From: Ming Lei <ming.lei@redhat.com>
To: Chen Jun <chenjun102@huawei.com>
Cc: linux-kernel@vger.kernel.org, linux-block@vger.kernel.org,
axboe@kernel.dk, will@kernel.org, xuqiang36@huawei.com
Subject: Re: [PATCH] blk-mq: Fix kmemleak in blk_mq_init_allocated_queue
Date: Mon, 31 Oct 2022 22:07:45 +0800 [thread overview]
Message-ID: <Y1/Wsfo0f5csRhsr@T590> (raw)
In-Reply-To: <20221031031242.94107-1-chenjun102@huawei.com>
On Mon, Oct 31, 2022 at 03:12:42AM +0000, Chen Jun wrote:
> There is a kmemleak caused by modprobe null_blk.ko
>
> unreferenced object 0xffff8881acb1f000 (size 1024):
> comm "modprobe", pid 836, jiffies 4294971190 (age 27.068s)
> hex dump (first 32 bytes):
> 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........
> ff ff ff ff ff ff ff ff 00 53 99 9e ff ff ff ff .........S......
> backtrace:
> [<000000004a10c249>] kmalloc_node_trace+0x22/0x60
> [<00000000648f7950>] blk_mq_alloc_and_init_hctx+0x289/0x350
> [<00000000af06de0e>] blk_mq_realloc_hw_ctxs+0x2fe/0x3d0
> [<00000000e00c1872>] blk_mq_init_allocated_queue+0x48c/0x1440
> [<00000000d16b4e68>] __blk_mq_alloc_disk+0xc8/0x1c0
> [<00000000d10c98c3>] 0xffffffffc450d69d
> [<00000000b9299f48>] 0xffffffffc4538392
> [<0000000061c39ed6>] do_one_initcall+0xd0/0x4f0
> [<00000000b389383b>] do_init_module+0x1a4/0x680
> [<0000000087cf3542>] load_module+0x6249/0x7110
> [<00000000beba61b8>] __do_sys_finit_module+0x140/0x200
> [<00000000fdcfff51>] do_syscall_64+0x35/0x80
> [<000000003c0f1f71>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
>
> That is because q->ma_ops is set to NULL before blk_release_queue is
> called.
>
> blk_mq_init_queue_data
> blk_mq_init_allocated_queue
> blk_mq_realloc_hw_ctxs
> for (i = 0; i < set->nr_hw_queues; i++) {
> old_hctx = xa_load(&q->hctx_table, i);
> if (!blk_mq_alloc_and_init_hctx(.., i, ..)) [1]
> if (!old_hctx)
> break;
>
> xa_for_each_start(&q->hctx_table, j, hctx, j)
> blk_mq_exit_hctx(q, set, hctx, j); [2]
>
> if (!q->nr_hw_queues) [3]
> goto err_hctxs;
>
> err_exit:
> q->mq_ops = NULL; [4]
>
> blk_put_queue
> blk_release_queue
> if (queue_is_mq(q)) [5]
> blk_mq_release(q);
>
> [1]: blk_mq_alloc_and_init_hctx failed at i != 0.
> [2]: The hctxs allocated by [1] are moved to q->unused_hctx_list and
> will be cleaned up in blk_mq_release.
> [3]: q->nr_hw_queues is 0.
> [4]: Set q->mq_ops to NULL.
> [5]: queue_is_mq returns false due to [4]. And blk_mq_release
> will not be called. The hctxs in q->unused_hctx_list are leaked.
>
> To fix it, call blk_release_queue in exception path.
>
> Fixes: 2f8f1336a48b ("blk-mq: always free hctx after request queue is freed")
> Signed-off-by: Yuan Can <yuancan@huawei.com>
> Signed-off-by: Chen Jun <chenjun102@huawei.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Thanks,
Ming
next prev parent reply other threads:[~2022-10-31 14:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-31 3:12 [PATCH] blk-mq: Fix kmemleak in blk_mq_init_allocated_queue Chen Jun
2022-10-31 14:07 ` Ming Lei [this message]
2022-10-31 14:31 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y1/Wsfo0f5csRhsr@T590 \
--to=ming.lei@redhat.com \
--cc=axboe@kernel.dk \
--cc=chenjun102@huawei.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=will@kernel.org \
--cc=xuqiang36@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.