From: Jiri Slaby <jslaby@suse.cz>
To: Julian Anastasov <ja@ssi.bg>
Cc: Greg Kroah-Hartman <gregkh@suse.de>,
linux-kernel@vger.kernel.org, Alan Cox <alan@lxorguk.ukuu.org.uk>,
Jiri Slaby <jirislaby@gmail.com>
Subject: Re: [PATCH] tty: fix tty->ldisc leak on ENODEV from driver install
Date: Wed, 23 Mar 2011 09:12:51 +0100 [thread overview]
Message-ID: <4D89AB83.3000103@suse.cz> (raw)
In-Reply-To: <201103230045.p2N0jQjL011728@ja.ssi.bg>
Ccing Alan.
On 03/23/2011 01:45 AM, Julian Anastasov wrote:
> When a USB serial device is not attached I see
> open() to leak 8-byte structures:
>
> modprobe usbserial
> [ -e /dev/ttyUSB0 ] && cat /dev/ttyUSB0
> cat: /dev/ttyUSB0: No such device
>
> Note that error must be ENODEV with usbserial
> loaded and when name exists, not ENXIO.
>
> kmemleak shows such output:
>
> unreferenced object 0xc0e19860 (size 8):
> comm cat, pid 1226, jiffies 4294919464 (age 287.476s)
> hex dump (first 8 bytes):
> 44 de 2d c1 01 00 00 00 D.-.....
> backtrace:
> [<c1065a74>] create_object+0x109/0x1ad
> [<c1063d2b>] kmem_cache_alloc+0x60/0x68
> [<c113505c>] tty_ldisc_get+0x54/0x76
> [<c11358c9>] tty_ldisc_init+0xa/0x20
> [<c1130ab4>] initialize_tty_struct+0x2d/0x1ac
> [<c1130c8c>] tty_init_dev+0x59/0x10d
> [<c113136d>] tty_open+0x24a/0x3a2
> [<c1069516>] chrdev_open+0xd1/0xef
> [<c106d2d5>] nameidata_drop_rcu_last+0x3b/0x49
> [<c1069445>] chrdev_open+0x0/0xef
> [<c1065d42>] __dentry_open.clone.15+0xec/0x1c3
> [<c10669a5>] nameidata_to_filp+0x2a/0x33
> [<c106f7c7>] finish_open+0x6e/0xfc
> [<c106fbda>] do_filp_open+0x144/0x4af
> [<c1076f55>] alloc_fd+0x41/0xa5
> [<c10669ef>] do_sys_open+0x41/0xc3
>
> Looking at tty_init_dev() it seems initialize_tty_struct()
> attaches tty->ldisc via tty_ldisc_init() but on
> tty_driver_install_tty() failure (-ENODEV) we call free_tty_struct()
> which does nothing with tty->ldisc.
>
> The appended patch fixes the leak but I'm not
> sure what tty->ldisc value we can see in release_one_tty(),
> I assume if ldisc is freed tty->ldisc should be NULL, so
> free_tty_struct() will not try to double-free the ldisc.
>
> Signed-off-by: Julian Anastasov <ja@ssi.bg>
> ---
> drivers/tty/tty_io.c | 1 +
> 1 file changed, 1 insertion(+)
>
> --- linux-2.6.38/drivers/tty/tty_io.c
> +++ linux-2.6.38/drivers/tty/tty_io.c
> @@ -188,6 +188,7 @@ void free_tty_struct(struct tty_struct *
> put_device(tty->dev);
> kfree(tty->write_buf);
> tty_buffer_free_all(tty);
> + kfree(tty->ldisc);
We should not mess up with ldisc here. We should call something like
tty_ldisc_deinit from tty_init_dev on fail path. The deinit should drop
the reference (call put_ldisc). Or maybe even deinitialize_tty_struct ->
tty_ldisc_deinit -> put_ldisc).
Note that your way you do not drop the module refcount of ld ops.
> kfree(tty);
> }
regards,
--
js
suse labs
next prev parent reply other threads:[~2011-03-23 8:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-23 0:45 [PATCH] tty: fix tty->ldisc leak on ENODEV from driver install Julian Anastasov
2011-03-23 8:12 ` Jiri Slaby [this message]
2011-03-23 8:49 ` Julian Anastasov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D89AB83.3000103@suse.cz \
--to=jslaby@suse.cz \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=gregkh@suse.de \
--cc=ja@ssi.bg \
--cc=jirislaby@gmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox