[PATCH] Btrfs: fix leak of block group cache objects

linux-btrfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Filipe David Borba Manana <fdmanana@gmail.com>
To: linux-btrfs@vger.kernel.org
Cc: Filipe David Borba Manana <fdmanana@gmail.com>
Subject: [PATCH] Btrfs: fix leak of block group cache objects
Date: Fri, 16 May 2014 20:52:01 +0100	[thread overview]
Message-ID: <1400269921-17141-1-git-send-email-fdmanana@gmail.com> (raw)

The change titled:

     "Btrfs: fix broken free space cache after the system crashed"

can increment a block group cache object twice in find_free_extent() and
never decrement it twice, resulting in a memory leak.

This is easy to reproduce by having kmemleak enabled and the following
steps:

    mkfs.btrfs -f /dev/sdd
    mount /dev/sdd /mnt
    umount /mnt
    rmmod btrfs

    cat /sys/kernel/debug/kmemleak
    unreferenced object 0xffff8802089249d8 (size 512):
      comm "mount", pid 6826, jiffies 4306001111 (age 3065.636s)
      hex dump (first 32 bytes):
        00 00 c0 01 00 00 00 00 c0 00 00 00 40 00 00 00  ............@...
        00 00 c0 01 00 00 00 00 00 00 01 00 00 00 00 00  ................
      backtrace:
        [<ffffffff816ab3b6>] kmemleak_alloc+0x26/0x50
        [<ffffffff8119447d>] kmem_cache_alloc_trace+0x11d/0x1e0
        [<ffffffffa02a369c>] btrfs_create_block_group_cache+0x3c/0x160 [btrfs]
        [<ffffffffa02adf07>] btrfs_read_block_groups+0x1d7/0x650 [btrfs]
        [<ffffffffa02bc800>] open_ctree+0x16a0/0x20c0 [btrfs]
        [<ffffffffa0293321>] btrfs_mount+0x6b1/0x980 [btrfs]
        [<ffffffff811aa9c0>] mount_fs+0x20/0xe0
        [<ffffffff811c76f3>] vfs_kern_mount+0x73/0x170
        [<ffffffff811ca046>] do_mount+0x206/0xb20
        [<ffffffff811cac4e>] SyS_mount+0x8e/0xe0
        [<ffffffff816c8492>] system_call_fastpath+0x16/0x1b
        [<ffffffffffffffff>] 0xffffffffffffffff
    unreferenced object 0xffff8802019571d0 (size 128):
      comm "mount", pid 6826, jiffies 4306001111 (age 3065.684s)
      hex dump (first 32 bytes):
        4d 06 4d 06 ad 4e ad de ff ff ff ff 00 00 00 00  M.M..N..........
        ff ff ff ff ff ff ff ff 90 0d 36 a0 ff ff ff ff  ..........6.....
      backtrace:
        [<ffffffff816ab3b6>] kmemleak_alloc+0x26/0x50
        [<ffffffff8119447d>] kmem_cache_alloc_trace+0x11d/0x1e0
        [<ffffffffa02a36be>] btrfs_create_block_group_cache+0x5e/0x160 [btrfs]
        [<ffffffffa02adf07>] btrfs_read_block_groups+0x1d7/0x650 [btrfs]
        [<ffffffffa02bc800>] open_ctree+0x16a0/0x20c0 [btrfs]
        [<ffffffffa0293321>] btrfs_mount+0x6b1/0x980 [btrfs]
        [<ffffffff811aa9c0>] mount_fs+0x20/0xe0
        [<ffffffff811c76f3>] vfs_kern_mount+0x73/0x170
        [<ffffffff811ca046>] do_mount+0x206/0xb20
        [<ffffffff811cac4e>] SyS_mount+0x8e/0xe0
        [<ffffffff816c8492>] system_call_fastpath+0x16/0x1b
        [<ffffffffffffffff>] 0xffffffffffffffff

Signed-off-by: Filipe David Borba Manana <fdmanana@gmail.com>
---

Note: this only affects Chris' integration branch.

 fs/btrfs/extent-tree.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
index eb0760f..0bad610 100644
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -6456,6 +6456,8 @@ static noinline int find_free_extent(struct btrfs_root *orig_root,
 			} else {
 				index = get_block_group_index(block_group);
 				btrfs_grab_block_group(block_group, delalloc);
+				/* compensate get by btrfs_grab_block_group() */
+				btrfs_put_block_group(block_group);
 				goto have_block_group;
 			}
 		} else if (block_group) {
-- 
1.9.1

                 reply	other threads:[~2014-05-16 18:52 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:eb0760f dfblob:0bad610 )
 OR (
bs:"[PATCH] Btrfs: fix leak of block group cache objects" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1400269921-17141-1-git-send-email-fdmanana@gmail.com \
    --to=fdmanana@gmail.com \
    --cc=linux-btrfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).