xfs
[Top] [All Lists]

Re: [PATCH 5/6] xfs: xlog_recover_process_data leaks like a sieve

To: Dave Chinner <david@xxxxxxxxxxxxx>
Subject: Re: [PATCH 5/6] xfs: xlog_recover_process_data leaks like a sieve
From: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Date: Fri, 13 Dec 2013 04:32:05 -0800
Cc: xfs@xxxxxxxxxxx
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <1386826478-13846-6-git-send-email-david@xxxxxxxxxxxxx>
References: <1386826478-13846-1-git-send-email-david@xxxxxxxxxxxxx> <1386826478-13846-6-git-send-email-david@xxxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)
On Thu, Dec 12, 2013 at 04:34:37PM +1100, Dave Chinner wrote:
> From: Dave Chinner <dchinner@xxxxxxxxxx>
> 
> Fix the double free of the transaction structure introduced by
> commit 2a84108 ("xfs: free the list of recovery items on error").
> In the process, make the freeing of the trans structure on error or
> completion of processing consistent - i.e. the responsibility of the
> the function that detected the error or completes processing. Add
> comments to document this behaviour so it can be maintained more
> easily in future.

I don't really understand why we'd want to push the freeing into
more low-level functions.

e.g. keeping it in xlog_recover_process_data vs the low-level
functions called by it not only reduces the amount of code, but also
is way more logical as we lookup trans there, so freeing it seems
more logical as well.

> +                     if (trans)
> +                             xlog_recover_free_trans(trans);

goto out_free_trans;

>                       if (dp + be32_to_cpu(ohead->oh_len) > lp) {
> -                             xfs_warn(log->l_mp, "%s: bad length 0x%x",
> +                             xfs_warn(log->l_mp,
> +                             "%s: bad transaction opheader length 0x%x",
>                                       __func__, be32_to_cpu(ohead->oh_len));
>                               WARN_ON(1);
> -                             return (XFS_ERROR(EIO));
> +                             xlog_recover_free_trans(trans);

goto out_free_trans;

> +                     /*
> +                      * If there's been an error, the trans structure has
> +                      * already been freed. So there's nothing for us to do
> +                      * but abort the recovery process.
> +                      */
> +                     if (error)
> +                             return error;

To me it seems we'd be better off doing a goto out_free_trans here
aswell, then remove the existing call to xlog_recover_free_trans in
xlog_recover_commit_trans for the error case, and keep it out of
xlog_recover_add_to_trans.

<Prev in Thread] Current Thread [Next in Thread>