Re: [PATCH] block: blk-zoned: fix zwplug refcount leak on write error path
From: Haris Iqbal
Date: Tue May 26 2026 - 14:58:11 EST
On 5/26/26 16:18, Wentao Liang wrote:
blk_zone_wplug_handle_write() increments zwplug->ref via kref_get()
when preparing to handle a zone write. On the error path where
blk_zone_wplug_handle_write_noalloc() fails, the function returns
without calling kref_put() on zwplug->ref, leaking the reference.
Add kref_put(&zwplug->ref, ...) on the error path to properly release
the reference.
Fixes: dd291d77cc90 ("block: Introduce zone write plugging")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Wentao Liang <vulab@xxxxxxxxxxx>
---
block/blk-zoned.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/block/blk-zoned.c b/block/blk-zoned.c
index 42ef830054dc..24b899663a48 100644
--- a/block/blk-zoned.c
+++ b/block/blk-zoned.c
@@ -1503,6 +1503,7 @@ static bool blk_zone_wplug_handle_write(struct bio *bio, unsigned int nr_segs)
if (!blk_zone_wplug_prepare_bio(zwplug, bio)) {
spin_unlock_irqrestore(&zwplug->lock, flags);
+ disk_put_zone_wplug(zwplug);
I am not sure if this is needed. The code above adds the BIO_ZONE_WRITE_PLUGGING flag to the bio, which means the blk_zone_write_plug_bio_endio would be called which should then call disk_put_zone_wplug.
I do wonder if there are special cases when blk_zone_bio_endio is not called.
bio_io_error(bio);
return true;
}
@@ -1511,6 +1512,7 @@ static bool blk_zone_wplug_handle_write(struct bio *bio, unsigned int nr_segs)
zwplug->flags |= BLK_ZONE_WPLUG_PLUGGED;
spin_unlock_irqrestore(&zwplug->lock, flags);
+ disk_put_zone_wplug(zwplug);
return false;