Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752612AbaG1Lca (ORCPT <rfc822;w@1wt.eu>);
	Mon, 28 Jul 2014 07:32:30 -0400
Received: from mga01.intel.com ([192.55.52.88]:57230 "EHLO mga01.intel.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751982AbaG1Lc2 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Mon, 28 Jul 2014 07:32:28 -0400
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.01,748,1400050800"; 
   d="scan'208";a="576523360"
Message-ID: <53D634BB.3060306@intel.com>
Date: Mon, 28 Jul 2014 19:32:11 +0800
From: "xinhui.pan" <xinhuix.pan@intel.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Jiri Slaby <jslaby@suse.cz>, Greg KH <gregkh@linuxfoundation.org>
CC: "Zhang, Yanmin" <yanmin_zhang@linux.intel.com>,
        Peter Hurley <peter@hurleysoftware.com>, mnipxh <mnipxh@gmail.com>,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] tty/n_gsm.c: fix a memory leak in gsmld_open
References: <53D6067C.4000702@intel.com> <53D60E8F.6080208@suse.cz> <53D611EC.2000907@intel.com>
In-Reply-To: <53D611EC.2000907@intel.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

于 2014年07月28日 17:03, xinhui.pan 写道:
> Hi, Jiri
> 
> 于 2014年07月28日 16:49, Jiri Slaby 写道:
>> On 07/28/2014 10:14 AM, xinhui.pan wrote:
>>> If gsmld_attach_gsm fails, the gsm is not used anymore.
>>> tty core will not call gsmld_close to do the cleanup work.
>>> tty core just restore to the tty old ldisc.
>>> That always causes memory leak.
>>
>> Nice catch!
>>
>>> --- a/drivers/tty/n_gsm.c
>>> +++ b/drivers/tty/n_gsm.c
>>> @@ -2382,7 +2383,13 @@ static int gsmld_open(struct tty_struct *tty)
>>>  
>>>  	/* Attach the initial passive connection */
>>>  	gsm->encoding = 1;
>>> -	return gsmld_attach_gsm(tty, gsm);
>>> +
>>> +	ret = gsmld_attach_gsm(tty, gsm);
>>> +	if (ret != 0) {
>>> +		gsm_cleanup_mux(gsm);
>>> +		mux_put(gsm);
>>
>> It is quite illogical to put the mux here. It should be in gsmld_open.
>> I.e. gsm_cleanup_mux here, mux_put there.
>>
> 
> Thanks for your reply :)
> But I am a little confused with your comments, could you explain it when you are free?
> Sorry for my poor English.
> 

hi, Jiri
	I guess you want gsm_cleanup_mux() called in gsmld_attach_gsm(), just after gsm_activate_mux() fails?
Yes, that seems really make sence. :)
Thanks for pointing out it.

Let me explain my opinion. :)
Actually gsmld_attach_gsm results in two different effects when it fails. 
(a)gsmld_attach_gsm -> gsm_activate_mux(gsm_mux[] is full,-EBUSY), then gsm_mux[] did not change, and gsm->num is invaild;
(b)gsmld_attach_gsm -> gsm_activate_mux(return -ENOMEM), then gsm_mux[] changes, and gsm->num is vaild.

To be honest, I am not very clear about this. I even suspect this is done in such way on purpose.
So I just keep the code what it is now. Let's handle the error in gsmld_open(). 
We can make sure that gsm is not used here and it's safe to cleanup and put it.

thanks,

xinhui

> thanks,
> 
> xinhui
> 
>> thanks,
>>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/