On Wed, Jul 06, 2022 at 04:22:37PM +0800, Jianglei Nie wrote:
> xfs_bmap_add_attrfork() allocates a memory chunk for ip->i_afp with
> xfs_ifork_alloc(). When some error occurs, the function goto trans_cancel;
> without releasing the ip->i_afp, which will lead to a memory leak.
Where does it leak? Do you ahve a KASAN report?
> We should release the ip->i_afp with kmem_cache_free() and set "ip->i_afp
> = NULL" if ip->i_afp is not NULL pointer.
>
> Signed-off-by: Jianglei Nie <niejianglei2021@xxxxxxx>
> ---
> fs/xfs/libxfs/xfs_bmap.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c
> index 6833110d1bd4..0c99726c0968 100644
> --- a/fs/xfs/libxfs/xfs_bmap.c
> +++ b/fs/xfs/libxfs/xfs_bmap.c
> @@ -1088,6 +1088,10 @@ xfs_bmap_add_attrfork(
> trans_cancel:
> xfs_trans_cancel(tp);
> xfs_iunlock(ip, XFS_ILOCK_EXCL);
> + if (ip->i_afp) {
> + kmem_cache_free(xfs_ifork_cache, ip->i_afp);
> + ip->a_afp = NULL;
^^^^^
Please compile and test your changes before proposing them for
inclusion.
Cheers,
Dave.
--
Dave Chinner
david@xxxxxxxxxxxxx
