This small series applies to Martin's for-next. This is the third attempt to fix a severe memory leak in tcmu. Previous patches: https://lore.kernel.org/linux-scsi/20201218141534.9918-1-bostroesser@xxxxxxxxx/ and https://lore.kernel.org/linux-scsi/20210210194031.7422-1-bostroesser@xxxxxxxxx/ Tcmu's refcounting relies on tcmu_open and tcmu_release being called symmetrically by uio. But that is not true if userspace daemon holds the uio device open or mmap'ed while tcmu calls uio_unregister device. So refcount can stay above 0 for ever, which means that tcmu does not free resources of a tcmu device. In extreme cases the amount of memory leaked can be > 1 GB for a single destroyed tcmu device. This new patch series fixes the problem by moving refcounting from tcmu_open/tcmu_release to new vm_operations_struct::open/*::close handlers, which are called under all conditions. Bodo Stroesser (2): scsi: target: tcmu: Move some functions without code change scsi: target: tcmu: Fix memory leak caused by wrong uio usage drivers/target/target_core_user.c | 189 +++++++++++++++++++++----------------- 1 file changed, 106 insertions(+), 83 deletions(-) -- 2.12.3
