提交 7db37c5e 编写于 作者: D Dave Chinner 提交者: Dave Chinner

xfs: fix log ticket leak on forced shutdown.

The kmemleak detector shows this after test 139:

unreferenced object 0xffff880079b88bb0 (size 264):
  comm "xfs_io", pid 4904, jiffies 4294909382 (age 276.824s)
  hex dump (first 32 bytes):
    00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00  .....N..........
    ff ff ff ff ff ff ff ff 48 7b c9 82 ff ff ff ff  ........H{......
  backtrace:
    [<ffffffff81afb04d>] kmemleak_alloc+0x2d/0x60
    [<ffffffff8115c6cf>] kmem_cache_alloc+0x13f/0x2b0
    [<ffffffff814aaa97>] kmem_zone_alloc+0x77/0xf0
    [<ffffffff814aab2e>] kmem_zone_zalloc+0x1e/0x50
    [<ffffffff8148f394>] xlog_ticket_alloc+0x34/0x170
    [<ffffffff81494444>] xlog_cil_push+0xa4/0x3f0
    [<ffffffff81494eca>] xlog_cil_force_lsn+0x15a/0x160
    [<ffffffff814933a5>] _xfs_log_force_lsn+0x75/0x2d0
    [<ffffffff814a264d>] _xfs_trans_commit+0x2bd/0x2f0
    [<ffffffff8148bfdd>] xfs_iomap_write_allocate+0x1ad/0x350
    [<ffffffff814ac17f>] xfs_map_blocks+0x21f/0x370
    [<ffffffff814ad1b7>] xfs_vm_writepage+0x1c7/0x550
    [<ffffffff8112200a>] __writepage+0x1a/0x50
    [<ffffffff81122df2>] write_cache_pages+0x1c2/0x4c0
    [<ffffffff81123117>] generic_writepages+0x27/0x30
    [<ffffffff814aba5d>] xfs_vm_writepages+0x5d/0x80

By inspection, the leak occurs when xlog_write() returns and error
and we jump to the abort path without dropping the reference on the
active ticket.
Signed-off-by: NDave Chinner <dchinner@redhat.com>
Reviewed-by: NChristoph Hellwig <hch@lst.de>
Reviewed-by: NAlex Elder <aelder@sgi.com>
上级 c56eb8fb
...@@ -543,7 +543,7 @@ xlog_cil_push( ...@@ -543,7 +543,7 @@ xlog_cil_push(
error = xlog_write(log, &lvhdr, tic, &ctx->start_lsn, NULL, 0); error = xlog_write(log, &lvhdr, tic, &ctx->start_lsn, NULL, 0);
if (error) if (error)
goto out_abort; goto out_abort_free_ticket;
/* /*
* now that we've written the checkpoint into the log, strictly * now that we've written the checkpoint into the log, strictly
...@@ -569,8 +569,9 @@ xlog_cil_push( ...@@ -569,8 +569,9 @@ xlog_cil_push(
} }
spin_unlock(&cil->xc_cil_lock); spin_unlock(&cil->xc_cil_lock);
/* xfs_log_done always frees the ticket on error. */
commit_lsn = xfs_log_done(log->l_mp, tic, &commit_iclog, 0); commit_lsn = xfs_log_done(log->l_mp, tic, &commit_iclog, 0);
if (error || commit_lsn == -1) if (commit_lsn == -1)
goto out_abort; goto out_abort;
/* attach all the transactions w/ busy extents to iclog */ /* attach all the transactions w/ busy extents to iclog */
...@@ -600,6 +601,8 @@ xlog_cil_push( ...@@ -600,6 +601,8 @@ xlog_cil_push(
kmem_free(new_ctx); kmem_free(new_ctx);
return 0; return 0;
out_abort_free_ticket:
xfs_log_ticket_put(tic);
out_abort: out_abort:
xlog_cil_committed(ctx, XFS_LI_ABORTED); xlog_cil_committed(ctx, XFS_LI_ABORTED);
return XFS_ERROR(EIO); return XFS_ERROR(EIO);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册