xfs
[Top] [All Lists]

Re: [PATCH 5/6] xfs: xlog_recover_process_data leaks like a sieve

To: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Subject: Re: [PATCH 5/6] xfs: xlog_recover_process_data leaks like a sieve
From: Dave Chinner <david@xxxxxxxxxxxxx>
Date: Sat, 14 Dec 2013 09:11:02 +1100
Cc: xfs@xxxxxxxxxxx
Delivered-to: xfs@xxxxxxxxxxx
In-reply-to: <20131213123205.GA17935@xxxxxxxxxxxxx>
References: <1386826478-13846-1-git-send-email-david@xxxxxxxxxxxxx> <1386826478-13846-6-git-send-email-david@xxxxxxxxxxxxx> <20131213123205.GA17935@xxxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)
On Fri, Dec 13, 2013 at 04:32:05AM -0800, Christoph Hellwig wrote:
> On Thu, Dec 12, 2013 at 04:34:37PM +1100, Dave Chinner wrote:
> > From: Dave Chinner <dchinner@xxxxxxxxxx>
> > 
> > Fix the double free of the transaction structure introduced by
> > commit 2a84108 ("xfs: free the list of recovery items on error").
> > In the process, make the freeing of the trans structure on error or
> > completion of processing consistent - i.e. the responsibility of the
> > the function that detected the error or completes processing. Add
> > comments to document this behaviour so it can be maintained more
> > easily in future.
> 
> I don't really understand why we'd want to push the freeing into
> more low-level functions.
> 
> e.g. keeping it in xlog_recover_process_data vs the low-level
> functions called by it not only reduces the amount of code, but also
> is way more logical as we lookup trans there, so freeing it seems
> more logical as well.
> 
> > +                   if (trans)
> > +                           xlog_recover_free_trans(trans);
> 
> goto out_free_trans;
> 
> >                     if (dp + be32_to_cpu(ohead->oh_len) > lp) {
> > -                           xfs_warn(log->l_mp, "%s: bad length 0x%x",
> > +                           xfs_warn(log->l_mp,
> > +                           "%s: bad transaction opheader length 0x%x",
> >                                     __func__, be32_to_cpu(ohead->oh_len));
> >                             WARN_ON(1);
> > -                           return (XFS_ERROR(EIO));
> > +                           xlog_recover_free_trans(trans);
> 
> goto out_free_trans;
> 
> > +                   /*
> > +                    * If there's been an error, the trans structure has
> > +                    * already been freed. So there's nothing for us to do
> > +                    * but abort the recovery process.
> > +                    */
> > +                   if (error)
> > +                           return error;
> 
> To me it seems we'd be better off doing a goto out_free_trans here
> aswell, then remove the existing call to xlog_recover_free_trans in
> xlog_recover_commit_trans for the error case, and keep it out of
> xlog_recover_add_to_trans.

I'll rework it, but hte main issue is that it has to be freed
regardless of the error value in commit record processing, so it's
not as simple as just freeing it on error....

Cheers,

Dave.
-- 
Dave Chinner
david@xxxxxxxxxxxxx

<Prev in Thread] Current Thread [Next in Thread>