Commit d02a2c077fb81f3224c770be62a318165b23b486
Committed by
Jens Axboe
Jens Axboe
1 parent
b9598db340
Exists in
master
and in
4 other branches
cfq-iosched: fix an oops caused by slab leak
I got below oops when unloading cfq-iosched. Considering scenario: queue A merge to B, C merge to D and B will be merged to D. Before B is merged to D, we do split B. We should put B's reference for D. [ 807.768536] ============================================================================= [ 807.768539] BUG cfq_queue: Objects remaining on kmem_cache_close() [ 807.768541] ----------------------------------------------------------------------------- [ 807.768543] [ 807.768546] INFO: Slab 0xffffea0003e6b4e0 objects=26 used=1 fp=0xffff88011d584fd8 flags=0x200000000004082 [ 807.768550] Pid: 5946, comm: rmmod Tainted: G W 2.6.34-07097-gf4b87de-dirty #724 [ 807.768552] Call Trace: [ 807.768560] [<ffffffff81104e8d>] slab_err+0x8f/0x9d [ 807.768564] [<ffffffff811059e1>] ? flush_cpu_slab+0x0/0x93 [ 807.768569] [<ffffffff8164be52>] ? add_preempt_count+0xe/0xca [ 807.768572] [<ffffffff8164bd9c>] ? sub_preempt_count+0xe/0xb6 [ 807.768577] [<ffffffff81648871>] ? _raw_spin_unlock+0x15/0x30 [ 807.768580] [<ffffffff8164bd9c>] ? sub_preempt_count+0xe/0xb6 [ 807.768584] [<ffffffff811061bc>] list_slab_objects+0x9b/0x19f [ 807.768588] [<ffffffff8164bf0a>] ? add_preempt_count+0xc6/0xca [ 807.768591] [<ffffffff81109e27>] kmem_cache_destroy+0x13f/0x21d [ 807.768597] [<ffffffffa000ff13>] cfq_slab_kill+0x1a/0x43 [cfq_iosched] [ 807.768601] [<ffffffffa000ffcf>] cfq_exit+0x93/0x9e [cfq_iosched] [ 807.768606] [<ffffffff810973a2>] sys_delete_module+0x1b1/0x219 [ 807.768612] [<ffffffff8102fb5b>] system_call_fastpath+0x16/0x1b [ 807.768618] INFO: Object 0xffff88011d584618 @offset=1560 [ 807.768622] INFO: Allocated in cfq_get_queue+0x11e/0x274 [cfq_iosched] age=7173 cpu=1 pid=5496 [ 807.768626] ============================================================================= Cc: stable@kernel.org Signed-off-by: Shaohua Li <shaohua.li@intel.com> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Showing 1 changed file with 14 additions and 6 deletions Side-by-side Diff
block/cfq-iosched.c
| ... | ... | @@ -2560,15 +2560,10 @@ |
| 2560 | 2560 | __call_for_each_cic(ioc, cic_free_func); |
| 2561 | 2561 | } |
| 2562 | 2562 | |
| 2563 | -static void cfq_exit_cfqq(struct cfq_data *cfqd, struct cfq_queue *cfqq) | |
| 2563 | +static void cfq_put_cooperator(struct cfq_queue *cfqq) | |
| 2564 | 2564 | { |
| 2565 | 2565 | struct cfq_queue *__cfqq, *next; |
| 2566 | 2566 | |
| 2567 | - if (unlikely(cfqq == cfqd->active_queue)) { | |
| 2568 | - __cfq_slice_expired(cfqd, cfqq, 0); | |
| 2569 | - cfq_schedule_dispatch(cfqd); | |
| 2570 | - } | |
| 2571 | - | |
| 2572 | 2567 | /* |
| 2573 | 2568 | * If this queue was scheduled to merge with another queue, be |
| 2574 | 2569 | * sure to drop the reference taken on that queue (and others in |
| 2575 | 2570 | |
| ... | ... | @@ -2584,7 +2579,17 @@ |
| 2584 | 2579 | cfq_put_queue(__cfqq); |
| 2585 | 2580 | __cfqq = next; |
| 2586 | 2581 | } |
| 2582 | +} | |
| 2587 | 2583 | |
| 2584 | +static void cfq_exit_cfqq(struct cfq_data *cfqd, struct cfq_queue *cfqq) | |
| 2585 | +{ | |
| 2586 | + if (unlikely(cfqq == cfqd->active_queue)) { | |
| 2587 | + __cfq_slice_expired(cfqd, cfqq, 0); | |
| 2588 | + cfq_schedule_dispatch(cfqd); | |
| 2589 | + } | |
| 2590 | + | |
| 2591 | + cfq_put_cooperator(cfqq); | |
| 2592 | + | |
| 2588 | 2593 | cfq_put_queue(cfqq); |
| 2589 | 2594 | } |
| 2590 | 2595 | |
| ... | ... | @@ -3536,6 +3541,9 @@ |
| 3536 | 3541 | } |
| 3537 | 3542 | |
| 3538 | 3543 | cic_set_cfqq(cic, NULL, 1); |
| 3544 | + | |
| 3545 | + cfq_put_cooperator(cfqq); | |
| 3546 | + | |
| 3539 | 3547 | cfq_put_queue(cfqq); |
| 3540 | 3548 | return NULL; |
| 3541 | 3549 | } |