[21/23] libxfs: free buffer log item in libxfs_trans_brelse

Commit Message

Darrick J. Wong March 1, 2019, 11:29 p.m. UTC

From: Darrick J. Wong <darrick.wong@oracle.com>

If we're going to putbuf a buffer at the bottom of libxfs_trans_brelse,
that means that the buffer is clean and not held, and therefore we need
to detach the buffer from the transaction prior to releasing the buffer.
For whatever reason, we forget to free the buffer's b_log_item (though
we set b_transp to NULL), which means that if the buffer is immediately
freed or picked back up to write an inode core (which changes
b_log_item), we'll leak the buf item.

Therefore, free the buffer log item like the kernel does, which stops
the leak.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
 libxfs/trans.c |    3 +++
 1 file changed, 3 insertions(+)

Patch

diff --git a/libxfs/trans.c b/libxfs/trans.c
index 46ff8b4a..b0a04ecd 100644
--- a/libxfs/trans.c
+++ b/libxfs/trans.c
@@ -570,6 +570,8 @@  libxfs_trans_brelse(
 	xfs_trans_del_item(&bip->bli_item);
 	if (bip->bli_flags & XFS_BLI_HOLD)
 		bip->bli_flags &= ~XFS_BLI_HOLD;
+	kmem_zone_free(xfs_buf_item_zone, bip);
+	bp->b_log_item = NULL;
 	bp->b_transp = NULL;
 	libxfs_putbuf(bp);
 }
@@ -856,6 +858,7 @@  inode_item_done(
 		return;
 	}
 
+	ASSERT(bp->b_log_item == NULL);
 	bp->b_log_item = iip;
 	error = libxfs_iflush_int(ip, bp);
 	if (error) {