xfs: Fix leak of discard bio

Commit Message

Jan Kara Aug. 2, 2017, 8:37 a.m. UTC

The bio describing discard operation is allocated by
__blkdev_issue_discard() which returns us a reference to it. That
reference is never released and thus we leak this bio. Drop the bio
reference once it completes in xlog_discard_endio().

CC: stable@vger.kernel.org
Fixes: 4560e78f40cb55bd2ea8f1ef4001c5baa88531c7
Signed-off-by: Jan Kara <jack@suse.cz>
---
 fs/xfs/xfs_log_cil.c | 1 +
 1 file changed, 1 insertion(+)

Note, this is untested. It's just something I've noticed when looking at the
code.

Comments

Dave Chinner Aug. 2, 2017, 11:33 a.m. UTC | #1

On Wed, Aug 02, 2017 at 10:37:41AM +0200, Jan Kara wrote:
> The bio describing discard operation is allocated by
> __blkdev_issue_discard() which returns us a reference to it. That
> reference is never released and thus we leak this bio. Drop the bio
> reference once it completes in xlog_discard_endio().
> 
> CC: stable@vger.kernel.org
> Fixes: 4560e78f40cb55bd2ea8f1ef4001c5baa88531c7
> Signed-off-by: Jan Kara <jack@suse.cz>
> ---
>  fs/xfs/xfs_log_cil.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> Note, this is untested. It's just something I've noticed when looking at the
> code.
> 
> diff --git a/fs/xfs/xfs_log_cil.c b/fs/xfs/xfs_log_cil.c
> index fbe72b134bef..43aa42a3a5d3 100644
> --- a/fs/xfs/xfs_log_cil.c
> +++ b/fs/xfs/xfs_log_cil.c
> @@ -539,6 +539,7 @@ xlog_discard_endio(
>  
>  	INIT_WORK(&ctx->discard_endio_work, xlog_discard_endio_work);
>  	queue_work(xfs_discard_wq, &ctx->discard_endio_work);
> +	bio_put(bio);
>  }

At a quick glance, it does seem that we are leaking the bio here. It
appears to me that ext4_process_freed_data() also has the same
problem and leaks the discard_bio....

Cheers,

Dave.

Jan Kara Aug. 2, 2017, 1:17 p.m. UTC | #2

On Wed 02-08-17 21:33:49, Dave Chinner wrote:
> On Wed, Aug 02, 2017 at 10:37:41AM +0200, Jan Kara wrote:
> > The bio describing discard operation is allocated by
> > __blkdev_issue_discard() which returns us a reference to it. That
> > reference is never released and thus we leak this bio. Drop the bio
> > reference once it completes in xlog_discard_endio().
> > 
> > CC: stable@vger.kernel.org
> > Fixes: 4560e78f40cb55bd2ea8f1ef4001c5baa88531c7
> > Signed-off-by: Jan Kara <jack@suse.cz>
> > ---
> >  fs/xfs/xfs_log_cil.c | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > Note, this is untested. It's just something I've noticed when looking at the
> > code.
> > 
> > diff --git a/fs/xfs/xfs_log_cil.c b/fs/xfs/xfs_log_cil.c
> > index fbe72b134bef..43aa42a3a5d3 100644
> > --- a/fs/xfs/xfs_log_cil.c
> > +++ b/fs/xfs/xfs_log_cil.c
> > @@ -539,6 +539,7 @@ xlog_discard_endio(
> >  
> >  	INIT_WORK(&ctx->discard_endio_work, xlog_discard_endio_work);
> >  	queue_work(xfs_discard_wq, &ctx->discard_endio_work);
> > +	bio_put(bio);
> >  }
> 
> At a quick glance, it does seem that we are leaking the bio here. It
> appears to me that ext4_process_freed_data() also has the same
> problem and leaks the discard_bio....

Yes, and a fix of that prompted me to look into how XFS does things ;)

								Honza

Darrick J. Wong Aug. 2, 2017, 7:37 p.m. UTC | #3

On Wed, Aug 02, 2017 at 10:37:41AM +0200, Jan Kara wrote:
> The bio describing discard operation is allocated by
> __blkdev_issue_discard() which returns us a reference to it. That
> reference is never released and thus we leak this bio. Drop the bio
> reference once it completes in xlog_discard_endio().
> 
> CC: stable@vger.kernel.org
> Fixes: 4560e78f40cb55bd2ea8f1ef4001c5baa88531c7
> Signed-off-by: Jan Kara <jack@suse.cz>
> ---
>  fs/xfs/xfs_log_cil.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> Note, this is untested. It's just something I've noticed when looking at the
> code.
> 
> diff --git a/fs/xfs/xfs_log_cil.c b/fs/xfs/xfs_log_cil.c
> index fbe72b134bef..43aa42a3a5d3 100644
> --- a/fs/xfs/xfs_log_cil.c
> +++ b/fs/xfs/xfs_log_cil.c
> @@ -539,6 +539,7 @@ xlog_discard_endio(
>  
>  	INIT_WORK(&ctx->discard_endio_work, xlog_discard_endio_work);
>  	queue_work(xfs_discard_wq, &ctx->discard_endio_work);
> +	bio_put(bio);

It would seem that we /do/ leak the bio here. :(

Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>

--D

>  }
>  
>  static void
> -- 
> 2.12.3
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Christoph Hellwig Aug. 5, 2017, 1:56 p.m. UTC | #4

Looks fine,

Reviewed-by: Christoph Hellwig <hch@lst.de>
--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/fs/xfs/xfs_log_cil.c b/fs/xfs/xfs_log_cil.c
index fbe72b134bef..43aa42a3a5d3 100644
--- a/fs/xfs/xfs_log_cil.c
+++ b/fs/xfs/xfs_log_cil.c
@@ -539,6 +539,7 @@  xlog_discard_endio(
 
 	INIT_WORK(&ctx->discard_endio_work, xlog_discard_endio_work);
 	queue_work(xfs_discard_wq, &ctx->discard_endio_work);
+	bio_put(bio);
 }
 
 static void