| To: | xfs-masters@xxxxxxxxxxx |
|---|---|
| Subject: | [xfs-masters] [RFC][PATCH] XFS: memory leak in xfs_inactive() - is xfs_trans_free() enough or do we need xfs_trans_cancel() ? |
| From: | Jesper Juhl <jesper.juhl@xxxxxxxxx> |
| Date: | Wed, 16 May 2007 23:31:16 +0200 |
| Cc: | xfs@xxxxxxxxxxx, "Linux Kernel Mailing List" <linux-kernel@xxxxxxxxxxxxxxx>, Jesper Juhl <jesper.juhl@xxxxxxxxx> |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:from:to:subject:date:user-agent:cc:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=qyy0CK7lXLdIIP0OBDuBimWjmk7gg+UzuqLVbJMOxbxHBDz/rbf4r+JB2SbBO+k/Sd4TgdnWMelzZsGIAhWcE0R/eaJa0k35AwfegB/pIVJZmCeVBQa+a8jPQ/E3LNLGMrQ2OY/Tmlt8lfWgORBhFFBYKFJ4hBCSlB8FmdjXFyQ= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:from:to:subject:date:user-agent:cc:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=MibFGJhssUmMx5aFil6C43wj1oQ3UUEPcOfC9Jg0GvS35fxjJJz0odY9GX8rE5OgTAmQIRUhxujIzpiRSr9OJBVCluCCh7Rf4K6Zsbmh+FtOwKofJWLfRcC74i4n3xrWl/pCtAItJ7eWXTG093Y4cItOfbY7RIEtBBPjf2QTlFQ= |
| Reply-to: | xfs-masters@xxxxxxxxxxx |
| Sender: | xfs-masters-bounce@xxxxxxxxxxx |
| User-agent: | KMail/1.9.6 |
Hi,
The Coverity checker found a memory leak in xfs_inactive().
The offending code is this bit :
1671 tp = xfs_trans_alloc(mp, XFS_TRANS_INACTIVE);
At conditional (1): "truncate != 0" taking true path
1672 if (truncate) {
1673 /*
1674 * Do the xfs_itruncate_start() call before
1675 * reserving any log space because itruncate_start
1676 * will call into the buffer cache and we can't
1677 * do that within a transaction.
1678 */
1679 xfs_ilock(ip, XFS_IOLOCK_EXCL);
1680
1681 error = xfs_itruncate_start(ip, XFS_ITRUNC_DEFINITE, 0);
At conditional (2): "error != 0" taking true path
1682 if (error) {
1683 xfs_iunlock(ip, XFS_IOLOCK_EXCL);
Event leaked_storage: Returned without freeing storage "tp"
Also see events: [alloc_fn][var_assign]
1684 return VN_INACTIVE_CACHE;
1685 }
So, the code allocates a transaction, but in the case where 'truncate' is !=0
and xfs_itruncate_start(ip, XFS_ITRUNC_DEFINITE, 0); happens to return an
error, we'll just return from the function without dealing with the memory
allocated byxfs_trans_alloc() and assigned to 'tp', thus it'll be
orphaned/leaked - not good.
What I'm wondering is this; is it enough, at this point, to call
xfs_trans_free(tp); (it would seem to me that would be OK, but I'm not intimite
with this code) or do we need a full xfs_trans_cancel(tp, 0); ???
In case I'm right and xfs_trans_free(tp); is all we need, then please consider
the patch below. Otherwise please NACK the patch and I'll cook up another one
:-)
Fix memory leak on error in xfs_inactive().
Signed-off-by: Jesper Juhl <jesper.juhl@xxxxxxxxx>
---
fs/xfs/xfs_vnodeops.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/fs/xfs/xfs_vnodeops.c b/fs/xfs/xfs_vnodeops.c
index de17aed..e0d3d51 100644
--- a/fs/xfs/xfs_vnodeops.c
+++ b/fs/xfs/xfs_vnodeops.c
@@ -1681,6 +1681,7 @@ xfs_inactive(
error = xfs_itruncate_start(ip, XFS_ITRUNC_DEFINITE, 0);
if (error) {
xfs_iunlock(ip, XFS_IOLOCK_EXCL);
+ xfs_trans_free(tp);
return VN_INACTIVE_CACHE;
}
--
Jesper Juhl <jesper.juhl@xxxxxxxxx>
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please http://www.expita.com/nomime.html
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [xfs-masters] Re: [2/3] 2.6.22-rc1: known regressions v2, Christoph Lameter |
|---|---|
| Next by Date: | [xfs-masters] Re: [2/3] 2.6.22-rc1: known regressions v2 - XFS, David Chinner |
| Previous by Thread: | [xfs-masters] Re: [2/3] 2.6.22-rc1: known regressions v2, Christoph Lameter |
| Next by Thread: | [xfs-masters] Re: [RFC][PATCH] XFS: memory leak in xfs_inactive() - is xfs_trans_free() enough or do we need xfs_trans_cancel() ?, David Chinner |
| Indexes: | [Date] [Thread] [Top] [All Lists] |