Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754435AbbLFUSe (ORCPT ); Sun, 6 Dec 2015 15:18:34 -0500 Received: from mail-ob0-f173.google.com ([209.85.214.173]:35969 "EHLO mail-ob0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754122AbbLFUSc (ORCPT ); Sun, 6 Dec 2015 15:18:32 -0500 Subject: Re: [PATCH] rtlwifi: fix gigantic memleak in rtl_usb To: Peter Wu , Chaoming Li , Kalle Valo , linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <1449424677-3140-1-git-send-email-peter@lekensteyn.nl> From: Larry Finger Message-ID: <5664981C.1040704@lwfinger.net> Date: Sun, 6 Dec 2015 14:18:36 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <1449424677-3140-1-git-send-email-peter@lekensteyn.nl> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2615 Lines: 74 On 12/06/2015 11:57 AM, Peter Wu wrote: > Free skb for received frames with a wrong checksum. > > While using the rtl8192cu driver in monitor mode, somehow 5G of memory > was permanently lost (observable via the Available column in `free -m`). > > Test scenario: > > ip link set down wlan1 > iw wlan1 set type monitor > ip link set up wlan1 > iw wlan1 set channel 11 > > Then stream a video on a smartphone on channel 11. Without this patch > the memory usage grows linearly with the number of received packets: > > grep MemAvailable /proc/meminfo > ip -s link show dev wlan1 > > Signed-off-by: Peter Wu > --- > Hi, > > This issue has existed since the introduction of this driver in v2.6.x, > using kmemleak I was about to figure out the source. There is also a > _rtl_usb_rx_process_agg that has similarly looking code, but that one is > unaffected. The pci code already frees the skb and is unaffected too. > > Tested with kernel v4.3, this patch is simply rebased on v4.4-rc3 (due > to changed paths). > > Kind regards, > Peter > --- > drivers/net/wireless/realtek/rtlwifi/usb.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c > index 2721cf8..aac1ed3 100644 > --- a/drivers/net/wireless/realtek/rtlwifi/usb.c > +++ b/drivers/net/wireless/realtek/rtlwifi/usb.c > @@ -531,6 +531,8 @@ static void _rtl_usb_rx_process_noagg(struct ieee80211_hw *hw, > ieee80211_rx(hw, skb); > else > dev_kfree_skb_any(skb); > + } else { > + dev_kfree_skb_any(skb); > } > } > > Thanks for finding and fixing this memory leak. The patch is OK, but the commit message and subject are not. I do not like the use of the word "gigantic" in the subject. A better subject would be: "rtlwifi: Fix memory leak for USB device while in monitor mode". The commit message should say that a memory leak was observed, and found with kmemleak. If you were simply reportimg the bug, then the steps needed to reproduce it would be important, but as you have a fix, those steps are extraneous. You should also include a "Cc: Stable