linux/fs/xfs
Dave Chinner e34a314c5e xfs: fix efi item leak on forced shutdown
After test 139, kmemleak shows:

unreferenced object 0xffff880078b405d8 (size 400):
  comm "xfs_io", pid 4904, jiffies 4294909383 (age 1186.728s)
  hex dump (first 32 bytes):
    60 c1 17 79 00 88 ff ff 60 c1 17 79 00 88 ff ff  `..y....`..y....
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff81afb04d>] kmemleak_alloc+0x2d/0x60
    [<ffffffff8115c6cf>] kmem_cache_alloc+0x13f/0x2b0
    [<ffffffff814aaa97>] kmem_zone_alloc+0x77/0xf0
    [<ffffffff814aab2e>] kmem_zone_zalloc+0x1e/0x50
    [<ffffffff8147cd6b>] xfs_efi_init+0x4b/0xb0
    [<ffffffff814a4ee8>] xfs_trans_get_efi+0x58/0x90
    [<ffffffff81455fab>] xfs_bmap_finish+0x8b/0x1d0
    [<ffffffff814851b4>] xfs_itruncate_finish+0x2c4/0x5d0
    [<ffffffff814a970f>] xfs_setattr+0x8df/0xa70
    [<ffffffff814b5c7b>] xfs_vn_setattr+0x1b/0x20
    [<ffffffff8117dc00>] notify_change+0x170/0x2e0
    [<ffffffff81163bf6>] do_truncate+0x66/0xa0
    [<ffffffff81163d0b>] sys_ftruncate+0xdb/0xe0
    [<ffffffff8103a002>] system_call_fastpath+0x16/0x1b
    [<ffffffffffffffff>] 0xffffffffffffffff

The cause of the leak is that the "remove" parameter of IOP_UNPIN()
is never set when a CIL push is aborted. This means that the EFI
item is never freed if it was in the push being cancelled. The
problem is specific to delayed logging, but has uncovered a couple
of problems with the handling of IOP_UNPIN(remove).

Firstly, we cannot safely call xfs_trans_del_item() from IOP_UNPIN()
in the CIL commit failure path or the iclog write failure path
because for delayed loging we have no transaction context. Hence we
must only call xfs_trans_del_item() if the log item being unpinned
has an active log item descriptor.

Secondly, xfs_trans_uncommit() does not handle log item descriptor
freeing during the traversal of log items on a transaction. It can
reference a freed log item descriptor when unpinning an EFI item.
Hence it needs to use a safe list traversal method to allow items to
be removed from the transaction during IOP_UNPIN().

Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Alex Elder <aelder@sgi.com>
2011-01-28 09:01:33 -06:00
..
linux-2.6 fallocate should be a file operation 2011-01-17 02:25:31 -05:00
quota xfs: use wait queues directly for the log wait queues 2010-12-21 12:09:01 +11:00
support xfs: Do not name variables "panic" 2011-01-17 12:39:07 -08:00
Kconfig quota: Make QUOTACTL config be selected by its users 2010-10-05 12:16:37 +02:00
Makefile xfs: add FITRIM support 2011-01-11 20:28:29 -06:00
xfs_acl.h fs: provide rcu-walk aware permission i_ops 2011-01-07 17:50:29 +11:00
xfs_ag.h xfs: convert pag_ici_lock to a spin lock 2010-12-16 17:08:41 +11:00
xfs_alloc_btree.c xfs: remove the ->kill_root btree operation 2010-10-18 15:07:38 -05:00
xfs_alloc_btree.h
xfs_alloc.c xfs: add FITRIM support 2011-01-11 20:28:29 -06:00
xfs_alloc.h xfs: add FITRIM support 2011-01-11 20:28:29 -06:00
xfs_arch.h
xfs_attr_leaf.c xfs: use KM_NOFS for allocations during attribute list operations 2010-12-23 11:57:37 +11:00
xfs_attr_leaf.h
xfs_attr_sf.h xfs: convert attr to use unsigned names 2010-01-20 10:47:48 +11:00
xfs_attr.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_attr.h xfs: convert attr to use unsigned names 2010-01-20 10:47:48 +11:00
xfs_bit.c
xfs_bit.h
xfs_bmap_btree.c xfs: remove unneeded #include statements 2010-07-26 13:16:33 -05:00
xfs_bmap_btree.h
xfs_bmap.c xfs: delayed alloc blocks beyond EOF are valid after writeback 2010-12-01 07:40:20 -06:00
xfs_bmap.h xfs: fix failed write truncation handling. 2010-12-01 07:40:19 -06:00
xfs_btree_trace.c
xfs_btree_trace.h
xfs_btree.c xfs: connect up buffer reclaim priority hooks 2010-12-02 16:31:13 +11:00
xfs_btree.h xfs: remove the ->kill_root btree operation 2010-10-18 15:07:38 -05:00
xfs_buf_item.c xfs: fix efi item leak on forced shutdown 2011-01-28 09:01:33 -06:00
xfs_buf_item.h xfs: use struct list_head for the buf cancel table 2010-12-16 16:05:22 -06:00
xfs_da_btree.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_da_btree.h
xfs_dfrag.c xfs: delayed alloc blocks beyond EOF are valid after writeback 2010-12-01 07:40:20 -06:00
xfs_dfrag.h
xfs_dinode.h xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_dir2_block.c xfs: fix gcc 4.6 set but not read and unused statement warnings 2010-07-26 13:16:51 -05:00
xfs_dir2_block.h
xfs_dir2_data.c xfs: remove unneeded #include statements 2010-07-26 13:16:33 -05:00
xfs_dir2_data.h
xfs_dir2_leaf.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_dir2_leaf.h
xfs_dir2_node.c xfs: remove unneeded #include statements 2010-07-26 13:16:33 -05:00
xfs_dir2_node.h
xfs_dir2_sf.c xfs: remove unneeded #include statements 2010-07-26 13:16:33 -05:00
xfs_dir2_sf.h
xfs_dir2.c xfs: split xfs_itrace_entry 2010-07-26 13:16:44 -05:00
xfs_dir2.h
xfs_error.c xfs: prevent NMI timeouts in cmn_err 2011-01-12 08:46:41 -06:00
xfs_error.h xfs: prevent NMI timeouts in cmn_err 2011-01-12 08:46:41 -06:00
xfs_extfree_item.c xfs: fix efi item leak on forced shutdown 2011-01-28 09:01:33 -06:00
xfs_extfree_item.h xfs: Pull EFI/EFD handling out from under the AIL lock 2010-12-20 11:59:49 +11:00
xfs_filestream.c xfs: tell lockdep about parent iolock usage in filestreams 2010-11-10 12:00:48 -06:00
xfs_filestream.h xfs: clean up filestreams helpers 2010-07-26 13:16:51 -05:00
xfs_fs.h xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_fsops.c xfs: ensure log covering transactions are synchronous 2011-01-11 20:28:17 -06:00
xfs_fsops.h xfs: ensure log covering transactions are synchronous 2011-01-11 20:28:17 -06:00
xfs_ialloc_btree.c xfs: remove the ->kill_root btree operation 2010-10-18 15:07:38 -05:00
xfs_ialloc_btree.h
xfs_ialloc.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_ialloc.h
xfs_iget.c Merge branch 'master' into for-linus-merged 2011-01-10 21:35:55 -06:00
xfs_inode_item.c xfs: remove all the inodes on a buffer from the AIL in bulk 2010-12-20 12:03:17 +11:00
xfs_inode_item.h xfs: simplify inode to transaction joining 2010-07-26 13:16:36 -05:00
xfs_inode.c xfs: connect up buffer reclaim priority hooks 2010-12-02 16:31:13 +11:00
xfs_inode.h xfs: don't truncate prealloc from frequently accessed inodes 2010-12-23 12:02:31 +11:00
xfs_inum.h
xfs_iomap.c xfs: dynamic speculative EOF preallocation 2011-01-04 11:35:03 +11:00
xfs_iomap.h xfs: kill xfs_iomap 2010-12-16 16:05:51 -06:00
xfs_itable.c xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_itable.h xfs: remove block number from inode lookup code 2010-06-24 11:35:17 +10:00
xfs_log_cil.c xfs: fix log ticket leak on forced shutdown. 2011-01-27 12:02:00 +11:00
xfs_log_priv.h xfs: convert grant head manipulations to lockless algorithm 2010-12-21 12:29:14 +11:00
xfs_log_recover.c xfs: prevent NMI timeouts in cmn_err 2011-01-12 08:46:41 -06:00
xfs_log_recover.h xfs: Clean up XFS_BLI_* flag namespace 2010-05-24 10:33:39 -05:00
xfs_log.c xfs: prevent NMI timeouts in cmn_err 2011-01-12 08:46:41 -06:00
xfs_log.h xfs: remove the unused XFS_LOG_SLEEP and XFS_LOG_NOSLEEP flags 2010-07-26 13:16:38 -05:00
xfs_mount.c xfs: convert pag_ici_lock to a spin lock 2010-12-16 17:08:41 +11:00
xfs_mount.h xfs: dynamic speculative EOF preallocation 2011-01-04 11:35:03 +11:00
xfs_mru_cache.c workqueue: convert cancel_rearming_delayed_work[queue]() users to cancel_delayed_work_sync() 2010-12-15 10:56:11 +01:00
xfs_mru_cache.h
xfs_quota.h xfs: fix a few compiler warnings with CONFIG_XFS_QUOTA=n 2010-11-10 12:00:48 -06:00
xfs_rename.c xfs: log timestamp changes to the source inode in rename 2010-12-09 17:07:02 -06:00
xfs_rtalloc.c xfs: use unhashed buffers for size checks 2010-10-18 15:07:50 -05:00
xfs_rtalloc.h xfs: be more explicit if RT mount fails due to config 2010-05-28 14:58:24 -05:00
xfs_rw.c xfs: remove unneeded #include statements 2010-07-26 13:16:33 -05:00
xfs_rw.h xfs: only clear the suid bit once in xfs_write 2010-02-12 13:43:57 -06:00
xfs_sb.h xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_trans_ail.c xfs: use AIL bulk delete function to implement single delete 2010-12-20 12:36:15 +11:00
xfs_trans_buf.c xfs: remove xfs_buf wrappers 2010-10-18 15:08:07 -05:00
xfs_trans_extfree.c xfs: Pull EFI/EFD handling out from under the AIL lock 2010-12-20 11:59:49 +11:00
xfs_trans_inode.c xfs: don't use vfs writeback for pure metadata modifications 2010-10-18 15:07:45 -05:00
xfs_trans_priv.h xfs: use AIL bulk delete function to implement single delete 2010-12-20 12:36:15 +11:00
xfs_trans_space.h
xfs_trans.c xfs: fix efi item leak on forced shutdown 2011-01-28 09:01:33 -06:00
xfs_trans.h xfs: connect up buffer reclaim priority hooks 2010-12-02 16:31:13 +11:00
xfs_types.h xfs: Extend project quotas to support 32bit project ids 2010-10-18 15:08:08 -05:00
xfs_utils.c xfs: remove xfs_cred.h 2010-10-18 15:08:06 -05:00
xfs_utils.h xfs: remove xfs_cred.h 2010-10-18 15:08:06 -05:00
xfs_vnodeops.c xfs: don't truncate prealloc from frequently accessed inodes 2010-12-23 12:02:31 +11:00
xfs_vnodeops.h xfs: remove xfs_cred.h 2010-10-18 15:08:06 -05:00
xfs.h