diff mbox series

[v2,1/4] btrfs: fix extent map leak in unexpected scenario at unpin_extent_cache()

Message ID f3c7f68caa8f3568fbf2d561b35604823bb5985f.1710350741.git.fdmanana@suse.com (mailing list archive)
State New, archived
Headers show
Series btrfs: some minor fixes around extent maps | expand

Commit Message

Filipe Manana March 13, 2024, 5:28 p.m. UTC 
From: Filipe Manana <fdmanana@suse.com>

At unpin_extent_cache() if we happen to find an extent map with an
unexpected start offset, we jump to the 'out' label and never release the
reference we added to the extent map through the call to
lookup_extent_mapping(), therefore resulting in a leak. So fix this by
moving the free_extent_map() under the 'out' label.

Fixes: c03c89f821e5 ("btrfs: handle errors returned from unpin_extent_cache()")
Signed-off-by: Filipe Manana <fdmanana@suse.com>
---
 fs/btrfs/extent_map.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Anand Jain March 14, 2024, 12:59 p.m. UTC | #1 
On 3/13/24 22:58, fdmanana@kernel.org wrote:
> From: Filipe Manana <fdmanana@suse.com>
> 
> At unpin_extent_cache() if we happen to find an extent map with an
> unexpected start offset, we jump to the 'out' label and never release the
> reference we added to the extent map through the call to
> lookup_extent_mapping(), therefore resulting in a leak. So fix this by
> moving the free_extent_map() under the 'out' label.
> 
> Fixes: c03c89f821e5 ("btrfs: handle errors returned from unpin_extent_cache()")
> Signed-off-by: Filipe Manana <fdmanana@suse.com>
> ---
>   fs/btrfs/extent_map.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c
> index 347ca13d15a9..e03953dbcd5e 100644
> --- a/fs/btrfs/extent_map.c
> +++ b/fs/btrfs/extent_map.c
> @@ -340,9 +340,9 @@ int unpin_extent_cache(struct btrfs_inode *inode, u64 start, u64 len, u64 gen)
>   		em->mod_len = em->len;
>   	}
>   
> -	free_extent_map(em);
>   out:
>   	write_unlock(&tree->lock);
> +	free_extent_map(em);
>   	return ret;
>   
>   }



Looks good.

Reviewed-by: Anand Jain <anand.jain@oracle.com>

Thanks, Anand
diff mbox series

Patch

diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c
index 347ca13d15a9..e03953dbcd5e 100644
--- a/fs/btrfs/extent_map.c
+++ b/fs/btrfs/extent_map.c
@@ -340,9 +340,9 @@  int unpin_extent_cache(struct btrfs_inode *inode, u64 start, u64 len, u64 gen)
 		em->mod_len = em->len;
 	}
 
-	free_extent_map(em);
 out:
 	write_unlock(&tree->lock);
+	free_extent_map(em);
 	return ret;
 
 }