[PATCH] Btrfs: fix memory leak in btrfs_create

linux-btrfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] Btrfs: fix memory leak in btrfs_create_tree()
@ 2013-03-21  4:32 Tsutomu Itoh
  2014-03-27 15:50 ` Alex Lyakas
  0 siblings, 1 reply; 3+ messages in thread
From: Tsutomu Itoh @ 2013-03-21  4:32 UTC (permalink / raw)
  To: linux-btrfs

We should free leaf and root before returning from the error
handling code.

Signed-off-by: Tsutomu Itoh <t-itoh@jp.fujitsu.com>
---
 fs/btrfs/disk-io.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index 7d84651..b1b5baa 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -1291,6 +1291,7 @@ struct btrfs_root *btrfs_create_tree(struct btrfs_trans_handle *trans,
 				      0, objectid, NULL, 0, 0, 0);
 	if (IS_ERR(leaf)) {
 		ret = PTR_ERR(leaf);
+		leaf = NULL;
 		goto fail;
 	}
 
@@ -1334,11 +1335,16 @@ struct btrfs_root *btrfs_create_tree(struct btrfs_trans_handle *trans,
 
 	btrfs_tree_unlock(leaf);
 
+	return root;
+
 fail:
-	if (ret)
-		return ERR_PTR(ret);
+	if (leaf) {
+		btrfs_tree_unlock(leaf);
+		free_extent_buffer(leaf);
+	}
+	kfree(root);
 
-	return root;
+	return ERR_PTR(ret);
 }
 
 static struct btrfs_root *alloc_log_tree(struct btrfs_trans_handle *trans,


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] Btrfs: fix memory leak in btrfs_create_tree()
  2013-03-21  4:32 [PATCH] Btrfs: fix memory leak in btrfs_create_tree() Tsutomu Itoh
@ 2014-03-27 15:50 ` Alex Lyakas
  2014-03-31  8:41   ` Tsutomu Itoh
  0 siblings, 1 reply; 3+ messages in thread
From: Alex Lyakas @ 2014-03-27 15:50 UTC (permalink / raw)
  To: Tsutomu Itoh, Josef Bacik; +Cc: linux-btrfs, Filipe Manana

Hi Tsutomu Itoh,

On Thu, Mar 21, 2013 at 6:32 AM, Tsutomu Itoh <t-itoh@jp.fujitsu.com> wrote:
> We should free leaf and root before returning from the error
> handling code.
>
> Signed-off-by: Tsutomu Itoh <t-itoh@jp.fujitsu.com>
> ---
>  fs/btrfs/disk-io.c | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)
>
> diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
> index 7d84651..b1b5baa 100644
> --- a/fs/btrfs/disk-io.c
> +++ b/fs/btrfs/disk-io.c
> @@ -1291,6 +1291,7 @@ struct btrfs_root *btrfs_create_tree(struct btrfs_trans_handle *trans,
>                                       0, objectid, NULL, 0, 0, 0);
>         if (IS_ERR(leaf)) {
>                 ret = PTR_ERR(leaf);
> +               leaf = NULL;
>                 goto fail;
>         }
>
> @@ -1334,11 +1335,16 @@ struct btrfs_root *btrfs_create_tree(struct btrfs_trans_handle *trans,
>
>         btrfs_tree_unlock(leaf);
>
> +       return root;
> +
>  fail:
> -       if (ret)
> -               return ERR_PTR(ret);
> +       if (leaf) {
> +               btrfs_tree_unlock(leaf);
> +               free_extent_buffer(leaf);
I believe this is not enough. Few lines above, another reference on
the root is taken by
root->commit_root = btrfs_root_node(root);

So I believe the proper fix would be:
diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index d9698fd..260af79 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -1354,10 +1354,10 @@ struct btrfs_root *btrfs_create_tree(struct
btrfs_trans_handle *trans,
        return root;

 fail:
-       if (leaf) {
+       if (leaf)
                btrfs_tree_unlock(leaf);
-               free_extent_buffer(leaf);
-       }
+       free_extent_buffer(root->node);
+       free_extent_buffer(root->commit_root);
        kfree(root);

        return ERR_PTR(ret);



Thanks,
Alex.



> +       }
> +       kfree(root);
>
> -       return root;
> +       return ERR_PTR(ret);
>  }
>
>  static struct btrfs_root *alloc_log_tree(struct btrfs_trans_handle *trans,
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] Btrfs: fix memory leak in btrfs_create_tree()
  2014-03-27 15:50 ` Alex Lyakas
@ 2014-03-31  8:41   ` Tsutomu Itoh
  0 siblings, 0 replies; 3+ messages in thread
From: Tsutomu Itoh @ 2014-03-31  8:41 UTC (permalink / raw)
  To: Alex Lyakas; +Cc: Josef Bacik, linux-btrfs, Filipe Manana

Hi Alex,

On 2014/03/28 0:50, Alex Lyakas wrote:
> Hi Tsutomu Itoh,
>
> On Thu, Mar 21, 2013 at 6:32 AM, Tsutomu Itoh <t-itoh@jp.fujitsu.com> wrote:
>> We should free leaf and root before returning from the error
>> handling code.
>>
>> Signed-off-by: Tsutomu Itoh <t-itoh@jp.fujitsu.com>
>> ---
>>   fs/btrfs/disk-io.c | 12 +++++++++---
>>   1 file changed, 9 insertions(+), 3 deletions(-)
>>
>> diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
>> index 7d84651..b1b5baa 100644
>> --- a/fs/btrfs/disk-io.c
>> +++ b/fs/btrfs/disk-io.c
>> @@ -1291,6 +1291,7 @@ struct btrfs_root *btrfs_create_tree(struct btrfs_trans_handle *trans,
>>                                        0, objectid, NULL, 0, 0, 0);
>>          if (IS_ERR(leaf)) {
>>                  ret = PTR_ERR(leaf);
>> +               leaf = NULL;
>>                  goto fail;
>>          }
>>
>> @@ -1334,11 +1335,16 @@ struct btrfs_root *btrfs_create_tree(struct btrfs_trans_handle *trans,
>>
>>          btrfs_tree_unlock(leaf);
>>
>> +       return root;
>> +
>>   fail:
>> -       if (ret)
>> -               return ERR_PTR(ret);
>> +       if (leaf) {
>> +               btrfs_tree_unlock(leaf);
>> +               free_extent_buffer(leaf);
> I believe this is not enough. Few lines above, another reference on
> the root is taken by
> root->commit_root = btrfs_root_node(root);

Thank you for pointing this out.

You are right.
Could you re-post your fix by the patch submitting form?

Thanks,
Tsutomu

>
> So I believe the proper fix would be:
> diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
> index d9698fd..260af79 100644
> --- a/fs/btrfs/disk-io.c
> +++ b/fs/btrfs/disk-io.c
> @@ -1354,10 +1354,10 @@ struct btrfs_root *btrfs_create_tree(struct
> btrfs_trans_handle *trans,
>          return root;
>
>   fail:
> -       if (leaf) {
> +       if (leaf)
>                  btrfs_tree_unlock(leaf);
> -               free_extent_buffer(leaf);
> -       }
> +       free_extent_buffer(root->node);
> +       free_extent_buffer(root->commit_root);
>          kfree(root);
>
>          return ERR_PTR(ret);
>
>
>
> Thanks,
> Alex.
>
>
>
>> +       }
>> +       kfree(root);
>>
>> -       return root;
>> +       return ERR_PTR(ret);
>>   }
>>
>>   static struct btrfs_root *alloc_log_tree(struct btrfs_trans_handle *trans,
>>



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-03-31  8:41 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-03-21  4:32 [PATCH] Btrfs: fix memory leak in btrfs_create_tree() Tsutomu Itoh
2014-03-27 15:50 ` Alex Lyakas
2014-03-31  8:41   ` Tsutomu Itoh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).