Patchwork mtd: Fix memory leak triggered by removal

login
register
mail settings
Submitter Fubo Chen
Date Feb. 25, 2012, 4:57 p.m.
Message ID <4462354.EgehQQfXY4@asus>
Download mbox | patch
Permalink /patch/143061/
State New
Headers show

Comments

Fubo Chen - Feb. 25, 2012, 4:57 p.m.
Make sure that blk_cleanup_queue() is called in del_mtd_blktrans_dev().

Signed-off-by: Fubo Chen <fubo.chen@gmail.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: linux-mtd@lists.infradead.org
---
 drivers/mtd/mtd_blkdevs.c |    9 ++-------
 1 files changed, 2 insertions(+), 7 deletions(-)
Bityutskiy, Artem - March 9, 2012, 9:48 a.m.
On Fri, 2012-03-09 at 11:49 +0200, Artem Bityutskiy wrote:
> Please, provide better explanation in the commit message about which
> problem you solve, why you do this, and how you tested this.
> blktrans_dev_release() also calls blk_cleanup_queue() - why we need to
> do it 2 times?

Sorry, you told which problem you solve, but still, could you please
provide more invormation about why the problem existed and when it it
was triggered, and how you fix this and why this fix is correct.
Artem Bityutskiy - March 9, 2012, 9:49 a.m.
On Sat, 2012-02-25 at 16:57 +0000, Fubo Chen wrote:
>  	dev = rq->queuedata;
>  
> -	if (!dev)
> +	if (unlikely(blk_queue_dead(rq)))
>  		while ((req = blk_fetch_request(rq)) != NULL)
>  			__blk_end_request_all(req, -ENODEV);

I think this should be a separate patch with own commit message and
explanation. I guess you can kill 'dev' as well then?

>  	else {
> @@ -469,8 +469,6 @@ error1:
>  
>  int del_mtd_blktrans_dev(struct mtd_blktrans_dev *old)
>  {
> -	unsigned long flags;
> -
>  	if (mutex_trylock(&mtd_table_mutex)) {
>  		mutex_unlock(&mtd_table_mutex);
>  		BUG();
> @@ -488,10 +486,7 @@ int del_mtd_blktrans_dev(struct mtd_blktrans_dev *old)
>  	kthread_stop(old->thread);
>  
>  	/* Kill current requests */
> -	spin_lock_irqsave(&old->queue_lock, flags);
> -	old->rq->queuedata = NULL;
> -	blk_start_queue(old->rq);
> -	spin_unlock_irqrestore(&old->queue_lock, flags);
> +	blk_cleanup_queue(old->rq);

Please, provide better explanation in the commit message about which
problem you solve, why you do this, and how you tested this.
blktrans_dev_release() also calls blk_cleanup_queue() - why we need to
do it 2 times?

Patch

diff --git a/drivers/mtd/mtd_blkdevs.c b/drivers/mtd/mtd_blkdevs.c
index 424ca5f..8b72f24 100644
--- a/drivers/mtd/mtd_blkdevs.c
+++ b/drivers/mtd/mtd_blkdevs.c
@@ -196,7 +196,7 @@  static void mtd_blktrans_request(struct request_queue *rq)
 
 	dev = rq->queuedata;
 
-	if (!dev)
+	if (unlikely(blk_queue_dead(rq)))
 		while ((req = blk_fetch_request(rq)) != NULL)
 			__blk_end_request_all(req, -ENODEV);
 	else {
@@ -469,8 +469,6 @@  error1:
 
 int del_mtd_blktrans_dev(struct mtd_blktrans_dev *old)
 {
-	unsigned long flags;
-
 	if (mutex_trylock(&mtd_table_mutex)) {
 		mutex_unlock(&mtd_table_mutex);
 		BUG();
@@ -488,10 +486,7 @@  int del_mtd_blktrans_dev(struct mtd_blktrans_dev *old)
 	kthread_stop(old->thread);
 
 	/* Kill current requests */
-	spin_lock_irqsave(&old->queue_lock, flags);
-	old->rq->queuedata = NULL;
-	blk_start_queue(old->rq);
-	spin_unlock_irqrestore(&old->queue_lock, flags);
+	blk_cleanup_queue(old->rq);
 
 	/* If the device is currently open, tell trans driver to close it,
 		then put mtd device, and don't touch it again */