rbd: fix leak of format 2 snapshot context
authorAlex Elder <elder@inktank.com>
Mon, 6 May 2013 13:37:00 +0000 (08:37 -0500)
committerAlex Elder <elder@inktank.com>
Wed, 8 May 2013 12:38:30 +0000 (07:38 -0500)
When rbd_dev_v2_refresh() is called, the rbd device already has a
snapshot context associated with it.  But that never gets freed,
the pointer just gets overwritten.

Fix this by dropping the rbd device's reference to the snapshot
context before overwriting the pointer.

Because ceph_put_snap_context() already handles for a null pointer
we don't need to check for that (for the probe case, where no
context has yet been assigned).

This resolves:
    http://tracker.ceph.com/issues/4912

Signed-off-by: Alex Elder <elder@inktank.com>
Reviewed-by: Josh Durgin <josh.durgin@inktank.com>
drivers/block/rbd.c

index c2ca1818f33583679ac3d96f8bbaa4f33949640a..426374321d756f5fabe50e676e25f788a0b2d08b 100644 (file)
@@ -4004,6 +4004,7 @@ static int rbd_dev_v2_snap_context(struct rbd_device *rbd_dev)
        for (i = 0; i < snap_count; i++)
                snapc->snaps[i] = ceph_decode_64(&p);
 
+       ceph_put_snap_context(rbd_dev->header.snapc);
        rbd_dev->header.snapc = snapc;
 
        dout("  snap context seq = %llu, snap_count = %u\n",