Re: [PATCH 1/3] freevxfs: fix buffer_head leak

From: Andrew Morton
Date: Tue Jun 28 2005 - 18:57:39 EST

Next message: Luke Kenneth Casson Leighton: "accessing loopback filesystem+partitions on a file"
Previous message: Andrew Morton: "Re: [PATCH 2/3] freevxfs: minor cleanups"
Next in thread: Pekka Enberg: "Re: [PATCH 1/3] freevxfs: fix buffer_head leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pekka Enberg <penberg@xxxxxxxxxxxxxx> wrote:
>
> This patch fixes a buffer_head leak in the function vxfs_getfsh by
> allocating the buffer before doing sb_bread(). In addition, the patch
> replaces misused SLAB_KERNEL flag with the proper GFP_KERNEL and adds
> a NULL check for sb_bread.
>

Yes, there does seem to be a leak there.

> ===================================================================
> --- 2.6.orig/fs/freevxfs/vxfs_fshead.c 2005-06-28 19:48:12.000000000 +0300
> +++ 2.6/fs/freevxfs/vxfs_fshead.c 2005-06-28 19:48:34.000000000 +0300
> @@ -76,19 +76,22 @@
> vxfs_getfsh(struct inode *ip, int which)
> {
> struct buffer_head *bp;
> + struct vxfs_fsh *fhp;
> +
> + if (!(fhp = kmalloc(sizeof(*fhp), GFP_KERNEL)))
> + goto failed;
>
> bp = vxfs_bread(ip, which);
> - if (buffer_mapped(bp)) {
> - struct vxfs_fsh *fhp;
> + if (!bp || !buffer_mapped(bp))
> + goto failed;
>
> - if (!(fhp = kmalloc(sizeof(*fhp), SLAB_KERNEL)))
> - return NULL;
> - memcpy(fhp, bp->b_data, sizeof(*fhp));
> + memcpy(fhp, bp->b_data, sizeof(*fhp));
>
> - brelse(bp);
> - return (fhp);
> - }
> + brelse(bp);
> + return fhp;
>
> +failed:
> + kfree(fhp);
> return NULL;
> }
>

But your change means that we'll always perform that kmalloc, even if the
buffer came back !buffer_mapped().

<looks>

I don't think sb_bread() can return an unmapped buffer at all.

And sb_bread() can return NULL (I/O error) and we're not checking for that
in there.

Something like this?

diff -puN fs/freevxfs/vxfs_fshead.c~freevxfs-fix-buffer_head-leak fs/freevxfs/vxfs_fshead.c
--- 25/fs/freevxfs/vxfs_fshead.c~freevxfs-fix-buffer_head-leak Tue Jun 28 16:19:53 2005
+++ 25-akpm/fs/freevxfs/vxfs_fshead.c Tue Jun 28 16:24:53 2005
@@ -78,14 +78,16 @@ vxfs_getfsh(struct inode *ip, int which)
struct buffer_head *bp;

bp = vxfs_bread(ip, which);
- if (buffer_mapped(bp)) {
+ if (bp && buffer_mapped(bp)) {
struct vxfs_fsh *fhp;

- if (!(fhp = kmalloc(sizeof(*fhp), SLAB_KERNEL)))
+ if (!(fhp = kmalloc(sizeof(*fhp), GFP_KERNEL))) {
+ put_bh(bp);
return NULL;
+ }
memcpy(fhp, bp->b_data, sizeof(*fhp));

- brelse(bp);
+ put_bh(bp);
return (fhp);
}

_

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Luke Kenneth Casson Leighton: "accessing loopback filesystem+partitions on a file"
Previous message: Andrew Morton: "Re: [PATCH 2/3] freevxfs: minor cleanups"
Next in thread: Pekka Enberg: "Re: [PATCH 1/3] freevxfs: fix buffer_head leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]