From: Bart Van Assche <Bart.VanAssche@sandisk.com>
To: "hch@lst.de" <hch@lst.de>
Cc: "linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>
Subject: Re: [PATCH 1/2] qla2xxx: Fix a recently introduced memory leak
Date: Wed, 25 Jan 2017 15:47:20 +0000 [thread overview]
Message-ID: <1485359225.3093.3.camel@sandisk.com> (raw)
In-Reply-To: <20170123163446.9227-2-bart.vanassche@sandisk.com>
On Mon, 2017-01-23 at 08:34 -0800, Bart Van Assche wrote:
> qla2x00_probe_one() allocates IRQs before it initializes rsp_q_map
> so IRQs must be freed even if rsp_q_map allocation did not occur.
> This was detected by kmemleak.
>
> Fixes: 4fa183455988 ("scsi: qla2xxx: Utilize pci_alloc_irq_vectors/pci_free_irq_vectors calls")
> Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
> Cc: Michael Hernandez <michael.hernandez@cavium.com>
> Cc: Himanshu Madhani <himanshu.madhani@cavium.com>
> Cc: Christoph Hellwig <hch@lst.de>
> Cc: <stable@vger.kernel.org>
> ---
> drivers/scsi/qla2xxx/qla_isr.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c
> index dc88a09f9043..a94b0b6bd030 100644
> --- a/drivers/scsi/qla2xxx/qla_isr.c
> +++ b/drivers/scsi/qla2xxx/qla_isr.c
> @@ -3242,7 +3242,7 @@ qla2x00_free_irqs(scsi_qla_host_t *vha)
> * from a probe failure context.
> */
> if (!ha->rsp_q_map || !ha->rsp_q_map[0])
> - return;
> + goto free_irqs;
> rsp = ha->rsp_q_map[0];
>
> if (ha->flags.msix_enabled) {
> @@ -3262,6 +3262,7 @@ qla2x00_free_irqs(scsi_qla_host_t *vha)
> free_irq(pci_irq_vector(ha->pdev, 0), rsp);
> }
>
> +free_irqs:
> pci_free_irq_vectors(ha->pdev);
> }
Hello Christoph,
When I tested this patch for the first time on my test setup all my tests
passed. However, when I retested this patch yesterday the SLUB debug code
triggered a complaint. I don't see how my patch could have caused this
complaint. Can you or someone else who is familiar with the
pci_alloc_irq_vectors_affinity() / pci_free_irq_vectors() have a look at
the output below? That output is triggered every time the qla2xxx kernel
is loaded in a virtual machine to which two QLogic FC adapters had been
assigned via PCIe passthrough.
Thanks,
Bart.
qla2xxx [0000:00:00.0]-0005: : QLogic Fibre Channel HBA Driver: 8.07.00.38-k.
qla2xxx [0000:00:09.0]-001d: : Found an ISP2432 irq 10 iobase 0xffffc9000009d000.
=============================================================================
BUG kmalloc-16 (Not tainted): Redzone overwritten
-----------------------------------------------------------------------------
Disabling lock debugging due to kernel taint
INFO: 0xffff880030bacc78-0xffff880030bacc7f. First byte 0xf instead of 0xcc
INFO: Allocated in irq_create_affinity_masks+0x5f/0x260 age=0 cpu=3 pid=812
___slab_alloc.constprop.79+0x482/0x4f0
__slab_alloc.isra.75.constprop.78+0x55/0xa0
__kmalloc+0x27c/0x310
irq_create_affinity_masks+0x5f/0x260
__pci_enable_msix+0x314/0x4c0
pci_alloc_irq_vectors_affinity+0xb7/0x140
qla2x00_request_irqs+0xa6/0x6d0 [qla2xxx]
qla2x00_probe_one+0xc2e/0x25f0 [qla2xxx]
pci_device_probe+0x8a/0xf0
driver_probe_device+0x1f5/0x450
__driver_attach+0xe3/0xf0
bus_for_each_dev+0x66/0xa0
driver_attach+0x1e/0x20
bus_add_driver+0x200/0x270
driver_register+0x60/0xe0
__pci_register_driver+0x5d/0x60
INFO: Freed in acpi_ns_get_node_unlocked+0x90/0xa4 age=0 cpu=3 pid=812
__slab_free+0x176/0x310
kfree+0x25e/0x2d0
acpi_ns_get_node_unlocked+0x90/0xa4
acpi_ns_get_node+0x3d/0x52
acpi_get_handle+0x82/0x96
acpi_pci_irq_find_prt_entry+0x26e/0x2ae
acpi_pci_irq_lookup+0x28/0x135
acpi_pci_irq_enable+0x60/0x1f8
pcibios_enable_device+0x2d/0x30
do_pci_enable_device+0x64/0xf0
pci_enable_device_flags+0xc5/0x110
pci_enable_device_mem+0x13/0x20
qla2x00_probe_one+0x14b/0x25f0 [qla2xxx]
pci_device_probe+0x8a/0xf0
driver_probe_device+0x1f5/0x450
__driver_attach+0xe3/0xf0
INFO: Slab 0xffffea0000c2eb00 objects=23 used=21 fp=0xffff880030bacdc8 flags=0x4000000000008101
INFO: Object 0xffff880030bacc68 @offset=3176 fp=0xffff880030bacf28
Redzone ffff880030bacc60: cc cc cc cc cc cc cc cc ........
