Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp1590597pxy; Thu, 29 Apr 2021 10:06:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw9nBbuGHK65zHc9427mrrrj/DEvGRggxc/WyeaeWWxNrIxQEhnCjMACjbjnE1A4zg96AHm X-Received: by 2002:aa7:8d03:0:b029:259:f2ed:1849 with SMTP id j3-20020aa78d030000b0290259f2ed1849mr691777pfe.30.1619715969784; Thu, 29 Apr 2021 10:06:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619715969; cv=none; d=google.com; s=arc-20160816; b=PiJKTINB5aUZpUIodh18AmblR0DXd1kS6n6GjSSChCnGHExBp0iMFik2Jzxc1CjZg1 Nw4V/uJ77sqFhm6icLGuo/mIeLkATEYBhdKRqwQfMSUoE5Thpgjjj2cbaLhxq8dAHHUj uaB/NwB0mhMVGEK8G/MSqSSlKZUHBWGvxCfxYKdRZP0cGL27pEmL63Fx1upQrYa4g8ah cnzFagEWCq3sqiiKqcYC/B1taadfs5EzcXqsKWHXo8uUIa2tmXksWCELEEupC4D6n2tk x5NTnNuIeU5mXewIadkfn1/HmbjH5DaIJxVtga71+d3GTplkoU5A8MbIFPCOzMp7sTiA tuEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=sTfgpanxwLNXsNsWpSc5hVpMJ26TndHdunJ64kP6WQs=; b=NoqZan2LoXSaw4YC9ASzjJnyZBJFXnYxlqektxEEh9xOU7YHapKQpp1otP9FrU+lJZ OoKSHahgIdl5qhPgRAm9RrIBT4Ih61weKKY836K8Hzyu0BwO3nnF0WjY69IasQXkZN1U agx9fzYUQ8vTJu/a/Q7EBcbBYXfv58ZKbzggQAmYkBBMBnJ3gb2dMZGRK34Ws4COfuUF c51w5MOzYZMsRp6MH3Texo7SubLpmF+oXPwgWlNDDiiGcaclzrlZ/no1/9ZnStmJJG19 AcJZUPCXiHv3bNs4Y4GILtJKVzPsVALumr+OOZFGkwbLXboOsUSRD+Or4t+zjvDspAKo ZCzQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z184si454289pgz.69.2021.04.29.10.05.51; Thu, 29 Apr 2021 10:06:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233333AbhD2RGS (ORCPT + 99 others); Thu, 29 Apr 2021 13:06:18 -0400 Received: from outgoing-auth-1.mit.edu ([18.9.28.11]:49865 "EHLO outgoing.mit.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S233622AbhD2RGR (ORCPT ); Thu, 29 Apr 2021 13:06:17 -0400 Received: from cwcc.thunk.org (pool-72-74-133-215.bstnma.fios.verizon.net [72.74.133.215]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 13TH516P013438 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 29 Apr 2021 13:05:02 -0400 Received: by cwcc.thunk.org (Postfix, from userid 15806) id A107115C39C4; Thu, 29 Apr 2021 13:05:01 -0400 (EDT) Date: Thu, 29 Apr 2021 13:05:01 -0400 From: "Theodore Ts'o" To: Pavel Skripkin Cc: Vegard Nossum , akpm@linux-foundation.org, peterz@infradead.org, axboe@kernel.dk, pmladek@suse.com, adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+d9e482e303930fa4f6ff@syzkaller.appspotmail.com Subject: Re: [PATCH] ext4: fix memory leak in ext4_fill_super Message-ID: References: <20210428172828.12589-1-paskripkin@gmail.com> <3c3877a4-fef2-9e24-f99f-2ecc46deb7e4@oracle.com> <20210429143354.418248a7@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210429143354.418248a7@gmail.com> Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Thu, Apr 29, 2021 at 02:33:54PM +0300, Pavel Skripkin wrote: > > There is a chance, that kthread_stop() call will happen before > threadfn call. It means, that kthread_stop() return value must be checked everywhere, > isn't it? Otherwise, there are a lot of potential memory leaks, > because some developers rely on the fact, that data allocated for the thread will > be freed _inside_ thread function. That's not the only potential way that we could leak memory. Earlier in kthread(), if this memory allocation fails, self = kzalloc(sizeof(*self), GFP_KERNEL); we will exit with -ENOMEM. So at the very least all callers of kthread_stop() also need to check for -ENOMEM as well as -EINTR --- or, be somehow sure that the thread function was successfully called and started. In this particular case, the ext4 mount code had just started the kmmpd thread, and then detected that something else had gone wrong, and failed the mount before the kmmpd thread ever had a chance to run. I think if we want to fix this more generally across the whole kernel, we would need to have a variant of kthread_run which supplies two functions --- one which is the thread function, and the other which is a cleanup function. The cleanup function could just be kfree, but there will be other cases where the cleanup function will need to do other work before freeing the data structure (e.g., brelse((struct mmpd_data *)data->bh)). Is it worth it to provide such a cleanup function, which if present would be called any time the thread exits or is killed? I dunno. It's probably simpler to just strongly recommend that the cleanup work should never be done in the thread function, but after kthread_stop() is called, whether it returns an error or not. That's probably the right fix for ext4, I think. (Although note that kthread_stop(sbi->s_mmp_task) is called in multiple places in fs/ext4/super.c, not just in the single location which this patch touches.) - Ted