From: Mike Snitzer <snitzer@redhat.com>
To: Mikulas Patocka <mpatocka@redhat.com>
Cc: device-mapper development <dm-devel@redhat.com>,
Alasdair Kergon <agk@redhat.com>,
linux-kernel@vger.kernel.org, darrick.wong@oracle.com
Subject: Re: dm-bufio: fix memleak when using a dm_buffer's inline bio
Date: Mon, 1 Dec 2014 11:27:53 -0500 [thread overview]
Message-ID: <20141201162753.GA8227@redhat.com> (raw)
In-Reply-To: <alpine.LRH.2.02.1412011117180.27118@file01.intranet.prod.int.rdu2.redhat.com>
On Mon, Dec 01 2014 at 11:23am -0500,
Mikulas Patocka <mpatocka@redhat.com> wrote:
>
>
> On Tue, 25 Nov 2014, Darrick J. Wong wrote:
>
> > When dm-bufio sets out to use the bio built into a struct dm_buffer to
> > issue an IO, it needs to call bio_reset after it's done with the bio
> > so that we can free things attached to the bio such as the integrity
> > payload. Therefore, inject our own endio callback to take care of
> > the bio_reset after calling submit_io's end_io callback.
> >
> > Test case:
> > 1. modprobe scsi_debug delay=0 dif=1 dix=199 ato=1 dev_size_mb=300
> > 2. Set up a dm-bufio client, e.g. dm-verity, on the scsi_debug device
> > 3. Repeatedly read metadata and watch kmalloc-192 leak!
> >
> > Fix is against 3.18-rc6.
> >
> > +/* Reset the bio to free attached bio integrity profiles when we're done */
> > +static void inline_endio(struct bio *bio, int error)
> > +{
> > + bio_end_io_t *end_fn;
> > +
> > + end_fn = bio->bi_private;
> > + end_fn(bio, error);
> > + bio_reset(bio);
> > +}
>
> This is wrong - when end_fn clears the B_READING or B_WRITING flag, the
> buffer may be freed by the background cleanup - so bio_reset may be
> modifying freed memory here. We need to call bio_reset before end_fn.
OK, I'll fold your fix in.
prev parent reply other threads:[~2014-12-01 16:27 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-26 1:45 [PATCH] dm-bufio: fix memleak when using a dm_buffer's inline bio Darrick J. Wong
2014-11-26 3:41 ` Mike Snitzer
2014-11-26 4:00 ` [dm-devel] " Darrick J. Wong
2014-11-26 14:28 ` Mike Snitzer
2014-11-26 15:09 ` Mike Snitzer
2014-11-26 17:28 ` [dm-devel] " Darrick J. Wong
2014-12-01 16:23 ` [dm-devel] [PATCH] " Mikulas Patocka
2014-12-01 16:27 ` Mike Snitzer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141201162753.GA8227@redhat.com \
--to=snitzer@redhat.com \
--cc=agk@redhat.com \
--cc=darrick.wong@oracle.com \
--cc=dm-devel@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mpatocka@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.