Re: [PATCH] fs/ceph/file: fix memory leaks in __ceph_sync_read()

From: Max Kellermann
Date: Thu Nov 28 2024 - 07:31:53 EST

Next message: Edward Adam Davis: "[PATCH] hfs: check key length before reading"
Previous message: Meghana Malladi: "[PATCH net v2 2/2] net: ti: icssg-prueth: Fix clearing of IEP_CMP_CFG registers during iep_init"
In reply to: Max Kellermann: "Re: [PATCH] fs/ceph/file: fix memory leaks in __ceph_sync_read()"
Next in thread: Alex Markuze: "Re: [PATCH] fs/ceph/file: fix memory leaks in __ceph_sync_read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Nov 28, 2024 at 1:28 PM Max Kellermann <max.kellermann@xxxxxxxxx> wrote:
>
> On Thu, Nov 28, 2024 at 1:18 PM Alex Markuze <amarkuze@xxxxxxxxxx> wrote:
> > Pages are freed in `ceph_osdc_put_request`, trying to release them
> > this way will end badly.
>
> I don't get it. If this ends badly, why does the other
> ceph_release_page_vector() call after ceph_osdc_put_request() in that
> function not end badly?

Look at this piece:

osd_req_op_extent_osd_data_pages(req, 0, pages, read_len,
offset_in_page(read_off),
false, false);

The last parameter is "own_pages". Ownership of these pages is NOT
transferred to the osdc request, therefore ceph_osdc_put_request()
will NOT free them, and this is really a leak bug and my patch fixes
it.

I just saw this piece of code for the first time, I have no idea. What
am I missing?

Next message: Edward Adam Davis: "[PATCH] hfs: check key length before reading"
Previous message: Meghana Malladi: "[PATCH net v2 2/2] net: ti: icssg-prueth: Fix clearing of IEP_CMP_CFG registers during iep_init"
In reply to: Max Kellermann: "Re: [PATCH] fs/ceph/file: fix memory leaks in __ceph_sync_read()"
Next in thread: Alex Markuze: "Re: [PATCH] fs/ceph/file: fix memory leaks in __ceph_sync_read()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]