On Thu, 2011-02-03 at 20:48 +0100, Fubo Chen wrote: > On Wed, Feb 2, 2011 at 9:26 AM, Nicholas A. Bellinger > <nab@xxxxxxxxxxxxxxx> wrote: > > From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx> > > > > This patch moves the se_free_virtual_device() / se_subsystem_api->free_device() > > and subsequent release of struct se_subsystem_dev memory to inside of the > > configfs callback target_core_dev_item_ops->release() called from within > > fs/configfs/item.c:config_item_cleanup() context. This patch resolves the > > following SLUB 'Poison overwritten' warning when calling target_core_drop_subdev() > > -> kfree(se_dev) directly after config_item_put(): > > > > [ 5147.638639] ============================================================================= > > [ 5147.638959] BUG kmalloc-4096: Poison overwritten > > [ 5147.639124] ----------------------------------------------------------------------------- > > [ 5147.639124] > > [ 5147.639294] INFO: 0xffff88000d2f887c-0xffff88000d2f887c. First byte 0x6a instead of 0x6b > > [ 5147.639294] INFO: Allocated in kzalloc+0xf/0x11 [target_core_mod] age=2602 cpu=0 pid=14639 > > [ 5147.639294] INFO: Freed in target_core_drop_subdev+0x18d/0x199 [target_core_mod] age=25 cpu=0 pid=14654 > > [ 5147.639294] INFO: Slab 0xffffea00002e2640 objects=7 used=1 fp=0xffff88000d2f8000 flags=0x1000000000040c1 > > [ 5147.639294] INFO: Object 0xffff88000d2f8000 @offset=0 fp=0xffff88000d2fb0d8 > > > > Cc: Joel Becker <jlbec@xxxxxxxxxxxx> > > Cc: Christoph Hellwig <hch@xxxxxx> > > Signed-off-by: Nicholas A. Bellinger <nab@xxxxxxxxxxxxxxx> > > --- > > drivers/target/target_core_configfs.c | 64 ++++++++++++++++----------------- > > 1 files changed, 31 insertions(+), 33 deletions(-) > > > > diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c > > index ccb5554..3715c91 100644 > > --- a/drivers/target/target_core_configfs.c > > +++ b/drivers/target/target_core_configfs.c > > @@ -2004,9 +2004,35 @@ static void target_core_dev_release(struct config_item *item) > > { > > struct se_subsystem_dev *se_dev = container_of(to_config_group(item), > > struct se_subsystem_dev, se_dev_group); > > + struct se_hba *hba = item_to_hba(&se_dev->se_dev_hba->hba_group.cg_item); > > + struct se_subsystem_api *t = hba->transport; > > struct config_group *dev_cg = &se_dev->se_dev_group; > > > > kfree(dev_cg->default_groups); > > + /* > > + * This pointer will set when the storage is enabled with: > > + *`echo 1 > $CONFIGFS/core/$HBA/$DEV/dev_enable` > > + */ > > + if (se_dev->se_dev_ptr) { > > + printk(KERN_INFO "Target_Core_ConfigFS: Calling se_free_" > > + "virtual_device() for se_dev_ptr: %p\n", > > + se_dev->se_dev_ptr); > > + > > + se_free_virtual_device(se_dev->se_dev_ptr, hba); > > + } else { > > + /* > > + * Release struct se_subsystem_dev->se_dev_su_ptr.. > > + */ > > + printk(KERN_INFO "Target_Core_ConfigFS: Calling t->free_" > > + "device() for se_dev_su_ptr: %p\n", > > + se_dev->se_dev_su_ptr); > > + > > + t->free_device(se_dev->se_dev_su_ptr); > > + } > > + > > + printk(KERN_INFO "Target_Core_ConfigFS: Deallocating se_subsystem" > > + "_dev_t: %p\n", se_dev); > > + kfree(se_dev); > > } > > > > static ssize_t target_core_dev_show(struct config_item *item, > > @@ -2847,13 +2873,11 @@ static void target_core_drop_subdev( > > struct se_subsystem_api *t; > > struct config_item *df_item; > > struct config_group *dev_cg, *tg_pt_gp_cg, *dev_stat_grp; > > - int i, ret; > > + int i; > > > > hba = item_to_hba(&se_dev->se_dev_hba->hba_group.cg_item); > > > > - if (mutex_lock_interruptible(&hba->hba_access_mutex)) > > - goto out; > > - > > + mutex_lock(&hba->hba_access_mutex); > > t = hba->transport; > > > > spin_lock(&se_global->g_device_lock); > > @@ -2884,38 +2908,12 @@ static void target_core_drop_subdev( > > dev_cg->default_groups[i] = NULL; > > config_item_put(df_item); > > } > > - > > - config_item_put(item); > > /* > > - * This pointer will set when the storage is enabled with: > > - * `echo 1 > $CONFIGFS/core/$HBA/$DEV/dev_enable` > > + * The releasing of se_dev and associated se_dev->se_dev_ptr is done > > + * from target_core_dev_item_ops->release() ->target_core_dev_release(). > > */ > > - if (se_dev->se_dev_ptr) { > > - printk(KERN_INFO "Target_Core_ConfigFS: Calling se_free_" > > - "virtual_device() for se_dev_ptr: %p\n", > > - se_dev->se_dev_ptr); > > - > > - ret = se_free_virtual_device(se_dev->se_dev_ptr, hba); > > - if (ret < 0) > > - goto hba_out; > > - } else { > > - /* > > - * Release struct se_subsystem_dev->se_dev_su_ptr.. > > - */ > > - printk(KERN_INFO "Target_Core_ConfigFS: Calling t->free_" > > - "device() for se_dev_su_ptr: %p\n", > > - se_dev->se_dev_su_ptr); > > - > > - t->free_device(se_dev->se_dev_su_ptr); > > - } > > - > > - printk(KERN_INFO "Target_Core_ConfigFS: Deallocating se_subsystem" > > - "_dev_t: %p\n", se_dev); > > - > > -hba_out: > > + config_item_put(item); > > mutex_unlock(&hba->hba_access_mutex); > > -out: > > - kfree(se_dev); > > } > > > > static struct configfs_group_operations target_core_hba_group_ops = { > > Hello Nicholas, > > How to apply this patch ? This is what I get: > > # git diff v2.6.38-rc2 | wc > 0 0 0 > # patch -p1 < ../p2.patch > patching file drivers/target/target_core_configfs.c > Hunk #1 FAILED at 2004. > Hunk #2 FAILED at 2847. > Hunk #3 succeeded at 2800 (offset -84 lines). > 2 out of 3 hunks FAILED -- saving rejects to file > drivers/target/target_core_configfs.c.rej > Hi Fubo, Note that these are all incremental patches against the LIO upstream lio-core-2.6.git/linus-38-rc3 tree, and not against the mainline target code. If you really want to apply these by hand (you should really be using git btw ;), then you will need to first apply the series of 24 patches against .38-rc2 mainline target code from my scsi-post-merge-2.6.git/for-38-rc3-v2 here: http://marc.info/?l=linux-scsi&m=129632617326015&w=2 --nab -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html