Re: [PATCH 1/2] ceph: fix memory leak in ceph_direct_read_write()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewed-by: Alex Markuze <amarkuze@xxxxxxxxxx>

On Sat, Dec 7, 2024 at 8:26 PM Ilya Dryomov <idryomov@xxxxxxxxx> wrote:
>
> The bvecs array which is allocated in iter_get_bvecs_alloc() is leaked
> and pages remain pinned if ceph_alloc_sparse_ext_map() fails.
>
> There is no need to delay the allocation of sparse_ext map until after
> the bvecs array is set up, so fix this by moving sparse_ext allocation
> a bit earlier.  Also, make a similar adjustment in __ceph_sync_read()
> for consistency (a leak of the same kind in __ceph_sync_read() has been
> addressed differently).
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 03bc06c7b0bd ("ceph: add new mount option to enable sparse reads")
> Signed-off-by: Ilya Dryomov <idryomov@xxxxxxxxx>
> ---
>  fs/ceph/file.c | 43 ++++++++++++++++++++++---------------------
>  1 file changed, 22 insertions(+), 21 deletions(-)
>
> diff --git a/fs/ceph/file.c b/fs/ceph/file.c
> index f9bb9e5493ce..0df2ffc69e92 100644
> --- a/fs/ceph/file.c
> +++ b/fs/ceph/file.c
> @@ -1116,6 +1116,16 @@ ssize_t __ceph_sync_read(struct inode *inode, loff_t *ki_pos,
>                         len = read_off + read_len - off;
>                 more = len < iov_iter_count(to);
>
> +               op = &req->r_ops[0];
> +               if (sparse) {
> +                       extent_cnt = __ceph_sparse_read_ext_count(inode, read_len);
> +                       ret = ceph_alloc_sparse_ext_map(op, extent_cnt);
> +                       if (ret) {
> +                               ceph_osdc_put_request(req);
> +                               break;
> +                       }
> +               }
> +
>                 num_pages = calc_pages_for(read_off, read_len);
>                 page_off = offset_in_page(off);
>                 pages = ceph_alloc_page_vector(num_pages, GFP_KERNEL);
> @@ -1129,16 +1139,6 @@ ssize_t __ceph_sync_read(struct inode *inode, loff_t *ki_pos,
>                                                  offset_in_page(read_off),
>                                                  false, true);
>
> -               op = &req->r_ops[0];
> -               if (sparse) {
> -                       extent_cnt = __ceph_sparse_read_ext_count(inode, read_len);
> -                       ret = ceph_alloc_sparse_ext_map(op, extent_cnt);
> -                       if (ret) {
> -                               ceph_osdc_put_request(req);
> -                               break;
> -                       }
> -               }
> -
>                 ceph_osdc_start_request(osdc, req);
>                 ret = ceph_osdc_wait_request(osdc, req);
>
> @@ -1557,6 +1557,16 @@ ceph_direct_read_write(struct kiocb *iocb, struct iov_iter *iter,
>                         break;
>                 }
>
> +               op = &req->r_ops[0];
> +               if (sparse) {
> +                       extent_cnt = __ceph_sparse_read_ext_count(inode, size);
> +                       ret = ceph_alloc_sparse_ext_map(op, extent_cnt);
> +                       if (ret) {
> +                               ceph_osdc_put_request(req);
> +                               break;
> +                       }
> +               }
> +
>                 len = iter_get_bvecs_alloc(iter, size, &bvecs, &num_pages);
>                 if (len < 0) {
>                         ceph_osdc_put_request(req);
> @@ -1566,6 +1576,8 @@ ceph_direct_read_write(struct kiocb *iocb, struct iov_iter *iter,
>                 if (len != size)
>                         osd_req_op_extent_update(req, 0, len);
>
> +               osd_req_op_extent_osd_data_bvecs(req, 0, bvecs, num_pages, len);
> +
>                 /*
>                  * To simplify error handling, allow AIO when IO within i_size
>                  * or IO can be satisfied by single OSD request.
> @@ -1597,17 +1609,6 @@ ceph_direct_read_write(struct kiocb *iocb, struct iov_iter *iter,
>                         req->r_mtime = mtime;
>                 }
>
> -               osd_req_op_extent_osd_data_bvecs(req, 0, bvecs, num_pages, len);
> -               op = &req->r_ops[0];
> -               if (sparse) {
> -                       extent_cnt = __ceph_sparse_read_ext_count(inode, size);
> -                       ret = ceph_alloc_sparse_ext_map(op, extent_cnt);
> -                       if (ret) {
> -                               ceph_osdc_put_request(req);
> -                               break;
> -                       }
> -               }
> -
>                 if (aio_req) {
>                         aio_req->total_len += len;
>                         aio_req->num_reqs++;
> --
> 2.46.1
>
>






[Index of Archives]     [CEPH Users]     [Ceph Large]     [Ceph Dev]     [Information on CEPH]     [Linux BTRFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux