[PATCH 4.4 124/342] dm: fix dm_rq_target_io leak on faults with .request_fn DM w/ blk-mq paths

From: Greg Kroah-Hartman
Date: Tue Mar 01 2016 - 19:59:11 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.4 122/342] dm space map metadata: remove unused variable in brb_pop()"
Previous message: Greg Kroah-Hartman: "[PATCH 4.4 160/342] EDAC, mc_sysfs: Fix freeing bus name"
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 160/342] EDAC, mc_sysfs: Fix freeing bus name"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 122/342] dm space map metadata: remove unused variable in brb_pop()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.4-stable review patch. If anyone has any objections, please let me know.

------------------

From: Mike Snitzer <snitzer@xxxxxxxxxx>

commit 4328daa2e79ed904a42ce00a9f38b9c36b44b21a upstream.

Using request-based DM mpath configured with the following stacking
(.request_fn DM mpath ontop of scsi-mq paths):

echo Y > /sys/module/scsi_mod/parameters/use_blk_mq
echo N > /sys/module/dm_mod/parameters/use_blk_mq

'struct dm_rq_target_io' would leak if a request is requeued before a
blk-mq clone is allocated (or fails to allocate). free_rq_tio()
wasn't being called.

kmemleak reported:

unreferenced object 0xffff8800b90b98c0 (size 112):
comm "kworker/7:1H", pid 5692, jiffies 4295056109 (age 78.589s)
hex dump (first 32 bytes):
00 d0 5c 2c 03 88 ff ff 40 00 bf 01 00 c9 ff ff ..\,....@.......
e0 d9 b1 34 00 88 ff ff 00 00 00 00 00 00 00 00 ...4............
backtrace:
[<ffffffff81672b6e>] kmemleak_alloc+0x4e/0xb0
[<ffffffff811dbb63>] kmem_cache_alloc+0xc3/0x1e0
[<ffffffff8117eae5>] mempool_alloc_slab+0x15/0x20
[<ffffffff8117ec1e>] mempool_alloc+0x6e/0x170
[<ffffffffa00029ac>] dm_old_prep_fn+0x3c/0x180 [dm_mod]
[<ffffffff812fbd78>] blk_peek_request+0x168/0x290
[<ffffffffa0003e62>] dm_request_fn+0xb2/0x1b0 [dm_mod]
[<ffffffff812f66e3>] __blk_run_queue+0x33/0x40
[<ffffffff812f9585>] blk_delay_work+0x25/0x40
[<ffffffff81096fff>] process_one_work+0x14f/0x3d0
[<ffffffff81097715>] worker_thread+0x125/0x4b0
[<ffffffff8109ce88>] kthread+0xd8/0xf0
[<ffffffff8167cb8f>] ret_from_fork+0x3f/0x70
[<ffffffffffffffff>] 0xffffffffffffffff

crash> struct -o dm_rq_target_io
struct dm_rq_target_io {
...
}
SIZE: 112

Fixes: e5863d9ad7 ("dm: allocate requests in target when stacking on blk-mq devices")
Signed-off-by: Mike Snitzer <snitzer@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/md/dm.c | 2 ++
1 file changed, 2 insertions(+)

--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -1191,6 +1191,8 @@ static void dm_unprep_request(struct req

if (clone)
free_rq_clone(clone);
+ else if (!tio->md->queue->mq_ops)
+ free_rq_tio(tio);
}

/*

Next message: Greg Kroah-Hartman: "[PATCH 4.4 122/342] dm space map metadata: remove unused variable in brb_pop()"
Previous message: Greg Kroah-Hartman: "[PATCH 4.4 160/342] EDAC, mc_sysfs: Fix freeing bus name"
In reply to: Greg Kroah-Hartman: "[PATCH 4.4 160/342] EDAC, mc_sysfs: Fix freeing bus name"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.4 122/342] dm space map metadata: remove unused variable in brb_pop()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]