From: Tao Cui <cuitao@kylinos.cn>
To: cuitao@kylinos.cn
Cc: axboe@kernel.dk, cgroups@vger.kernel.org, josef@toxicpanda.com,
tj@kernel.org
Subject: [PATCH v3] blk-cgroup: fix leaks and online flag on radix_tree_insert failure
Date: Thu, 7 May 2026 14:12:29 +0800 [thread overview]
Message-ID: <20260507061229.57466-1-cuitao@kylinos.cn> (raw)
In-Reply-To: <20260506131124.16755-1-cuitao@kylinos.cn>
When radix_tree_insert() fails in blkg_create(), the error path has two
issues:
1. blkg->online is set to true unconditionally, even when the blkg was
never fully inserted. Move the assignment inside the success block.
2. The error path calls blkg_put() without first calling
percpu_ref_kill(). Because the refcount is still in percpu mode,
percpu_ref_put() only does this_cpu_sub() without checking for zero,
so blkg_release() is never triggered. This permanently leaks the
blkg memory, its percpu iostat, policy data, the parent blkg
reference, and the cgroup css reference — the latter preventing the
cgroup from ever being destroyed.
Fix by replacing blkg_put() with percpu_ref_kill(), matching the pattern
used in blkg_destroy().
Signed-off-by: Tao Cui <cuitao@kylinos.cn>
---
v3:
- Remove the redundant blkg_put() after percpu_ref_kill() to avoid a
double-put that causes the refcount to go negative and bypass
blkg_release(), as pointed out by the sashiko AI review.
v2:
- Also fix the percpu_ref leak on the radix_tree_insert() error path by
adding percpu_ref_kill() before blkg_put(), as pointed out by the
sashiko AI review.
---
block/blk-cgroup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c
index 554c87bb4a86..9fe850deef3b 100644
--- a/block/blk-cgroup.c
+++ b/block/blk-cgroup.c
@@ -431,15 +431,15 @@ static struct blkcg_gq *blkg_create(struct blkcg *blkcg, struct gendisk *disk,
blkg->pd[i]->online = true;
}
}
+ blkg->online = true;
}
- blkg->online = true;
spin_unlock(&blkcg->lock);
if (!ret)
return blkg;
/* @blkg failed fully initialized, use the usual release path */
- blkg_put(blkg);
+ percpu_ref_kill(&blkg->refcnt);
return ERR_PTR(ret);
err_put_css:
--
2.43.0
next prev parent reply other threads:[~2026-05-07 6:13 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-06 13:11 [PATCH] blk-cgroup: fix blkg->online set on radix_tree_insert failure Tao Cui
2026-05-07 4:42 ` [PATCH v2] blk-cgroup: fix leaks and online flag " Tao Cui
2026-05-07 6:12 ` Tao Cui [this message]
2026-05-08 0:27 ` [PATCH v3] " Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260507061229.57466-1-cuitao@kylinos.cn \
--to=cuitao@kylinos.cn \
--cc=axboe@kernel.dk \
--cc=cgroups@vger.kernel.org \
--cc=josef@toxicpanda.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox