Wang Shilong
2013-Aug-09 05:25 UTC
[patch v2 1/2] Btrfs: fix possible memory leak in find_parent_nodes()
The origin code dealt with ''ref'' as following steps:
|->list_del(&ref-list)
|->some operations
|->kfree(ref)
If operations failed, it would goto label ''out'' without
freeing this ''ref''.
and then memory leak would happen.Just move list_del() after kfree()
will fix the problem.
Signed-off-by: Wang Shilong <wangsl.fnst@cn.fujitsu.com>
Reviewed-by: Miao Xie <miaox@cn.fujitsu.com>
---
V1->V2: add explanations to changelog
---
fs/btrfs/backref.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c
index 68048d6..7b55c95 100644
--- a/fs/btrfs/backref.c
+++ b/fs/btrfs/backref.c
@@ -911,7 +911,6 @@ again:
while (!list_empty(&prefs)) {
ref = list_first_entry(&prefs, struct __prelim_ref, list);
- list_del(&ref->list);
WARN_ON(ref->count < 0);
if (ref->count && ref->root_id && ref->parent == 0)
{
/* no parent == root of tree */
@@ -956,6 +955,7 @@ again:
eie->next = ref->inode_list;
}
}
+ list_del(&ref->list);
kfree(ref);
}
--
1.8.0.1
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Wang Shilong
2013-Aug-09 05:25 UTC
[patch v2 2/2] Btrfs: allocate prelim_ref with a slab allocater
struct __prelim_ref is allocated and freed frequently when
walking backref tree, using slab allocater can not only
speed up allocating but also detect memory leaks.
Signed-off-by: Wang Shilong <wangsl.fnst@cn.fujitsu.com>
Reviewed-by: Miao Xie <miaox@cn.fujitsu.com>
---
V1->V2:
1.fix a missing allocating case that should be used by kmem_cache_alloc()
spotted by Jan Schmidt
2.rename prelim_ref to btrfs_prelim_ref addressed by David
---
fs/btrfs/backref.c | 33 +++++++++++++++++++++++++++------
fs/btrfs/backref.h | 2 ++
fs/btrfs/super.c | 8 ++++++++
3 files changed, 37 insertions(+), 6 deletions(-)
diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c
index 7b55c95..b352d15 100644
--- a/fs/btrfs/backref.c
+++ b/fs/btrfs/backref.c
@@ -119,6 +119,26 @@ struct __prelim_ref {
u64 wanted_disk_byte;
};
+static struct kmem_cache *btrfs_prelim_ref_cache;
+
+int __init btrfs_prelim_ref_init(void)
+{
+ btrfs_prelim_ref_cache = kmem_cache_create("btrfs_prelim_ref",
+ sizeof(struct __prelim_ref),
+ 0,
+ SLAB_RECLAIM_ACCOUNT | SLAB_MEM_SPREAD,
+ NULL);
+ if (!btrfs_prelim_ref_cache)
+ return -ENOMEM;
+ return 0;
+}
+
+void btrfs_prelim_ref_exit(void)
+{
+ if (btrfs_prelim_ref_cache)
+ kmem_cache_destroy(btrfs_prelim_ref_cache);
+}
+
/*
* the rules for all callers of this function are:
* - obtaining the parent is the goal
@@ -165,7 +185,7 @@ static int __add_prelim_ref(struct list_head *head, u64
root_id,
{
struct __prelim_ref *ref;
- ref = kmalloc(sizeof(*ref), gfp_mask);
+ ref = kmem_cache_alloc(btrfs_prelim_ref_cache, gfp_mask);
if (!ref)
return -ENOMEM;
@@ -369,7 +389,8 @@ static int __resolve_indirect_refs(struct btrfs_fs_info
*fs_info,
/* additional parents require new refs being added here */
while ((node = ulist_next(parents, &uiter))) {
- new_ref = kmalloc(sizeof(*new_ref), GFP_NOFS);
+ new_ref = kmem_cache_alloc(btrfs_prelim_ref_cache,
+ GFP_NOFS);
if (!new_ref) {
ret = -ENOMEM;
goto out;
@@ -493,7 +514,7 @@ static void __merge_refs(struct list_head *head, int mode)
ref1->count += ref2->count;
list_del(&ref2->list);
- kfree(ref2);
+ kmem_cache_free(btrfs_prelim_ref_cache, ref2);
}
}
@@ -956,7 +977,7 @@ again:
}
}
list_del(&ref->list);
- kfree(ref);
+ kmem_cache_free(btrfs_prelim_ref_cache, ref);
}
out:
@@ -964,13 +985,13 @@ out:
while (!list_empty(&prefs)) {
ref = list_first_entry(&prefs, struct __prelim_ref, list);
list_del(&ref->list);
- kfree(ref);
+ kmem_cache_free(btrfs_prelim_ref_cache, ref);
}
while (!list_empty(&prefs_delayed)) {
ref = list_first_entry(&prefs_delayed, struct __prelim_ref,
list);
list_del(&ref->list);
- kfree(ref);
+ kmem_cache_free(btrfs_prelim_ref_cache, ref);
}
return ret;
diff --git a/fs/btrfs/backref.h b/fs/btrfs/backref.h
index 8f2e767..a910b27 100644
--- a/fs/btrfs/backref.h
+++ b/fs/btrfs/backref.h
@@ -72,4 +72,6 @@ int btrfs_find_one_extref(struct btrfs_root *root, u64
inode_objectid,
struct btrfs_inode_extref **ret_extref,
u64 *found_off);
+int __init btrfs_prelim_ref_init(void);
+void btrfs_prelim_ref_exit(void);
#endif
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
index 1967903..812ab3d 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -56,6 +56,7 @@
#include "rcu-string.h"
#include "dev-replace.h"
#include "free-space-cache.h"
+#include "backref.h"
#define CREATE_TRACE_POINTS
#include <trace/events/btrfs.h>
@@ -1800,6 +1801,10 @@ static int __init init_btrfs_fs(void)
if (err)
goto free_auto_defrag;
+ err = btrfs_prelim_ref_init();
+ if (err)
+ goto free_prelim_ref;
+
err = btrfs_interface_init();
if (err)
goto free_delayed_ref;
@@ -1817,6 +1822,8 @@ static int __init init_btrfs_fs(void)
unregister_ioctl:
btrfs_interface_exit();
+free_prelim_ref:
+ btrfs_prelim_ref_exit();
free_delayed_ref:
btrfs_delayed_ref_exit();
free_auto_defrag:
@@ -1843,6 +1850,7 @@ static void __exit exit_btrfs_fs(void)
btrfs_delayed_ref_exit();
btrfs_auto_defrag_exit();
btrfs_delayed_inode_exit();
+ btrfs_prelim_ref_exit();
ordered_data_exit();
extent_map_exit();
extent_io_exit();
--
1.8.0.1
--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Jan Schmidt
2013-Aug-09 08:21 UTC
Re: [patch v2 2/2] Btrfs: allocate prelim_ref with a slab allocater
On Fri, August 09, 2013 at 07:25 (+0200), Wang Shilong wrote:> struct __prelim_ref is allocated and freed frequently when > walking backref tree, using slab allocater can not only > speed up allocating but also detect memory leaks. > > Signed-off-by: Wang Shilong <wangsl.fnst@cn.fujitsu.com> > Reviewed-by: Miao Xie <miaox@cn.fujitsu.com> > --- > V1->V2: > 1.fix a missing allocating case that should be used by kmem_cache_alloc() > spotted by Jan Schmidt > 2.rename prelim_ref to btrfs_prelim_ref addressed by David > --- > fs/btrfs/backref.c | 33 +++++++++++++++++++++++++++------ > fs/btrfs/backref.h | 2 ++ > fs/btrfs/super.c | 8 ++++++++ > 3 files changed, 37 insertions(+), 6 deletions(-) > > diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c > index 7b55c95..b352d15 100644 > --- a/fs/btrfs/backref.c > +++ b/fs/btrfs/backref.c > @@ -119,6 +119,26 @@ struct __prelim_ref { > u64 wanted_disk_byte; > }; > > +static struct kmem_cache *btrfs_prelim_ref_cache; > + > +int __init btrfs_prelim_ref_init(void) > +{ > + btrfs_prelim_ref_cache = kmem_cache_create("btrfs_prelim_ref", > + sizeof(struct __prelim_ref), > + 0, > + SLAB_RECLAIM_ACCOUNT | SLAB_MEM_SPREAD, > + NULL); > + if (!btrfs_prelim_ref_cache) > + return -ENOMEM; > + return 0; > +} > + > +void btrfs_prelim_ref_exit(void) > +{ > + if (btrfs_prelim_ref_cache) > + kmem_cache_destroy(btrfs_prelim_ref_cache); > +} > + > /* > * the rules for all callers of this function are: > * - obtaining the parent is the goal > @@ -165,7 +185,7 @@ static int __add_prelim_ref(struct list_head *head, u64 root_id, > { > struct __prelim_ref *ref; > > - ref = kmalloc(sizeof(*ref), gfp_mask); > + ref = kmem_cache_alloc(btrfs_prelim_ref_cache, gfp_mask); > if (!ref) > return -ENOMEM; > > @@ -369,7 +389,8 @@ static int __resolve_indirect_refs(struct btrfs_fs_info *fs_info, > > /* additional parents require new refs being added here */ > while ((node = ulist_next(parents, &uiter))) { > - new_ref = kmalloc(sizeof(*new_ref), GFP_NOFS); > + new_ref = kmem_cache_alloc(btrfs_prelim_ref_cache, > + GFP_NOFS); > if (!new_ref) { > ret = -ENOMEM; > goto