From: Greg KH <gregkh@suse.de>
To: Alex Chiang <achiang@hp.com>,
linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: refcount leak in pci_get_device()?
Date: Thu, 21 Aug 2008 13:40:57 -0700 [thread overview]
Message-ID: <20080821204057.GA31543@suse.de> (raw)
In-Reply-To: <20080821201918.GA24411@ldl.fc.hp.com>
On Thu, Aug 21, 2008 at 02:19:18PM -0600, Alex Chiang wrote:
> Hi Greg,
>
> While playing around with my slot symlink stuff, I noticed that
> the following sequence is problematic:
>
> 1. clean boot
> 2. modprobe acpiphp
> 3. echo 0 > /sys/bus/pci/slots/N/power
> 4. ???
>
> After step 3, we *should* be seeing pci_release_dev() getting
> called, but we never do because the refcount on the device is
> still quite high (5 or 6, on my ia64 system).
>
> I'm still trying to track this down, but I did notice, via code
> inspection, at least one suspicious area:
>
> #define for_each_pci_dev(d) while ((d = pci_get_device(PCI_ANY_ID, PCI_ANY_ID, d)) != NULL)
>
> That eventually calls pci_get_dev_by_id(), which increases the
> refcount on the device, but never decrements it.
>
> Looks like that change in behavior happened here:
>
> PCI: clean up search.c a lot
> 95247b57ed844511a212265b45cf9a919753aea1
>
> pci_get_device() used to decrement the refcount, but no longer
> does.
No, pci_get_device() never decremented the refcount, and that didn't
change in the above git commit.
The description of pci_get_device() says that a reference is grabbed:
Iterates through the list of known PCI devices. If a PCI device
is found with a matching @vendor and @device, the reference
count to the device is incremented and a pointer to its device
structure is returned. Otherwise, %NULL is returned. A new
search is initiated by passing %NULL as the @from argument.
Otherwise if @from is not %NULL, searches continue from next
device on the global list. The reference count for @from is
always decremented if it is not %NULL.
All of the pci_find* functions should not have grabbed a reference to
the device, as that was the "old" behavior. All of the pci_get*
functions do grab a reference.
Did I somehow mess up and one of the pci_find* functions now improperly
increment a reference? Hopefully we shouldn't be using those functions
anymore as they aren't hotplug safe...
thanks,
greg k-h
prev parent reply other threads:[~2008-08-21 20:53 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-21 20:19 refcount leak in pci_get_device()? Alex Chiang
2008-08-21 20:25 ` Matthew Wilcox
2008-08-21 20:47 ` Greg KH
2008-08-21 22:14 ` Alex Chiang
2008-08-30 4:23 ` Zhao, Yu
2008-08-30 5:37 ` Greg KH
2008-08-30 6:20 ` Zhao, Yu
2008-08-31 3:14 ` problems in fakephp (was RE: refcount leak in pci_get_device()?) Zhao, Yu
2008-09-01 18:40 ` [PATCH] PCI Hotplug: fakephp: fix deadlock... again Alex Chiang
2008-09-02 0:10 ` Matthew Wilcox
2008-09-02 0:19 ` Alex Chiang
2008-09-09 4:12 ` Jesse Barnes
2008-09-09 4:27 ` Matthew Wilcox
2008-09-09 5:32 ` Andrew Patterson
2008-09-04 15:03 ` Zhao, Yu
2008-08-21 22:23 ` refcount leak in pci_get_device()? Jesse Barnes
2008-08-22 1:04 ` Henrique de Moraes Holschuh
2008-08-22 1:09 ` Henrique de Moraes Holschuh
2008-08-21 20:40 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080821204057.GA31543@suse.de \
--to=gregkh@suse.de \
--cc=achiang@hp.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.