Re: [PATCH] block: Fix two memory leaks in blkcg_init_queue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/23/21 19:58, Sean Anderson wrote:
The ioprio and iolatency rqos never get free'd on error or queue exit, causing
the following leaks:

unreferenced object 0xffff97b143bc0900 (size 64):
   comm "kworker/u2:3", pid 101, jiffies 4294877468 (age 159.967s)
   hex dump (first 32 bytes):
     00 15 f9 86 ff ff ff ff 60 f4 cf 45 b1 97 ff ff  ........`..E....
     03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
   backtrace:
     [<0000000063d10c99>] blk_ioprio_init+0x25/0xe0
     [<000000005dd8844d>] blkcg_init_queue+0x8d/0x140
     [<00000000bd7aac9b>] blk_alloc_queue+0x1ef/0x280
     [<0000000044d961f9>] blk_mq_init_queue+0x1a/0x60
     [<0000000031908ee1>] scsi_alloc_sdev+0x20f/0x370
     [<00000000e99f53d3>] scsi_probe_and_add_lun+0x9db/0xe10
     [<00000000942c5af3>] __scsi_scan_target+0xfc/0x5b0
     [<000000007194bb8f>] scsi_scan_channel+0x58/0x90
     [<00000000ebf8a49b>] scsi_scan_host_selected+0xe9/0x120
     [<00000000f745ec7d>] do_scan_async+0x18/0x160
     [<000000006f6ff8ca>] async_run_entry_fn+0x30/0x130
     [<000000003d813304>] process_one_work+0x1e8/0x3c0
     [<0000000020b6d54d>] worker_thread+0x50/0x3c0
     [<000000007fc10a0f>] kthread+0x132/0x160
     [<0000000010197ee2>] ret_from_fork+0x22/0x30
unreferenced object 0xffff97b143da4360 (size 96):
   comm "kworker/u2:3", pid 101, jiffies 4294877468 (age 159.987s)
   hex dump (first 32 bytes):
     40 1b f9 86 ff ff ff ff 60 f4 cf 45 b1 97 ff ff  @.......`..E....
     01 00 00 00 00 00 00 00 00 09 bc 43 b1 97 ff ff  ...........C....
   backtrace:
     [<000000000ffb4700>] blk_iolatency_init+0x25/0x160
     [<00000000c4cdb872>] blkcg_init_queue+0xc7/0x140
     [<00000000bd7aac9b>] blk_alloc_queue+0x1ef/0x280
     [<0000000044d961f9>] blk_mq_init_queue+0x1a/0x60
     [<0000000031908ee1>] scsi_alloc_sdev+0x20f/0x370
     [<00000000e99f53d3>] scsi_probe_and_add_lun+0x9db/0xe10
     [<00000000942c5af3>] __scsi_scan_target+0xfc/0x5b0
     [<000000007194bb8f>] scsi_scan_channel+0x58/0x90
     [<00000000ebf8a49b>] scsi_scan_host_selected+0xe9/0x120
     [<00000000f745ec7d>] do_scan_async+0x18/0x160
     [<000000006f6ff8ca>] async_run_entry_fn+0x30/0x130
     [<000000003d813304>] process_one_work+0x1e8/0x3c0
     [<0000000020b6d54d>] worker_thread+0x50/0x3c0
     [<000000007fc10a0f>] kthread+0x132/0x160
     [<0000000010197ee2>] ret_from_fork+0x22/0x30

Fixes: d70675121546 ("block: introduce blk-iolatency io controller")
Fixes: 556910e39249 ("block: Introduce the ioprio rq-qos policy")
Signed-off-by: Sean Anderson <seanga2@xxxxxxxxx>
---

  block/blk-cgroup.c | 8 ++++++--
  1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c
index 663aabfeba18..ced5ee637405 100644
--- a/block/blk-cgroup.c
+++ b/block/blk-cgroup.c
@@ -32,6 +32,7 @@
  #include <linux/psi.h>
  #include "blk.h"
  #include "blk-ioprio.h"
+#include "blk-rq-qos.h"
  #include "blk-throttle.h"
/*
@@ -1200,16 +1201,18 @@ int blkcg_init_queue(struct request_queue *q)
ret = blk_throtl_init(q);
  	if (ret)
-		goto err_destroy_all;
+		goto err_qos_exit;
ret = blk_iolatency_init(q);
  	if (ret) {
  		blk_throtl_exit(q);
-		goto err_destroy_all;
+		goto err_qos_exit;
  	}
return 0; +err_qos_exit:
+	rq_qos_exit(q);
  err_destroy_all:
  	blkg_destroy_all(q);
  	return ret;
@@ -1229,6 +1232,7 @@ int blkcg_init_queue(struct request_queue *q)
   */
  void blkcg_exit_queue(struct request_queue *q)
  {
+	rq_qos_exit(q);
  	blkg_destroy_all(q);
  	blk_throtl_exit(q);
  }

Thanks for having reported this. However, I'm not sure the above patch is the best way to fix this. I'd prefer to restore the rq_qos_exit(q) in blk_cleanup_queue() and also to add the following to such a patch: Fixes: commit 8e141f9eb803 ("block: drain file system I/O on del_gendisk"). As far as I can see calling rq_qos_exit(q) twice for the same request queue is fine.

Bart.






[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux