From: Corey Minyard <minyard@acm.org>
To: Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
Cc: openipmi-developer@lists.sourceforge.net,
linux-kernel@vger.kernel.org, qi.zheng@linux.dev
Subject: Re: [PATCH 3/3] ipmi: fix memleak when unload ipmi driver
Date: Fri, 7 Oct 2022 14:51:33 -0500 [thread overview]
Message-ID: <Y0CDRS+ppvKTiGml@minyard.net> (raw)
In-Reply-To: <20221007092617.87597-4-zhangyuchen.lcr@bytedance.com>
On Fri, Oct 07, 2022 at 05:26:17PM +0800, Zhang Yuchen wrote:
> After the IPMI disconnect problem, the memory kept rising and we tried
> to unload the driver to free the memory. However, only part of the
> free memory is recovered after the driver is uninstalled. Using
> ebpf to hook free functions, we find that neither ipmi_user nor
> ipmi_smi_msg is free, only ipmi_recv_msg is free.
>
> We find that the deliver_smi_err_response call in clean_smi_msgs does
> the destroy processing on each message from the xmit_msg queue without
> checking the return value and free ipmi_smi_msg.
>
> deliver_smi_err_response is called only at this location. Adding the
> free handling has no effect.
>
> To verify, try using ebpf to trace the free function.
>
> $ bpftrace -e 'kretprobe:ipmi_alloc_recv_msg {printf("alloc rcv
> %p\n",retval);} kprobe:free_recv_msg {printf("free recv %p\n",
> arg0)} kretprobe:ipmi_alloc_smi_msg {printf("alloc smi %p\n",
> retval);} kprobe:free_smi_msg {printf("free smi %p\n",arg0)}'
>
> Signed-off-by: Zhang Yuchen <zhangyuchen.lcr@bytedance.com>
> ---
> drivers/char/ipmi/ipmi_msghandler.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
> index c8a3b208f923..7a7534046b5b 100644
> --- a/drivers/char/ipmi/ipmi_msghandler.c
> +++ b/drivers/char/ipmi/ipmi_msghandler.c
> @@ -3710,12 +3710,15 @@ static void deliver_smi_err_response(struct ipmi_smi *intf,
> struct ipmi_smi_msg *msg,
> unsigned char err)
> {
> + int rv;
> msg->rsp[0] = msg->data[0] | 4;
> msg->rsp[1] = msg->data[1];
> msg->rsp[2] = err;
> msg->rsp_size = 3;
> /* It's an error, so it will never requeue, no need to check return. */
The above comment is wrong, but yes, this is correct. I'll queue this
and remove the comment.
Thanks,
-corey
> - handle_one_recv_msg(intf, msg);
> + rv = handle_one_recv_msg(intf, msg);
> + if (rv == 0)
> + ipmi_free_smi_msg(msg);
> }
>
> static void cleanup_smi_msgs(struct ipmi_smi *intf)
> --
> 2.30.2
>
prev parent reply other threads:[~2022-10-07 19:51 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-07 9:26 [PATCH 0/3] ipmi: fix ipmi memleak and unload bug Zhang Yuchen
2022-10-07 9:26 ` [PATCH 1/3] ipmi: fix msg stack when IPMI is disconnected Zhang Yuchen
2022-10-07 19:43 ` Corey Minyard
2022-10-08 1:36 ` Yuchen Zhang
2022-10-08 11:49 ` Corey Minyard
2022-10-09 0:53 ` Yuchen Zhang
2022-10-07 9:26 ` [PATCH 2/3] ipmi: fix long wait in unload when IPMI disconnect Zhang Yuchen
2022-10-07 19:48 ` Corey Minyard
2022-10-07 9:26 ` [PATCH 3/3] ipmi: fix memleak when unload ipmi driver Zhang Yuchen
2022-10-07 19:51 ` Corey Minyard [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y0CDRS+ppvKTiGml@minyard.net \
--to=minyard@acm.org \
--cc=linux-kernel@vger.kernel.org \
--cc=openipmi-developer@lists.sourceforge.net \
--cc=qi.zheng@linux.dev \
--cc=zhangyuchen.lcr@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.