Prev: [PATCH V2] x86/pat: fix memory leak in free_memtype
Next: [PATCH 1/2] KVM: SVM: fix compiling warning
From: Kiyoshi Ueda on 25 May 2010 22:50
Hi Mike,

On 05/26/2010 01:34 AM +0900, Mike Snitzer wrote:
> Mike Snitzer <snitzer(a)redhat.com> wrote:
>> Kiyoshi Ueda <k-ueda(a)ct.jp.nec.com> wrote:
>>>> +/*
>>>> + * Fully initialize a request-based queue (->elevator, ->request_fn, etc).
>>>> + */
>>>> +static int dm_init_request_based_queue(struct mapped_device *md)
>>>> +{
>>>> + struct request_queue *q = NULL;
>>>> +
>>>> + /* Avoid re-initializing the queue if already fully initialized */
>>>> + if (!md->queue->elevator) {
>>>> + /* Fully initialize the queue */
>>>> + q = blk_init_allocated_queue(md->queue, dm_request_fn, NULL);
>>>> + if (!q)
>>>> + return 0;
>>>
>>> When blk_init_allocated_queue() fails, the block-layer seems not to
>>> guarantee that the queue is still available.
>>
>> Ouch, yes this portion of blk_init_allocated_queue_node() is certainly
>> problematic:
>>
>> if (blk_init_free_list(q)) {
>> kmem_cache_free(blk_requestq_cachep, q);
>> return NULL;
>> }

Not only that. The blk_put_queue() in blk_init_allocated_queue_node()
will also free the queue:

if (!elevator_init(q, NULL)) {
blk_queue_congestion_threshold(q);
return q;
}

blk_put_queue(q);
return NULL;

Thanks,
Kiyoshi Ueda
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
From: Mike Snitzer on 26 May 2010 00:50
On Tue, May 25 2010 at 10:37pm -0400,
Kiyoshi Ueda <k-ueda(a)ct.jp.nec.com> wrote:

> Hi Mike,
>
> On 05/26/2010 01:34 AM +0900, Mike Snitzer wrote:
> > Mike Snitzer <snitzer(a)redhat.com> wrote:
> >> Kiyoshi Ueda <k-ueda(a)ct.jp.nec.com> wrote:
> >>>> +/*
> >>>> + * Fully initialize a request-based queue (->elevator, ->request_fn, etc).
> >>>> + */
> >>>> +static int dm_init_request_based_queue(struct mapped_device *md)
> >>>> +{
> >>>> + struct request_queue *q = NULL;
> >>>> +
> >>>> + /* Avoid re-initializing the queue if already fully initialized */
> >>>> + if (!md->queue->elevator) {
> >>>> + /* Fully initialize the queue */
> >>>> + q = blk_init_allocated_queue(md->queue, dm_request_fn, NULL);
> >>>> + if (!q)
> >>>> + return 0;
> >>>
> >>> When blk_init_allocated_queue() fails, the block-layer seems not to
> >>> guarantee that the queue is still available.
> >>
> >> Ouch, yes this portion of blk_init_allocated_queue_node() is certainly
> >> problematic:
> >>
> >> if (blk_init_free_list(q)) {
> >> kmem_cache_free(blk_requestq_cachep, q);
> >> return NULL;
> >> }
>
> Not only that. The blk_put_queue() in blk_init_allocated_queue_node()
> will also free the queue:
>
> if (!elevator_init(q, NULL)) {
> blk_queue_congestion_threshold(q);
> return q;
> }
>
> blk_put_queue(q);
> return NULL;

OK, I'll post v2 that addresses this and we'll see what Jens says.

Mike
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
 | 
Pages: 1
Prev: [PATCH V2] x86/pat: fix memory leak in free_memtype
Next: [PATCH 1/2] KVM: SVM: fix compiling warning