* Double alloc/free of cache item @ 2025-10-14 6:51 ` Torsten Rupp 2025-10-14 7:27 ` Carlos Maiolino 2025-10-14 17:24 ` Darrick J. Wong 0 siblings, 2 replies; 3+ messages in thread From: Torsten Rupp @ 2025-10-14 6:51 UTC (permalink / raw) To: linux-xfs [-- Attachment #1: Type: text/plain, Size: 457 bytes --] Dear XFS developers, there is a double alloc/free of the cache item "xfs_extfree_item_cache" in xfsprogs 6.16.0. If the environment variable LIBXFS_LEAK_CHECK is set this also cause a segmenation fault due to a NULL pointer access (the cache item is already freed). Please find attached a patch which fix this issue. I discussed this issue and the fix already with Darrick. Thank you for your work on xfsprogs! Best regards, Torsten [-- Attachment #2: 0001-Fix-alloc-free-of-cache-item.patch --] [-- Type: text/x-patch, Size: 1204 bytes --] From 4c669fd1db79564d8b5240c7464dd28f3bc27bb1 Mon Sep 17 00:00:00 2001 From: Torsten Rupp <torsten.rupp@gmx.net> Date: Sun, 12 Oct 2025 09:23:58 +0200 Subject: [PATCH 1/1] Fix alloc/free of cache item xfs_extfree_item_cache is allocated and freed twice. Remove the obsolete alloc/free. Signed-off-by: Torsten Rupp <torsten.rupp@gmx.net> --- libxfs/init.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/libxfs/init.c b/libxfs/init.c index 393a9467..a5e89853 100644 --- a/libxfs/init.c +++ b/libxfs/init.c @@ -214,9 +214,6 @@ init_caches(void) fprintf(stderr, "Could not allocate btree cursor caches.\n"); abort(); } - xfs_extfree_item_cache = kmem_cache_init( - sizeof(struct xfs_extent_free_item), - "xfs_extfree_item"); xfs_trans_cache = kmem_cache_init( sizeof(struct xfs_trans), "xfs_trans"); xfs_parent_args_cache = kmem_cache_init( @@ -236,7 +233,6 @@ destroy_caches(void) leaked += kmem_cache_destroy(xfs_da_state_cache); xfs_defer_destroy_item_caches(); xfs_btree_destroy_cur_caches(); - leaked += kmem_cache_destroy(xfs_extfree_item_cache); leaked += kmem_cache_destroy(xfs_trans_cache); leaked += kmem_cache_destroy(xfs_parent_args_cache); -- 2.43.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: Double alloc/free of cache item 2025-10-14 6:51 ` Double alloc/free of cache item Torsten Rupp @ 2025-10-14 7:27 ` Carlos Maiolino 2025-10-14 17:24 ` Darrick J. Wong 1 sibling, 0 replies; 3+ messages in thread From: Carlos Maiolino @ 2025-10-14 7:27 UTC (permalink / raw) To: Torsten Rupp; +Cc: linux-xfs On Tue, Oct 14, 2025 at 08:51:12AM +0200, Torsten Rupp wrote: > Dear XFS developers, > > there is a double alloc/free of the cache item "xfs_extfree_item_cache" > in xfsprogs 6.16.0. If the environment variable LIBXFS_LEAK_CHECK is set > this also cause a segmenation fault due to a NULL pointer access (the > cache item is already freed). Please find attached a patch which fix > this issue. The patch looks fine as the same cache is created/destroyed also through the xfs_defer_{init,destroy}. However I'd suggest re-sending the patch the proper way as attaching patches to emails make maintainers life harder. But that's up to the maintainer to decide. For the patch itself: Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com> > > I discussed this issue and the fix already with Darrick. > > Thank you for your work on xfsprogs! > > Best regards, > > Torsten ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Double alloc/free of cache item 2025-10-14 6:51 ` Double alloc/free of cache item Torsten Rupp 2025-10-14 7:27 ` Carlos Maiolino @ 2025-10-14 17:24 ` Darrick J. Wong 1 sibling, 0 replies; 3+ messages in thread From: Darrick J. Wong @ 2025-10-14 17:24 UTC (permalink / raw) To: Torsten Rupp; +Cc: linux-xfs On Tue, Oct 14, 2025 at 08:51:12AM +0200, Torsten Rupp wrote: > Dear XFS developers, > > there is a double alloc/free of the cache item "xfs_extfree_item_cache" in > xfsprogs 6.16.0. If the environment variable LIBXFS_LEAK_CHECK is set this > also cause a segmenation fault due to a NULL pointer access (the cache item > is already freed). Please find attached a patch which fix this issue. > > I discussed this issue and the fix already with Darrick. > > Thank you for your work on xfsprogs! > > Best regards, > > Torsten > From 4c669fd1db79564d8b5240c7464dd28f3bc27bb1 Mon Sep 17 00:00:00 2001 > From: Torsten Rupp <torsten.rupp@gmx.net> > Date: Sun, 12 Oct 2025 09:23:58 +0200 > Subject: [PATCH 1/1] Fix alloc/free of cache item > > xfs_extfree_item_cache is allocated and freed twice. Remove the > obsolete alloc/free. > > Signed-off-by: Torsten Rupp <torsten.rupp@gmx.net> Usually patches are pasted inline in the message and not as attachments to avoid picky MTAs, but whatever, it got through lore/vger. Looks correct, Reviewed-by: "Darrick J. Wong" <djwong@kernel.org> --D > --- > libxfs/init.c | 4 ---- > 1 file changed, 4 deletions(-) > > diff --git a/libxfs/init.c b/libxfs/init.c > index 393a9467..a5e89853 100644 > --- a/libxfs/init.c > +++ b/libxfs/init.c > @@ -214,9 +214,6 @@ init_caches(void) > fprintf(stderr, "Could not allocate btree cursor caches.\n"); > abort(); > } > - xfs_extfree_item_cache = kmem_cache_init( > - sizeof(struct xfs_extent_free_item), > - "xfs_extfree_item"); > xfs_trans_cache = kmem_cache_init( > sizeof(struct xfs_trans), "xfs_trans"); > xfs_parent_args_cache = kmem_cache_init( > @@ -236,7 +233,6 @@ destroy_caches(void) > leaked += kmem_cache_destroy(xfs_da_state_cache); > xfs_defer_destroy_item_caches(); > xfs_btree_destroy_cur_caches(); > - leaked += kmem_cache_destroy(xfs_extfree_item_cache); > leaked += kmem_cache_destroy(xfs_trans_cache); > leaked += kmem_cache_destroy(xfs_parent_args_cache); > > -- > 2.43.0 > ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-10-14 17:24 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <2yL7RbS2HGnFO9yJP_YwXFol0RVjGKEvff7qRCJ5j2GvAAVFpdm0cqPPChDkkjiOpcHrpqxRjPNTNhz36DxtxA==@protonmail.internalid>
2025-10-14 6:51 ` Double alloc/free of cache item Torsten Rupp
2025-10-14 7:27 ` Carlos Maiolino
2025-10-14 17:24 ` Darrick J. Wong
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).