From: Xiyu Yang <xiyuyang19@fudan.edu.cn>
To: Jeff Layton <jlayton@kernel.org>, Sage Weil <sage@redhat.com>,
Ilya Dryomov <idryomov@gmail.com>,
ceph-devel@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: yuanxzhang@fudan.edu.cn, kjlu@umn.edu,
Xiyu Yang <xiyuyang19@fudan.edu.cn>,
Xin Tan <tanxin.ctf@gmail.com>
Subject: [PATCH] ceph: Fix potential ceph_osd_request refcnt leak
Date: Mon, 20 Apr 2020 13:40:43 +0800 [thread overview]
Message-ID: <1587361243-83431-1-git-send-email-xiyuyang19@fudan.edu.cn> (raw)
ceph_writepages_start() invokes ceph_osdc_start_request(), which
increases the refcount of the ceph_osd_request object "req" and then
submit the request.
When ceph_writepages_start() returns or a new object is assigned to
"req", the original local reference of "req" becomes invalid, so the
refcount should be decreased to keep refcount balanced.
The reference counting issue happens in a normal path of
ceph_writepages_start(). Before NULL assigned to "req", the function
forgets to decrease its refcnt increased by ceph_osdc_start_request()
and will cause a refcnt leak.
Fix this issue by calling ceph_osdc_put_request() before the original
object pointed by "req" becomes invalid.
Fixes: 1d3576fd10f0 ("ceph: address space operations")
Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
---
fs/ceph/addr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
index 7ab616601141..b02c050a3418 100644
--- a/fs/ceph/addr.c
+++ b/fs/ceph/addr.c
@@ -1126,6 +1126,7 @@ static int ceph_writepages_start(struct address_space *mapping,
req->r_mtime = inode->i_mtime;
rc = ceph_osdc_start_request(&fsc->client->osdc, req, true);
BUG_ON(rc);
+ ceph_osdc_put_request(req);
req = NULL;
wbc->nr_to_write -= i;
--
2.7.4
next reply other threads:[~2020-04-20 5:41 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-20 5:40 Xiyu Yang [this message]
2020-04-20 8:44 ` [PATCH] ceph: Fix potential ceph_osd_request refcnt leak Ilya Dryomov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1587361243-83431-1-git-send-email-xiyuyang19@fudan.edu.cn \
--to=xiyuyang19@fudan.edu.cn \
--cc=ceph-devel@vger.kernel.org \
--cc=idryomov@gmail.com \
--cc=jlayton@kernel.org \
--cc=kjlu@umn.edu \
--cc=linux-kernel@vger.kernel.org \
--cc=sage@redhat.com \
--cc=tanxin.ctf@gmail.com \
--cc=yuanxzhang@fudan.edu.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.