Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933430AbaBUNeB (ORCPT ); Fri, 21 Feb 2014 08:34:01 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:47113 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932428AbaBUMvB (ORCPT ); Fri, 21 Feb 2014 07:51:01 -0500 From: Luis Henriques To: linux-kernel@vger.kernel.org, stable@vger.kernel.org, kernel-team@lists.ubuntu.com Cc: Alexander Usyskin , Tomas Winkler , Greg Kroah-Hartman , Luis Henriques Subject: [PATCH 3.11 079/121] mei: don't unset read cb ptr on reset Date: Fri, 21 Feb 2014 12:48:23 +0000 Message-Id: <1392986945-9693-80-git-send-email-luis.henriques@canonical.com> X-Mailer: git-send-email 1.9.0 In-Reply-To: <1392986945-9693-1-git-send-email-luis.henriques@canonical.com> References: <1392986945-9693-1-git-send-email-luis.henriques@canonical.com> X-Extended-Stable: 3.11 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.11.10.5 -stable review patch. If anyone has any objections, please let me know. ------------------ From: Alexander Usyskin commit 5cb906c7035f03a3a44fecece9d3ff8fcc75d6e0 upstream. Don't set read callback to NULL during reset as this leads to memory leak of both cb and its buffer. The memory is correctly freed during mei_release. The memory leak is detectable by kmemleak if application has open read call while system is going through suspend/resume. unreferenced object 0xecead780 (size 64): comm "AsyncTask #1", pid 1018, jiffies 4294949621 (age 152.440s) hex dump (first 32 bytes): 00 01 10 00 00 02 20 00 00 bf 30 f1 00 00 00 00 ...... ...0..... 00 00 00 00 00 00 00 00 36 01 00 00 00 70 da e2 ........6....p.. backtrace: [] kmemleak_alloc+0x3c/0xa0 [] kmem_cache_alloc_trace+0xc6/0x190 [] mei_io_cb_init+0x29/0x50 [] mei_cl_read_start+0x102/0x360 [] mei_read+0x103/0x4e0 [] vfs_read+0x89/0x160 [] SyS_read+0x4f/0x80 [] syscall_call+0x7/0xb [] 0xffffffff unreferenced object 0xe2da7000 (size 512): comm "AsyncTask #1", pid 1018, jiffies 4294949621 (age 152.440s) hex dump (first 32 bytes): 00 6c da e2 7c 00 00 00 00 00 00 00 c0 eb 0c 59 .l..|..........Y 1b 00 00 00 01 00 00 00 02 10 00 00 01 00 00 00 ................ backtrace: [] kmemleak_alloc+0x3c/0xa0 [] __kmalloc+0xe7/0x1d0 [] mei_io_cb_alloc_resp_buf+0x2e/0x60 [] mei_cl_read_start+0x12c/0x360 [] mei_read+0x103/0x4e0 [] vfs_read+0x89/0x160 [] SyS_read+0x4f/0x80 [] syscall_call+0x7/0xb [] 0xffffffff Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman Signed-off-by: Luis Henriques --- drivers/misc/mei/client.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/misc/mei/client.c b/drivers/misc/mei/client.c index e019165..d307760 100644 --- a/drivers/misc/mei/client.c +++ b/drivers/misc/mei/client.c @@ -885,7 +885,6 @@ void mei_cl_all_disconnect(struct mei_device *dev) list_for_each_entry_safe(cl, next, &dev->file_list, link) { cl->state = MEI_FILE_DISCONNECTED; cl->mei_flow_ctrl_creds = 0; - cl->read_cb = NULL; cl->timer_count = 0; } } -- 1.9.0 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/