[Bug 204371] BUG kmalloc-4k (Tainted: G W ): Object padding overwritten

From: <hidden>
Date: 2019-08-15 17:10:21
Subsystem: btrfs file system, filesystems (vfs and infrastructure), the rest · Maintainers: Chris Mason, David Sterba, Alexander Viro, Christian Brauner, Linus Torvalds

Possibly related (same subject, not in this thread)

2019-08-22 · [Bug 204371] BUG kmalloc-4k (Tainted: G W ): Object padding overwritten · <hidden>
2019-08-17 · [Bug 204371] BUG kmalloc-4k (Tainted: G W ): Object padding overwritten · <hidden>
2019-08-17 · Re: [Bug 204371] BUG kmalloc-4k (Tainted: G W ): Object padding overwritten · christophe leroy <hidden>
2019-08-16 · [Bug 204371] BUG kmalloc-4k (Tainted: G W ): Object padding overwritten · <hidden>
2019-08-16 · [Bug 204371] BUG kmalloc-4k (Tainted: G W ): Object padding overwritten · <hidden>

https://bugzilla.kernel.org/show_bug.cgi?id=204371

--- Comment #28 from Erhard F. (erhard_f@mailbox.org) ---

On Thu, 15 Aug 2019 16:45:11 +0000
bugzilla-daemon@bugzilla.kernel.org wrote:

quoted hunk

https://bugzilla.kernel.org/show_bug.cgi?id=204371

--- Comment #27 from Christophe Leroy (christophe.leroy@c-s.fr) ---

Can you post the changes you did ?

Did you replace the two kzalloc() by get_zeroed_page()  as suggested ?
If so, it looks like you missed one kfree() (in free_bitmap()) to be replaced
by free_page().

Ah yes, I added the (unsigned long) part but forgot to replace kfree() with
free_page(). Now looks like this:

diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c
index 062be9dde4c6..c3eed8c3d3fe 100644
--- a/fs/btrfs/free-space-cache.c
+++ b/fs/btrfs/free-space-cache.c

@@ -764,7 +764,7 @@ static int __load_free_space_cache(struct btrfs_root *root,

struct inode *inode,
                } else {
                        ASSERT(num_bitmaps);
                        num_bitmaps--;
-                       e->bitmap = kzalloc(PAGE_SIZE, GFP_NOFS);
+                       e->bitmap = (void *)get_zeroed_page(GFP_NOFS);
                        if (!e->bitmap) {
                                kmem_cache_free(
                                        btrfs_free_space_cachep, e);

@@ -1881,7 +1881,7 @@ static void free_bitmap(struct btrfs_free_space_ctl *ctl,
                        struct btrfs_free_space *bitmap_info)
 {
        unlink_free_space(ctl, bitmap_info);
-       kfree(bitmap_info->bitmap);
+       free_page((unsigned long)bitmap_info->bitmap);
        kmem_cache_free(btrfs_free_space_cachep, bitmap_info);
        ctl->total_bitmaps--;
        ctl->op->recalc_thresholds(ctl);
@@ -2135,7 +2135,7 @@ static int insert_into_bitmap(struct btrfs_free_space_ctl

*ctl,
                }

                /* allocate the bitmap */
-               info->bitmap = kzalloc(PAGE_SIZE, GFP_NOFS);
+               info->bitmap = (void *)get_zeroed_page(GFP_NOFS);
                spin_lock(&ctl->tree_lock);
                if (!info->bitmap) {
                        ret = -ENOMEM;

@@ -2146,7 +2146,7 @@ static int insert_into_bitmap(struct btrfs_free_space_ctl

*ctl,

 out:
        if (info) {
-               kfree(info->bitmap);
+               free_page((unsigned long)info->bitmap);
                kmem_cache_free(btrfs_free_space_cachep, info);
        }

@@ -2802,7 +2802,7 @@ u64 btrfs_alloc_from_cluster(struct

btrfs_block_group_cache *block_group,
        if (entry->bytes == 0) {
                ctl->free_extents--;
                if (entry->bitmap) {
-                       kfree(entry->bitmap);
+                       free_page((unsigned long)entry->bitmap);
                        ctl->total_bitmaps--;
                        ctl->op->recalc_thresholds(ctl);
                }

-- 
You are receiving this mail because:
You are on the CC list for the bug.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help