Object ffff880030bacc68: ff 00 00 00 00 00 00 00 ff 00 00 00 00 00 00 00 ................
Redzone ffff880030bacc78: 0f 00 00 00 00 00 00 00 ........
Padding ffff880030bacdb8: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
CPU: 3 PID: 812 Comm: modprobe Tainted: G B 4.10.0-rc5-dbg+ #9
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Call Trace:
dump_stack+0x85/0xc2
print_trailer+0x162/0x260
check_bytes_and_report+0xc5/0x110
check_object+0x1da/0x2a0
free_debug_processing+0x161/0x3d0
? debug_lockdep_rcu_enabled+0x1d/0x20
? __pci_enable_msix+0x41c/0x4c0
__slab_free+0x176/0x310
? __pci_enable_msix+0x41c/0x4c0
? call_rcu+0x17/0x20
? kfree+0xe7/0x2d0
? __pci_enable_msix+0x41c/0x4c0
? __pci_enable_msix+0x41c/0x4c0
kfree+0x25e/0x2d0
__pci_enable_msix+0x41c/0x4c0
pci_alloc_irq_vectors_affinity+0xb7/0x140
qla2x00_request_irqs+0xa6/0x6d0 [qla2xxx]
qla2x00_probe_one+0xc2e/0x25f0 [qla2xxx]
? __pm_runtime_resume+0x40/0x80
? trace_hardirqs_on_caller+0x128/0x1b0
? trace_hardirqs_on+0xd/0x10
? _raw_spin_unlock_irqrestore+0x4a/0x80
pci_device_probe+0x8a/0xf0
driver_probe_device+0x1f5/0x450
__driver_attach+0xe3/0xf0
? driver_probe_device+0x450/0x450
bus_for_each_dev+0x66/0xa0
driver_attach+0x1e/0x20
bus_add_driver+0x200/0x270
? 0xffffffffa04eb000
driver_register+0x60/0xe0
? 0xffffffffa04eb000
__pci_register_driver+0x5d/0x60
qla2x00_module_init+0x1c9/0x217 [qla2xxx]
do_one_initcall+0x44/0x180
? rcu_read_lock_sched_held+0x72/0x80
? kmem_cache_alloc_trace+0x25b/0x2c0
? do_init_module+0x27/0x1f9
do_init_module+0x5f/0x1f9
load_module+0x2582/0x2a00
? __symbol_put+0x70/0x70
? kernel_read_file+0x10a/0x1a0
? kernel_read_file_from_fd+0x49/0x80
SYSC_finit_module+0xbc/0xf0
SyS_finit_module+0xe/0x10
entry_SYSCALL_64_fastpath+0x23/0xc6
RIP: 0033:0x7f05711388e9
RSP: 002b:00007fff51d4a0f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f05711388e9
RDX: 0000000000000000 RSI: 000055c17ab4f720 RDI: 0000000000000004
RBP: 00007fff51d49100 R08: 0000000000000000 R09: 0000000000000019
R10: 0000000000000004 R11: 0000000000000246 R12: 000055c17ab4f570
R13: 00007fff51d490e0 R14: 0000000000000005 R15: 0000000000040000
FIX kmalloc-16: Restoring 0xffff880030bacc78-0xffff880030bacc7f=0xcc
FIX kmalloc-16: Object at 0xffff880030bacc68 not freed
scsi host2: qla2xxx
qla2xxx [0000:00:09.0]-00fb:2: QLogic QLE2460 - QLogic 4GB FC Single-Port PCI-E HBA for IBM System x.
qla2xxx [0000:00:09.0]-00fc:2: ISP2432: PCIe (2.5GT/s x4) @ 0000:00:09.0 hdma- host#=2 fw=8.03.00 (9496).
qla2xxx [0000:00:0a.0]-001d: : Found an ISP2432 irq 10 iobase 0xffffc900000ad000.
