APPLIED[F]: [PATCH] scsi: scsi_transport_sas: Fix memory leak when removing devices
Seth Forshee
seth.forshee at canonical.com
Tue Jan 21 23:11:15 UTC 2020
On Thu, Jan 09, 2020 at 04:12:06PM +0800, Ike Panhc wrote:
> From: John Garry <john.garry at huawei.com>
>
> BugLink: https://launchpad.net/bugs/1854550
>
> Removing a non-host rphy causes a memory leak:
>
> root@(none)$ echo 0 > /sys/devices/platform/HISI0162:01/host0/port-0:0/expander-0:0/port-0:0:10/phy-0:0:10/sas_phy/phy-0:0:10/enable
> [ 79.857888] hisi_sas_v2_hw HISI0162:01: dev[7:1] is gone
> root@(none)$ echo scan > /sys/kernel/debug/kmemleak
> [ 131.656603] kmemleak: 3 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
> root@(none)$ more /sys/kernel/debug/kmemleak
> unreferenced object 0xffff041da5c66000 (size 256):
> comm "kworker/u128:1", pid 549, jiffies 4294898543 (age 113.728s)
> hex dump (first 32 bytes):
> 00 5e c6 a5 1d 04 ff ff 01 00 00 00 00 00 00 00 .^..............
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> [<(____ptrval____)>] kmem_cache_alloc+0x188/0x260
> [<(____ptrval____)>] bsg_setup_queue+0x48/0x1a8
> [<(____ptrval____)>] sas_rphy_add+0x108/0x2d0
> [<(____ptrval____)>] sas_probe_devices+0x168/0x208
> [<(____ptrval____)>] sas_discover_domain+0x660/0x9c8
> [<(____ptrval____)>] process_one_work+0x3f8/0x690
> [<(____ptrval____)>] worker_thread+0x70/0x6a0
> [<(____ptrval____)>] kthread+0x1b8/0x1c0
> [<(____ptrval____)>] ret_from_fork+0x10/0x18
> unreferenced object 0xffff041d8c075400 (size 128):
> comm "kworker/u128:1", pid 549, jiffies 4294898543 (age 113.728s)
> hex dump (first 32 bytes):
> 00 40 25 97 1d 00 ff ff 00 00 00 00 00 00 00 00 .@%.............
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> [<(____ptrval____)>] __kmalloc_node+0x1a8/0x2c8
> [<(____ptrval____)>] blk_mq_realloc_tag_set_tags.part.70+0x48/0xd8
> [<(____ptrval____)>] blk_mq_alloc_tag_set+0x1dc/0x530
> [<(____ptrval____)>] bsg_setup_queue+0xe8/0x1a8
> [<(____ptrval____)>] sas_rphy_add+0x108/0x2d0
> [<(____ptrval____)>] sas_probe_devices+0x168/0x208
> [<(____ptrval____)>] sas_discover_domain+0x660/0x9c8
> [<(____ptrval____)>] process_one_work+0x3f8/0x690
> [<(____ptrval____)>] worker_thread+0x70/0x6a0
> [<(____ptrval____)>] kthread+0x1b8/0x1c0
> [<(____ptrval____)>] ret_from_fork+0x10/0x18
> unreferenced object 0xffff041da5c65e00 (size 256):
> comm "kworker/u128:1", pid 549, jiffies 4294898543 (age 113.728s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> [<(____ptrval____)>] __kmalloc_node+0x1a8/0x2c8
> [<(____ptrval____)>] blk_mq_alloc_tag_set+0x254/0x530
> [<(____ptrval____)>] bsg_setup_queue+0xe8/0x1a8
> [<(____ptrval____)>] sas_rphy_add+0x108/0x2d0
> [<(____ptrval____)>] sas_probe_devices+0x168/0x208
> [<(____ptrval____)>] sas_discover_domain+0x660/0x9c8
> [<(____ptrval____)>] process_one_work+0x3f8/0x690
> [<(____ptrval____)>] worker_thread+0x70/0x6a0
> [<(____ptrval____)>] kthread+0x1b8/0x1c0
> [<(____ptrval____)>] ret_from_fork+0x10/0x18
> root@(none)$
>
> It turns out that we don't clean up the request queue fully for bsg
> devices, as the blk mq tags for the request queue are not freed.
>
> Fix by doing the queue removal in one place - in sas_rphy_remove() -
> instead of unregistering the queue in sas_rphy_remove() and finally
> cleaning up the queue in calling blk_cleanup_queue() from
> sas_end_device_release() or sas_expander_release().
>
> Function bsg_remove_queue() can handle a NULL pointer q, so remove the
> precheck in sas_rphy_remove().
>
> Fixes: 651a013649943 ("scsi: scsi_transport_sas: switch to bsg-lib for SMP passthrough")
> Link: https://lore.kernel.org/r/1574242755-94156-1-git-send-email-john.garry@huawei.com
> Signed-off-by: John Garry <john.garry at huawei.com>
> Signed-off-by: Martin K. Petersen <martin.petersen at oracle.com>
> (cherry picked from commit 82ea3e0e129e2ab913dd6684bab7a6e5e9896dee)
> Signed-off-by: Ike Panhc <ike.pan at canonical.com>
Applied to focal/master-next, thanks!
More information about the kernel-team
mailing list