Opened 14 years ago
Closed 14 years ago
#6378 closed bug (fixed)
Block Cache Memory Leak
Reported by: | jvff | Owned by: | axeld |
---|---|---|---|
Priority: | normal | Milestone: | R1 |
Component: | System/Kernel | Version: | R1/alpha2 |
Keywords: | block cache, memory leak | Cc: | |
Blocked By: | Blocking: | ||
Platform: | All |
Description
cache_detach_sub_transaction was overwritting the block->original_data pointer without freeing the previous data it pointed to.
Attachments (1)
Change History (7)
by , 14 years ago
Attachment: | block_cache_leak.patch added |
---|
comment:1 by , 14 years ago
patch: | 0 → 1 |
---|
comment:2 by , 14 years ago
I ran block_cache.cpp through grep to find where stuff was assigned (ie. grep "<src>.* = ") and I reached the following dependancy:
- original_data is either NULL, returned from Allocate or copied from parent_data (where the leak originally occurred);
- parent_data is either NULL, returned from Allocate or copied from current_data;
- current_data is returned from Allocate.
This (initially) leads me to the conclusion that a "false overwrite" doesn't happen, which means the patch is (in theory) safe. However, it would be better if someone with more knowledge of the code could confirm this.
comment:3 by , 14 years ago
Replying to jvff:
Also, the patch was generated from trunk/src/system/ because I had other files changed that weren't relevant to the patch.
Please know that you can pass the paths which you want to include in the patch to svn diff
. There's no reason for creating a patch from a subdirectory.
comment:4 by , 14 years ago
Owner: | changed from | to
---|---|
Status: | new → in-progress |
comment:5 by , 14 years ago
The code in cache_detach_sub_transaction() is really pretty much broken, however, your patch only works around the actual issue. Thanks for looking into it, though!
I'm currently working on fixing the bug for real, and add a bit more documentation that should ease understanding the code.
comment:6 by , 14 years ago
Component: | File Systems → System/Kernel |
---|---|
Resolution: | → fixed |
Status: | in-progress → closed |
Fixed for real in hrev37899.
This patch frees the data block, but it assumes that the pointer value won't be overwritten by it's own value (otherwise it will point to a freed area). Also, the patch was generated from trunk/src/system/ because I had other files changed that weren't relevant to the patch.