From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Bob Liu <bob.liu@oracle.com>
Cc: xen-devel@lists.xen.org, linux-kernel@vger.kernel.org,
roger.pau@citrix.com, felipe.franciosi@citrix.com, axboe@fb.com,
avanzini.arianna@gmail.com, rafal.mielniczuk@citrix.com,
jonathan.davies@citrix.com, david.vrabel@citrix.com
Subject: Re: [PATCH v5 07/10] xen/blkback: pseudo support for multi hardware queues/rings
Date: Wed, 25 Nov 2015 12:40:34 -0500 [thread overview]
Message-ID: <20151125174034.GB19188@x230.dumpdata.com> (raw)
In-Reply-To: <1447470739-18136-8-git-send-email-bob.liu@oracle.com>
> @@ -113,19 +115,55 @@ static void xen_update_blkif_status(struct xen_blkif *blkif)
> }
> invalidate_inode_pages2(blkif->vbd.bdev->bd_inode->i_mapping);
>
> - blkif->ring.xenblkd = kthread_run(xen_blkif_schedule, &blkif->ring, "%s", name);
> - if (IS_ERR(blkif->ring.xenblkd)) {
> - err = PTR_ERR(blkif->ring.xenblkd);
> - blkif->ring.xenblkd = NULL;
> - xenbus_dev_error(blkif->be->dev, err, "start xenblkd");
> - return;
> + for (i = 0; i < blkif->nr_rings; i++) {
> + ring = &blkif->rings[i];
> + ring->xenblkd = kthread_run(xen_blkif_schedule, ring, "%s-%d", name, i);
> + if (IS_ERR(ring->xenblkd)) {
> + err = PTR_ERR(ring->xenblkd);
> + ring->xenblkd = NULL;
> + xenbus_dev_fatal(blkif->be->dev, err,
> + "start %s-%d xenblkd", name, i);
> + goto out;
> + }
> + }
> + return;
> +
> +out:
> + while (--i >= 0) {
> + ring = &blkif->rings[i];
> + kthread_stop(ring->xenblkd);
That won't work. Imagine us failing at the start of the loop above,
so i==0. We get here and decrement and unsigned int by one, and loop
back to 0xffffffffff. Naturally 0xffff.. >= 0 so we will just continue
one going over the blkif->rings[0xffffff].. and BOOM!
This worked when 'i' was 'int', but now it is unsigned int.
Let me make it 'int' and then this works, or we can swap
the loop around and use 'i-1' to use the previous entry.
[Fixed it up in my tree]
> }
> + return;
> +}
> +
.. snip..
> +static int connect_ring(struct backend_info *be)
> +{
> + struct xenbus_device *dev = be->dev;
> + unsigned int pers_grants;
> + char protocol[64] = "";
> + int err, i;
> + char *xspath;
> + size_t xspathsize;
> + const size_t xenstore_path_ext_size = 11; /* sufficient for "/queue-NNN" */
> +
> + pr_debug("%s %s\n", __func__, dev->otherend);
> +
> + be->blkif->blk_protocol = BLKIF_PROTOCOL_DEFAULT;
> + err = xenbus_gather(XBT_NIL, dev->otherend, "protocol",
> + "%63s", protocol, NULL);
> + if (err)
> + strcpy(protocol, "unspecified, assuming default");
> + else if (0 == strcmp(protocol, XEN_IO_PROTO_ABI_NATIVE))
> + be->blkif->blk_protocol = BLKIF_PROTOCOL_NATIVE;
> + else if (0 == strcmp(protocol, XEN_IO_PROTO_ABI_X86_32))
> + be->blkif->blk_protocol = BLKIF_PROTOCOL_X86_32;
> + else if (0 == strcmp(protocol, XEN_IO_PROTO_ABI_X86_64))
> + be->blkif->blk_protocol = BLKIF_PROTOCOL_X86_64;
> + else {
> + xenbus_dev_fatal(dev, err, "unknown fe protocol %s", protocol);
> + return -1;
> + }
> + err = xenbus_gather(XBT_NIL, dev->otherend,
> + "feature-persistent", "%u",
> + &pers_grants, NULL);
> + if (err)
> + pers_grants = 0;
> +
> + be->blkif->vbd.feature_gnt_persistent = pers_grants;
> + be->blkif->vbd.overflow_max_grants = 0;
> +
> + pr_info("%s: using %d queues, protocol %d (%s) %s\n", dev->nodename,
> + be->blkif->nr_rings, be->blkif->blk_protocol, protocol,
> + pers_grants ? "persistent grants" : "");
> +
> + if (be->blkif->nr_rings == 1)
> + return read_per_ring_refs(&be->blkif->rings[0], dev->otherend);
> + else {
> + xspathsize = strlen(dev->otherend) + xenstore_path_ext_size;
> + xspath = kmalloc(xspathsize, GFP_KERNEL);
> + if (!xspath) {
> + xenbus_dev_fatal(dev, -ENOMEM, "reading ring references");
> + return -ENOMEM;
> + }
> +
> + for (i = 0; i < be->blkif->nr_rings; i++) {
> + memset(xspath, 0, xspathsize);
> + snprintf(xspath, xspathsize, "%s/queue-%u", dev->otherend, i);
> + err = read_per_ring_refs(&be->blkif->rings[i], xspath);
Say nr_rings is 4 and this fails at the last one. That means
be->blkif->rings[0..2].pending_free has a bunch of pages and
also ring->blk_ring are set. We return out of this function
and end back in (frontend_changed):
752 err = connect_ring(be);
753 if (err)
754 break;
Great. So we have a memory leak until the device goes in
XenbusStateConnected (where we end up calling xen_blkif_disconnect
and free ring[0..2]..
