Patch "btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod()" has been added to the 6.6-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sun, 03 Dec 2023 14:59:38 +0100

This is a note to let you know that I've just added the patch titled

    btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod()

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     btrfs-ref-verify-fix-memory-leaks-in-btrfs_ref_tree_mod.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From f91192cd68591c6b037da345bc9fcd5e50540358 Mon Sep 17 00:00:00 2001
From: Bragatheswaran Manickavel <bragathemanick0908@xxxxxxxxx>
Date: Sat, 18 Nov 2023 14:40:12 +0530
Subject: btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod()

From: Bragatheswaran Manickavel <bragathemanick0908@xxxxxxxxx>

commit f91192cd68591c6b037da345bc9fcd5e50540358 upstream.

In btrfs_ref_tree_mod(), when !parent 're' was allocated through
kmalloc(). In the following code, if an error occurs, the execution will
be redirected to 'out' or 'out_unlock' and the function will be exited.
However, on some of the paths, 're' are not deallocated and may lead to
memory leaks.

For example: lookup_block_entry() for 'be' returns NULL, the out label
will be invoked. During that flow ref and 'ra' are freed but not 're',
which can potentially lead to a memory leak.

CC: stable@xxxxxxxxxxxxxxx # 5.10+
Reported-and-tested-by: syzbot+d66de4cbf532749df35f@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=d66de4cbf532749df35f
Signed-off-by: Bragatheswaran Manickavel <bragathemanick0908@xxxxxxxxx>
Reviewed-by: David Sterba <dsterba@xxxxxxxx>
Signed-off-by: David Sterba <dsterba@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/btrfs/ref-verify.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/fs/btrfs/ref-verify.c
+++ b/fs/btrfs/ref-verify.c
@@ -791,6 +791,7 @@ int btrfs_ref_tree_mod(struct btrfs_fs_i
 			dump_ref_action(fs_info, ra);
 			kfree(ref);
 			kfree(ra);
+			kfree(re);
 			goto out_unlock;
 		} else if (be->num_refs == 0) {
 			btrfs_err(fs_info,
@@ -800,6 +801,7 @@ int btrfs_ref_tree_mod(struct btrfs_fs_i
 			dump_ref_action(fs_info, ra);
 			kfree(ref);
 			kfree(ra);
+			kfree(re);
 			goto out_unlock;
 		}
 


Patches currently in stable-queue which might be from bragathemanick0908@xxxxxxxxx are

queue-6.6/btrfs-ref-verify-fix-memory-leaks-in-btrfs_ref_tree_mod.patch






