From: Borislav Petkov <[EMAIL PROTECTED]>
Bart,
this one is rather intrusive so please doublecheck it wrt to kzalloc/kfree
balancing on all the codepaths so that we don't leak memory all over the place.
I free all the alloc'd pc's and rq's in idetape_end_request() which is called
from the callback idetape_pc_callback() registered with the packet command
struct when creating the respective ATAPI cmd.
---
These buffers were always statically allocated during driver initialization no
matter what. Remove them by allocating GFP_ATOMIC memory on demand. In the case
of allocation error, we only issue error msg in the *alloc_{pc,rq} thus
postponing
the final error handling and cleanup in their callers. Packet command and
request memory is freed in idetape_end_request() which is at the end of the
request path entered from all the callbacks.
Signed-off-by: Borislav Petkov <[EMAIL PROTECTED]>
---
drivers/ide/ide-tape.c | 122 ++++++++++++++++++++++-------------------------
1 files changed, 57 insertions(+), 65 deletions(-)
diff --git a/drivers/ide/ide-tape.c b/drivers/ide/ide-tape.c
index 041edcd..3c1a7db 100644
--- a/drivers/ide/ide-tape.c
+++ b/drivers/ide/ide-tape.c
@@ -105,13 +105,6 @@ enum {
#define IDETAPE_PC_BUFFER_SIZE 256
/*
- * In various places in the driver, we need to allocate storage
- * for packet commands and requests, which will remain valid while
- * we leave the driver to wait for an interrupt or a timeout event.
- */
-#define IDETAPE_PC_STACK (10 + IDETAPE_MAX_PC_RETRIES)
-
-/*
* Some drives (for example, Seagate STT3401A Travan) require a very long
* timeout, because they don't return an interrupt or clear their busy bit
* until after the command completes (even retension commands).
@@ -271,13 +264,6 @@ typedef struct ide_tape_obj {
*/
idetape_pc_t *failed_pc;
- idetape_pc_t pc_stack[IDETAPE_PC_STACK];
- /* Next free packet command storage space */
- int pc_stack_idx;
- struct request rq_stack[IDETAPE_PC_STACK];
- /* We implement a circular array */
- int rq_stack_idx;
-
/*
* DSC polling variables.
*
@@ -669,45 +655,32 @@ static void idetape_update_buffers (idetape_pc_t *pc)
pc->bh = bh;
}
-/*
- * idetape_next_pc_storage returns a pointer to a place in which we can
- * safely store a packet command, even though we intend to leave the
- * driver. A storage space for a maximum of IDETAPE_PC_STACK packet
- * commands is allocated at initialization time.
- */
-static idetape_pc_t *idetape_next_pc_storage (ide_drive_t *drive)
+static idetape_pc_t *ide_tape_alloc_pc(void)
{
- idetape_tape_t *tape = drive->driver_data;
+ idetape_pc_t *pc;
- debug_log(DBG_PCRQ_STACK, "pc_stack_index=%d\n", tape->pc_stack_idx);
+ pc = kzalloc(sizeof(idetape_pc_t), GFP_ATOMIC);
+ if (!pc)
+ printk(KERN_ERR "ide-tape: %s: memory allocation error.",
+ __func__);
- if (tape->pc_stack_idx == IDETAPE_PC_STACK)
- tape->pc_stack_idx = 0;
- return (&tape->pc_stack[tape->pc_stack_idx++]);
+ return pc;
}
/*
- * idetape_next_rq_storage is used along with idetape_next_pc_storage.
- * Since we queue packet commands in the request queue, we need to
- * allocate a request, along with the allocation of a packet command.
+ * Since we queue packet commands in the request queue, we need to allocate a
+ * request, along with a packet command.
*/
-
-/**************************************************************
- * *
- * This should get fixed to use kmalloc(.., GFP_ATOMIC) *
- * followed later on by kfree(). -ml *
- * *
- **************************************************************/
-
-static struct request *idetape_next_rq_storage (ide_drive_t *drive)
+static struct request *ide_tape_alloc_rq(void)
{
- idetape_tape_t *tape = drive->driver_data;
+ struct request *rq;
- debug_log(DBG_PCRQ_STACK, "rq_stack_index=%d\n", tape->rq_stack_idx);
+ rq = kzalloc(sizeof(struct request), GFP_ATOMIC);
+ if (!rq)
+ printk(KERN_ERR "ide-tape: %s: memory allocation error.",
+ __func__);
- if (tape->rq_stack_idx == IDETAPE_PC_STACK)
- tape->rq_stack_idx = 0;
- return (&tape->rq_stack[tape->rq_stack_idx++]);
+ return rq;
}
/*
@@ -981,9 +954,8 @@ static int idetape_end_request(ide_drive_t *drive, int
uptodate, int nr_sects)
}
}
ide_end_drive_cmd(drive, 0, 0);
-// blkdev_dequeue_request(rq);
-// drive->rq = NULL;
-// end_that_request_last(rq);
+ kfree(tape->pc);
+ kfree(rq);
if (remove_stage)
idetape_remove_stage_head(drive);
@@ -1032,13 +1004,9 @@ static void idetape_init_rq(struct request *rq, u8 cmd)
*
* idetape_queue_pc_head is called from the request handling part of
* the driver (the "bottom" part). Safe storage for the request should
- * be allocated with idetape_next_pc_storage and idetape_next_rq_storage
+ * be allocated with ide_tape_alloc_pc and ide_tape_alloc_rq
* before calling idetape_queue_pc_head.
*
- * Memory for those requests is pre-allocated at initialization time, and
- * is limited to IDETAPE_PC_STACK requests. We assume that we have enough
- * space for the maximum possible number of inter-dependent packet
commands.
- *
* The higher level of the driver - The ioctl handler and the character
* device handling functions should queue request to the lower level part
* and wait for their completion using idetape_queue_pc_tail or
@@ -1055,19 +1023,27 @@ static void idetape_queue_pc_head (ide_drive_t *drive,
idetape_pc_t *pc,struct r
}
/*
- * idetape_retry_pc is called when an error was detected during the
- * last packet command. We queue a request sense packet command in
- * the head of the request list.
+ * Called when an error was detected during the last packet command. We queue a
+ * request sense packet command in the head of the request list.
*/
-static ide_startstop_t idetape_retry_pc (ide_drive_t *drive)
+static ide_startstop_t idetape_retry_pc(ide_drive_t *drive)
{
idetape_tape_t *tape = drive->driver_data;
idetape_pc_t *pc;
struct request *rq;
(void)drive->hwif->INB(IDE_ERROR_REG);
- pc = idetape_next_pc_storage(drive);
- rq = idetape_next_rq_storage(drive);
+ pc = ide_tape_alloc_pc();
+ rq = ide_tape_alloc_rq();
+
+ if (!pc || !rq) {
+ printk(KERN_ERR "ide-tape: Cannot retry packet command due to "
+ "low memory.");
+ kfree(pc);
+ kfree(rq);
+ return ide_stopped;
+ }
+
idetape_create_request_sense_cmd(pc);
set_bit(IDETAPE_IGNORE_DSC, &tape->flags);
idetape_queue_pc_head(drive, pc, rq);
@@ -1719,21 +1695,33 @@ static ide_startstop_t idetape_do_request(ide_drive_t
*drive,
if (rq->cmd[0] & REQ_IDETAPE_READ) {
tape->buffer_head++;
tape->postpone_cnt = 0;
- pc = idetape_next_pc_storage(drive);
- idetape_create_read_cmd(tape, pc, rq->current_nr_sectors,
(struct idetape_bh *)rq->special);
+ pc = ide_tape_alloc_pc();
+ if (!pc)
+ goto err;
+
+ idetape_create_read_cmd(tape, pc, rq->current_nr_sectors,
+ (struct idetape_bh *)rq->special);
goto out;
}
if (rq->cmd[0] & REQ_IDETAPE_WRITE) {
tape->buffer_head++;
tape->postpone_cnt = 0;
- pc = idetape_next_pc_storage(drive);
- idetape_create_write_cmd(tape, pc, rq->current_nr_sectors,
(struct idetape_bh *)rq->special);
+ pc = ide_tape_alloc_pc();
+ if (!pc)
+ goto err;
+
+ idetape_create_write_cmd(tape, pc, rq->current_nr_sectors,
+ (struct idetape_bh *)rq->special);
goto out;
}
if (rq->cmd[0] & REQ_IDETAPE_READ_BUFFER) {
tape->postpone_cnt = 0;
- pc = idetape_next_pc_storage(drive);
- idetape_create_read_buffer_cmd(tape, pc,
rq->current_nr_sectors, (struct idetape_bh *)rq->special);
+ pc = ide_tape_alloc_pc();
+ if (!pc)
+ goto err;
+
+ idetape_create_read_buffer_cmd(tape, pc, rq->current_nr_sectors,
+ (struct idetape_bh *)rq->special);
goto out;
}
if (rq->cmd[0] & REQ_IDETAPE_PC1) {
@@ -1749,6 +1737,11 @@ static ide_startstop_t idetape_do_request(ide_drive_t
*drive,
BUG();
out:
return idetape_issue_packet_command(drive, pc);
+
+err:
+ printk(KERN_ERR "ide-tape: Error processing request %u\n", rq->cmd[0]);
+ idetape_end_request(drive, 0, 0);
+ return ide_stopped;
}
/*
@@ -2055,7 +2048,7 @@ static void
idetape_create_test_unit_ready_cmd(idetape_pc_t *pc)
* for an interrupt or a timer event.
*
* From the bottom part of the driver, we should allocate safe memory
- * using idetape_next_pc_storage and idetape_next_rq_storage, and add
+ * using ide_tape_alloc_pc and ide_tape_alloc_rq, and add
* the request to the request list without waiting for it to be serviced !
* In that case, we usually use idetape_queue_pc_head.
*/
@@ -3644,7 +3637,6 @@ static void idetape_setup (ide_drive_t *drive,
idetape_tape_t *tape, int minor)
tape->name[1] = 't';
tape->name[2] = '0' + minor;
tape->chrdev_dir = idetape_dir_none;
- tape->pc = tape->pc_stack;
tape->max_ins_speed = 10000;
tape->speed_ctl = 1;
*((unsigned short *) &gcw) = drive->id->config;
--
1.5.3.7
-
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
