Fault injection test reported memory leak of hci device as follows:
unreferenced object 0xffff88800b858000 (size 8192):
comm "kworker/0:2", pid 167, jiffies 4294955747 (age 557.148s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 ad 4e ad de .............N..
backtrace:
[<0000000070eb1059>] kmem_cache_alloc_trace mm/slub.c:3208
[<00000000015eb521>] hci_alloc_dev_priv include/linux/slab.h:591
[<00000000dcfc1e21>] bpa10x_probe include/net/bluetooth/hci_core.h:1240
[<000000005d3028c7>] usb_probe_interface drivers/usb/core/driver.c:397
[<00000000cbac9243>] really_probe drivers/base/dd.c:517
[<0000000024cab3f0>] __driver_probe_device drivers/base/dd.c:751
[<00000000202135cb>] driver_probe_device drivers/base/dd.c:782
[<000000000761f2bc>] __device_attach_driver drivers/base/dd.c:899
[<00000000f7d63134>] bus_for_each_drv drivers/base/bus.c:427
[<00000000c9551f0b>] __device_attach drivers/base/dd.c:971
[<000000007f79bd16>] bus_probe_device drivers/base/bus.c:487
[<000000007bb8b95a>] device_add drivers/base/core.c:3364
[<000000009564d9ea>] usb_set_configuration drivers/usb/core/message.c:2171
[<00000000e4657087>] usb_generic_driver_probe drivers/usb/core/generic.c:239
[<0000000071ede518>] usb_probe_device drivers/usb/core/driver.c:294
[<00000000cbac9243>] really_probe drivers/base/dd.c:517
hci_alloc_dev() do not init the device's flag. And hci_free_dev()
using put_device() to free the memory allocated for this device,
but it calls just put_device(dev) only in case of HCI_UNREGISTER
flag is set, So any error handing before hci_register_dev() success
will cause memory leak.
To avoid this behaviour we can using kfree() to release dev before
hci_register_dev() success.
Signed-off-by: Wei Yongjun <[email protected]>
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index 7827639ecf5c..4e3e0451b08c 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -86,6 +86,8 @@ static void bt_host_release(struct device *dev)
if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
hci_release_dev(hdev);
+ else
+ kfree(hdev);
module_put(THIS_MODULE);
}
--
2.25.1
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=562481
---Test result---
Test Summary:
CheckPatch PASS 1.88 seconds
GitLint PASS 0.93 seconds
BuildKernel PASS 516.47 seconds
TestRunner: Setup PASS 378.40 seconds
TestRunner: l2cap-tester PASS 8.94 seconds
TestRunner: bnep-tester PASS 4.55 seconds
TestRunner: mgmt-tester PASS 84.65 seconds
TestRunner: rfcomm-tester PASS 5.83 seconds
TestRunner: sco-tester PASS 5.79 seconds
TestRunner: smp-tester PASS 5.77 seconds
TestRunner: userchan-tester PASS 4.77 seconds
---
Regards,
Linux Bluetooth
Hi Wei,
> Fault injection test reported memory leak of hci device as follows:
>
> unreferenced object 0xffff88800b858000 (size 8192):
> comm "kworker/0:2", pid 167, jiffies 4294955747 (age 557.148s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 ad 4e ad de .............N..
> backtrace:
> [<0000000070eb1059>] kmem_cache_alloc_trace mm/slub.c:3208
> [<00000000015eb521>] hci_alloc_dev_priv include/linux/slab.h:591
> [<00000000dcfc1e21>] bpa10x_probe include/net/bluetooth/hci_core.h:1240
> [<000000005d3028c7>] usb_probe_interface drivers/usb/core/driver.c:397
> [<00000000cbac9243>] really_probe drivers/base/dd.c:517
> [<0000000024cab3f0>] __driver_probe_device drivers/base/dd.c:751
> [<00000000202135cb>] driver_probe_device drivers/base/dd.c:782
> [<000000000761f2bc>] __device_attach_driver drivers/base/dd.c:899
> [<00000000f7d63134>] bus_for_each_drv drivers/base/bus.c:427
> [<00000000c9551f0b>] __device_attach drivers/base/dd.c:971
> [<000000007f79bd16>] bus_probe_device drivers/base/bus.c:487
> [<000000007bb8b95a>] device_add drivers/base/core.c:3364
> [<000000009564d9ea>] usb_set_configuration drivers/usb/core/message.c:2171
> [<00000000e4657087>] usb_generic_driver_probe drivers/usb/core/generic.c:239
> [<0000000071ede518>] usb_probe_device drivers/usb/core/driver.c:294
> [<00000000cbac9243>] really_probe drivers/base/dd.c:517
>
> hci_alloc_dev() do not init the device's flag. And hci_free_dev()
> using put_device() to free the memory allocated for this device,
> but it calls just put_device(dev) only in case of HCI_UNREGISTER
> flag is set, So any error handing before hci_register_dev() success
> will cause memory leak.
>
> To avoid this behaviour we can using kfree() to release dev before
> hci_register_dev() success.
>
> Signed-off-by: Wei Yongjun <[email protected]>
patch has been applied to bluetooth-next tree.
Regards
Marcel