On Sunday 27 January 2008, Borislav Petkov wrote:
> From: Borislav Petkov <[EMAIL PROTECTED]>
>
> Bart,
> this one is rather intrusive so please doublecheck it wrt to kzalloc/kfree
> balancing on all the codepaths so that we don't leak memory all over the
> place.
> I free all the alloc'd pc's and rq's in idetape_end_request() which is called
> from the callback idetape_pc_callback() registered with the packet command
> struct when creating the respective ATAPI cmd.
I was hoping for re-using requests from the request queue for this purpose
(with help of blk_get_request()/blk_put_request()). Jens, is this OK?
This approach wouldn't have a problem with out-of-memory situations (because
blk_get_request() can wait until free request is available), needs less code
and provides additional benefits (like NUMA-friendly allocations).
When it comes to pc-s: long-term it should be possible to use only request
structure and get rid off them.
> ---
> These buffers were always statically allocated during driver initialization no
> matter what. Remove them by allocating GFP_ATOMIC memory on demand. In the
> case
> of allocation error, we only issue error msg in the *alloc_{pc,rq} thus
> postponing
> the final error handling and cleanup in their callers. Packet command and
> request memory is freed in idetape_end_request() which is at the end of the
> request path entered from all the callbacks.
>
> Signed-off-by: Borislav Petkov <[EMAIL PROTECTED]>
> ---
> drivers/ide/ide-tape.c | 122 ++++++++++++++++++++++-------------------------
> 1 files changed, 57 insertions(+), 65 deletions(-)
>
> diff --git a/drivers/ide/ide-tape.c b/drivers/ide/ide-tape.c
> index 041edcd..3c1a7db 100644
> --- a/drivers/ide/ide-tape.c
> +++ b/drivers/ide/ide-tape.c
> @@ -105,13 +105,6 @@ enum {
> #define IDETAPE_PC_BUFFER_SIZE 256
>
> /*
> - * In various places in the driver, we need to allocate storage
> - * for packet commands and requests, which will remain valid while
> - * we leave the driver to wait for an interrupt or a timeout event.
> - */
> -#define IDETAPE_PC_STACK (10 + IDETAPE_MAX_PC_RETRIES)
> -
> -/*
> * Some drives (for example, Seagate STT3401A Travan) require a very long
> * timeout, because they don't return an interrupt or clear their busy bit
> * until after the command completes (even retension commands).
> @@ -271,13 +264,6 @@ typedef struct ide_tape_obj {
> */
> idetape_pc_t *failed_pc;
>
> - idetape_pc_t pc_stack[IDETAPE_PC_STACK];
> - /* Next free packet command storage space */
> - int pc_stack_idx;
> - struct request rq_stack[IDETAPE_PC_STACK];
> - /* We implement a circular array */
> - int rq_stack_idx;
> -
> /*
> * DSC polling variables.
> *
> @@ -669,45 +655,32 @@ static void idetape_update_buffers (idetape_pc_t *pc)
> pc->bh = bh;
> }
>
> -/*
> - * idetape_next_pc_storage returns a pointer to a place in which we can
> - * safely store a packet command, even though we intend to leave the
> - * driver. A storage space for a maximum of IDETAPE_PC_STACK packet
> - * commands is allocated at initialization time.
> - */
> -static idetape_pc_t *idetape_next_pc_storage (ide_drive_t *drive)
> +static idetape_pc_t *ide_tape_alloc_pc(void)
> {
> - idetape_tape_t *tape = drive->driver_data;
> + idetape_pc_t *pc;
>
> - debug_log(DBG_PCRQ_STACK, "pc_stack_index=%d\n", tape->pc_stack_idx);
> + pc = kzalloc(sizeof(idetape_pc_t), GFP_ATOMIC);
> + if (!pc)
> + printk(KERN_ERR "ide-tape: %s: memory allocation error.",
> + __func__);
>
> - if (tape->pc_stack_idx == IDETAPE_PC_STACK)
> - tape->pc_stack_idx = 0;
> - return (&tape->pc_stack[tape->pc_stack_idx++]);
> + return pc;
> }
>
> /*
> - * idetape_next_rq_storage is used along with idetape_next_pc_storage.
> - * Since we queue packet commands in the request queue, we need to
> - * allocate a request, along with the allocation of a packet command.
> + * Since we queue packet commands in the request queue, we need to allocate a
> + * request, along with a packet command.
> */
> -
> -/**************************************************************
> - * *
> - * This should get fixed to use kmalloc(.., GFP_ATOMIC) *
> - * followed later on by kfree(). -ml *
> - * *
> - **************************************************************/
> -
> -static struct request *idetape_next_rq_storage (ide_drive_t *drive)
> +static struct request *ide_tape_alloc_rq(void)
> {
> - idetape_tape_t *tape = drive->driver_data;
> + struct request *rq;
>
> - debug_log(DBG_PCRQ_STACK, "rq_stack_index=%d\n", tape->rq_stack_idx);
> + rq = kzalloc(sizeof(struct request), GFP_ATOMIC);
> + if (!rq)
> + printk(KERN_ERR "ide-tape: %s: memory allocation error.",
> + __func__);
>
> - if (tape->rq_stack_idx == IDETAPE_PC_STACK)
> - tape->rq_stack_idx = 0;
> - return (&tape->rq_stack[tape->rq_stack_idx++]);
> + return rq;
> }
>
> /*
> @@ -981,9 +954,8 @@ static int idetape_end_request(ide_drive_t *drive, int
> uptodate, int nr_sects)
> }
> }
> ide_end_drive_cmd(drive, 0, 0);
> -// blkdev_dequeue_request(rq);
> -// drive->rq = NULL;
> -// end_that_request_last(rq);
> + kfree(tape->pc);
> + kfree(rq);
>
> if (remove_stage)
> idetape_remove_stage_head(drive);
> @@ -1032,13 +1004,9 @@ static void idetape_init_rq(struct request *rq, u8 cmd)
> *
> * idetape_queue_pc_head is called from the request handling part of
> * the driver (the "bottom" part). Safe storage for the request should
> - * be allocated with idetape_next_pc_storage and idetape_next_rq_storage
> + * be allocated with ide_tape_alloc_pc and ide_tape_alloc_rq
> * before calling idetape_queue_pc_head.
