from:"Haofeng Li via Linux\-f2fs\-devel"

[f2fs-dev] [PATCH] f2fs: fix ifolio memory leak in f2fs_move_inline_dirents error path

2025-10-18 Thread Haofeng Li via Linux-f2fs-devel

From: Haofeng Li 

Fixes a memory leak issue in f2fs_move_inline_dirents() where
the ifolio is not properly released in certain error paths.

Problem Analysis:
- In f2fs_try_convert_inline_dir(), ifolio is acquired via 
f2fs_get_inode_folio()
- When do_convert_inline_dir() fails, the caller expects ifolio to be released
- However, in f2fs_move_inline_dirents(), two specific error paths don't 
release ifolio

Fixes: 201a05be9628a ("f2fs: add key function to handle inline dir")
Signed-off-by: Haofeng Li 
---
 fs/f2fs/inline.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c
index 58ac831ef704..2496866fc45d 100644
--- a/fs/f2fs/inline.c
+++ b/fs/f2fs/inline.c
@@ -425,7 +425,7 @@ static int f2fs_move_inline_dirents(struct inode *dir, 
struct folio *ifolio,
set_new_dnode(&dn, dir, ifolio, NULL, 0);
err = f2fs_reserve_block(&dn, 0);
if (err)
-   goto out;
+   goto out_put_ifolio;
 
if (unlikely(dn.data_blkaddr != NEW_ADDR)) {
f2fs_put_dnode(&dn);
@@ -434,7 +434,7 @@ static int f2fs_move_inline_dirents(struct inode *dir, 
struct folio *ifolio,
  __func__, dir->i_ino, dn.data_blkaddr);
f2fs_handle_error(F2FS_F_SB(folio), ERROR_INVALID_BLKADDR);
err = -EFSCORRUPTED;
-   goto out;
+   goto out_put_ifolio;
}
 
f2fs_folio_wait_writeback(folio, DATA, true, true);
@@ -479,6 +479,10 @@ static int f2fs_move_inline_dirents(struct inode *dir, 
struct folio *ifolio,
 out:
f2fs_folio_put(folio, true);
return err;
+
+out_put_ifolio:
+   f2fs_folio_put(ifolio, true);
+   goto out;
 }
 
 static int f2fs_add_inline_entries(struct inode *dir, void *inline_dentry)
-- 
2.25.1



___
Linux-f2fs-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

Re: [f2fs-dev] [PATCH] f2fs: fix ifolio memory leak in f2fs_move_inline_dirents error path

2025-10-18 Thread Haofeng Li via Linux-f2fs-devel

>Fixes a memory leak issue in f2fs_move_inline_dirents() where
>the ifolio is not properly released in certain error paths.

>Problem Analysis:
>- In f2fs_try_convert_inline_dir(), ifolio is acquired via 
>f2fs_get_inode_folio()
>- When do_convert_inline_dir() fails, the caller expects ifolio to be released
>- However, in f2fs_move_inline_dirents(), two specific error paths don't 
>release ifolio

Add some additional information.

When do_convert_inline_dir() fails in f2fs_try_convert_inline_dir(),
the ifolio obtained via f2fs_get_inode_folio() is not properly released,
leading to a memory leak.

The issue occurs in the following call path:

f2fs_try_convert_inline_dir()
├── f2fs_get_inode_folio()  // acquires ifolio
├── do_convert_inline_dir()
│   ├── f2fs_move_inline_dirents() // The issue is in this function. 
│   │   └── Error paths may not release ifolio
└── Only releases ifolio on success: if (!err) f2fs_folio_put(ifolio, true)

Specifically, in f2fs_move_inline_dirents():
- If f2fs_reserve_block() fails, the function jumps to 'out' label
- The 'out' label only releases the newly allocated 'folio' but not 'ifolio'
- This leaves ifolio unreleased when f2fs_reserve_block() fails

In contrast, f2fs_move_rehashed_dirents() properly handles ifolio release
in its error recovery path, but the inconsistency creates a leak risk.



___
Linux-f2fs-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel

[f2fs-dev] [PATCH] f2fs: fix ifolio memory leak in f2fs_move_inline_dirents error path

Re: [f2fs-dev] [PATCH] f2fs: fix ifolio memory leak in f2fs_move_inline_dirents error path

2 matches

Site Navigation

Mail list logo

Footer information