Re: [PATCH v4 12/22] sg: sense buffer rework

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2019-09-09 11:01 a.m., Hannes Reinecke wrote:
On 8/29/19 4:26 AM, Douglas Gilbert wrote:
The biggest single item in the sg_request object is the sense
buffer array which is SCSI_SENSE_BUFFERSIZE bytes long. That
constant started out at 18 bytes 20 years ago and is 96 bytes
now and might grow in the future. On the other hand the sense
buffer is only used by a small number of SCSI commands: those
that fail and those that want to return more information
other than a SCSI status of GOOD.

Set up a small mempool called "sg_sense" that is only used as
required and released back to the mempool as soon as practical.

Signed-off-by: Douglas Gilbert <dgilbert@xxxxxxxxxxxx>
---
  drivers/scsi/sg.c | 86 ++++++++++++++++++++++++++++++++++++++++-------
  1 file changed, 73 insertions(+), 13 deletions(-)

diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index 2e476e74130b..ebb9d4f53177 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -72,6 +72,10 @@ static char *sg_version_date = "20190606";
   */
  #define SG_MAX_CDB_SIZE 252
+static struct kmem_cache *sg_sense_cache;
+#define SG_MEMPOOL_MIN_NR 4
+static mempool_t *sg_sense_pool;
+
  #define uptr64(val) ((void __user *)(uintptr_t)(val))
  #define cuptr64(val) ((const void __user *)(uintptr_t)(val))
@@ -176,7 +180,6 @@ struct sg_request { /* active SCSI command or inactive on free list (fl) */
  	spinlock_t req_lck;
  	struct sg_scatter_hold sgat_h;	/* hold buffer, perhaps scatter list */
  	struct sg_slice_hdr3 s_hdr3;  /* subset of sg_io_hdr */
-	u8 sense_b[SCSI_SENSE_BUFFERSIZE];
  	u32 duration;		/* cmd duration in milliseconds */
  	u32 rq_flags;		/* hold user supplied flags */
  	u32 rq_info;		/* info supplied by v3 and v4 interfaces */
@@ -188,6 +191,7 @@ struct sg_request {	/* active SCSI command or inactive on free list (fl) */
  	u8 cmd_opcode;		/* first byte of SCSI cdb */
  	u64 start_ns;		/* starting point of command duration calc */
  	unsigned long frq_bm[1];	/* see SG_FRQ_* defines above */
+	u8 *sense_bp;		/* mempool alloc-ed sense buffer, as needed */
  	struct sg_fd *parentfp;	/* pointer to owning fd, even when on fl */
  	struct request *rq;	/* released in sg_rq_end_io(), bio kept */
  	struct bio *bio;	/* kept until this req -->SG_RS_INACTIVE */
@@ -845,18 +849,21 @@ sg_copy_sense(struct sg_request *srp)
  	    (driver_byte(srp->rq_result) & DRIVER_SENSE)) {
  		int sb_len = min_t(int, SCSI_SENSE_BUFFERSIZE, srp->sense_len);
  		int mx_sb_len;
+		u8 *sbp = srp->sense_bp;
  		void __user *up;
+ srp->sense_bp = NULL;
  		up = (void __user *)srp->s_hdr3.sbp;
  		mx_sb_len = srp->s_hdr3.mx_sb_len;
-		if (up && mx_sb_len > 0) {
+		if (up && mx_sb_len > 0 && sbp) {
  			sb_len = min_t(int, sb_len, mx_sb_len);
  			/* Additional sense length field */
-			sb_len_wr = 8 + (int)srp->sense_b[7];
+			sb_len_wr = 8 + (int)sbp[7];
  			sb_len_wr = min_t(int, sb_len, sb_len_wr);
-			if (copy_to_user(up, srp->sense_b, sb_len_wr))
+			if (copy_to_user(up, sbp, sb_len_wr))
  				sb_len_wr = -EFAULT;
  		}
+		mempool_free(sbp, sg_sense_pool);
  	}
  	return sb_len_wr;
  }
@@ -963,8 +970,14 @@ sg_rd_v1v2(void __user *buf, int count, struct sg_fd *sfp,
  	h2p->driver_status = driver_byte(rq_result);
  	if ((CHECK_CONDITION & status_byte(rq_result)) ||
  	    (DRIVER_SENSE & driver_byte(rq_result))) {
-		memcpy(h2p->sense_buffer, srp->sense_b,
-		       sizeof(h2p->sense_buffer));
+		if (srp->sense_bp) {
+			u8 *sbp = srp->sense_bp;
+
+			srp->sense_bp = NULL;
+			memcpy(h2p->sense_buffer, sbp,
+			       sizeof(h2p->sense_buffer));
+			mempool_free(sbp, sg_sense_pool);
+		}
  	}
  	switch (host_byte(rq_result)) {
  	/*
@@ -999,17 +1012,21 @@ sg_rd_v1v2(void __user *buf, int count, struct sg_fd *sfp,
/* Now copy the result back to the user buffer. */
  	if (count >= SZ_SG_HEADER) {
-		if (copy_to_user(buf, h2p, SZ_SG_HEADER))
-			return -EFAULT;
+		if (copy_to_user(buf, h2p, SZ_SG_HEADER)) {
+			res = -EFAULT;
+			goto fini;
+		}
  		buf += SZ_SG_HEADER;
  		if (count > h2p->reply_len)
  			count = h2p->reply_len;
  		if (count > SZ_SG_HEADER) {
-			if (sg_rd_append(srp, buf, count - SZ_SG_HEADER))
-				return -EFAULT;
+			res = sg_rd_append(srp, buf, count - SZ_SG_HEADER);
+			if (res)
+				goto fini;
  		}
  	} else
  		res = (h2p->result == 0) ? 0 : -EIO;
+fini:
  	atomic_set(&srp->rq_st, SG_RS_DONE_RD);
  	sg_finish_scsi_blk_rq(srp);
  	sg_deact_request(sfp, srp);
@@ -1971,8 +1988,17 @@ sg_rq_end_io(struct request *rq, blk_status_t status)
  	srp->duration = sg_calc_rq_dur(srp);
  	if (unlikely((srp->rq_result & SG_ML_RESULT_MSK) && slen > 0))
  		sg_check_sense(sdp, srp, slen);
-	if (slen > 0)
-		memcpy(srp->sense_b, scsi_rp->sense, slen);
+	if (slen > 0) {
+		if (scsi_rp->sense) {
+			srp->sense_bp = mempool_alloc(sg_sense_pool,
+						      GFP_ATOMIC);
+			if (srp->sense_bp)
+				memcpy(srp->sense_bp, scsi_rp->sense, slen);
+		} else {
+			pr_warn("%s: scsi_request::sense==NULL\n", __func__);
+			slen = 0;
+		}
+	}
  	srp->sense_len = slen;
  	if (unlikely(test_bit(SG_FRQ_IS_ORPHAN, srp->frq_bm))) {
  		spin_lock(&srp->req_lck);
That looks ... odd.
What happens if 'mempool_alloc()' fails?
Shouldn't we set 'slen' to '0' here, too?

Indeed. Fixed in v5 with a pr_warn() added, like the other failed branch.
Also make the pr_warn messages more precise.

Doug Gilbert





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux