Re: [PATCH v2] tty/n_gsm.c: fix a memory leak when gsmtty is removed

[Greg KH]

On Wed, Mar 25, 2015 at 03:05:33PM +0800, Pan Xinhui wrote:
> when gsmtty_remove put dlci, it will cause memory leak if
> dlci->port's refcount is zero.
> So we do the cleanup work in .cleanup callback instead.
> 
> dlci will be last put in two call chains.
> 1) gsmld_close -> gsm_cleanup_mux -> gsm_dlci_release -> dlci_put
> 2) gsmld_remove -> dlci_put
> so there is a race. the memory leak depends on the race.
> 
> In call chain 2. we hit the memory leak. bellow comment tells.
> 
> release_tty -> tty_driver_remove_tty -> gsmtty_remove -> dlci_put -> tty_port_destructor (WARN_ON(port->itty) and return directly)
> 						|
> 						--> tty->port->itty = NULL;
> 			|
> 		tty_kref_put ---> release_one_tty -> gsmtty_cleanup (now we do the cleanup work here.)

That doesn't line up at all :(

> So our patch fix it by doing the cleanup work after tty core did.
> 
> Signed-off-by: xinhui.pan <xinhuix.pan@xxxxxxxxx>

I need a real name here, "xinhui.pan" is not your real name, according
to your "From:" line, right?

Please fix up and resend.

And also include what changed from the previous version, this is much
different.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/