btrfs: free pages on error in btrfs_uring_read_extent()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In this function the 'pages' object is never freed in the hopes that it is
picked up by btrfs_uring_read_finished() whenever that executes in the
future. But that's just the happy path. Along the way previous
allocations might have gone wrong, or we might not get -EIOCBQUEUED from
btrfs_encoded_read_regular_fill_pages(). In all these cases, we go to a
cleanup section that frees all memory allocated by this function without
assuming any deferred execution, and this also needs to happen for the
'pages' allocation.

Fixes: 34310c442e17 ("btrfs: add io_uring command for encoded reads (ENCODED_READ ioctl)")
Signed-off-by: Miquel Sabaté Solà <mssola@mssola.com>
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

authored by

Miquel Sabaté Solà and committed by

David Sterba 3 months ago 3f501412 2ab22446

+6 -1

1 changed file

expand all

btrfs

ioctl.c

+6 -1

fs/btrfs/ioctl.c

··· 4651 4651 { 4652 4652 struct btrfs_inode *inode = BTRFS_I(file_inode(iocb->ki_filp)); 4653 4653 struct extent_io_tree *io_tree = &inode->io_tree; 4654 - struct page **pages; 4654 + struct page **pages = NULL; 4655 4655 struct btrfs_uring_priv *priv = NULL; 4656 4656 unsigned long nr_pages; 4657 4657 int ret; ··· 4709 4709 btrfs_unlock_extent(io_tree, start, lockend, &cached_state); 4710 4710 btrfs_inode_unlock(inode, BTRFS_ILOCK_SHARED); 4711 4711 kfree(priv); 4712 + for (int i = 0; i < nr_pages; i++) { 4713 + if (pages[i]) 4714 + __free_page(pages[i]); 4715 + } 4716 + kfree(pages); 4712 4717 return ret; 4713 4718 } 4714 4719

Configure Feed

Configure Feed