Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752612AbaG1Lca (ORCPT ); Mon, 28 Jul 2014 07:32:30 -0400 Received: from mga01.intel.com ([192.55.52.88]:57230 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751982AbaG1Lc2 (ORCPT ); Mon, 28 Jul 2014 07:32:28 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.01,748,1400050800"; d="scan'208";a="576523360" Message-ID: <53D634BB.3060306@intel.com> Date: Mon, 28 Jul 2014 19:32:11 +0800 From: "xinhui.pan" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: Jiri Slaby , Greg KH CC: "Zhang, Yanmin" , Peter Hurley , mnipxh , linux-kernel@vger.kernel.org Subject: Re: [PATCH] tty/n_gsm.c: fix a memory leak in gsmld_open References: <53D6067C.4000702@intel.com> <53D60E8F.6080208@suse.cz> <53D611EC.2000907@intel.com> In-Reply-To: <53D611EC.2000907@intel.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 于 2014年07月28日 17:03, xinhui.pan 写道: > Hi, Jiri > > 于 2014年07月28日 16:49, Jiri Slaby 写道: >> On 07/28/2014 10:14 AM, xinhui.pan wrote: >>> If gsmld_attach_gsm fails, the gsm is not used anymore. >>> tty core will not call gsmld_close to do the cleanup work. >>> tty core just restore to the tty old ldisc. >>> That always causes memory leak. >> >> Nice catch! >> >>> --- a/drivers/tty/n_gsm.c >>> +++ b/drivers/tty/n_gsm.c >>> @@ -2382,7 +2383,13 @@ static int gsmld_open(struct tty_struct *tty) >>> >>> /* Attach the initial passive connection */ >>> gsm->encoding = 1; >>> - return gsmld_attach_gsm(tty, gsm); >>> + >>> + ret = gsmld_attach_gsm(tty, gsm); >>> + if (ret != 0) { >>> + gsm_cleanup_mux(gsm); >>> + mux_put(gsm); >> >> It is quite illogical to put the mux here. It should be in gsmld_open. >> I.e. gsm_cleanup_mux here, mux_put there. >> > > Thanks for your reply :) > But I am a little confused with your comments, could you explain it when you are free? > Sorry for my poor English. > hi, Jiri I guess you want gsm_cleanup_mux() called in gsmld_attach_gsm(), just after gsm_activate_mux() fails? Yes, that seems really make sence. :) Thanks for pointing out it. Let me explain my opinion. :) Actually gsmld_attach_gsm results in two different effects when it fails. (a)gsmld_attach_gsm -> gsm_activate_mux(gsm_mux[] is full,-EBUSY), then gsm_mux[] did not change, and gsm->num is invaild; (b)gsmld_attach_gsm -> gsm_activate_mux(return -ENOMEM), then gsm_mux[] changes, and gsm->num is vaild. To be honest, I am not very clear about this. I even suspect this is done in such way on purpose. So I just keep the code what it is now. Let's handle the error in gsmld_open(). We can make sure that gsm is not used here and it's safe to cleanup and put it. thanks, xinhui > thanks, > > xinhui > >> thanks, >> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/