=============================================================================
BUG kmalloc-16 (Tainted: G B ): Redzone overwritten
-----------------------------------------------------------------------------
INFO: 0xffff88006ff18dd8-0xffff88006ff18ddf. First byte 0xf instead of 0xcc
INFO: Allocated in irq_create_affinity_masks+0x5f/0x260 age=0 cpu=2 pid=812
___slab_alloc.constprop.79+0x482/0x4f0
__slab_alloc.isra.75.constprop.78+0x55/0xa0
__kmalloc+0x27c/0x310
irq_create_affinity_masks+0x5f/0x260
__pci_enable_msix+0x314/0x4c0
pci_alloc_irq_vectors_affinity+0xb7/0x140
qla2x00_request_irqs+0xa6/0x6d0 [qla2xxx]
qla2x00_probe_one+0xc2e/0x25f0 [qla2xxx]
pci_device_probe+0x8a/0xf0
driver_probe_device+0x1f5/0x450
__driver_attach+0xe3/0xf0
bus_for_each_dev+0x66/0xa0
driver_attach+0x1e/0x20
bus_add_driver+0x200/0x270
driver_register+0x60/0xe0
__pci_register_driver+0x5d/0x60
INFO: Freed in acpi_ns_get_node_unlocked+0x90/0xa4 age=1 cpu=2 pid=812
__slab_free+0x176/0x310
kfree+0x25e/0x2d0
acpi_ns_get_node_unlocked+0x90/0xa4
acpi_ns_get_node+0x3d/0x52
acpi_get_handle+0x82/0x96
acpi_pci_irq_find_prt_entry+0x26e/0x2ae
acpi_pci_irq_lookup+0x28/0x135
acpi_pci_irq_enable+0x60/0x1f8
pcibios_enable_device+0x2d/0x30
do_pci_enable_device+0x64/0xf0
pci_enable_device_flags+0xc5/0x110
pci_enable_device_mem+0x13/0x20
qla2x00_probe_one+0x14b/0x25f0 [qla2xxx]
pci_device_probe+0x8a/0xf0
driver_probe_device+0x1f5/0x450
__driver_attach+0xe3/0xf0
INFO: Slab 0xffffea0001bfc600 objects=23 used=22 fp=0xffff88006ff18f28 flags=0x4000000000008101
INFO: Object 0xffff88006ff18dc8 @offset=3528 fp=0xffff88006ff18f28
Redzone ffff88006ff18dc0: cc cc cc cc cc cc cc cc ........
Object ffff88006ff18dc8: ff 00 00 00 00 00 00 00 ff 00 00 00 00 00 00 00 ................
Redzone ffff88006ff18dd8: 0f 00 00 00 00 00 00 00 ........
Padding ffff88006ff18f18: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
CPU: 2 PID: 812 Comm: modprobe Tainted: G B 4.10.0-rc5-dbg+ #9
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Call Trace:
dump_stack+0x85/0xc2
print_trailer+0x162/0x260
check_bytes_and_report+0xc5/0x110
check_object+0x1da/0x2a0
free_debug_processing+0x161/0x3d0
? __pci_enable_msix+0x41c/0x4c0
__slab_free+0x176/0x310
? __pci_enable_msix+0x41c/0x4c0
? call_rcu+0x17/0x20
? put_object+0x2d/0x50
? __delete_object+0x3d/0x70
? __pci_enable_msix+0x41c/0x4c0
kfree+0x25e/0x2d0
__pci_enable_msix+0x41c/0x4c0
pci_alloc_irq_vectors_affinity+0xb7/0x140
qla2x00_request_irqs+0xa6/0x6d0 [qla2xxx]
qla2x00_probe_one+0xc2e/0x25f0 [qla2xxx]
? __pm_runtime_resume+0x40/0x80
? trace_hardirqs_on+0xd/0x10
? _raw_spin_unlock_irqrestore+0x4a/0x80
pci_device_probe+0x8a/0xf0
driver_probe_device+0x1f5/0x450
__driver_attach+0xe3/0xf0
? driver_probe_device+0x450/0x450
bus_for_each_dev+0x66/0xa0
driver_attach+0x1e/0x20
bus_add_driver+0x200/0x270
? 0xffffffffa04eb000
driver_register+0x60/0xe0
? 0xffffffffa04eb000
__pci_register_driver+0x5d/0x60
qla2x00_module_init+0x1c9/0x217 [qla2xxx]
do_one_initcall+0x44/0x180
? rcu_read_lock_sched_held+0x72/0x80
