Message ID | 20181127160635.11836-1-richard.genoud@gmail.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | dmaengine: at_hdmac: fix memory leak in at_dma_xlate() | expand |
On Tue, Nov 27, 2018 at 05:06:34PM +0100, Richard Genoud wrote: > The leak was found when opening/closing a serial port a great number of > time, increasing kmalloc-32 in slabinfo. > > Each time the port was opened, dma_request_slave_channel() was called. > Then, in at_dma_xlate(), atslave was allocated with devm_kzalloc() and > never freed. (Well, it was free at module unload, but that's not what we > want). > So, here, kzalloc is more suited for the job since it has to be freed in > atc_free_chan_resources(). > > Cc: stable@vger.kernel.org > Fixes: bbe89c8e3d59 ("at_hdmac: move to generic DMA binding") > Reported-by: Mario Forner <m.forner@be4energy.com> > Suggested-by: Alexandre Belloni <alexandre.belloni@bootlin.com> > Acked-by: Alexandre Belloni <alexandre.belloni@bootlin.com> > Signed-off-by: Richard Genoud <richard.genoud@gmail.com> Acked-by: Ludovic Desroches <ludovic.desroches@microchip.com> Thanks for handling this issue. Ludovic > --- > drivers/dma/at_hdmac.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/drivers/dma/at_hdmac.c b/drivers/dma/at_hdmac.c > index 7cbac6e8c113..1b7f0ca0d5cd 100644 > --- a/drivers/dma/at_hdmac.c > +++ b/drivers/dma/at_hdmac.c > @@ -1641,6 +1641,12 @@ static void atc_free_chan_resources(struct dma_chan *chan) > atchan->descs_allocated = 0; > atchan->status = 0; > > + /* > + * Free atslave allocated in at_dma_xlate() > + */ > + kfree(chan->private); > + chan->private = NULL; > + > dev_vdbg(chan2dev(chan), "free_chan_resources: done\n"); > } > > @@ -1675,7 +1681,7 @@ static struct dma_chan *at_dma_xlate(struct of_phandle_args *dma_spec, > dma_cap_zero(mask); > dma_cap_set(DMA_SLAVE, mask); > > - atslave = devm_kzalloc(&dmac_pdev->dev, sizeof(*atslave), GFP_KERNEL); > + atslave = kzalloc(sizeof(*atslave), GFP_KERNEL); > if (!atslave) > return NULL; >
On 27-11-18, 17:06, Richard Genoud wrote: > The leak was found when opening/closing a serial port a great number of > time, increasing kmalloc-32 in slabinfo. > > Each time the port was opened, dma_request_slave_channel() was called. > Then, in at_dma_xlate(), atslave was allocated with devm_kzalloc() and > never freed. (Well, it was free at module unload, but that's not what we > want). > So, here, kzalloc is more suited for the job since it has to be freed in > atc_free_chan_resources(). Applied, thanks
Am Dienstag, 27. November 2018, 17:06:34 CET schrieb Richard Genoud: > The leak was found when opening/closing a serial port a great number of > time, increasing kmalloc-32 in slabinfo. > > Each time the port was opened, dma_request_slave_channel() was called. > Then, in at_dma_xlate(), atslave was allocated with devm_kzalloc() and > never freed. (Well, it was free at module unload, but that's not what we > want). > So, here, kzalloc is more suited for the job since it has to be freed in > atc_free_chan_resources(). > > Cc: stable@vger.kernel.org > Fixes: bbe89c8e3d59 ("at_hdmac: move to generic DMA binding") > Reported-by: Mario Forner <m.forner@be4energy.com> > Suggested-by: Alexandre Belloni <alexandre.belloni@bootlin.com> > Acked-by: Alexandre Belloni <alexandre.belloni@bootlin.com> > Signed-off-by: Richard Genoud <richard.genoud@gmail.com> After testing I installed an updated kernel on a production machine, which worked fine. The memory leak has been repaired successfully. There have been no adverse side-effects. Thank you for providing the patch. > --- > drivers/dma/at_hdmac.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/drivers/dma/at_hdmac.c b/drivers/dma/at_hdmac.c > index 7cbac6e8c113..1b7f0ca0d5cd 100644 > --- a/drivers/dma/at_hdmac.c > +++ b/drivers/dma/at_hdmac.c > @@ -1641,6 +1641,12 @@ static void atc_free_chan_resources(struct dma_chan *chan) > atchan->descs_allocated = 0; > atchan->status = 0; > > + /* > + * Free atslave allocated in at_dma_xlate() > + */ > + kfree(chan->private); > + chan->private = NULL; > + > dev_vdbg(chan2dev(chan), "free_chan_resources: done\n"); > } > > @@ -1675,7 +1681,7 @@ static struct dma_chan *at_dma_xlate(struct of_phandle_args *dma_spec, > dma_cap_zero(mask); > dma_cap_set(DMA_SLAVE, mask); > > - atslave = devm_kzalloc(&dmac_pdev->dev, sizeof(*atslave), GFP_KERNEL); > + atslave = kzalloc(sizeof(*atslave), GFP_KERNEL); > if (!atslave) > return NULL; > >
diff --git a/drivers/dma/at_hdmac.c b/drivers/dma/at_hdmac.c index 7cbac6e8c113..1b7f0ca0d5cd 100644 --- a/drivers/dma/at_hdmac.c +++ b/drivers/dma/at_hdmac.c @@ -1641,6 +1641,12 @@ static void atc_free_chan_resources(struct dma_chan *chan) atchan->descs_allocated = 0; atchan->status = 0; + /* + * Free atslave allocated in at_dma_xlate() + */ + kfree(chan->private); + chan->private = NULL; + dev_vdbg(chan2dev(chan), "free_chan_resources: done\n"); } @@ -1675,7 +1681,7 @@ static struct dma_chan *at_dma_xlate(struct of_phandle_args *dma_spec, dma_cap_zero(mask); dma_cap_set(DMA_SLAVE, mask); - atslave = devm_kzalloc(&dmac_pdev->dev, sizeof(*atslave), GFP_KERNEL); + atslave = kzalloc(sizeof(*atslave), GFP_KERNEL); if (!atslave) return NULL;