From: Zizhi Wo wozizhi@huawei.com
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IB5UKT
--------------------------------
In the current erofs read on demand scenario, when erofs is mounted, different levels of objects are generated.
In cachefiles_alloc_object(), fscache_object_init() is called to initialize the object corresponding to the cookie, and the cookie->usage is obtained. On the outside, if cachefiles_ondemand_init_obj_info() fails, object will be released, but the added cookie->usage cannot be subtracted. As a result, the cookie->usage is leaked and cannot be released. It also affects the next mount of cookie with the same id.
Fix this issue by adding fscache_object_destroy() to the error branch, and the same for cachefiles_daemon_add_cache().
Fixes: f29507ce6670 (fscache: Fix reference overput in fscache_attach_object() error handling) Signed-off-by: Zizhi Wo wozizhi@huawei.com Signed-off-by: Baokun Li libaokun1@huawei.com --- fs/cachefiles/bind.c | 1 + fs/cachefiles/interface.c | 1 + 2 files changed, 2 insertions(+)
diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index d076651b2931..50ac68b0ad81 100644 --- a/fs/cachefiles/bind.c +++ b/fs/cachefiles/bind.c @@ -246,6 +246,7 @@ static int cachefiles_daemon_add_cache(struct cachefiles_cache *cache) error_add_cache: dput(cache->graveyard); cache->graveyard = NULL; + fscache_object_destroy(&fsdef->fscache); error_unsupported: mntput(cache->mnt); cache->mnt = NULL; diff --git a/fs/cachefiles/interface.c b/fs/cachefiles/interface.c index 9c819d0d626f..abbf0033459e 100644 --- a/fs/cachefiles/interface.c +++ b/fs/cachefiles/interface.c @@ -109,6 +109,7 @@ static struct fscache_object *cachefiles_alloc_object( object->private = NULL; nomem_obj_info: BUG_ON(test_bit(CACHEFILES_OBJECT_ACTIVE, &object->flags)); + fscache_object_destroy(&object->fscache); kmem_cache_free(cachefiles_object_jar, object); fscache_object_destroyed(&cache->cache); nomem_object: