| Message ID | 20211018063818.1895774-1-wanghai38@huawei.com (mailing list archive) |
|---|---|
| State | Awaiting Upstream |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net] mwifiex: Fix possible memleak in probe and disconnect | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Single patches do not need cover letters |
| netdev/fixes_present | success | Fixes tag present in non-next series |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for net |
| netdev/subject_prefix | success | Link |
| netdev/cc_maintainers | success | CCed 11 of 11 maintainers |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Signed-off-by tag matches author and committer |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 0 this patch: 0 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Fixes tag looks correct |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 28 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 0 this patch: 0 |
| netdev/header_inline | success | No static functions without inline keyword in header files |
Wang Hai <wanghai38@huawei.com> wrote: > I got memory leak as follows when doing fault injection test: > > unreferenced object 0xffff888031c2f000 (size 512): > comm "kworker/0:2", pid 165, jiffies 4294922253 (age 391.180s) > hex dump (first 32 bytes): > 00 20 f7 08 80 88 ff ff 01 00 00 00 00 00 00 00 . .............. > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > backtrace: > [<00000000537bdb86>] kmem_cache_alloc_trace+0x16d/0x360 > [<0000000047666fab>] if_usb_probe+0x90/0x96e [usb8xxx] > [<00000000de44b4f0>] usb_probe_interface+0x31b/0x800 [usbcore] > [<000000009b1a1951>] really_probe+0x299/0xc30 > [<0000000055b8ffce>] __driver_probe_device+0x357/0x500 > [<00000000bb0c7161>] driver_probe_device+0x4e/0x140 > [<00000000866d1730>] __device_attach_driver+0x257/0x340 > [<0000000084e79b96>] bus_for_each_drv+0x166/0x1e0 > [<000000009bad60ea>] __device_attach+0x272/0x420 > [<00000000236b97c1>] bus_probe_device+0x1eb/0x2a0 > [<000000008d77d7cf>] device_add+0xbf0/0x1cd0 > [<000000004af6a3f0>] usb_set_configuration+0x10fb/0x18d0 [usbcore] > [<000000002ebdfdcd>] usb_generic_driver_probe+0xa2/0xe0 [usbcore] > [<00000000444f344d>] usb_probe_device+0xe4/0x2b0 [usbcore] > [<000000009b1a1951>] really_probe+0x299/0xc30 > [<0000000055b8ffce>] __driver_probe_device+0x357/0x500 > > cardp is missing being freed in the error handling path of the probe > and the path of the disconnect, which will cause kmemleak. > > This patch adds the missing free(). > > Fixes: 876c9d3aeb98 ("[PATCH] Marvell Libertas 8388 802.11b/g USB driver") > Fixes: c305a19a0d0a ("libertas_tf: usb specific functions") > Reported-by: Hulk Robot <hulkci@huawei.com> > Signed-off-by: Wang Hai <wanghai38@huawei.com> mwifiex patches are applied to wireless-drivers, not to the net tree. Please be careful how you mark your patches.
在 2021/10/18 20:44, Kalle Valo 写道: > Wang Hai <wanghai38@huawei.com> wrote: > >> I got memory leak as follows when doing fault injection test: >> >> unreferenced object 0xffff888031c2f000 (size 512): >> comm "kworker/0:2", pid 165, jiffies 4294922253 (age 391.180s) >> hex dump (first 32 bytes): >> 00 20 f7 08 80 88 ff ff 01 00 00 00 00 00 00 00 . .............. >> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ >> backtrace: >> [<00000000537bdb86>] kmem_cache_alloc_trace+0x16d/0x360 >> [<0000000047666fab>] if_usb_probe+0x90/0x96e [usb8xxx] >> [<00000000de44b4f0>] usb_probe_interface+0x31b/0x800 [usbcore] >> [<000000009b1a1951>] really_probe+0x299/0xc30 >> [<0000000055b8ffce>] __driver_probe_device+0x357/0x500 >> [<00000000bb0c7161>] driver_probe_device+0x4e/0x140 >> [<00000000866d1730>] __device_attach_driver+0x257/0x340 >> [<0000000084e79b96>] bus_for_each_drv+0x166/0x1e0 >> [<000000009bad60ea>] __device_attach+0x272/0x420 >> [<00000000236b97c1>] bus_probe_device+0x1eb/0x2a0 >> [<000000008d77d7cf>] device_add+0xbf0/0x1cd0 >> [<000000004af6a3f0>] usb_set_configuration+0x10fb/0x18d0 [usbcore] >> [<000000002ebdfdcd>] usb_generic_driver_probe+0xa2/0xe0 [usbcore] >> [<00000000444f344d>] usb_probe_device+0xe4/0x2b0 [usbcore] >> [<000000009b1a1951>] really_probe+0x299/0xc30 >> [<0000000055b8ffce>] __driver_probe_device+0x357/0x500 >> >> cardp is missing being freed in the error handling path of the probe >> and the path of the disconnect, which will cause kmemleak. >> >> This patch adds the missing free(). >> >> Fixes: 876c9d3aeb98 ("[PATCH] Marvell Libertas 8388 802.11b/g USB driver") >> Fixes: c305a19a0d0a ("libertas_tf: usb specific functions") >> Reported-by: Hulk Robot <hulkci@huawei.com> >> Signed-off-by: Wang Hai <wanghai38@huawei.com> > mwifiex patches are applied to wireless-drivers, not to the net tree. Please be > careful how you mark your patches. Thanks for the reminder, I will pay attention to it in the future.
On Mon, Oct 18, 2021 at 5:45 AM Kalle Valo <kvalo@codeaurora.org> wrote: > mwifiex patches are applied to wireless-drivers, not to the net tree. Please be > careful how you mark your patches. Also, the driver being patched is "libertas" (a different Marvell driver), not "mwifiex" -- so the subject line is doubly wrong. Brian
在 2021/10/19 1:02, Brian Norris 写道: > On Mon, Oct 18, 2021 at 5:45 AM Kalle Valo <kvalo@codeaurora.org> wrote: >> mwifiex patches are applied to wireless-drivers, not to the net tree. Please be >> careful how you mark your patches. > Also, the driver being patched is "libertas" (a different Marvell > driver), not "mwifiex" -- so the subject line is doubly wrong. Sorry, I will send a v2 patch to fix this issue, and I will pay more attention to this in the future. > Brian > . >
diff --git a/drivers/net/wireless/marvell/libertas/if_usb.c b/drivers/net/wireless/marvell/libertas/if_usb.c index 20436a289d5c..5d6dc1dd050d 100644 --- a/drivers/net/wireless/marvell/libertas/if_usb.c +++ b/drivers/net/wireless/marvell/libertas/if_usb.c @@ -292,6 +292,7 @@ static int if_usb_probe(struct usb_interface *intf, if_usb_reset_device(cardp); dealloc: if_usb_free(cardp); + kfree(cardp); error: return r; @@ -316,6 +317,7 @@ static void if_usb_disconnect(struct usb_interface *intf) /* Unlink and free urb */ if_usb_free(cardp); + kfree(cardp); usb_set_intfdata(intf, NULL); usb_put_dev(interface_to_usbdev(intf)); diff --git a/drivers/net/wireless/marvell/libertas_tf/if_usb.c b/drivers/net/wireless/marvell/libertas_tf/if_usb.c index fe0a69e804d8..75b5319d033f 100644 --- a/drivers/net/wireless/marvell/libertas_tf/if_usb.c +++ b/drivers/net/wireless/marvell/libertas_tf/if_usb.c @@ -230,6 +230,7 @@ static int if_usb_probe(struct usb_interface *intf, dealloc: if_usb_free(cardp); + kfree(cardp); error: lbtf_deb_leave(LBTF_DEB_MAIN); return -ENOMEM; @@ -254,6 +255,7 @@ static void if_usb_disconnect(struct usb_interface *intf) /* Unlink and free urb */ if_usb_free(cardp); + kfree(cardp); usb_set_intfdata(intf, NULL); usb_put_dev(interface_to_usbdev(intf));
I got memory leak as follows when doing fault injection test: unreferenced object 0xffff888031c2f000 (size 512): comm "kworker/0:2", pid 165, jiffies 4294922253 (age 391.180s) hex dump (first 32 bytes): 00 20 f7 08 80 88 ff ff 01 00 00 00 00 00 00 00 . .............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000537bdb86>] kmem_cache_alloc_trace+0x16d/0x360 [<0000000047666fab>] if_usb_probe+0x90/0x96e [usb8xxx] [<00000000de44b4f0>] usb_probe_interface+0x31b/0x800 [usbcore] [<000000009b1a1951>] really_probe+0x299/0xc30 [<0000000055b8ffce>] __driver_probe_device+0x357/0x500 [<00000000bb0c7161>] driver_probe_device+0x4e/0x140 [<00000000866d1730>] __device_attach_driver+0x257/0x340 [<0000000084e79b96>] bus_for_each_drv+0x166/0x1e0 [<000000009bad60ea>] __device_attach+0x272/0x420 [<00000000236b97c1>] bus_probe_device+0x1eb/0x2a0 [<000000008d77d7cf>] device_add+0xbf0/0x1cd0 [<000000004af6a3f0>] usb_set_configuration+0x10fb/0x18d0 [usbcore] [<000000002ebdfdcd>] usb_generic_driver_probe+0xa2/0xe0 [usbcore] [<00000000444f344d>] usb_probe_device+0xe4/0x2b0 [usbcore] [<000000009b1a1951>] really_probe+0x299/0xc30 [<0000000055b8ffce>] __driver_probe_device+0x357/0x500 cardp is missing being freed in the error handling path of the probe and the path of the disconnect, which will cause kmemleak. This patch adds the missing free(). Fixes: 876c9d3aeb98 ("[PATCH] Marvell Libertas 8388 802.11b/g USB driver") Fixes: c305a19a0d0a ("libertas_tf: usb specific functions") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Wang Hai <wanghai38@huawei.com> --- drivers/net/wireless/marvell/libertas/if_usb.c | 2 ++ drivers/net/wireless/marvell/libertas_tf/if_usb.c | 2 ++ 2 files changed, 4 insertions(+)