[PATCH 2/2] f2fs: fix memory leak of quota files extent tree and it's nodes

From: Sahitya Tummala
Date: Thu Nov 22 2018 - 05:59:49 EST

Next message: Christoph Hellwig: "Re: [PATCH 1/4] PCI / ACPI: Identify external PCI devices"
Previous message: Pan Bian: "[PATCH] f2fs: read page index before freeing"
In reply to: Sahitya Tummala: "[PATCH 1/2] f2fs: fix sbi->extent_list corruption issue"
Next in thread: Chao Yu: "Re: [PATCH 2/2] f2fs: fix memory leak of quota files extent tree and it's nodes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When there is a failure in f2fs_fill_super() after the quota is
enabled, then f2fs_quota_off_umount() is called in the error handling.
Then sbi is freed up and f2fs_fill_super() retries again.
But f2fs_quota_off_umount() doesn't guarantee that quota file's extent
tree/nodes are removed/freed. It will just add to sbi->zombie_list,
if those files are referenced. In the next retry, quota is enabled
again with the new extent tree and nodes, causing memory leak for the
previously allocated memory.

Fix this by cleaning up the sbi->zombie_list before freeing sbi and
before the next retry.

Signed-off-by: Sahitya Tummala <stummala@xxxxxxxxxxxxxx>
---
fs/f2fs/extent_cache.c | 21 +++++++++++++++++++++
fs/f2fs/f2fs.h | 1 +
fs/f2fs/super.c | 5 +++++
3 files changed, 27 insertions(+)

diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c
index 763ba83..c2bcd88 100644
--- a/fs/f2fs/extent_cache.c
+++ b/fs/f2fs/extent_cache.c
@@ -629,6 +629,27 @@ static void f2fs_update_extent_tree_range(struct inode *inode,
f2fs_mark_inode_dirty_sync(inode, true);
}

+void f2fs_cleanup_zombie_list(struct f2fs_sb_info *sbi)
+{
+ struct extent_tree *et, *next;
+
+ mutex_lock(&sbi->extent_tree_lock);
+ list_for_each_entry_safe(et, next, &sbi->zombie_list, list) {
+ if (atomic_read(&et->node_cnt)) {
+ write_lock(&et->lock);
+ __free_extent_tree(sbi, et);
+ write_unlock(&et->lock);
+ }
+ f2fs_bug_on(sbi, atomic_read(&et->node_cnt));
+ list_del_init(&et->list);
+ radix_tree_delete(&sbi->extent_tree_root, et->ino);
+ kmem_cache_free(extent_tree_slab, et);
+ atomic_dec(&sbi->total_ext_tree);
+ atomic_dec(&sbi->total_zombie_tree);
+ }
+ mutex_unlock(&sbi->extent_tree_lock);
+}
+
unsigned int f2fs_shrink_extent_tree(struct f2fs_sb_info *sbi, int nr_shrink)
{
struct extent_tree *et, *next;
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index db8a919..6807815 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -3419,6 +3419,7 @@ void f2fs_update_extent_cache_range(struct dnode_of_data *dn,
void f2fs_init_extent_cache_info(struct f2fs_sb_info *sbi);
int __init f2fs_create_extent_cache(void);
void f2fs_destroy_extent_cache(void);
+void f2fs_cleanup_zombie_list(struct f2fs_sb_info *sbi);

/*
* sysfs.c
diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index f41ac43..521fe3f 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -3023,6 +3023,11 @@ void f2fs_cleanup_extent_cache(struct f2fs_sb_info *sbi)

list_for_each_entry_safe(inode, next, &sb->s_inodes, i_sb_list)
f2fs_destroy_extent_tree(inode, true);
+
+ f2fs_cleanup_zombie_list(sbi);
+
+ f2fs_bug_on(sbi, !list_empty(&sbi->zombie_list));
+ f2fs_bug_on(sbi, !list_empty(&sbi->extent_list));
}

static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
--
Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project.

Next message: Christoph Hellwig: "Re: [PATCH 1/4] PCI / ACPI: Identify external PCI devices"
Previous message: Pan Bian: "[PATCH] f2fs: read page index before freeing"
In reply to: Sahitya Tummala: "[PATCH 1/2] f2fs: fix sbi->extent_list corruption issue"
Next in thread: Chao Yu: "Re: [PATCH 2/2] f2fs: fix memory leak of quota files extent tree and it's nodes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]