| To: | Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx> |
|---|---|
| Subject: | [PATCH][XFS][resend] fix memory leak in xfs_inactive() |
| From: | Jesper Juhl <jesper.juhl@xxxxxxxxx> |
| Date: | Sun, 1 Jul 2007 01:16:51 +0200 |
| Cc: | David Chinner <dgc@xxxxxxx>, xfs-masters@xxxxxxxxxxx, xfs@xxxxxxxxxxx, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Jesper Juhl <jesper.juhl@xxxxxxxxx> |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:from:to:subject:date:user-agent:cc:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=kbeHdSYEd7ghLcc8kCD9qlkkrHOJB4Wku1tjfztcnHl0Ex8uKEScvF6WVQs41nNNk/DaWvdP0vB1vAz/fhOWoAAhRivar2xA2seoSPWyCq24kz11mBDYu5AyP/K8CqPu53IOXe5VK4ESZMGdO5XserlPSOdSv6A+2e9rGn1C5Wg= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:from:to:subject:date:user-agent:cc:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=AFYB9hSc2Sjhzd64uh7BJQ8yfoQWcWGhjRjMLqqN2FXuSWbv1iji4toaMfeiNOGxzrF+Iqtuytyu4JOkp4LGnR2Q/6odDuN5sYOF/5jyKaNn7QuT5yjTrYBDciWfdy0Aekw/Oqeryacv1806bf+VjDgkzJJ15/utm4e7VHiXXaA= |
| Sender: | xfs-bounce@xxxxxxxxxxx |
| User-agent: | KMail/1.9.7 |
(this is back from May 16 2007, resending since it doesn't look like
the patch ever made it in anywhere)
The Coverity checker found a memory leak in xfs_inactive().
The offending code is this bit :
1671 tp = xfs_trans_alloc(mp, XFS_TRANS_INACTIVE);
At conditional (1): "truncate != 0" taking true path
1672 if (truncate) {
1673 /*
1674 * Do the xfs_itruncate_start() call before
1675 * reserving any log space because itruncate_start
1676 * will call into the buffer cache and we can't
1677 * do that within a transaction.
1678 */
1679 xfs_ilock(ip, XFS_IOLOCK_EXCL);
1680
1681 error = xfs_itruncate_start(ip, XFS_ITRUNC_DEFINITE, 0);
At conditional (2): "error != 0" taking true path
1682 if (error) {
1683 xfs_iunlock(ip, XFS_IOLOCK_EXCL);
Event leaked_storage: Returned without freeing storage "tp"
Also see events: [alloc_fn][var_assign]
1684 return VN_INACTIVE_CACHE;
1685 }
So, the code allocates a transaction, but in the case where 'truncate' is !=0
and xfs_itruncate_start(ip, XFS_ITRUNC_DEFINITE, 0); happens to return an
error, we'll just return from the function without dealing with the memory
allocated byxfs_trans_alloc() and assigned to 'tp', thus it'll be
orphaned/leaked - not good.
The bug was introduced by this commit:
http://git2.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d3cf209476b72c83907a412b6708c5e498410aa7
The patch below is
From: Dave Chinner <dgc@xxxxxxx>
Signed-off-by: Jesper Juhl <jesper.juhl@xxxxxxxxx>
---
fs/xfs/xfs_vnodeops.c | 1 +
1 file changed, 1 insertion(+)
Index: 2.6.x-xfs-new/fs/xfs/xfs_vnodeops.c
===================================================================
--- 2.6.x-xfs-new.orig/fs/xfs/xfs_vnodeops.c 2007-05-11 16:04:03.000000000
+1000
+++ 2.6.x-xfs-new/fs/xfs/xfs_vnodeops.c 2007-05-17 12:37:25.671399078 +1000
@@ -1710,6 +1710,7 @@ xfs_inactive(
error = xfs_itruncate_start(ip, XFS_ITRUNC_DEFINITE, 0);
if (error) {
+ xfs_trans_cancel(tp, 0);
xfs_iunlock(ip, XFS_IOLOCK_EXCL);
return VN_INACTIVE_CACHE;
}
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: xfs_fsr, performance related tweaks, Eric Sandeen |
|---|---|
| Next by Date: | [PATCH][XFS][resend] memory leak; allocated transaction not freed in xfs_inactive_free_eofblocks() in failure case., Jesper Juhl |
| Previous by Thread: | Re: [-mm PATCH] ocfs2: ->fallocate() support, Christoph Hellwig |
| Next by Thread: | [PATCH][XFS][resend] memory leak; allocated transaction not freed in xfs_inactive_free_eofblocks() in failure case., Jesper Juhl |
| Indexes: | [Date] [Thread] [Top] [All Lists] |