiING0cPKotZm8jx24uK3cXGEa1l+1XlVu7OCrLc oionwc44nmCH/WJcV7TrZHlZWQHdZevjcev10eHF5oJJUL8CL86Z7qSggpv0jRjy2Ekg EoAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=f1humYqdHmJDWs59N6eCauN1B3qY/QlerMMUBMl7MWQ=; b=HvLgF4W6sKDirWgkmlkgx9bGjriDkzGMxpgQlOvoqNHcQ1/GPdo1zDyysO9Y3s/3qE kE8EjvEROuzoa2XAqR5fvclqsFl5Lg5V1ZutIKFi5EMN4snSbf7AYe9/kg9lq5z8jySg dQMNw9YD7FF9Atwe4gL6+IwJTq1Pd4fADl3+sk5KXLCkHJ9N/VaUlb786u8VRjPkmIvW WjAXBg0ilLQ4U2EOVwOtdOHO8F9BfaxKGQJFDDcB60ATfId0WMfvMmaoZZTjcSihBlXF Y1pGcPiU78kyAFhbzv1M8EKE0MRE3tzu19EccBEjODjEMVaakNqTegj52rMgpXcprtVv iSJw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=LWteKYCG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c11si19999960edu.341.2020.12.28.08.30.37; Mon, 28 Dec 2020 08:30:59 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=LWteKYCG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2633524AbgL1Q2Z (ORCPT + 99 others); Mon, 28 Dec 2020 11:28:25 -0500 Received: from mail.kernel.org ([198.145.29.99]:35072 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730788AbgL1NH2 (ORCPT ); Mon, 28 Dec 2020 08:07:28 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 302AA22583; Mon, 28 Dec 2020 13:06:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1609160807; bh=WqeBf+0gRV4f9nEONl65QhiqwZ98zrNRUDdjurFhngc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LWteKYCGGvN5H7TnRRdkqIbl1jys8jH5Iyh7JWPqyYNrRpacjt/J0ZElNpxhWmXjA JasD4Aqmn/T9QK1jj3fktZXHQuS40o6ve9lCFYEVf8f+f1PCuPcNkgbOPPOmZZ5jh8 HA3188ldu4xWd60VK0Rr+5wgIchvDy2lc6c9FBoI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Chunguang Xu , Theodore Tso , stable@kernel.org Subject: [PATCH 4.9 155/175] ext4: fix a memory leak of ext4_free_data Date: Mon, 28 Dec 2020 13:50:08 +0100 Message-Id: <20201228124900.762235727@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201228124853.216621466@linuxfoundation.org> References: <20201228124853.216621466@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Chunguang Xu commit cca415537244f6102cbb09b5b90db6ae2c953bdd upstream. When freeing metadata, we will create an ext4_free_data and insert it into the pending free list. After the current transaction is committed, the object will be freed. ext4_mb_free_metadata() will check whether the area to be freed overlaps with the pending free list. If true, return directly. At this time, ext4_free_data is leaked. Fortunately, the probability of this problem is small, since it only occurs if the file system is corrupted such that a block is claimed by more one inode and those inodes are deleted within a single jbd2 transaction. Signed-off-by: Chunguang Xu Link: https://lore.kernel.org/r/1604764698-4269-8-git-send-email-brookxu@tencent.com Signed-off-by: Theodore Ts'o Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman --- fs/ext4/mballoc.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -4650,6 +4650,7 @@ ext4_mb_free_metadata(handle_t *handle, ext4_group_first_block_no(sb, group) + EXT4_C2B(sbi, cluster), "Block already on to-be-freed list"); + kmem_cache_free(ext4_free_data_cachep, new_entry); return 0; } }