| From b0666c996a3e63b051be9522a1afae7b467a955d Mon Sep 17 00:00:00 2001 |
| From: Luis Henriques <lhenriques@suse.com> |
| Date: Thu, 19 Mar 2020 11:43:48 +0000 |
| Subject: [PATCH] ceph: fix memory leak in ceph_cleanup_snapid_map() |
| |
| commit c8d6ee01449cd0d2f30410681cccb616a88f50b1 upstream. |
| |
| kmemleak reports the following memory leak: |
| |
| unreferenced object 0xffff88821feac8a0 (size 96): |
| comm "kworker/1:0", pid 17, jiffies 4294896362 (age 20.512s) |
| hex dump (first 32 bytes): |
| a0 c8 ea 1f 82 88 ff ff 00 c9 ea 1f 82 88 ff ff ................ |
| 00 00 00 00 00 00 00 00 00 01 00 00 00 00 ad de ................ |
| backtrace: |
| [<00000000b3ea77fb>] ceph_get_snapid_map+0x75/0x2a0 |
| [<00000000d4060942>] fill_inode+0xb26/0x1010 |
| [<0000000049da6206>] ceph_readdir_prepopulate+0x389/0xc40 |
| [<00000000e2fe2549>] dispatch+0x11ab/0x1521 |
| [<000000007700b894>] ceph_con_workfn+0xf3d/0x3240 |
| [<0000000039138a41>] process_one_work+0x24d/0x590 |
| [<00000000eb751f34>] worker_thread+0x4a/0x3d0 |
| [<000000007e8f0d42>] kthread+0xfb/0x130 |
| [<00000000d49bd1fa>] ret_from_fork+0x3a/0x50 |
| |
| A kfree is missing while looping the 'to_free' list of ceph_snapid_map |
| objects. |
| |
| Cc: stable@vger.kernel.org |
| Fixes: 75c9627efb72 ("ceph: map snapid to anonymous bdev ID") |
| Signed-off-by: Luis Henriques <lhenriques@suse.com> |
| Reviewed-by: Jeff Layton <jlayton@kernel.org> |
| Signed-off-by: Ilya Dryomov <idryomov@gmail.com> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/fs/ceph/snap.c b/fs/ceph/snap.c |
| index 213bc1475e91..e630762175a4 100644 |
| --- a/fs/ceph/snap.c |
| +++ b/fs/ceph/snap.c |
| @@ -1152,5 +1152,6 @@ void ceph_cleanup_snapid_map(struct ceph_mds_client *mdsc) |
| pr_err("snapid map %llx -> %x still in use\n", |
| sm->snap, sm->dev); |
| } |
| + kfree(sm); |
| } |
| } |
| -- |
| 2.7.4 |
| |
