Re: refcount leak in pci_get_device()?

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@suse.de>
To: Alex Chiang <achiang@hp.com>,
	linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: refcount leak in pci_get_device()?
Date: Thu, 21 Aug 2008 13:40:57 -0700	[thread overview]
Message-ID: <20080821204057.GA31543@suse.de> (raw)
In-Reply-To: <20080821201918.GA24411@ldl.fc.hp.com>

On Thu, Aug 21, 2008 at 02:19:18PM -0600, Alex Chiang wrote:
> Hi Greg,
> 
> While playing around with my slot symlink stuff, I noticed that
> the following sequence is problematic:
> 
> 	1. clean boot
> 	2. modprobe acpiphp
> 	3. echo 0 > /sys/bus/pci/slots/N/power
> 	4. ???
> 
> After step 3, we *should* be seeing pci_release_dev() getting
> called, but we never do because the refcount on the device is
> still quite high (5 or 6, on my ia64 system).
> 
> I'm still trying to track this down, but I did notice, via code
> inspection, at least one suspicious area:
> 
> #define for_each_pci_dev(d) while ((d = pci_get_device(PCI_ANY_ID, PCI_ANY_ID, d)) != NULL)
> 
> That eventually calls pci_get_dev_by_id(), which increases the
> refcount on the device, but never decrements it.
> 
> Looks like that change in behavior happened here:
> 
> 	PCI: clean up search.c a lot
> 	95247b57ed844511a212265b45cf9a919753aea1
> 
> pci_get_device() used to decrement the refcount, but no longer
> does.

No, pci_get_device() never decremented the refcount, and that didn't
change in the above git commit.

The description of pci_get_device() says that a reference is grabbed:
	Iterates through the list of known PCI devices.  If a PCI device
	is found with a matching @vendor and @device, the reference
	count to the device is incremented and a pointer to its device
	structure is returned.  Otherwise, %NULL is returned.  A new
	search is initiated by passing %NULL as the @from argument.
	Otherwise if @from is not %NULL, searches continue from next
	device on the global list.  The reference count for @from is
	always decremented if it is not %NULL.


All of the pci_find* functions should not have grabbed a reference to
the device, as that was the "old" behavior.  All of the pci_get*
functions do grab a reference.

Did I somehow mess up and one of the pci_find* functions now improperly
increment a reference?  Hopefully we shouldn't be using those functions
anymore as they aren't hotplug safe...

thanks,

greg k-h

     prev parent reply	other threads:[~2008-08-21 20:53 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-08-21 20:19 refcount leak in pci_get_device()? Alex Chiang
2008-08-21 20:25 ` Matthew Wilcox
2008-08-21 20:47   ` Greg KH
2008-08-21 22:14     ` Alex Chiang
2008-08-30  4:23       ` Zhao, Yu
2008-08-30  5:37         ` Greg KH
2008-08-30  6:20           ` Zhao, Yu
2008-08-31  3:14             ` problems in fakephp (was RE: refcount leak in pci_get_device()?) Zhao, Yu
2008-09-01 18:40               ` [PATCH] PCI Hotplug: fakephp: fix deadlock... again Alex Chiang
2008-09-02  0:10                 ` Matthew Wilcox
2008-09-02  0:19                   ` Alex Chiang
2008-09-09  4:12                     ` Jesse Barnes
2008-09-09  4:27                       ` Matthew Wilcox
2008-09-09  5:32                         ` Andrew Patterson
2008-09-04 15:03                 ` Zhao, Yu
2008-08-21 22:23     ` refcount leak in pci_get_device()? Jesse Barnes
2008-08-22  1:04       ` Henrique de Moraes Holschuh
2008-08-22  1:09         ` Henrique de Moraes Holschuh
2008-08-21 20:40 ` Greg KH [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080821204057.GA31543@suse.de \
    --to=gregkh@suse.de \
    --cc=achiang@hp.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox