From: Eric Biggers ebiggers@google.com
If processing the on-disk mount options fails after any memory was allocated in the ext4_fs_context, e.g. s_qf_names, then this memory is leaked. Fix this by calling ext4_fc_free() instead of kfree() directly.
Reproducer:
mkfs.ext4 -F /dev/vdc tune2fs /dev/vdc -E mount_opts=usrjquota=file echo clear > /sys/kernel/debug/kmemleak mount /dev/vdc /vdc echo scan > /sys/kernel/debug/kmemleak sleep 5 echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak
Fixes: 7edfd85b1ffd ("ext4: Completely separate options parsing and sb setup") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers ebiggers@google.com --- fs/ext4/super.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 1466fbdbc8e34..60fa2f2623e07 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -2625,8 +2625,10 @@ static int parse_apply_sb_mount_options(struct super_block *sb, ret = ext4_apply_options(fc, sb);
out_free: - kfree(s_ctx); - kfree(fc); + if (fc) { + ext4_fc_free(fc); + kfree(fc); + } kfree(s_mount_opts); return ret; }
On 22/05/13 04:16PM, Eric Biggers wrote:
From: Eric Biggers ebiggers@google.com
If processing the on-disk mount options fails after any memory was allocated in the ext4_fs_context, e.g. s_qf_names, then this memory is leaked. Fix this by calling ext4_fc_free() instead of kfree() directly.
Thanks for splitting the patch. It becomes an easy backport.
Reproducer:
mkfs.ext4 -F /dev/vdc tune2fs /dev/vdc -E mount_opts=usrjquota=file echo clear > /sys/kernel/debug/kmemleak mount /dev/vdc /vdc echo scan > /sys/kernel/debug/kmemleak sleep 5 echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak
Tested this and as you mentioned this patch fixes the memory leak with s_qf_names in note_qf_name().
tune2fs 1.46.5 (30-Dec-2021) Setting extended default mount options to 'usrjquota=file' unreferenced object 0xffff8881126b9a50 (size 8): comm "mount", pid 1475, jiffies 4294829180 (age 48.670s) hex dump (first 8 bytes): 66 69 6c 65 00 6b 6b a5 file.kk. backtrace: [<ffffffff8153b09d>] __kmalloc_track_caller+0x17d/0x2f0 [<ffffffff8149b7e8>] kmemdup_nul+0x28/0x70 [<ffffffff81753a75>] note_qf_name.isra.0+0x95/0x180 [<ffffffff817548a8>] ext4_parse_param+0xd48/0x11c0 [<ffffffff8175a131>] ext4_fill_super+0x1cc1/0x6260 [<ffffffff8155edce>] get_tree_bdev+0x24e/0x3a0 [<ffffffff81740355>] ext4_get_tree+0x15/0x20 [<ffffffff8155d3a2>] vfs_get_tree+0x52/0x140 [<ffffffff815a2048>] path_mount+0x3f8/0xf30 [<ffffffff815a2c52>] do_mount+0xd2/0xf0 [<ffffffff815a2e4a>] __x64_sys_mount+0xca/0x110 [<ffffffff82e6674b>] do_syscall_64+0x3b/0x90 [<ffffffff8300007c>] entry_SYSCALL_64_after_hwframe+0x44/0xae
Feel free to add by -
Tested-by: Ritesh Harjani ritesh.list@gmail.com
-ritesh
Fixes: 7edfd85b1ffd ("ext4: Completely separate options parsing and sb setup") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers ebiggers@google.com
fs/ext4/super.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 1466fbdbc8e34..60fa2f2623e07 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -2625,8 +2625,10 @@ static int parse_apply_sb_mount_options(struct super_block *sb, ret = ext4_apply_options(fc, sb);
out_free:
- kfree(s_ctx);
- kfree(fc);
- if (fc) {
ext4_fc_free(fc);
kfree(fc);
- } kfree(s_mount_opts); return ret;
}
2.36.1
Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
On Fri, May 13, 2022 at 04:16:01PM -0700, Eric Biggers wrote:
From: Eric Biggers ebiggers@google.com
If processing the on-disk mount options fails after any memory was allocated in the ext4_fs_context, e.g. s_qf_names, then this memory is leaked. Fix this by calling ext4_fc_free() instead of kfree() directly.
Reproducer:
mkfs.ext4 -F /dev/vdc tune2fs /dev/vdc -E mount_opts=usrjquota=file echo clear > /sys/kernel/debug/kmemleak mount /dev/vdc /vdc echo scan > /sys/kernel/debug/kmemleak sleep 5 echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak
Fixes: 7edfd85b1ffd ("ext4: Completely separate options parsing and sb setup") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers ebiggers@google.com
Thanks, applied.
- Ted
linux-stable-mirror@lists.linaro.org