out; > @@ -493,7 +514,7 @@ static void __merge_refs(struct list_head *head, int mode) > ref1->count += ref2->count; > > list_del(&ref2->list); > - kfree(ref2); > + kmem_cache_free(btrfs_prelim_ref_cache, ref2); > } > > } > @@ -956,7 +977,7 @@ again: > } > } > list_del(&ref->list); > - kfree(ref); > + kmem_cache_free(btrfs_prelim_ref_cache, ref); > } > > out: > @@ -964,13 +985,13 @@ out: > while (!list_empty(&prefs)) { > ref = list_first_entry(&prefs, struct __prelim_ref, list); > list_del(&ref->list); > - kfree(ref); > + kmem_cache_free(btrfs_prelim_ref_cache, ref); > } > while (!list_empty(&prefs_delayed)) { > ref = list_first_entry(&prefs_delayed, struct __prelim_ref, > list); > list_del(&ref->list); > - kfree(ref); > + kmem_cache_free(btrfs_prelim_ref_cache, ref); > } > > return ret; > diff --git a/fs/btrfs/backref.h b/fs/btrfs/backref.h > index 8f2e767..a910b27 100644 > --- a/fs/btrfs/backref.h > +++ b/fs/btrfs/backref.h > @@ -72,4 +72,6 @@ int btrfs_find_one_extref(struct btrfs_root *root, u64 inode_objectid, > struct btrfs_inode_extref **ret_extref, > u64 *found_off); > > +int __init btrfs_prelim_ref_init(void); > +void btrfs_prelim_ref_exit(void); > #endif > diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c > index 1967903..812ab3d 100644 > --- a/fs/btrfs/super.c > +++ b/fs/btrfs/super.c > @@ -56,6 +56,7 @@ > #include "rcu-string.h" > #include "dev-replace.h" > #include "free-space-cache.h" > +#include "backref.h" > > #define CREATE_TRACE_POINTS > #include <trace/events/btrfs.h> > @@ -1800,6 +1801,10 @@ static int __init init_btrfs_fs(void) > if (err) > goto free_auto_defrag; > > + err = btrfs_prelim_ref_init(); > + if (err) > + goto free_prelim_ref; > + > err = btrfs_interface_init(); > if (err) > goto free_delayed_ref; > @@ -1817,6 +1822,8 @@ static int __init init_btrfs_fs(void) > > unregister_ioctl: > btrfs_interface_exit(); > +free_prelim_ref: > + btrfs_prelim_ref_exit(); > free_delayed_ref: > btrfs_delayed_ref_exit(); > free_auto_defrag: > @@ -1843,6 +1850,7 @@ static void __exit exit_btrfs_fs(void) > btrfs_delayed_ref_exit(); > btrfs_auto_defrag_exit(); > btrfs_delayed_inode_exit(); > + btrfs_prelim_ref_exit(); > ordered_data_exit(); > extent_map_exit(); > extent_io_exit(); >Reviewed-by: Jan Schmidt <list.btrfs@jan-o-sch.net> -Jan -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Jan Schmidt
2013-Aug-09 08:26 UTC
Re: [patch v2 1/2] Btrfs: fix possible memory leak in find_parent_nodes()
On Fri, August 09, 2013 at 07:25 (+0200), Wang Shilong wrote:> The origin code dealt with ''ref'' as following steps: > |->list_del(&ref-list) > |->some operations > |->kfree(ref) > > If operations failed, it would goto label ''out'' without freeing this ''ref''. > and then memory leak would happen.Just move list_del() after kfree() > will fix the problem.Still not sufficient as an explanation. What is missing is the hint that in the error handling code, we free everything that''s left in the prefs list. -Jan> Signed-off-by: Wang Shilong <wangsl.fnst@cn.fujitsu.com> > Reviewed-by: Miao Xie <miaox@cn.fujitsu.com> > --- > V1->V2: add explanations to changelog > --- > fs/btrfs/backref.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c > index 68048d6..7b55c95 100644 > --- a/fs/btrfs/backref.c > +++ b/fs/btrfs/backref.c > @@ -911,7 +911,6 @@ again: > > while (!list_empty(&prefs)) { > ref = list_first_entry(&prefs, struct __prelim_ref, list); > - list_del(&ref->list); > WARN_ON(ref->count < 0); > if (ref->count && ref->root_id && ref->parent == 0) { > /* no parent == root of tree */ > @@ -956,6 +955,7 @@ again: > eie->next = ref->inode_list; > } > } > + list_del(&ref->list); > kfree(ref); > } > >-- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html