Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9409539pxu; Mon, 28 Dec 2020 15:33:43 -0800 (PST) X-Google-Smtp-Source: ABdhPJyLjudls1LZRuBL6DX7WhMpz7OdPrLjc0Y8J7KZ3alHJ/wQxpNBaUd0qG2k+EAkwsdelA3X X-Received: by 2002:a17:906:81d6:: with SMTP id e22mr44222921ejx.476.1609198423221; Mon, 28 Dec 2020 15:33:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609198423; cv=none; d=google.com; s=arc-20160816; b=ZwW3VgHw7o5yyddbxiIk3h0Dvkt3F2cnOBfCVpNSCsgnjrDX/TGSYHKNGAZYJ/+sHC aWCHRf4jecAn5cBOKg4IsvFcbX7qPwbKjPv3pcM8x7IeVUk3ufuaoAOUBzVEjF/g1Wxp /ETEvqfK/qjDWbk9qrZl1UI9S9y77hiEI+uxUsEGmjis9IgJnLKjJSCvVp1N2glo9IRJ czh5bfGrKSlDdy44U+IFiTyfCX6m4G38r4JeiVOqFvn+JJcm9rPniDXci6k8PcbMdhuX 0p7D+aApGbGl9g7dJJz7UrwtlX+Qcj50Qu2LBabWxBPcl+ntBdQrW1KFijlV1bv5zNg6 yn4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=TkTP2fHRsJCrs8SzPLgbIRb2fCO5u0SGrZ0Q1yy1eqY=; b=NHqneDKwuIPeErSyQjVYXB/xuY5M0OEQ2Z2kqxNdijtHo5S+iwEwZSe485u4Dy92JG 9GcZ5GdAN+BblWyKdZukWoE1pWylNzSJWpF3u1/v2yLhxs7mer/4anbhE6jVf/P7LTzA f+GeoA21WPYki6+6gUWbm+fJoyDZDJPpkwisWTodD8qn9ncNNaImkkihSMfmuRV1oS06 IJQZyo8Yud6aShRzUbdgRhclPnJ/A1FfEp6th65BAwvapzl0ECd8Vcsh/dFxoBWQZXyD Qtin1zQq4F1b5rr2bgu+atGv1UdetaUHaijPDbpg7Lf6cMrkQ9BS3f6nowbu09f7OwHc tHzg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Heer65OA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 88si21051433edr.151.2020.12.28.15.33.21; Mon, 28 Dec 2020 15:33:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Heer65OA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2502340AbgL1O1i (ORCPT + 99 others); Mon, 28 Dec 2020 09:27:38 -0500 Received: from mail.kernel.org ([198.145.29.99]:34320 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2503935AbgL1O1A (ORCPT ); Mon, 28 Dec 2020 09:27:00 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 0C5FE207B2; Mon, 28 Dec 2020 14:26:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1609165605; bh=XmOpnECry1YS+uxU0Q2msMB5AQI+nTVWso2eaeqKG6w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Heer65OA4436+AFNa+cEy57XGQgN+36YqfWqPMG0zENZXZ7tX0hzNtffx9JxdQLPT m4WSVrdURN+mAkxqWfIRxoB8ZltPhaJ3oyy9mDmqQ8n/lo64nmuJEHeRibAeD1iohm wwYefeBBOjtI5RT7wlC/XG0CJ2afIFUOKXy+W74w= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Chunguang Xu , Theodore Tso , stable@kernel.org Subject: [PATCH 5.10 591/717] ext4: fix a memory leak of ext4_free_data Date: Mon, 28 Dec 2020 13:49:49 +0100 Message-Id: <20201228125049.226835526@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201228125020.963311703@linuxfoundation.org> References: <20201228125020.963311703@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Chunguang Xu commit cca415537244f6102cbb09b5b90db6ae2c953bdd upstream. When freeing metadata, we will create an ext4_free_data and insert it into the pending free list. After the current transaction is committed, the object will be freed. ext4_mb_free_metadata() will check whether the area to be freed overlaps with the pending free list. If true, return directly. At this time, ext4_free_data is leaked. Fortunately, the probability of this problem is small, since it only occurs if the file system is corrupted such that a block is claimed by more one inode and those inodes are deleted within a single jbd2 transaction. Signed-off-by: Chunguang Xu Link: https://lore.kernel.org/r/1604764698-4269-8-git-send-email-brookxu@tencent.com Signed-off-by: Theodore Ts'o Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman --- fs/ext4/mballoc.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -5126,6 +5126,7 @@ ext4_mb_free_metadata(handle_t *handle, ext4_group_first_block_no(sb, group) + EXT4_C2B(sbi, cluster), "Block already on to-be-freed list"); + kmem_cache_free(ext4_free_data_cachep, new_entry); return 0; } }