From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
This patch fixes two bugs uncovered during testing with slub_debug=FPUZ
during module_exit() -> target_core_exit_configfs() with release of
configfs subsystem consumer default groups, namely how this should be
working with fs/configfs/dir.c:configfs_unregister_subsystem() release
logic for struct config_group->default_group.
The first issue involves configfs_unregister_subsystem() expecting to
walk+drain the top-level subsys->su_group.default_groups directly in
unlink_group(), and not directly from the configfs subsystem consumer
for the top level struct config_group->default_groups. This patch drops
the walk+drain of subsys->su_group.default_groups from TCM configfs
subsystem consumer code, and moves the top-level ->default_groups kfree()
after configfs_unregister_subsystem() has been called.
The second issue involves calling core_alua_free_lu_gp(se_global->default_lu_gp)
to release the default_lu_gp->lu_gp_group before configfs_unregister_subsystem()
has been called. This patches also moves the core_alua_free_lu_gp() call to
release default_lu_group->lu_gp_group after the subsys has been unregistered.
Finally, this patch explictly clears the [lu_gp,alua,hba]_cg->default_groups
pointers after kfree() to ensure that no stale memory is picked up from
child struct config_group->default_group[] while configfs_unregister_subsystem()
is called.
Reported-by: Fubo Chen <fubo.chen@xxxxxxxxx>
Cc: Joel Becker <jlbec@xxxxxxxxxxxx>
Cc: Christoph Hellwig <hch@xxxxxx>
Signed-off-by: Nicholas A. Bellinger <nab@xxxxxxxxxxxxxxx>
---
drivers/target/target_core_configfs.c | 20 +++++++++++---------
1 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
index 9ff1942..7d7dfbc 100644
--- a/drivers/target/target_core_configfs.c
+++ b/drivers/target/target_core_configfs.c
@@ -3262,8 +3262,7 @@ static void target_core_exit_configfs(void)
config_item_put(item);
}
kfree(lu_gp_cg->default_groups);
- core_alua_free_lu_gp(se_global->default_lu_gp);
- se_global->default_lu_gp = NULL;
+ lu_gp_cg->default_groups = NULL;
alua_cg = &se_global->alua_group;
for (i = 0; alua_cg->default_groups[i]; i++) {
@@ -3272,6 +3271,7 @@ static void target_core_exit_configfs(void)
config_item_put(item);
}
kfree(alua_cg->default_groups);
+ alua_cg->default_groups = NULL;
hba_cg = &se_global->target_core_hbagroup;
for (i = 0; hba_cg->default_groups[i]; i++) {
@@ -3280,15 +3280,17 @@ static void target_core_exit_configfs(void)
config_item_put(item);
}
kfree(hba_cg->default_groups);
-
- for (i = 0; subsys->su_group.default_groups[i]; i++) {
- item = &subsys->su_group.default_groups[i]->cg_item;
- subsys->su_group.default_groups[i] = NULL;
- config_item_put(item);
- }
+ hba_cg->default_groups = NULL;
+ /*
+ * We expect subsys->su_group.default_groups to be released
+ * by configfs subsystem provider logic..
+ */
+ configfs_unregister_subsystem(subsys);
kfree(subsys->su_group.default_groups);
- configfs_unregister_subsystem(subsys);
+ core_alua_free_lu_gp(se_global->default_lu_gp);
+ se_global->default_lu_gp = NULL;
+
printk(KERN_INFO "TARGET_CORE[0]: Released ConfigFS Fabric"
" Infrastructure\n");
--
1.5.6.5
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
