block: rbd: fixed may leaks
authorVasiliy Kulikov <segooon@gmail.com>
Sun, 26 Sep 2010 08:59:37 +0000 (12:59 +0400)
committerSage Weil <sage@newdream.net>
Wed, 20 Oct 2010 22:38:19 +0000 (15:38 -0700)
rbd_client_create() doesn't free rbdc, this leads to many leaks.

seg_len in rbd_do_op() is unsigned, so (seg_len < 0) makes no sense.
Also if fixed check fails then seg_name is leaked.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net>
drivers/block/rbd.c

index c42f3058abc79de903b979b2a1fe9ea6dbc74ed0..83b15dd24853ca39949e21e9264afc0ec92b632d 100644 (file)
@@ -241,6 +241,7 @@ static struct rbd_client *rbd_client_create(struct ceph_options *opt)
        rbdc->client = ceph_create_client(opt, rbdc);
        if (IS_ERR(rbdc->client))
                goto out_rbdc;
+       opt = NULL; /* Now rbdc->client is responsible for opt */
 
        ret = ceph_open_session(rbdc->client);
        if (ret < 0)
@@ -255,13 +256,12 @@ static struct rbd_client *rbd_client_create(struct ceph_options *opt)
 
 out_err:
        ceph_destroy_client(rbdc->client);
-       return ERR_PTR(ret);
-
 out_rbdc:
        kfree(rbdc);
 out_opt:
-       ceph_destroy_options(opt);
-       return ERR_PTR(-ENOMEM);
+       if (opt)
+               ceph_destroy_options(opt);
+       return ERR_PTR(ret);
 }
 
 /*
@@ -889,8 +889,10 @@ static int rbd_do_op(struct request *rq,
                                  rbd_dev->header.block_name,
                                  ofs, len,
                                  seg_name, &seg_ofs);
-       if (seg_len < 0)
-               return seg_len;
+       if ((s64)seg_len < 0) {
+               ret = seg_len;
+               goto done;
+       }
 
        payload_len = (flags & CEPH_OSD_FLAG_WRITE ? seg_len : 0);