| Message ID | 20170829004359.28526-1-longli@exchange.microsoft.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
Long, > When storvsc is sending I/O to Hyper-v, it may allocate a bigger > buffer descriptor for large data payload that can't fit into a > pre-allocated buffer descriptor. This bigger buffer is freed on return > path. > > If I/O request to Hyper-v fails due to ring buffer busy, the storvsc > allocated buffer descriptor should also be freed. Which kernel version is this patch aimed at?
> -----Original Message----- > From: Martin K. Petersen [mailto:martin.petersen@oracle.com] > Sent: Tuesday, August 29, 2017 6:31 PM > To: Long Li <longli@microsoft.com> > Cc: KY Srinivasan <kys@microsoft.com>; Haiyang Zhang > <haiyangz@microsoft.com>; James E . J . Bottomley > <JBottomley@odin.com>; devel@linuxdriverproject.org; linux- > scsi@vger.kernel.org; linux-kernel@vger.kernel.org; Long Li > <longli@microsoft.com> > Subject: Re: [PATCH] storvsc: fix memory leak on ring buffer busy > > > Long, > > > When storvsc is sending I/O to Hyper-v, it may allocate a bigger > > buffer descriptor for large data payload that can't fit into a > > pre-allocated buffer descriptor. This bigger buffer is freed on return > > path. > > > > If I/O request to Hyper-v fails due to ring buffer busy, the storvsc > > allocated buffer descriptor should also be freed. > > Which kernel version is this patch aimed at? Martin, thanks for pointing this out. This should also go to stable trees. Cc: stable@vger.kernel.org > > -- > Martin K. Petersen Oracle Linux Engineering
On Tue, 29 Aug 2017 21:31:11 -0400 "Martin K. Petersen" <martin.petersen@oracle.com> wrote: > Long, > > > When storvsc is sending I/O to Hyper-v, it may allocate a bigger > > buffer descriptor for large data payload that can't fit into a > > pre-allocated buffer descriptor. This bigger buffer is freed on return > > path. > > > > If I/O request to Hyper-v fails due to ring buffer busy, the storvsc > > allocated buffer descriptor should also be freed. > > Which kernel version is this patch aimed at? > Looks like this an old issue. Probably should add Fixes: be0cf6ca301c ("scsi: storvsc: Set the tablesize based on the information given by the host")
Long, >> Which kernel version is this patch aimed at? > > Martin, thanks for pointing this out. This should also go to stable > trees. The reason I asked is that it didn't apply to neither fixes, nor for-next. I applied it to 4.13/scsi-fixes by hand and added a stable tag.
> Long, > > >> Which kernel version is this patch aimed at? > > > > Martin, thanks for pointing this out. This should also go to stable > > trees. > > The reason I asked is that it didn't apply to neither fixes, nor for-next. > > I applied it to 4.13/scsi-fixes by hand and added a stable tag. Thank you. I'm sorry I misunderstood your question. I just realized I was working on an experimental branch. Sorry about that. > > -- > Martin K. Petersen Oracle Linux Engineering
diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c index 009adb0..db52882 100644 --- a/drivers/scsi/storvsc_drv.c +++ b/drivers/scsi/storvsc_drv.c @@ -1657,6 +1657,8 @@ static int storvsc_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *scmnd) ret = storvsc_do_io(dev, cmd_request, smp_processor_id()); if (ret == -EAGAIN) { + if (payload_sz > sizeof(cmd_request->mpb)) + kfree(payload); /* no more space */ return SCSI_MLQUEUE_DEVICE_BUSY; }