? kmem_cache_alloc_trace+0x25b/0x2c0
? do_init_module+0x27/0x1f9
do_init_module+0x5f/0x1f9
load_module+0x2582/0x2a00
? __symbol_put+0x70/0x70
? kernel_read_file+0x10a/0x1a0
? kernel_read_file_from_fd+0x49/0x80
SYSC_finit_module+0xbc/0xf0
SyS_finit_module+0xe/0x10
entry_SYSCALL_64_fastpath+0x23/0xc6
RIP: 0033:0x7f05711388e9
RSP: 002b:00007fff51d4a0f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f05711388e9
RDX: 0000000000000000 RSI: 000055c17ab4f720 RDI: 0000000000000004
RBP: 00007fff51d49100 R08: 0000000000000000 R09: 0000000000000019
R10: 0000000000000004 R11: 0000000000000246 R12: 000055c17ab4f570
R13: 00007fff51d490e0 R14: 0000000000000005 R15: 0000000000040000
FIX kmalloc-16: Restoring 0xffff88006ff18dd8-0xffff88006ff18ddf=0xcc
FIX kmalloc-16: Object at 0xffff88006ff18dc8 not freed
scsi host3: qla2xxx
qla2xxx [0000:00:09.0]-500a:2: LOOP UP detected (4 Gbps).
qla2xxx [0000:00:0a.0]-500a:3: LOOP UP detected (4 Gbps).
(gdb) list *(__pci_enable_msix+0x314)
0xffffffff8131aa74 is in __pci_enable_msix (drivers/pci/msi.c:702).
697 struct msi_desc *entry;
698 int ret, i;
699
700 if (affd) {
701 masks = irq_create_affinity_masks(nvec, affd);
702 if (!masks)
703 pr_err("Unable to allocate affinity masks, ignoring\n");
704 }
705
706 for (i = 0, curmsk = masks; i < nvec; i++) {
(gdb) list *(__pci_enable_msix+0x41c)
0xffffffff8131ab7c is in __pci_enable_msix (drivers/pci/msi.c:783).
778
779 ret = msix_setup_entries(dev, base, entries, nvec, affd);
780 if (ret)
781 return ret;
782
783 ret = pci_msi_setup_msi_irqs(dev, nvec, PCI_CAP_ID_MSIX);
784 if (ret)
785 goto out_avail;
786
787 /* Check if all MSI entries honor device restrictions */
(gdb) quit
next prev parent reply other threads:[~2017-01-25 15:47 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-23 16:34 [PATCH 0/2] qla2xxx: Two bug fixes Bart Van Assche
2017-01-23 16:34 ` [PATCH 1/2] qla2xxx: Fix a recently introduced memory leak Bart Van Assche
2017-01-23 16:34 ` Bart Van Assche
2017-01-23 16:45 ` Christoph Hellwig
2017-01-23 17:04 ` Madhani, Himanshu
2017-01-24 12:10 ` Johannes Thumshirn
2017-01-24 12:10 ` Johannes Thumshirn
2017-01-25 15:47 ` Bart Van Assche [this message]
2017-01-26 14:36 ` hch
2017-01-29 5:17 ` Bart Van Assche
2017-01-29 9:07 ` hch
2017-01-29 17:14 ` Bart Van Assche
2017-01-25 23:28 ` Martin K. Petersen
2017-01-25 23:28 ` Martin K. Petersen
2017-02-03 16:59 ` Bart Van Assche
2017-02-07 0:23 ` Martin K. Petersen
2017-01-23 16:34 ` [PATCH 2/2] qla2xxx: Avoid that issuing a LIP triggers a kernel crash Bart Van Assche
2017-01-23 16:34 ` Bart Van Assche
2017-01-23 17:41 ` Madhani, Himanshu
2017-01-24 12:12 ` Johannes Thumshirn
2017-01-24 12:12 ` Johannes Thumshirn
2017-01-24 14:59 ` Mauricio Faria de Oliveira
2017-01-25 22:05 ` Madhani, Himanshu
2017-01-25 23:29 ` Martin K. Petersen
2017-01-26 0:09 ` Mauricio Faria de Oliveira
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1485359225.3093.3.camel@sandisk.com \
--to=bart.vanassche@sandisk.com \
--cc=hch@lst.de \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.