From debac8ab061aa92f4efe94fc6ab68bb9c0b4f4d2 Mon Sep 17 00:00:00 2001 From: Zach Brown Date: Wed, 4 Mar 2020 14:00:57 -0800 Subject: [PATCH] scoutfs: free all forest iter pos Forest item iteration allocates iterator positions for each tree root it reads from. The postorder destruction of the iterator nodes wasn't quite right because we were balancing the nodes as they were freed. That can change parent/child relationships and cause postorder iteration to skip some nodes, leaking memory. It would have worked if we just freed the nodes without using rb_erase to balance. The fix is to actually iterate over the rbnodes while using the destroy helper which rebalances as it frees. Signed-off-by: Zach Brown --- kmod/src/forest.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kmod/src/forest.c b/kmod/src/forest.c index a88d2119..abb1c646 100644 --- a/kmod/src/forest.c +++ b/kmod/src/forest.c @@ -961,7 +961,10 @@ retry: unlock: up_read(&lpriv->rwsem); - rbtree_postorder_for_each_entry_safe(ip, nip, &iter_root, node) { + /* destroy_ rebalances so postorder traversal could skip nodes */ + for (ip = first_iter_pos(&iter_root); + ip && (nip = next_iter_pos(ip), 1); + ip = nip) { destroy_iter_pos(ip, &iter_root); }