| Message ID | 20230317035228.2635209-1-lizetao1@huawei.com (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | atm: idt77252: fix kmemleak when rmmod idt77252 | expand |
Li Zetao <lizetao1@huawei.com> : > There are memory leaks reported by kmemleak: [...] > diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c > index eec0cc2144e0..060f32b0def3 100644 > --- a/drivers/atm/idt77252.c > +++ b/drivers/atm/idt77252.c [...] > @@ -2952,6 +2953,16 @@ open_card_ubr0(struct idt77252_dev *card) > return 0; > } > > +static void > +close_card_ubr0(struct idt77252_dev *card) > +{ > + struct vc_map *vc; > + > + vc = card->vcs[0]; Nit: + struct vc_map *vc = card->vcs[0]; I have not found any opportunity for a double free related to the patch. So, other than the nit above: Reviewed-by: Francois Romieu <romieu@fr.zoreil.com> FWIW - the driver leaks on error in open_card_ubr0. - some forward declarations (alloc_scq, free_scq, etc.) are useless. - struct idt77252_dev.next is useless. It was probably cargo-culted from some driver while hoping to enumerate devices (not that uncommon the early 2000). PCI driver registeering could thus look more idiomatic. - deinit_card can be called two times in an error path and trigger a BUG_ON in atm_dev_deregister.
diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c index eec0cc2144e0..060f32b0def3 100644 --- a/drivers/atm/idt77252.c +++ b/drivers/atm/idt77252.c @@ -2909,6 +2909,7 @@ close_card_oam(struct idt77252_dev *card) recycle_rx_pool_skb(card, &vc->rcv.rx_pool); } + kfree(vc); } } } @@ -2952,6 +2953,16 @@ open_card_ubr0(struct idt77252_dev *card) return 0; } +static void +close_card_ubr0(struct idt77252_dev *card) +{ + struct vc_map *vc; + + vc = card->vcs[0]; + free_scq(card, vc->scq); + kfree(vc); +} + static int idt77252_dev_open(struct idt77252_dev *card) { @@ -3001,6 +3012,7 @@ static void idt77252_dev_close(struct atm_dev *dev) struct idt77252_dev *card = dev->dev_data; u32 conf; + close_card_ubr0(card); close_card_oam(card); conf = SAR_CFG_RXPTH | /* enable receive path */
There are memory leaks reported by kmemleak: unreferenced object 0xffff888106500800 (size 128): comm "modprobe", pid 1017, jiffies 4297787785 (age 67.152s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000970ce626>] __kmem_cache_alloc_node+0x20c/0x380 [<00000000fb5f78d9>] kmalloc_trace+0x2f/0xb0 [<000000000e947e2a>] idt77252_init_one+0x2847/0x3c90 [idt77252] [<000000006efb048e>] local_pci_probe+0xeb/0x1a0 ... unreferenced object 0xffff888106500b00 (size 128): comm "modprobe", pid 1017, jiffies 4297787785 (age 67.152s) hex dump (first 32 bytes): 00 20 3d 01 80 88 ff ff 00 20 3d 01 80 88 ff ff . =...... =..... f0 23 3d 01 80 88 ff ff 00 20 3d 01 00 00 00 00 .#=...... =..... backtrace: [<00000000970ce626>] __kmem_cache_alloc_node+0x20c/0x380 [<00000000fb5f78d9>] kmalloc_trace+0x2f/0xb0 [<00000000f451c5be>] alloc_scq.constprop.0+0x4a/0x400 [idt77252] [<00000000e6313849>] idt77252_init_one+0x28cf/0x3c90 [idt77252] The root cause is traced to the vc_maps which alloced in open_card_oam() are not freed in close_card_oam(). The vc_maps are used to record open connections, so when close a vc_map in close_card_oam(), the memory should be freed. Moreover, the ubr0 is not closed when close a idt77252 device, leading to the memory leak of vc_map and scq_info. Fix them by adding kfree in close_card_oam() and implementing new close_card_ubr0() to close ubr0. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Li Zetao <lizetao1@huawei.com> --- drivers/atm/idt77252.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)