Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp428121ybt; Wed, 24 Jun 2020 02:48:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzbOYEudO7+fBZhNt5qeCHwOBTUi2XcSzRRWHXRkH7Oz1LFdmpX4jpUjV9OGvqgPy2RmGlw X-Received: by 2002:a05:6402:3ca:: with SMTP id t10mr26780846edw.128.1592992114594; Wed, 24 Jun 2020 02:48:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592992114; cv=none; d=google.com; s=arc-20160816; b=VbeCvaFxX9yi/91NRWZCxX3OjgCUSksvPRvWvfSmelMmaZDJdpxmbEtj/drsOYTeTg l/z6pSflwI69+iO8JTTPvIKiwmvD/S03B1EWQijYC5l9dINreWIElVolLyokoNg55Xoh DRj8QGgtq7xRTIzv8qEOknSAzKs3iflU0epPvNXXQ5REgA/+AvE/RsBAefC/LdggvLWH Vw/frowCO5Q+cHhy1IvaAEQXUqxldZJwG2gbQcUtBfJgrS3G4pTApQaZOvVO48+5ljUM +W1cv76ixsreIkR27aJMQldmj3RS3X4r0LWN214O5zp755cKJYxYl22e3WSRAL3kGrh4 PtVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=tuRg7gxTgMVv/uknaC+ELM+anUqsXoZl+UXIEfmUtI8=; b=YpmJD5N1cb4glrsMQteDRBbcYccnZ252QjfIXXHIe6U7i54ZvdqXMcr48NYxd7eT7F 9V02OSrq5pZS1BOIl9ra+ix+TyGWEAZ+G6KWNEf7/W/FOHV18ZySCCAWrL8RIreEqmkL tf6wEl+V5X354GCu53UNdVqqddHmu0zgtOGCskHpXS9p9PCvDHOzc5DLXz1GqCq8SRaX IHU/BY1ZxrxZ3mYcrhODpeM0J683drh5Dtk0CwKCE2ZvHcXaw2seGhO78elRiqPWR2fv TyjsvWt+En6wfy5Vvxt7KXdm/zpsnUTAvs/UPGt5HIjse8UmllCgoEamHSbxSCgJ5Htb OpdA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f8si7579674edv.497.2020.06.24.02.47.56; Wed, 24 Jun 2020 02:48:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389895AbgFXJnD (ORCPT + 99 others); Wed, 24 Jun 2020 05:43:03 -0400 Received: from mail-ej1-f65.google.com ([209.85.218.65]:33683 "EHLO mail-ej1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388005AbgFXJnD (ORCPT ); Wed, 24 Jun 2020 05:43:03 -0400 Received: by mail-ej1-f65.google.com with SMTP id n24so1830997ejd.0; Wed, 24 Jun 2020 02:43:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=tuRg7gxTgMVv/uknaC+ELM+anUqsXoZl+UXIEfmUtI8=; b=nCVNzS09I7YYKan0SKKC5cycBPYap9XyBDmHfAKVAoI0hgAgYJ3o6v8mYJGN90Pseq YRTYTxhQ4Vdl3SbeVO/ukqqLzWsiigvjbpKdxGBhiQuj0q10o+s6SHn4DyvCGhVtAG4+ JgcLvfJpfmq4xmIt8Pt3oNZDImC3FXxnXNQOfEKG6teRhVfPdZN20wId+5/Fi9UWfUoV n4e07rDhiUdt+zH8o6wYfHtSs/+N1dasoJkxCFM46PuXj5TAFot1nt+T4qK2OMAKYtSO fXBP+PQKS3vewYNtO1sZY/GQN6IbeTQLC2SgyiGzhMgFMDo4RYgTbmQxtPIqd7PbYqKj YtJw== X-Gm-Message-State: AOAM533KsAdgEWoOjEcEKcf/tdg7nRDbkueWdTzFjCYfTYFOq6rQPkLG IvrK2b0onkLwvKoBIgRhf1s= X-Received: by 2002:a17:906:7ad7:: with SMTP id k23mr25079698ejo.439.1592991780914; Wed, 24 Jun 2020 02:43:00 -0700 (PDT) Received: from ?IPv6:2a0b:e7c0:0:107::70f? ([2a0b:e7c0:0:107::70f]) by smtp.gmail.com with ESMTPSA id f17sm3036261ejr.71.2020.06.24.02.43.00 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 24 Jun 2020 02:43:00 -0700 (PDT) Subject: Re: [PATCH] tty: serial_core: Fix uart_state refcnt leak when the port startup To: Greg Kroah-Hartman , Xiyu Yang Cc: linux-serial@vger.kernel.org, linux-kernel@vger.kernel.org, yuanxzhang@fudan.edu.cn, kjlu@umn.edu, Xin Tan References: <1592052738-95202-1-git-send-email-xiyuyang19@fudan.edu.cn> <20200624093407.GB1751086@kroah.com> From: Jiri Slaby Message-ID: <954840f0-2078-fe0f-1e52-d985a4997564@kernel.org> Date: Wed, 24 Jun 2020 11:42:59 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 MIME-Version: 1.0 In-Reply-To: <20200624093407.GB1751086@kroah.com> Content-Type: text/plain; charset=iso-8859-2 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 24. 06. 20, 11:34, Greg Kroah-Hartman wrote: > On Sat, Jun 13, 2020 at 08:52:18PM +0800, Xiyu Yang wrote: >> uart_port_startup() invokes uart_port_lock(), which returns a reference >> of the uart_port object if increases the refcount of the uart_state >> object successfully or returns NULL if fails. >> >> However, uart_port_startup() don't take the return value of >> uart_port_lock() as the new uart_port object to "uport" and use the old >> "uport" instead to balance refcount in uart_port_unlock(), which may >> cause a redundant decrement of refcount occurred when the new "uport" >> equals to NULL and then cause a potential memory leak. >> >> Fix this issue by update the "uport" object to the return value of >> uart_port_lock() when invoking uart_port_lock(). >> >> Signed-off-by: Xiyu Yang >> Signed-off-by: Xin Tan >> --- >> drivers/tty/serial/serial_core.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c >> index 57840cf90388..968fd619aec0 100644 >> --- a/drivers/tty/serial/serial_core.c >> +++ b/drivers/tty/serial/serial_core.c >> @@ -205,7 +205,7 @@ static int uart_port_startup(struct tty_struct *tty, struct uart_state *state, >> if (!page) >> return -ENOMEM; >> >> - uart_port_lock(state, flags); >> + uport = uart_port_lock(state, flags); > > How is this a different pointer than you originally had? Was this patch sent twice? As I had very same questions on the other one, but never received a feedback: https://lore.kernel.org/linux-serial/bf6c1e7b-3dc6-aba6-955a-fee351a6d800@suse.com/ Oh, wait: this is uart_port_startup, I commented on the uart_shutdown one. But whatever, I would scratch both of them. > And if it is a different pointer, shouldn't you be calling this function > and using the pointer much earlier in the function instead of just here? > > Can you trigger a problem that this patch solves? If so, how? thanks, -- js suse labs