bcachefs: Fix freeing in bch2_dev_buckets_resize()

We were double-freeing old_buckets and not freeing old_buckets_gens:
also, the code was supposed to free buckets, not old_buckets;
old_buckets is only needed because we have to use rcu_assign_pointer()
instead of swap(), and won't be set if we hit the error path.

Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>

diff --git a/fs/bcachefs/bcachefs.h b/fs/bcachefs/bcachefs.h
index 3d1a6773393cdf293f84aefe1ec9c6c74297a7aa..59c0963f785f0a3fa721fd8b56bb7bd094cbb960 100644 (file)
--- a/fs/bcachefs/bcachefs.h
+++ b/fs/bcachefs/bcachefs.h
@@ -451,7 +451,7 @@ struct bch_dev {
         * Or rcu_read_lock(), but only for ptr_stale():
         */
        struct bucket_array __rcu *buckets[2];
-       struct bucket_gens      *bucket_gens;
+       struct bucket_gens __rcu *bucket_gens;
        unsigned long           *buckets_nouse;
        struct rw_semaphore     bucket_lock;
 

diff --git a/fs/bcachefs/buckets.c b/fs/bcachefs/buckets.c
index acdc95d8d4c76b867253a37f55970dcb59b282f5..ae576031522309d713b48cee8a99bda570488f92 100644 (file)
--- a/fs/bcachefs/buckets.c
+++ b/fs/bcachefs/buckets.c
@@ -2106,7 +2106,7 @@ static void buckets_free_rcu(struct rcu_head *rcu)
                container_of(rcu, struct bucket_array, rcu);
 
        kvpfree(buckets,
-               sizeof(struct bucket_array) +
+               sizeof(*buckets) +
                buckets->nbuckets * sizeof(struct bucket));
 }
 
@@ -2115,7 +2115,7 @@ static void bucket_gens_free_rcu(struct rcu_head *rcu)
        struct bucket_gens *buckets =
                container_of(rcu, struct bucket_gens, rcu);
 
-       kvpfree(buckets, sizeof(struct bucket_array) + buckets->nbuckets);
+       kvpfree(buckets, sizeof(*buckets) + buckets->nbuckets);
 }
 
 int bch2_dev_buckets_resize(struct bch_fs *c, struct bch_dev *ca, u64 nbuckets)
@@ -2225,9 +2225,9 @@ err:
        kvpfree(buckets_nouse,
                BITS_TO_LONGS(nbuckets) * sizeof(unsigned long));
        if (bucket_gens)
-               call_rcu(&old_buckets->rcu, bucket_gens_free_rcu);
+               call_rcu(&bucket_gens->rcu, bucket_gens_free_rcu);
        if (buckets)
-               call_rcu(&old_buckets->rcu, buckets_free_rcu);
+               call_rcu(&buckets->rcu, buckets_free_rcu);
 
        return ret;
 }
@@ -2242,6 +2242,8 @@ void bch2_dev_buckets_free(struct bch_dev *ca)
                free_fifo(&ca->free[i]);
        kvpfree(ca->buckets_nouse,
                BITS_TO_LONGS(ca->mi.nbuckets) * sizeof(unsigned long));
+       kvpfree(rcu_dereference_protected(ca->bucket_gens, 1),
+               sizeof(struct bucket_gens) + ca->mi.nbuckets);
        kvpfree(rcu_dereference_protected(ca->buckets[0], 1),
                sizeof(struct bucket_array) +
                ca->mi.nbuckets * sizeof(struct bucket));