mtd: Fix memory leak triggered by removal

Submitted by Fubo Chen on Feb. 25, 2012, 4:57 p.m.

Details

Message ID 4462354.EgehQQfXY4@asus
State New, archived
Headers show

Commit Message

Fubo Chen Feb. 25, 2012, 4:57 p.m.
Make sure that blk_cleanup_queue() is called in del_mtd_blktrans_dev().

Signed-off-by: Fubo Chen <fubo.chen@gmail.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: linux-mtd@lists.infradead.org
---
 drivers/mtd/mtd_blkdevs.c |    9 ++-------
 1 files changed, 2 insertions(+), 7 deletions(-)

Comments

Bityutskiy, Artem March 9, 2012, 9:48 a.m.
On Fri, 2012-03-09 at 11:49 +0200, Artem Bityutskiy wrote:
> Please, provide better explanation in the commit message about which
> problem you solve, why you do this, and how you tested this.
> blktrans_dev_release() also calls blk_cleanup_queue() - why we need to
> do it 2 times?

Sorry, you told which problem you solve, but still, could you please
provide more invormation about why the problem existed and when it it
was triggered, and how you fix this and why this fix is correct.
Artem Bityutskiy March 9, 2012, 9:49 a.m.
On Sat, 2012-02-25 at 16:57 +0000, Fubo Chen wrote:
>  	dev = rq->queuedata;
>  
> -	if (!dev)
> +	if (unlikely(blk_queue_dead(rq)))
>  		while ((req = blk_fetch_request(rq)) != NULL)
>  			__blk_end_request_all(req, -ENODEV);

I think this should be a separate patch with own commit message and
explanation. I guess you can kill 'dev' as well then?

>  	else {
> @@ -469,8 +469,6 @@ error1:
>  
>  int del_mtd_blktrans_dev(struct mtd_blktrans_dev *old)
>  {
> -	unsigned long flags;
> -
>  	if (mutex_trylock(&mtd_table_mutex)) {
>  		mutex_unlock(&mtd_table_mutex);
>  		BUG();
> @@ -488,10 +486,7 @@ int del_mtd_blktrans_dev(struct mtd_blktrans_dev *old)
>  	kthread_stop(old->thread);
>  
>  	/* Kill current requests */
> -	spin_lock_irqsave(&old->queue_lock, flags);
> -	old->rq->queuedata = NULL;
> -	blk_start_queue(old->rq);
> -	spin_unlock_irqrestore(&old->queue_lock, flags);
> +	blk_cleanup_queue(old->rq);

Please, provide better explanation in the commit message about which
problem you solve, why you do this, and how you tested this.
blktrans_dev_release() also calls blk_cleanup_queue() - why we need to
do it 2 times?

Patch hide | download patch | download mbox

diff --git a/drivers/mtd/mtd_blkdevs.c b/drivers/mtd/mtd_blkdevs.c
index 424ca5f..8b72f24 100644
--- a/drivers/mtd/mtd_blkdevs.c
+++ b/drivers/mtd/mtd_blkdevs.c
@@ -196,7 +196,7 @@  static void mtd_blktrans_request(struct request_queue *rq)
 
 	dev = rq->queuedata;
 
-	if (!dev)
+	if (unlikely(blk_queue_dead(rq)))
 		while ((req = blk_fetch_request(rq)) != NULL)
 			__blk_end_request_all(req, -ENODEV);
 	else {
@@ -469,8 +469,6 @@  error1:
 
 int del_mtd_blktrans_dev(struct mtd_blktrans_dev *old)
 {
-	unsigned long flags;
-
 	if (mutex_trylock(&mtd_table_mutex)) {
 		mutex_unlock(&mtd_table_mutex);
 		BUG();
@@ -488,10 +486,7 @@  int del_mtd_blktrans_dev(struct mtd_blktrans_dev *old)
 	kthread_stop(old->thread);
 
 	/* Kill current requests */
-	spin_lock_irqsave(&old->queue_lock, flags);
-	old->rq->queuedata = NULL;
-	blk_start_queue(old->rq);
-	spin_unlock_irqrestore(&old->queue_lock, flags);
+	blk_cleanup_queue(old->rq);
 
 	/* If the device is currently open, tell trans driver to close it,
 		then put mtd device, and don't touch it again */