Re: [PATCH] block: blk-zoned: fix zwplug refcount leak on write error path

[Damien Le Moal]

On 5/27/26 3:54 AM, Haris Iqbal wrote:
> 
> 
> On 5/26/26 16:18, Wentao Liang wrote:
>> blk_zone_wplug_handle_write() increments zwplug->ref via kref_get()
>> when preparing to handle a zone write. On the error path where
>> blk_zone_wplug_handle_write_noalloc() fails, the function returns
>> without calling kref_put() on zwplug->ref, leaking the reference.
>>
>> Add kref_put(&zwplug->ref, ...) on the error path to properly release
>> the reference.
>>
>> Fixes: dd291d77cc90 ("block: Introduce zone write plugging")
>> Cc: stable@xxxxxxxxxxxxxxx
>> Signed-off-by: Wentao Liang <vulab@xxxxxxxxxxx>
>> ---
>>   block/blk-zoned.c | 2 ++
>>   1 file changed, 2 insertions(+)
>>
>> diff --git a/block/blk-zoned.c b/block/blk-zoned.c
>> index 42ef830054dc..24b899663a48 100644
>> --- a/block/blk-zoned.c
>> +++ b/block/blk-zoned.c
>> @@ -1503,6 +1503,7 @@ static bool blk_zone_wplug_handle_write(struct bio
>> *bio, unsigned int nr_segs)
>>         if (!blk_zone_wplug_prepare_bio(zwplug, bio)) {
>>           spin_unlock_irqrestore(&zwplug->lock, flags);
>> +        disk_put_zone_wplug(zwplug);
> 
> I am not sure if this is needed. The code above adds the
> BIO_ZONE_WRITE_PLUGGING flag to the bio, which means the
> blk_zone_write_plug_bio_endio would be called which should then call
> disk_put_zone_wplug.

Correct. This patch is not correct at all. The write plug reference is dropped
in the BIO completion path.

Wentao,

You clearly did not test this at all because if you had, you would have seen
all the warning splats that your patch triggers.

-- 
Damien Le Moal
Western Digital Research