On 2/18/21 11:50 AM, Bodo Stroesser wrote: > This small series applies to Martin's for-next. > > This is the third attempt to fix a severe memory leak in tcmu. > Previous patches: > https://urldefense.com/v3/__https://lore.kernel.org/linux-scsi/20201218141534.9918-1-bostroesser@xxxxxxxxx/__;!!GqivPVa7Brio!Oz9qazrvG2YRDRkm5ey3KEvdVmuukGz523-nIrg5dvnwt1bKlOAjBmh4g8ADxdmcca5_$ > and > https://urldefense.com/v3/__https://lore.kernel.org/linux-scsi/20210210194031.7422-1-bostroesser@xxxxxxxxx/__;!!GqivPVa7Brio!Oz9qazrvG2YRDRkm5ey3KEvdVmuukGz523-nIrg5dvnwt1bKlOAjBmh4g8ADxY8eTeL_$ > > Tcmu's refcounting relies on tcmu_open and tcmu_release being > called symmetrically by uio. But that is not true if userspace > daemon holds the uio device open or mmap'ed while tcmu calls > uio_unregister device. So refcount can stay above 0 for ever, > which means that tcmu does not free resources of a tcmu device. > In extreme cases the amount of memory leaked can be > 1 GB for > a single destroyed tcmu device. > > This new patch series fixes the problem by moving refcounting from > tcmu_open/tcmu_release to new vm_operations_struct::open/*::close > handlers, which are called under all conditions. > > Bodo Stroesser (2): > scsi: target: tcmu: Move some functions without code change > scsi: target: tcmu: Fix memory leak caused by wrong uio usage > > drivers/target/target_core_user.c | 189 +++++++++++++++++++++----------------- > 1 file changed, 106 insertions(+), 83 deletions(-) > Reviewed-by: Mike Christie <michael.christie@xxxxxxxxxx>