> *
> - * Memory for those requests is pre-allocated at initialization time, and
> - * is limited to IDETAPE_PC_STACK requests. We assume that we have enough
> - * space for the maximum possible number of inter-dependent packet
> commands.
> - *
> * The higher level of the driver - The ioctl handler and the character
> * device handling functions should queue request to the lower level part
> * and wait for their completion using idetape_queue_pc_tail or
> @@ -1055,19 +1023,27 @@ static void idetape_queue_pc_head (ide_drive_t
> *drive, idetape_pc_t *pc,struct r
> }
>
> /*
> - * idetape_retry_pc is called when an error was detected during the
> - * last packet command. We queue a request sense packet command in
> - * the head of the request list.
> + * Called when an error was detected during the last packet command. We
> queue a
> + * request sense packet command in the head of the request list.
> */
> -static ide_startstop_t idetape_retry_pc (ide_drive_t *drive)
> +static ide_startstop_t idetape_retry_pc(ide_drive_t *drive)
> {
> idetape_tape_t *tape = drive->driver_data;
> idetape_pc_t *pc;
> struct request *rq;
>
> (void)drive->hwif->INB(IDE_ERROR_REG);
> - pc = idetape_next_pc_storage(drive);
> - rq = idetape_next_rq_storage(drive);
> + pc = ide_tape_alloc_pc();
> + rq = ide_tape_alloc_rq();
> +
> + if (!pc || !rq) {
> + printk(KERN_ERR "ide-tape: Cannot retry packet command due to "
> + "low memory.");
> + kfree(pc);
> + kfree(rq);
> + return ide_stopped;
> + }
> +
> idetape_create_request_sense_cmd(pc);
> set_bit(IDETAPE_IGNORE_DSC, &tape->flags);
> idetape_queue_pc_head(drive, pc, rq);
> @@ -1719,21 +1695,33 @@ static ide_startstop_t idetape_do_request(ide_drive_t
> *drive,
> if (rq->cmd[0] & REQ_IDETAPE_READ) {
> tape->buffer_head++;
> tape->postpone_cnt = 0;
> - pc = idetape_next_pc_storage(drive);
> - idetape_create_read_cmd(tape, pc, rq->current_nr_sectors,
> (struct idetape_bh *)rq->special);
> + pc = ide_tape_alloc_pc();
> + if (!pc)
> + goto err;
> +
> + idetape_create_read_cmd(tape, pc, rq->current_nr_sectors,
> + (struct idetape_bh *)rq->special);
> goto out;
> }
> if (rq->cmd[0] & REQ_IDETAPE_WRITE) {
> tape->buffer_head++;
> tape->postpone_cnt = 0;
> - pc = idetape_next_pc_storage(drive);
> - idetape_create_write_cmd(tape, pc, rq->current_nr_sectors,
> (struct idetape_bh *)rq->special);
> + pc = ide_tape_alloc_pc();
> + if (!pc)
> + goto err;
> +
> + idetape_create_write_cmd(tape, pc, rq->current_nr_sectors,
> + (struct idetape_bh *)rq->special);
> goto out;
> }
> if (rq->cmd[0] & REQ_IDETAPE_READ_BUFFER) {
> tape->postpone_cnt = 0;
> - pc = idetape_next_pc_storage(drive);
> - idetape_create_read_buffer_cmd(tape, pc,
> rq->current_nr_sectors, (struct idetape_bh *)rq->special);
> + pc = ide_tape_alloc_pc();
> + if (!pc)
> + goto err;
> +
> + idetape_create_read_buffer_cmd(tape, pc, rq->current_nr_sectors,
> + (struct idetape_bh *)rq->special);
> goto out;
> }
> if (rq->cmd[0] & REQ_IDETAPE_PC1) {
> @@ -1749,6 +1737,11 @@ static ide_startstop_t idetape_do_request(ide_drive_t
> *drive,
> BUG();
> out:
> return idetape_issue_packet_command(drive, pc);
> +
> +err:
> + printk(KERN_ERR "ide-tape: Error processing request %u\n", rq->cmd[0]);
> + idetape_end_request(drive, 0, 0);
> + return ide_stopped;
> }
>
> /*
> @@ -2055,7 +2048,7 @@ static void
> idetape_create_test_unit_ready_cmd(idetape_pc_t *pc)
> * for an interrupt or a timer event.
> *
> * From the bottom part of the driver, we should allocate safe memory
> - * using idetape_next_pc_storage and idetape_next_rq_storage, and add
> + * using ide_tape_alloc_pc and ide_tape_alloc_rq, and add
> * the request to the request list without waiting for it to be serviced !
> * In that case, we usually use idetape_queue_pc_head.
> */
> @@ -3644,7 +3637,6 @@ static void idetape_setup (ide_drive_t *drive,
> idetape_tape_t *tape, int minor)
> tape->name[1] = 't';
> tape->name[2] = '0' + minor;
> tape->chrdev_dir = idetape_dir_none;
> - tape->pc = tape->pc_stack;
> tape->max_ins_speed = 10000;
> tape->speed_ctl = 1;
> *((unsigned short *) &gcw) = drive->id->config;
-
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
