* Re: [stable] [PATCH] [SCSI] libiscsi: fix iscsi pool error path [not found] <200903291119.42080.jdelvare@suse.de> @ 2009-03-30 18:44 ` Chris Wright 2009-03-30 18:49 ` [PATCH] libsrp: free kfifo struct in srp_iu_pool_free Chris Wright 2009-03-30 19:34 ` [stable] [PATCH] [SCSI] libiscsi: fix iscsi pool error path Jean Delvare 0 siblings, 2 replies; 6+ messages in thread From: Chris Wright @ 2009-03-30 18:44 UTC (permalink / raw) To: Jean Delvare; +Cc: stable, Mike Christie, James Bottomley, linux-scsi * Jean Delvare (jdelvare@suse.de) wrote: > --- linux-2.6.29-rc5.orig/drivers/scsi/libiscsi.c 2009-01-29 08:27:19.000000000 +0100 > +++ linux-2.6.29-rc5/drivers/scsi/libiscsi.c 2009-02-16 21:19:14.000000000 +0100 > @@ -1944,7 +1944,7 @@ iscsi_pool_init(struct iscsi_pool *q, in > num_arrays++; > q->pool = kzalloc(num_arrays * max * sizeof(void*), GFP_KERNEL); > if (q->pool == NULL) > - goto enomem; > + return -ENOMEM; > > q->queue = kfifo_init((void*)q->pool, max * sizeof(void*), > GFP_KERNEL, NULL); > @@ -1979,8 +1979,7 @@ void iscsi_pool_free(struct iscsi_pool * > > for (i = 0; i < q->max; i++) > kfree(q->pool[i]); > - if (q->pool) > - kfree(q->pool); > + kfree(q->pool); > kfree(q->queue); AFAICT, This is still broken. thanks, -chris -- Subject: [PATCH] libiscsi: fix error path on iscsi_pool_init From: Chris Wright <chrisw@sous-sol.org> I'm not all that keen on kfifo_init returning ERR_PTR, but... q->queue could be ERR_PTR(-ENOMEM) which will break unwinding on error. Make iscsi_pool_free more defensive. Signed-off-by: Chris Wright <chrisw@sous-sol.org> --- diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c index dfaa8ad..2f4df53 100644 --- a/drivers/scsi/libiscsi.c +++ b/drivers/scsi/libiscsi.c @@ -1995,7 +1995,7 @@ iscsi_pool_init(struct iscsi_pool *q, int max, void ***items, int item_size) num_arrays++; q->pool = kzalloc(num_arrays * max * sizeof(void*), GFP_KERNEL); if (q->pool == NULL) - return -ENOMEM; + goto enomem; q->queue = kfifo_init((void*)q->pool, max * sizeof(void*), GFP_KERNEL, NULL); @@ -2028,10 +2028,13 @@ void iscsi_pool_free(struct iscsi_pool *q) { int i; - for (i = 0; i < q->max; i++) - kfree(q->pool[i]); - kfree(q->pool); - kfree(q->queue); + if (q->pool) { + for (i = 0; i < q->max; i++) + kfree(q->pool[i]); + kfree(q->pool); + if (!IS_ERR(q->queue)) + kfree(q->queue); + } } EXPORT_SYMBOL_GPL(iscsi_pool_free); ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH] libsrp: free kfifo struct in srp_iu_pool_free 2009-03-30 18:44 ` [stable] [PATCH] [SCSI] libiscsi: fix iscsi pool error path Chris Wright @ 2009-03-30 18:49 ` Chris Wright 2009-03-30 19:38 ` Jean Delvare 2009-03-30 19:34 ` [stable] [PATCH] [SCSI] libiscsi: fix iscsi pool error path Jean Delvare 1 sibling, 1 reply; 6+ messages in thread From: Chris Wright @ 2009-03-30 18:49 UTC (permalink / raw) To: Chris Wright Cc: Jean Delvare, stable, Mike Christie, James Bottomley, linux-scsi Appears to be a small leak here when freeing pool, the kfifo gets left behind. Did I miss a caller that frees kfifo? Signed-off-by: Chris Wright <chrisw@sous-sol.org> --- diff --git a/drivers/scsi/libsrp.c b/drivers/scsi/libsrp.c index 15e2d13..3a305f8 100644 --- a/drivers/scsi/libsrp.c +++ b/drivers/scsi/libsrp.c @@ -81,6 +81,7 @@ static void srp_iu_pool_free(struct srp_queue *q) { kfree(q->items); kfree(q->pool); + kfree(q->queue); } static struct srp_buf **srp_ring_alloc(struct device *dev, ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] libsrp: free kfifo struct in srp_iu_pool_free 2009-03-30 18:49 ` [PATCH] libsrp: free kfifo struct in srp_iu_pool_free Chris Wright @ 2009-03-30 19:38 ` Jean Delvare 0 siblings, 0 replies; 6+ messages in thread From: Jean Delvare @ 2009-03-30 19:38 UTC (permalink / raw) To: Chris Wright; +Cc: stable, Mike Christie, James Bottomley, linux-scsi Hi Chris, Le lundi 30 mars 2009, Chris Wright a écrit : > Appears to be a small leak here when freeing pool, the kfifo gets left > behind. Did I miss a caller that frees kfifo? > > Signed-off-by: Chris Wright <chrisw@sous-sol.org> > --- > diff --git a/drivers/scsi/libsrp.c b/drivers/scsi/libsrp.c > index 15e2d13..3a305f8 100644 > --- a/drivers/scsi/libsrp.c > +++ b/drivers/scsi/libsrp.c > @@ -81,6 +81,7 @@ static void srp_iu_pool_free(struct srp_queue *q) > { > kfree(q->items); > kfree(q->pool); > + kfree(q->queue); > } > > static struct srp_buf **srp_ring_alloc(struct device *dev, > You appear to be correct, I can't see q->queue being freed anywhere either. Reviewed-by: Jean Delvare <jdelvare@suse.de> -- Jean Delvare Suse L3 -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [stable] [PATCH] [SCSI] libiscsi: fix iscsi pool error path 2009-03-30 18:44 ` [stable] [PATCH] [SCSI] libiscsi: fix iscsi pool error path Chris Wright 2009-03-30 18:49 ` [PATCH] libsrp: free kfifo struct in srp_iu_pool_free Chris Wright @ 2009-03-30 19:34 ` Jean Delvare 2009-03-30 19:43 ` Chris Wright 2009-03-31 6:38 ` Mike Christie 1 sibling, 2 replies; 6+ messages in thread From: Jean Delvare @ 2009-03-30 19:34 UTC (permalink / raw) To: Chris Wright; +Cc: stable, Mike Christie, James Bottomley, linux-scsi Hi Chris, Le lundi 30 mars 2009, Chris Wright a écrit : > * Jean Delvare (jdelvare@suse.de) wrote: > > --- linux-2.6.29-rc5.orig/drivers/scsi/libiscsi.c 2009-01-29 08:27:19.000000000 +0100 > > +++ linux-2.6.29-rc5/drivers/scsi/libiscsi.c 2009-02-16 21:19:14.000000000 +0100 > > @@ -1944,7 +1944,7 @@ iscsi_pool_init(struct iscsi_pool *q, in > > num_arrays++; > > q->pool = kzalloc(num_arrays * max * sizeof(void*), GFP_KERNEL); > > if (q->pool == NULL) > > - goto enomem; > > + return -ENOMEM; > > > > q->queue = kfifo_init((void*)q->pool, max * sizeof(void*), > > GFP_KERNEL, NULL); > > @@ -1979,8 +1979,7 @@ void iscsi_pool_free(struct iscsi_pool * > > > > for (i = 0; i < q->max; i++) > > kfree(q->pool[i]); > > - if (q->pool) > > - kfree(q->pool); > > + kfree(q->pool); > > kfree(q->queue); > > AFAICT, This is still broken. > > thanks, > -chris > -- > > Subject: [PATCH] libiscsi: fix error path on iscsi_pool_init > > From: Chris Wright <chrisw@sous-sol.org> > > I'm not all that keen on kfifo_init returning ERR_PTR, but... Ah, I had not noticed this. Good catch! > q->queue could be ERR_PTR(-ENOMEM) which will break unwinding > on error. Make iscsi_pool_free more defensive. > > Signed-off-by: Chris Wright <chrisw@sous-sol.org> > --- > diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c > index dfaa8ad..2f4df53 100644 > --- a/drivers/scsi/libiscsi.c > +++ b/drivers/scsi/libiscsi.c > @@ -1995,7 +1995,7 @@ iscsi_pool_init(struct iscsi_pool *q, int max, void ***items, int item_size) > num_arrays++; > q->pool = kzalloc(num_arrays * max * sizeof(void*), GFP_KERNEL); > if (q->pool == NULL) > - return -ENOMEM; > + goto enomem; > > q->queue = kfifo_init((void*)q->pool, max * sizeof(void*), > GFP_KERNEL, NULL); > @@ -2028,10 +2028,13 @@ void iscsi_pool_free(struct iscsi_pool *q) > { > int i; > > - for (i = 0; i < q->max; i++) > - kfree(q->pool[i]); > - kfree(q->pool); > - kfree(q->queue); > + if (q->pool) { > + for (i = 0; i < q->max; i++) > + kfree(q->pool[i]); > + kfree(q->pool); > + if (!IS_ERR(q->queue)) > + kfree(q->queue); > + } > } > EXPORT_SYMBOL_GPL(iscsi_pool_free); Making the freeing of q->queue dependent on q->pool being set looks really weird (although it is correct at the moment. But this seems to be fixable in a much simpler way: --- drivers/scsi/libiscsi.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- linux-2.6.30-rc0.orig/drivers/scsi/libiscsi.c 2009-03-30 09:27:48.000000000 +0200 +++ linux-2.6.30-rc0/drivers/scsi/libiscsi.c 2009-03-30 21:15:13.000000000 +0200 @@ -1999,8 +1999,10 @@ iscsi_pool_init(struct iscsi_pool *q, in q->queue = kfifo_init((void*)q->pool, max * sizeof(void*), GFP_KERNEL, NULL); - if (q->queue == ERR_PTR(-ENOMEM)) + if (q->queue == ERR_PTR(-ENOMEM)) { + q->queue = NULL; goto enomem; + } for (i = 0; i < max; i++) { q->pool[i] = kzalloc(item_size, GFP_KERNEL); With the benefit that only the error case is slowed down. In both cases we have a problem if q->queue contains an error value but it's not -ENOMEM. Apparently this can't happen today, but it doesn't feel right to assume this will always be true. Maybe it's the right time to fix this as well. -- Jean Delvare Suse L3 -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [stable] [PATCH] [SCSI] libiscsi: fix iscsi pool error path 2009-03-30 19:34 ` [stable] [PATCH] [SCSI] libiscsi: fix iscsi pool error path Jean Delvare @ 2009-03-30 19:43 ` Chris Wright 2009-03-31 6:38 ` Mike Christie 1 sibling, 0 replies; 6+ messages in thread From: Chris Wright @ 2009-03-30 19:43 UTC (permalink / raw) To: Jean Delvare Cc: Chris Wright, stable, Mike Christie, James Bottomley, linux-scsi * Jean Delvare (jdelvare@suse.de) wrote: > Making the freeing of q->queue dependent on q->pool being set looks > really weird (although it is correct at the moment. But this seems > to be fixable in a much simpler way: Fine by me. I condsidered that and for some reason I thought it was odd to do it that way ;-) The pool is the ->buffer used in the fifo, but... Acked-by: Chris Wright <chrisw@sous-sol.org> ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [stable] [PATCH] [SCSI] libiscsi: fix iscsi pool error path 2009-03-30 19:34 ` [stable] [PATCH] [SCSI] libiscsi: fix iscsi pool error path Jean Delvare 2009-03-30 19:43 ` Chris Wright @ 2009-03-31 6:38 ` Mike Christie 1 sibling, 0 replies; 6+ messages in thread From: Mike Christie @ 2009-03-31 6:38 UTC (permalink / raw) To: Jean Delvare; +Cc: Chris Wright, stable, James Bottomley, linux-scsi Jean Delvare wrote: > Hi Chris, > > Le lundi 30 mars 2009, Chris Wright a écrit : >> * Jean Delvare (jdelvare@suse.de) wrote: >>> --- linux-2.6.29-rc5.orig/drivers/scsi/libiscsi.c 2009-01-29 08:27:19.000000000 +0100 >>> +++ linux-2.6.29-rc5/drivers/scsi/libiscsi.c 2009-02-16 21:19:14.000000000 +0100 >>> @@ -1944,7 +1944,7 @@ iscsi_pool_init(struct iscsi_pool *q, in >>> num_arrays++; >>> q->pool = kzalloc(num_arrays * max * sizeof(void*), GFP_KERNEL); >>> if (q->pool == NULL) >>> - goto enomem; >>> + return -ENOMEM; >>> >>> q->queue = kfifo_init((void*)q->pool, max * sizeof(void*), >>> GFP_KERNEL, NULL); >>> @@ -1979,8 +1979,7 @@ void