But that may take a while if the guest is not nice. Perhaps we should
add in frontend_changed(..) an call to xen_blkif_disconnect in case
we fail at 'connect_ring' to clear the memory faster. I will prep a
patch for that.
> + if (err) {
> + kfree(xspath);
> + return err;
> + }
> + }
> + kfree(xspath);
> + }
> + return 0;
> }
>
> static const struct xenbus_device_id xen_blkbk_ids[] = {
> --
> 1.7.10.4
>
next prev parent reply other threads:[~2015-11-25 17:40 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-14 3:12 [PATCH v5 00/10] xen-block: multi hardware-queues/rings support Bob Liu
2015-11-14 3:12 ` [PATCH v5 01/10] xen/blkif: document blkif multi-queue/ring extension Bob Liu
2015-11-14 3:12 ` [PATCH v5 02/10] xen/blkfront: separate per ring information out of device info Bob Liu
2015-11-14 3:12 ` [PATCH v5 03/10] xen/blkfront: pseudo support for multi hardware queues/rings Bob Liu
2015-11-14 3:12 ` [PATCH v5 04/10] xen/blkfront: split per device io_lock Bob Liu
2015-11-14 3:12 ` [PATCH v5 05/10] xen/blkfront: negotiate number of queues/rings to be used with backend Bob Liu
[not found] ` <20151116212702.GA12823@char.us.oracle.com>
2015-11-16 23:13 ` Bob Liu
2015-11-14 3:12 ` [PATCH v5 06/10] xen/blkback: separate ring information out of struct xen_blkif Bob Liu
2015-11-14 3:12 ` [PATCH v5 07/10] xen/blkback: pseudo support for multi hardware queues/rings Bob Liu
2015-11-25 17:40 ` Konrad Rzeszutek Wilk [this message]
2015-11-14 3:12 ` [PATCH v5 08/10] xen/blkback: get the number of hardware queues/rings from blkfront Bob Liu
2015-11-25 17:58 ` Konrad Rzeszutek Wilk
2015-11-14 3:12 ` [PATCH v5 09/10] xen/blkfront: make persistent grants pool per-queue Bob Liu
2015-11-14 3:12 ` [PATCH v5 10/10] xen/blkback: make pool of persistent grants and free pages per-queue Bob Liu
2015-11-25 19:25 ` [PATCH v5 00/10] xen-block: multi hardware-queues/rings support Konrad Rzeszutek Wilk
2015-11-25 20:56 ` Konrad Rzeszutek Wilk
2015-11-25 22:12 ` Konrad Rzeszutek Wilk
2015-11-26 2:28 ` Bob Liu
2015-11-26 2:57 ` Konrad Rzeszutek Wilk
2015-11-26 7:09 ` Bob Liu
2015-11-26 16:20 ` Konrad Rzeszutek Wilk
2015-11-25 19:35 ` [PATCH RFC] Various fixes to xen block drivers on top of Bob's multi-queue patches Konrad Rzeszutek Wilk
2015-11-25 19:35 ` [PATCH RFC 1/2] xen/blocks: Return -EXX instead of -1 Konrad Rzeszutek Wilk
2015-11-25 19:35 ` [PATCH RFC 2/2] xen/blkback: Free resources if connect_ring failed Konrad Rzeszutek Wilk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151125174034.GB19188@x230.dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=avanzini.arianna@gmail.com \
--cc=axboe@fb.com \
--cc=bob.liu@oracle.com \
--cc=david.vrabel@citrix.com \
--cc=felipe.franciosi@citrix.com \
--cc=jonathan.davies@citrix.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rafal.mielniczuk@citrix.com \
--cc=roger.pau@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox