From: Greg KH <gregkh@linuxfoundation.org>
To: huangchenghai <huangchenghai2@huawei.com>
Cc: zhangfei.gao@linaro.org, wangzhou1@hisilicon.com,
linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
linuxarm@openeuler.org, fanghao11@huawei.com,
shenyang39@huawei.com, liulongfang@huawei.com,
qianweili@huawei.com
Subject: Re: [PATCH v2 1/4] uacce: fix for cdev memory leak
Date: Wed, 17 Sep 2025 12:18:56 +0200 [thread overview]
Message-ID: <2025091746-starship-nearest-7c10@gregkh> (raw)
In-Reply-To: <8e5d4afb-8a21-4a93-a80f-e1f2b6baa8ca@huawei.com>
On Wed, Sep 17, 2025 at 05:56:16PM +0800, huangchenghai wrote:
>
> On Mon, Sep 16, 2025 at 11:15 PM +0800, Greg KH wrote:
> > On Tue, Sep 16, 2025 at 10:48:08PM +0800, Chenghai Huang wrote:
> > > From: Wenkai Lin <linwenkai6@hisilicon.com>
> > >
> > > If cdev_device_add failed, it is hard to determine
> > > whether cdev_del has been executed, which lead to a
> > > memory leak issue, so we use cdev_init to avoid it.
> > I do not understand, what is wrong with the current code? It checks if
> > add fails:
> >
> > > Fixes: 015d239ac014 ("uacce: add uacce driver")
> > > Cc: stable@vger.kernel.org
> > > Signed-off-by: Wenkai Lin <linwenkai6@hisilicon.com>
> > > Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com>
> > > ---
> > > drivers/misc/uacce/uacce.c | 13 ++++---------
> > > include/linux/uacce.h | 2 +-
> > > 2 files changed, 5 insertions(+), 10 deletions(-)
> > >
> > > diff --git a/drivers/misc/uacce/uacce.c b/drivers/misc/uacce/uacce.c
> > > index 42e7d2a2a90c..12370469f646 100644
> > > --- a/drivers/misc/uacce/uacce.c
> > > +++ b/drivers/misc/uacce/uacce.c
> > > @@ -522,14 +522,10 @@ int uacce_register(struct uacce_device *uacce)
> > > if (!uacce)
> > > return -ENODEV;
> > > - uacce->cdev = cdev_alloc();
> > > - if (!uacce->cdev)
> > > - return -ENOMEM;
> > This is the check.
> >
> >
> > > -
> > > - uacce->cdev->ops = &uacce_fops;
> > > - uacce->cdev->owner = THIS_MODULE;
> > > + cdev_init(&uacce->cdev, &uacce_fops);
> > > + uacce->cdev.owner = THIS_MODULE;
> > > - return cdev_device_add(uacce->cdev, &uacce->dev);
> > > + return cdev_device_add(&uacce->cdev, &uacce->dev);
> > And so is this. So what is wrong here?
> >
> >
> > > }
> > > EXPORT_SYMBOL_GPL(uacce_register);
> > > @@ -568,8 +564,7 @@ void uacce_remove(struct uacce_device *uacce)
> > > unmap_mapping_range(q->mapping, 0, 0, 1);
> > > }
> > > - if (uacce->cdev)
> > > - cdev_device_del(uacce->cdev, &uacce->dev);
> > > + cdev_device_del(&uacce->cdev, &uacce->dev);
> > > xa_erase(&uacce_xa, uacce->dev_id);
> > > /*
> > > * uacce exists as long as there are open fds, but ops will be freed
> > > diff --git a/include/linux/uacce.h b/include/linux/uacce.h
> > > index e290c0269944..98b896192a44 100644
> > > --- a/include/linux/uacce.h
> > > +++ b/include/linux/uacce.h
> > > @@ -126,7 +126,7 @@ struct uacce_device {
> > > bool is_vf;
> > > u32 flags;
> > > u32 dev_id;
> > > - struct cdev *cdev;
> > > + struct cdev cdev;
> > > struct device dev;
> > You can not do this, you now have 2 different reference counts
> > controlling the lifespan of this one structure. That is just going to
> > cause so many more bugs...
> >
> > How was this tested? What is currently failing that requires this
> > change?
> >
> > thanks,
> >
> > greg k-h
> We analyze it theoretically there may be a memory leak
> issue here, if the cdev_device_add returns a failure,
> the uacce_remove will not be executed, which results in the
> uacce cdev memory not being released.
Then properly clean up if that happens.
> Therefore, we have decided to align with the design of other
> drivers by making cdev a static member of uacce_device and
> releasing the memory through uacce_device.
But again, this is wrong to do.
> found one example in drivers/watchdog/watchdog_dev.h.
> struct watchdog_core_data {
> struct device dev;
> struct cdev cdev;
This is also wrong and needs to be fixed. Please send a patch to
resolve it as well, as it should not be copied as a valid example.
thanks,
greg k-h
next prev parent reply other threads:[~2025-09-17 10:18 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-16 14:48 [PATCH v2 0/4] uacce: driver fixes for memory leaks and state management Chenghai Huang
2025-09-16 14:48 ` [PATCH v2 1/4] uacce: fix for cdev memory leak Chenghai Huang
2025-09-16 15:14 ` Greg KH
2025-09-17 9:56 ` huangchenghai
2025-09-17 10:18 ` Greg KH [this message]
2025-09-26 8:47 ` huangchenghai
2025-09-26 9:37 ` linwenkai (C)
2025-09-16 14:48 ` [PATCH v2 2/4] uacce: fix isolate sysfs check condition Chenghai Huang
2025-09-16 15:15 ` Greg KH
2025-09-17 9:54 ` huangchenghai
2025-09-16 14:48 ` [PATCH v2 3/4] uacce: implement mremap in uacce_vm_ops to return -EPERM Chenghai Huang
2025-09-16 14:48 ` [PATCH v2 4/4] uacce: ensure safe queue release with state management Chenghai Huang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2025091746-starship-nearest-7c10@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=fanghao11@huawei.com \
--cc=huangchenghai2@huawei.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxarm@openeuler.org \
--cc=liulongfang@huawei.com \
--cc=qianweili@huawei.com \
--cc=shenyang39@huawei.com \
--cc=wangzhou1@hisilicon.com \
--cc=zhangfei.gao@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox