Google Git
Sign in
android-kvm / linux / 80bf2f345411b9952a984b6105cd860500b01228^! / . / fs
commit80bf2f345411b9952a984b6105cd860500b01228[log] [tgz]
authorKent Overstreet <kent.overstreet@gmail.com>Sun Feb 06 19:20:36 2022 -0500
committerKent Overstreet <kent.overstreet@linux.dev>Sun Oct 22 17:09:23 2023 -0400
tree3b9b10d874c65cbdd1326d30ac74136ecf77ae7f
parent35228ecb7e4d45822c0e2acbb0fb9555da31ef31 [diff]
bcachefs: Fix freeing in bch2_dev_buckets_resize()

We were double-freeing old_buckets and not freeing old_buckets_gens:
also, the code was supposed to free buckets, not old_buckets;
old_buckets is only needed because we have to use rcu_assign_pointer()
instead of swap(), and won't be set if we hit the error path.

Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>

diff --git a/fs/bcachefs/bcachefs.h b/fs/bcachefs/bcachefs.h
index 3d1a677..59c0963 100644
--- a/fs/bcachefs/bcachefs.h
+++ b/fs/bcachefs/bcachefs.h

@@ -451,7 +451,7 @@ struct bch_dev {
 	 * Or rcu_read_lock(), but only for ptr_stale():
 	 */
 	struct bucket_array __rcu *buckets[2];
-	struct bucket_gens	*bucket_gens;
+	struct bucket_gens __rcu *bucket_gens;
 	unsigned long		*buckets_nouse;
 	struct rw_semaphore	bucket_lock;
 

diff --git a/fs/bcachefs/buckets.c b/fs/bcachefs/buckets.c
index acdc95d..ae57603 100644
--- a/fs/bcachefs/buckets.c
+++ b/fs/bcachefs/buckets.c

@@ -2106,7 +2106,7 @@ static void buckets_free_rcu(struct rcu_head *rcu)
 		container_of(rcu, struct bucket_array, rcu);
 
 	kvpfree(buckets,
-		sizeof(struct bucket_array) +
+		sizeof(*buckets) +
 		buckets->nbuckets * sizeof(struct bucket));
 }
 
@@ -2115,7 +2115,7 @@ static void bucket_gens_free_rcu(struct rcu_head *rcu)
 	struct bucket_gens *buckets =
 		container_of(rcu, struct bucket_gens, rcu);
 
-	kvpfree(buckets, sizeof(struct bucket_array) + buckets->nbuckets);
+	kvpfree(buckets, sizeof(*buckets) + buckets->nbuckets);
 }
 
 int bch2_dev_buckets_resize(struct bch_fs *c, struct bch_dev *ca, u64 nbuckets)
@@ -2225,9 +2225,9 @@ int bch2_dev_buckets_resize(struct bch_fs *c, struct bch_dev *ca, u64 nbuckets)
 	kvpfree(buckets_nouse,
 		BITS_TO_LONGS(nbuckets) * sizeof(unsigned long));
 	if (bucket_gens)
-		call_rcu(&old_buckets->rcu, bucket_gens_free_rcu);
+		call_rcu(&bucket_gens->rcu, bucket_gens_free_rcu);
 	if (buckets)
-		call_rcu(&old_buckets->rcu, buckets_free_rcu);
+		call_rcu(&buckets->rcu, buckets_free_rcu);
 
 	return ret;
 }
@@ -2242,6 +2242,8 @@ void bch2_dev_buckets_free(struct bch_dev *ca)
 		free_fifo(&ca->free[i]);
 	kvpfree(ca->buckets_nouse,
 		BITS_TO_LONGS(ca->mi.nbuckets) * sizeof(unsigned long));
+	kvpfree(rcu_dereference_protected(ca->bucket_gens, 1),
+		sizeof(struct bucket_gens) + ca->mi.nbuckets);
 	kvpfree(rcu_dereference_protected(ca->buckets[0], 1),
 		sizeof(struct bucket_array) +
 		ca->mi.nbuckets * sizeof(struct bucket));