If io_submit or io_getevents fails, the do_aio_rw() won't free the "buf" and cause memory leak. Signed-off-by: Zorro Lang <zlang@xxxxxxxxxx> Reviewed-by: Brian Foster <bfoster@xxxxxxxxxx> --- ltp/fsstress.c | 39 +++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/ltp/fsstress.c b/ltp/fsstress.c index 68fbf7a5..1238fcf5 100644 --- a/ltp/fsstress.c +++ b/ltp/fsstress.c @@ -2078,11 +2078,11 @@ void do_aio_rw(int opno, long r, int flags) { int64_t align; - char *buf; + char *buf = NULL; struct dioattr diob; int e; pathname_t f; - int fd; + int fd = -1; size_t len; int64_t lr; off64_t off; @@ -2099,8 +2099,7 @@ do_aio_rw(int opno, long r, int flags) if (!get_fname(FT_REGFILE, r, &f, NULL, NULL, &v)) { if (v) printf("%d/%d: do_aio_rw - no filename\n", procid, opno); - free_pathname(&f); - return; + goto aio_out; } fd = open_path(&f, flags|O_DIRECT); e = fd < 0 ? errno : 0; @@ -2109,25 +2108,20 @@ do_aio_rw(int opno, long r, int flags) if (v) printf("%d/%d: do_aio_rw - open %s failed %d\n", procid, opno, f.path, e); - free_pathname(&f); - return; + goto aio_out; } if (fstat64(fd, &stb) < 0) { if (v) printf("%d/%d: do_aio_rw - fstat64 %s failed %d\n", procid, opno, f.path, errno); - free_pathname(&f); - close(fd); - return; + goto aio_out; } inode_info(st, sizeof(st), &stb, v); if (!iswrite && stb.st_size == 0) { if (v) printf("%d/%d: do_aio_rw - %s%s zero size\n", procid, opno, f.path, st); - free_pathname(&f); - close(fd); - return; + goto aio_out; } if (xfsctl(f.path, fd, XFS_IOC_DIOINFO, &diob) < 0) { if (v) @@ -2150,6 +2144,12 @@ do_aio_rw(int opno, long r, int flags) else if (len > diob.d_maxiosz) len = diob.d_maxiosz; buf = memalign(diob.d_mem, len); + if (!buf) { + if (v) + printf("%d/%d: do_aio_rw - memalign failed\n", + procid, opno); + goto aio_out; + } if (iswrite) { off = (off64_t)(lr % MIN(stb.st_size + (1024 * 1024), MAXFSIZE)); @@ -2166,27 +2166,26 @@ do_aio_rw(int opno, long r, int flags) if (v) printf("%d/%d: %s - io_submit failed %d\n", procid, opno, iswrite ? "awrite" : "aread", e); - free_pathname(&f); - close(fd); - return; + goto aio_out; } if ((e = io_getevents(io_ctx, 1, 1, &event, NULL)) != 1) { if (v) printf("%d/%d: %s - io_getevents failed %d\n", procid, opno, iswrite ? "awrite" : "aread", e); - free_pathname(&f); - close(fd); - return; + goto aio_out; } e = event.res != len ? event.res2 : 0; - free(buf); if (v) printf("%d/%d: %s %s%s [%lld,%d] %d\n", procid, opno, iswrite ? "awrite" : "aread", f.path, st, (long long)off, (int)len, e); + aio_out: + if (buf) + free(buf); + if (fd != -1) + close(fd); free_pathname(&f); - close(fd); } #endif -- 2.20.1