Re: [PATCH] fs/ceph/file: fix memory leaks in __ceph_sync_read()
From: Max Kellermann
Date: Thu Nov 28 2024 - 07:31:53 EST
On Thu, Nov 28, 2024 at 1:28 PM Max Kellermann <max.kellermann@xxxxxxxxx> wrote:
>
> On Thu, Nov 28, 2024 at 1:18 PM Alex Markuze <amarkuze@xxxxxxxxxx> wrote:
> > Pages are freed in `ceph_osdc_put_request`, trying to release them
> > this way will end badly.
>
> I don't get it. If this ends badly, why does the other
> ceph_release_page_vector() call after ceph_osdc_put_request() in that
> function not end badly?
Look at this piece:
osd_req_op_extent_osd_data_pages(req, 0, pages, read_len,
offset_in_page(read_off),
false, false);
The last parameter is "own_pages". Ownership of these pages is NOT
transferred to the osdc request, therefore ceph_osdc_put_request()
will NOT free them, and this is really a leak bug and my patch fixes
it.
I just saw this piece of code for the first time, I have no idea. What
am I missing?