From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752995AbbCZVgH (ORCPT <rfc822;w@1wt.eu>);
	Thu, 26 Mar 2015 17:36:07 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:58508 "EHLO
	mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751900AbbCZVgE (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 26 Mar 2015 17:36:04 -0400
Date: Thu, 26 Mar 2015 22:36:00 +0100
From: Greg KH <gregkh@linuxfoundation.org>
To: Pan Xinhui <xinhuix.pan@intel.com>
Cc: jslaby@suse.cz, linux-kernel@vger.kernel.org, yanmin_zhang@linux.intel.com,
        mnipxh@gmai.com
Subject: Re: [PATCH v2] tty/n_gsm.c: fix a memory leak when gsmtty is removed
Message-ID: <20150326213600.GA29139@kroah.com>
References: <551111B9.3000008@intel.com>
 <55125E3D.2070109@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <55125E3D.2070109@intel.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Mar 25, 2015 at 03:05:33PM +0800, Pan Xinhui wrote:
> when gsmtty_remove put dlci, it will cause memory leak if
> dlci->port's refcount is zero.
> So we do the cleanup work in .cleanup callback instead.
> 
> dlci will be last put in two call chains.
> 1) gsmld_close -> gsm_cleanup_mux -> gsm_dlci_release -> dlci_put
> 2) gsmld_remove -> dlci_put
> so there is a race. the memory leak depends on the race.
> 
> In call chain 2. we hit the memory leak. bellow comment tells.
> 
> release_tty -> tty_driver_remove_tty -> gsmtty_remove -> dlci_put -> tty_port_destructor (WARN_ON(port->itty) and return directly)
> 						|
> 						--> tty->port->itty = NULL;
> 			|
> 		tty_kref_put ---> release_one_tty -> gsmtty_cleanup (now we do the cleanup work here.)

That doesn't line up at all :(

> So our patch fix it by doing the cleanup work after tty core did.
> 
> Signed-off-by: xinhui.pan <xinhuix.pan@intel.com>

I need a real name here, "xinhui.pan" is not your real name, according
to your "From:" line, right?

Please fix up and resend.

And also include what changed from the previous version, this is much
different.

thanks,

greg k-h