Return-path: Received: from he.sipsolutions.net ([78.46.109.217]:46648 "EHLO sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751303Ab2HBICk (ORCPT ); Thu, 2 Aug 2012 04:02:40 -0400 Message-ID: <1343894552.4458.4.camel@jlt3.sipsolutions.net> (sfid-20120802_100245_262316_95C56D8E) Subject: Re: cfg80211_disconnected memory leak From: Johannes Berg To: Daniel Drake Cc: linux-wireless@vger.kernel.org Date: Thu, 02 Aug 2012 10:02:32 +0200 In-Reply-To: (sfid-20120802_012245_707573_C86E060B) References: <1343842772.4638.15.camel@jlt3.sipsolutions.net> (sfid-20120802_012245_707573_C86E060B) Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org List-ID: On Wed, 2012-08-01 at 17:22 -0600, Daniel Drake wrote: > Here is what happens: > > NETDEV_GOING_DOWN > cfg80211_disconnected() called, disconnect event work queued > NETDEV_DOWN > cleanup work queued > NETDEV_UNREGISTER > *** cfg80211_netdev_notifier_call now calls: list_del_rcu(&wdev->list); > disconnect even work runs, calls cfg80211_process_rdev_events() but > the wdev is already removed from rdev->netdev_list as above > cleanup work runs > > The bit I marked with *** is what is causing the difficulties - it > runs before the work items do. Oh, hm. I didn't think it could unregister before we give up our reference, but I guess that makes sense after all. I'm not sure there's an easy way to fix it other than making the driver not call cfg80211_disconnected() in case the disconnect was requested by cfg80211 -- that call isn't needed and will not do anything at all, but I'm not sure how easy that would be in the driver? johannes