[21/23] libxfs: free buffer log item in libxfs_trans_brelse
diff mbox series

Message ID 155148294438.16677.1930910751833400782.stgit@magnolia
State New
Headers show
  • xfsprogs-5.0: fix various problems
Related show

Commit Message

Darrick J. Wong March 1, 2019, 11:29 p.m. UTC
From: Darrick J. Wong <darrick.wong@oracle.com>

If we're going to putbuf a buffer at the bottom of libxfs_trans_brelse,
that means that the buffer is clean and not held, and therefore we need
to detach the buffer from the transaction prior to releasing the buffer.
For whatever reason, we forget to free the buffer's b_log_item (though
we set b_transp to NULL), which means that if the buffer is immediately
freed or picked back up to write an inode core (which changes
b_log_item), we'll leak the buf item.

Therefore, free the buffer log item like the kernel does, which stops
the leak.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
 libxfs/trans.c |    3 +++
 1 file changed, 3 insertions(+)

diff mbox series

diff --git a/libxfs/trans.c b/libxfs/trans.c
index 46ff8b4a..b0a04ecd 100644
--- a/libxfs/trans.c
+++ b/libxfs/trans.c
@@ -570,6 +570,8 @@  libxfs_trans_brelse(
 	if (bip->bli_flags & XFS_BLI_HOLD)
 		bip->bli_flags &= ~XFS_BLI_HOLD;
+	kmem_zone_free(xfs_buf_item_zone, bip);
+	bp->b_log_item = NULL;
 	bp->b_transp = NULL;
@@ -856,6 +858,7 @@  inode_item_done(
+	ASSERT(bp->b_log_item == NULL);
 	bp->b_log_item = iip;
 	error = libxfs_iflush_int(ip, bp);
 	if (error) {