From: Nikolay Borisov <nborisov@suse.com>
To: fdmanana@kernel.org, linux-btrfs@vger.kernel.org
Subject: Re: [PATCH 1/3] Btrfs: fix a block group ref counter leak after failure to remove block group
Date: Wed, 3 Jun 2020 10:44:55 +0300 [thread overview]
Message-ID: <207d40cc-051c-4c4a-62c8-3343e53294ad@suse.com> (raw)
In-Reply-To: <0b010680-f286-f858-8cfd-94dc888ca7a4@suse.com>
On 3.06.20 г. 10:32 ч., Nikolay Borisov wrote:
>
>
> On 1.06.20 г. 21:12 ч., fdmanana@kernel.org wrote:
>> From: Filipe Manana <fdmanana@suse.com>
>>
>> When removing a block group, if we fail to delete the block group's item
>> from the extent tree, we jump to the 'out' label and end up decrementing
>> the block group's reference count once only (by 1), resulting in a counter
>> leak because the block group at that point was already removed from the
>> block group cache rbtree - so we have to decrement the reference count
>> twice, once for the rbtree and once for our lookup at the start of the
>> function.
>
> However I'm having hard time reconciling this. The block group is
> removed from the block_group_cache_tree after we've called
> btrfs_del_item. So if btrfs_del_item or btrfs_search_slot fail the code
> jumps at out_put_group and puts the reference acquired at the beginning
> of the function via btrfs_lookup_block_group.
>
> I think what you meant is if we fail to delete the block group's item
> from the freespace tree, that is if we fail
> remove_block_group_free_space, then we'd have a ref leak. With this
> modification to the changelog:
>
Looking again in this function without this patch the sequence of
remove_block_group_free_space/btrfs_put_block-group/remove_block_group_item
is really bogus.
1. If remove_block_group_free_space fails the code would jump to
out_put_group which would leak the ref count for the rb tree
2. If remove_block_group_item (removal from extent tree) fails then the
code would jump to out: which won't drop the reference taken in
btrfs_remove_block_group...
> Reviewed-by: Nikolay Borisov <nborisov@suse.com>
>
>>
>> To make things less error prone, decrement the reference count for the
>> rbtree immediately after removing the block group from it. This also
>> eleminates the need for two different exit labels on error, renaming
>> 'out_put_label' to just 'out' and removing the old 'out'.
>
> I agree with this.
>
>>
>> Fixes: f6033c5e333238 ("btrfs: fix block group leak when removing fails")
>> Signed-off-by: Filipe Manana <fdmanana@suse.com>
>
> <snip>
>
next prev parent reply other threads:[~2020-06-03 7:45 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-01 18:12 [PATCH 1/3] Btrfs: fix a block group ref counter leak after failure to remove block group fdmanana
2020-06-03 7:32 ` Nikolay Borisov
2020-06-03 7:44 ` Nikolay Borisov [this message]
2020-06-03 9:30 ` Filipe Manana
2020-06-03 9:37 ` Nikolay Borisov
2020-06-03 10:11 ` [PATCH v2 " fdmanana
2020-06-03 10:33 ` Anand Jain
2020-06-04 17:11 ` David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=207d40cc-051c-4c4a-62c8-3343e53294ad@suse.com \
--to=nborisov@suse.com \
--cc=fdmanana@kernel.org \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.