| Message ID | 20190513033912.3436-2-tobin@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Fix kobject error path memleaks | expand |
On 13.05.19 г. 6:39 ч., Tobin C. Harding wrote: > If a call to kobject_init_and_add() fails we must call kobject_put() > otherwise we leak memory. > > Calling kobject_put() when kobject_init_and_add() fails drops the > refcount back to 0 and calls the ktype release method. > > Add call to kobject_put() in the error path of call to > kobject_init_and_add(). > > Signed-off-by: Tobin C. Harding <tobin@kernel.org> > --- > fs/btrfs/extent-tree.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c > index c5880329ae37..5e40c8f1e97a 100644 > --- a/fs/btrfs/extent-tree.c > +++ b/fs/btrfs/extent-tree.c > @@ -3981,8 +3981,7 @@ static int create_space_info(struct btrfs_fs_info *info, u64 flags) > info->space_info_kobj, "%s", > alloc_name(space_info->flags)); > if (ret) { > - percpu_counter_destroy(&space_info->total_bytes_pinned); > - kfree(space_info); > + kobject_put(&space_info->kobj); If you are only fixing kobject-related code then why do you delete correct code as well? percpu_counter_Destroy is needed to dispose of the percpu state which might have been allocated in percpu_counter_init based on whether CONFIG_SMP is enabled or not? Also, the call to kfree is required. > return ret; > } > >
On Mon, May 13, 2019 at 08:59:56AM +0300, Nikolay Borisov wrote: > > > On 13.05.19 г. 6:39 ч., Tobin C. Harding wrote: > > If a call to kobject_init_and_add() fails we must call kobject_put() > > otherwise we leak memory. > > > > Calling kobject_put() when kobject_init_and_add() fails drops the > > refcount back to 0 and calls the ktype release method. > > > > Add call to kobject_put() in the error path of call to > > kobject_init_and_add(). > > > > Signed-off-by: Tobin C. Harding <tobin@kernel.org> > > --- > > fs/btrfs/extent-tree.c | 3 +-- > > 1 file changed, 1 insertion(+), 2 deletions(-) > > > > diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c > > index c5880329ae37..5e40c8f1e97a 100644 > > --- a/fs/btrfs/extent-tree.c > > +++ b/fs/btrfs/extent-tree.c > > @@ -3981,8 +3981,7 @@ static int create_space_info(struct btrfs_fs_info *info, u64 flags) > > info->space_info_kobj, "%s", > > alloc_name(space_info->flags)); > > if (ret) { > > - percpu_counter_destroy(&space_info->total_bytes_pinned); > > - kfree(space_info); > > + kobject_put(&space_info->kobj); > > If you are only fixing kobject-related code then why do you delete > correct code as well? percpu_counter_Destroy is needed to dispose of the > percpu state which might have been allocated in percpu_counter_init > based on whether CONFIG_SMP is enabled or not? Also, the call to kfree > is required. Both of those will happen in space_info_release() when the kobject is properly disposed of with this last put to the kobject reference. Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index c5880329ae37..5e40c8f1e97a 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -3981,8 +3981,7 @@ static int create_space_info(struct btrfs_fs_info *info, u64 flags) info->space_info_kobj, "%s", alloc_name(space_info->flags)); if (ret) { - percpu_counter_destroy(&space_info->total_bytes_pinned); - kfree(space_info); + kobject_put(&space_info->kobj); return ret; }
If a call to kobject_init_and_add() fails we must call kobject_put() otherwise we leak memory. Calling kobject_put() when kobject_init_and_add() fails drops the refcount back to 0 and calls the ktype release method. Add call to kobject_put() in the error path of call to kobject_init_and_add(). Signed-off-by: Tobin C. Harding <tobin@kernel.org> --- fs/btrfs/extent-tree.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)