Re: [PATCH] scsi: target: tcmu: Fix wrong uio handling causing big memory leak

From: Mike Christie
Date: Tue Jan 12 2021 - 13:39:26 EST

Next message: Hans de Goede: "Re: [PATCH v2 1/2] platform/x86: dell-privacy: Add support for Dell hardware privacy"
Previous message: Eric W. Biederman: "Re: [PATCH v2 01/10] vfs: move cap_convert_nscap() call into vfs_setxattr()"
In reply to: Bodo Stroesser: "Re: [PATCH] scsi: target: tcmu: Fix wrong uio handling causing big memory leak"
Next in thread: Bodo Stroesser: "Re: [PATCH] scsi: target: tcmu: Fix wrong uio handling causing big memory leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/18/20 8:15 AM, Bodo Stroesser wrote:
> tcmu calls uio_unregister_device from tcmu_destroy_device.
> After that uio will never call tcmu_release for this device.
> If userspace still had the uio device open and / or mmap'ed
> during uio_unregister_device, tcmu_release will not be called and
> udev->kref will never go down to 0.
>

I didn't get why the release function is not called if you call
uio_unregister_device while a device is open. Does the device_destroy call in
uio_unregister_device completely free the device or does it set some bits so
uio_release is not called later?

Do other drivers hit this? Should uio have refcounting so uio_release is called
when the last ref (from userspace open/close/mmap calls and from the kernel by
drivers like target_core_user) is done?

Next message: Hans de Goede: "Re: [PATCH v2 1/2] platform/x86: dell-privacy: Add support for Dell hardware privacy"
Previous message: Eric W. Biederman: "Re: [PATCH v2 01/10] vfs: move cap_convert_nscap() call into vfs_setxattr()"
In reply to: Bodo Stroesser: "Re: [PATCH] scsi: target: tcmu: Fix wrong uio handling causing big memory leak"
Next in thread: Bodo Stroesser: "Re: [PATCH] scsi: target: tcmu: Fix wrong uio handling causing big memory leak"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]