iscsi_pool_free(struct iscsi_pool * >>> >>> for (i = 0; i < q->max; i++) >>> kfree(q->pool[i]); >>> - if (q->pool) >>> - kfree(q->pool); >>> + kfree(q->pool); >>> kfree(q->queue); >> AFAICT, This is still broken. >> >> thanks, >> -chris >> -- >> >> Subject: [PATCH] libiscsi: fix error path on iscsi_pool_init >> >> From: Chris Wright <chrisw@sous-sol.org> >> >> I'm not all that keen on kfifo_init returning ERR_PTR, but... > > Ah, I had not noticed this. Good catch! > Yeah, thanks Chris. >> q->queue could be ERR_PTR(-ENOMEM) which will break unwinding >> on error. Make iscsi_pool_free more defensive. >> >> Signed-off-by: Chris Wright <chrisw@sous-sol.org> >> --- >> diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c >> index dfaa8ad..2f4df53 100644 >> --- a/drivers/scsi/libiscsi.c >> +++ b/drivers/scsi/libiscsi.c >> @@ -1995,7 +1995,7 @@ iscsi_pool_init(struct iscsi_pool *q, int max, void ***items, int item_size) >> num_arrays++; >> q->pool = kzalloc(num_arrays * max * sizeof(void*), GFP_KERNEL); >> if (q->pool == NULL) >> - return -ENOMEM; >> + goto enomem; >> >> q->queue = kfifo_init((void*)q->pool, max * sizeof(void*), >> GFP_KERNEL, NULL); >> @@ -2028,10 +2028,13 @@ void iscsi_pool_free(struct iscsi_pool *q) >> { >> int i; >> >> - for (i = 0; i < q->max; i++) >> - kfree(q->pool[i]); >> - kfree(q->pool); >> - kfree(q->queue); >> + if (q->pool) { >> + for (i = 0; i < q->max; i++) >> + kfree(q->pool[i]); >> + kfree(q->pool); >> + if (!IS_ERR(q->queue)) >> + kfree(q->queue); >> + } >> } >> EXPORT_SYMBOL_GPL(iscsi_pool_free); > > Making the freeing of q->queue dependent on q->pool being set looks > really weird (although it is correct at the moment. But this seems > to be fixable in a much simpler way: > > --- > drivers/scsi/libiscsi.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > --- linux-2.6.30-rc0.orig/drivers/scsi/libiscsi.c 2009-03-30 09:27:48.000000000 +0200 > +++ linux-2.6.30-rc0/drivers/scsi/libiscsi.c 2009-03-30 21:15:13.000000000 +0200 > @@ -1999,8 +1999,10 @@ iscsi_pool_init(struct iscsi_pool *q, in > > q->queue = kfifo_init((void*)q->pool, max * sizeof(void*), > GFP_KERNEL, NULL); > - if (q->queue == ERR_PTR(-ENOMEM)) > + if (q->queue == ERR_PTR(-ENOMEM)) { > + q->queue = NULL; > goto enomem; > + } > > for (i = 0; i < max; i++) { > q->pool[i] = kzalloc(item_size, GFP_KERNEL); > > With the benefit that only the error case is slowed down. In both > cases we have a problem if q->queue contains an error value but it's > not -ENOMEM. Apparently this can't happen today, but it doesn't feel > right to assume this will always be true. Maybe it's the right time > to fix this as well. > Yeah I agree. I will just modify the patch to check for IS_ERR(q->queue) in there. I will do a quick sanity test on it here then pass it on to James with some other stuff for 2.6.30. Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2009-03-31 6:47 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <200903291119.42080.jdelvare@suse.de>
2009-03-30 18:44 ` [stable] [PATCH] [SCSI] libiscsi: fix iscsi pool error path Chris Wright
2009-03-30 18:49 ` [PATCH] libsrp: free kfifo struct in srp_iu_pool_free Chris Wright
2009-03-30 19:38 ` Jean Delvare
2009-03-30 19:34 ` [stable] [PATCH] [SCSI] libiscsi: fix iscsi pool error path Jean Delvare
2009-03-30 19:43 ` Chris Wright
2009-03-31 6:38 ` Mike Christie
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox