Re: [PATCH] md:Fix mem leak about rdev->badblocks.page.

NeilBrown <neilb@xxxxxxx> · Tue, 17 Apr 2012 11:54:56 +1000

On Wed, 11 Apr 2012 15:58:27 +0800 "majianpeng" <majianpeng@xxxxxxxxx> wrote:

> >From 7cc5b99748a5505d94d6e67ba4e639e341f0a00a Mon Sep 17 00:00:00 2001
> From: majianpeng <majianpeng@xxxxxxxxx>
> Date: Wed, 11 Apr 2012 15:44:55 +0800
> Subject: [PATCH] md:Fix mem leak about rdev->badblocks.page. When exec
>  md_import_device(),alloc badblocks.page.But met error when
>  exec bind_rdev_to_array().So exec export_rdev().But
>  export_rdev() did not free badblocks.page.
> 
> This may occur in those functions:
> 1:add_new_disk()
> 2:new_dev_store()

Thanks for the report.

I have chosen to fix it slightly differently - by doing the 'free' in
free_disk_sb, which I have since renamed to md_rdev_clear.

Here is that patch I have committed.

Thanks,
NeilBrown


From 79a97ee9d3ce9c36a855ac2217ad946856f98d25 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@xxxxxxx>
Date: Tue, 17 Apr 2012 11:52:56 +1000
Subject: [PATCH] md: move freeing of badblocks.page into md_rdev_clear

This ensures that it is always freed - there were case where
we failed to free the page.

Reported-by: majianpeng <majianpeng@xxxxxxxxx>
Signed-off-by: NeilBrown <neilb@xxxxxxx>

diff --git a/drivers/md/md.c b/drivers/md/md.c
index 7c3566c..e763fc1 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -814,6 +814,10 @@ void md_rdev_clear(struct md_rdev *rdev)
 		put_page(rdev->bb_page);
 		rdev->bb_page = NULL;
 	}
+	if (rdev->badblocks.page) {
+		kfree(rdev->badblocks.page);
+		rdev->badblocks.page = NULL;
+	}
 }
 EXPORT_SYMBOL_GPL(md_rdev_clear);
 
@@ -2189,9 +2193,7 @@ static void unbind_rdev_from_array(struct md_rdev * rdev)
 	sysfs_remove_link(&rdev->kobj, "block");
 	sysfs_put(rdev->sysfs_state);
 	rdev->sysfs_state = NULL;
-	kfree(rdev->badblocks.page);
 	rdev->badblocks.count = 0;
-	rdev->badblocks.page = NULL;
 	/* We need to delay this, otherwise we can deadlock when
 	 * writing to 'remove' to "dev/state".  We also need
 	 * to delay it due to rcu usage.
@@ -3323,7 +3325,6 @@ abort_free:
 	if (rdev->bdev)
 		unlock_rdev(rdev);
 	md_rdev_clear(rdev);
-	kfree(rdev->badblocks.page);
 	kfree(rdev);
 	return ERR_PTR(err);
 }
Attachment:
signature.asc

Description: PGP signature




