From patchwork Fri May 16 19:52:01 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Filipe Manana X-Patchwork-Id: 4194741 Return-Path: X-Original-To: patchwork-linux-btrfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 821349F32A for ; Fri, 16 May 2014 18:52:28 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id A822720380 for ; Fri, 16 May 2014 18:52:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id BE05D20398 for ; Fri, 16 May 2014 18:52:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758100AbaEPSwS (ORCPT ); Fri, 16 May 2014 14:52:18 -0400 Received: from mail-wi0-f170.google.com ([209.85.212.170]:35920 "EHLO mail-wi0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758096AbaEPSwR (ORCPT ); Fri, 16 May 2014 14:52:17 -0400 Received: by mail-wi0-f170.google.com with SMTP id bs8so2614783wib.1 for ; Fri, 16 May 2014 11:52:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=MzytC/ZRwdtlUuIs1DOrBuWm9Na15pKw2rkPhVUy3s4=; b=eAjY505B/xqXn1JyqnXr2vz1BsZwVzXrjsi8Le/JnW80SnIPjqBpeE4WROHIZvxiWt PfK5sw0WqIzzj+J7sHdafuyVGU8+0wxWvQr+jt1n9C2OSg88XRrBwivqexsFqJK2zqeV tpRsalkF/dFJVRLY/SRosVM5P6duf3bPLQsRwTIz/WiKdshtAJcgJlPyUKJ1qlEaT77J sznKdmOsuWJTdomBT9sLpyINvkf9UcNHMN6LL0qd+574OprSAB3XXrfhrmenmccYcHzB hSMrZl45ui0v3V6AF3T9wlEU2MvSt50JT01AS2OBQbmUBpb3lqBD42l6Whq9+AuokKDZ 9G8A== X-Received: by 10.194.62.210 with SMTP id a18mr15624862wjs.4.1400266335788; Fri, 16 May 2014 11:52:15 -0700 (PDT) Received: from debian-vm3.lan (bl14-139-83.dsl.telepac.pt. [85.247.139.83]) by mx.google.com with ESMTPSA id gp15sm2925226wjc.10.2014.05.16.11.52.13 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 16 May 2014 11:52:14 -0700 (PDT) From: Filipe David Borba Manana To: linux-btrfs@vger.kernel.org Cc: Filipe David Borba Manana Subject: [PATCH] Btrfs: fix leak of block group cache objects Date: Fri, 16 May 2014 20:52:01 +0100 Message-Id: <1400269921-17141-1-git-send-email-fdmanana@gmail.com> X-Mailer: git-send-email 1.9.1 Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The change titled: "Btrfs: fix broken free space cache after the system crashed" can increment a block group cache object twice in find_free_extent() and never decrement it twice, resulting in a memory leak. This is easy to reproduce by having kmemleak enabled and the following steps: mkfs.btrfs -f /dev/sdd mount /dev/sdd /mnt umount /mnt rmmod btrfs cat /sys/kernel/debug/kmemleak unreferenced object 0xffff8802089249d8 (size 512): comm "mount", pid 6826, jiffies 4306001111 (age 3065.636s) hex dump (first 32 bytes): 00 00 c0 01 00 00 00 00 c0 00 00 00 40 00 00 00 ............@... 00 00 c0 01 00 00 00 00 00 00 01 00 00 00 00 00 ................ backtrace: [] kmemleak_alloc+0x26/0x50 [] kmem_cache_alloc_trace+0x11d/0x1e0 [] btrfs_create_block_group_cache+0x3c/0x160 [btrfs] [] btrfs_read_block_groups+0x1d7/0x650 [btrfs] [] open_ctree+0x16a0/0x20c0 [btrfs] [] btrfs_mount+0x6b1/0x980 [btrfs] [] mount_fs+0x20/0xe0 [] vfs_kern_mount+0x73/0x170 [] do_mount+0x206/0xb20 [] SyS_mount+0x8e/0xe0 [] system_call_fastpath+0x16/0x1b [] 0xffffffffffffffff unreferenced object 0xffff8802019571d0 (size 128): comm "mount", pid 6826, jiffies 4306001111 (age 3065.684s) hex dump (first 32 bytes): 4d 06 4d 06 ad 4e ad de ff ff ff ff 00 00 00 00 M.M..N.......... ff ff ff ff ff ff ff ff 90 0d 36 a0 ff ff ff ff ..........6..... backtrace: [] kmemleak_alloc+0x26/0x50 [] kmem_cache_alloc_trace+0x11d/0x1e0 [] btrfs_create_block_group_cache+0x5e/0x160 [btrfs] [] btrfs_read_block_groups+0x1d7/0x650 [btrfs] [] open_ctree+0x16a0/0x20c0 [btrfs] [] btrfs_mount+0x6b1/0x980 [btrfs] [] mount_fs+0x20/0xe0 [] vfs_kern_mount+0x73/0x170 [] do_mount+0x206/0xb20 [] SyS_mount+0x8e/0xe0 [] system_call_fastpath+0x16/0x1b [] 0xffffffffffffffff Signed-off-by: Filipe David Borba Manana --- Note: this only affects Chris' integration branch. fs/btrfs/extent-tree.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index eb0760f..0bad610 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -6456,6 +6456,8 @@ static noinline int find_free_extent(struct btrfs_root *orig_root, } else { index = get_block_group_index(block_group); btrfs_grab_block_group(block_group, delalloc); + /* compensate get by btrfs_grab_block_group() */ + btrfs_put_block_group(block_group); goto have_block_group; } } else if (block_group) {