Patch "xfs: don't leak xfs_buf_cancel structures when recovery fails" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    xfs: don't leak xfs_buf_cancel structures when recovery fails

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     xfs-don-t-leak-xfs_buf_cancel-structures-when-recove.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 1aa77db97f2b0dfe00171cb19b4149124e15bfee
Author: Darrick J. Wong <djwong@xxxxxxxxxx>
Date:   Wed Nov 15 18:28:18 2023 -0800

    xfs: don't leak xfs_buf_cancel structures when recovery fails
    
    [ Upstream commit 8db074bd84df5ccc88bff3f8f900f66f4b8349fa ]
    
    If log recovery fails, we free the memory used by the buffer
    cancellation buckets, but we don't actually traverse each bucket list to
    free the individual xfs_buf_cancel objects.  This leads to a memory
    leak, as reported by kmemleak in xfs/051:
    
    unreferenced object 0xffff888103629560 (size 32):
      comm "mount", pid 687045, jiffies 4296935916 (age 10.752s)
      hex dump (first 32 bytes):
        08 d3 0a 01 00 00 00 00 08 00 00 00 01 00 00 00  ................
        d0 f5 0b 92 81 88 ff ff 80 64 64 25 81 88 ff ff  .........dd%....
      backtrace:
        [<ffffffffa0317c83>] kmem_alloc+0x73/0x140 [xfs]
        [<ffffffffa03234a9>] xlog_recover_buf_commit_pass1+0x139/0x200 [xfs]
        [<ffffffffa032dc27>] xlog_recover_commit_trans+0x307/0x350 [xfs]
        [<ffffffffa032df15>] xlog_recovery_process_trans+0xa5/0xe0 [xfs]
        [<ffffffffa032e12d>] xlog_recover_process_data+0x8d/0x140 [xfs]
        [<ffffffffa032e49d>] xlog_do_recovery_pass+0x19d/0x740 [xfs]
        [<ffffffffa032f22d>] xlog_do_log_recovery+0x6d/0x150 [xfs]
        [<ffffffffa032f343>] xlog_do_recover+0x33/0x1d0 [xfs]
        [<ffffffffa032faba>] xlog_recover+0xda/0x190 [xfs]
        [<ffffffffa03194bc>] xfs_log_mount+0x14c/0x360 [xfs]
        [<ffffffffa030bfed>] xfs_mountfs+0x50d/0xa60 [xfs]
        [<ffffffffa03124b5>] xfs_fs_fill_super+0x6a5/0x950 [xfs]
        [<ffffffff812b92a5>] get_tree_bdev+0x175/0x280
        [<ffffffff812b7c3a>] vfs_get_tree+0x1a/0x80
        [<ffffffff812e366f>] path_mount+0x6ff/0xaa0
        [<ffffffff812e3b13>] __x64_sys_mount+0x103/0x140
    
    Signed-off-by: Darrick J. Wong <djwong@xxxxxxxxxx>
    Reviewed-by: Christoph Hellwig <hch@xxxxxx>
    Reviewed-by: Dave Chinner <dchinner@xxxxxxxxxx>
    Signed-off-by: Dave Chinner <david@xxxxxxxxxxxxx>
    Signed-off-by: Leah Rumancik <leah.rumancik@xxxxxxxxx>
    Acked-by: Chandan Babu R <chandanbabu@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/xfs/xfs_buf_item_recover.c b/fs/xfs/xfs_buf_item_recover.c
index dc099b2f4984c..635f7f8ed9c2d 100644
--- a/fs/xfs/xfs_buf_item_recover.c
+++ b/fs/xfs/xfs_buf_item_recover.c
@@ -1044,9 +1044,22 @@ void
 xlog_free_buf_cancel_table(
 	struct xlog	*log)
 {
+	int		i;
+
 	if (!log->l_buf_cancel_table)
 		return;
 
+	for (i = 0; i < XLOG_BC_TABLE_SIZE; i++) {
+		struct xfs_buf_cancel	*bc;
+
+		while ((bc = list_first_entry_or_null(
+				&log->l_buf_cancel_table[i],
+				struct xfs_buf_cancel, bc_list))) {
+			list_del(&bc->bc_list);
+			kmem_free(bc);
+		}
+	}
+
 	kmem_free(log->l_buf_cancel_table);
 	log->l_buf_cancel_table = NULL;
 }



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux