Search Linux Wireless

Re: [PATCH] mt76: usb: fix possible memory leak during suspend/resume

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Sat, Apr 13, 2019 at 12:10:59PM +0200, Lorenzo Bianconi wrote:
> > > On Fri, Apr 12, 2019 at 06:27:48PM +0200, Lorenzo Bianconi wrote:
> > > > > > On Fri, Apr 12, 2019 at 02:27:16PM +0200, Lorenzo Bianconi wrote:
> > > > > > > Disable mt76u_tx_tasklet at the end of mt76u_stop_queues in order to
> > > > > > > properly deallocate all pending skbs during suspend/resume phase
> > > > > > 
> > > > > > On suspend/resume tx skb's are processed after tasklet_enable()
> > > > > > in resume callback. There is issue with device removal though
> > > > > > (during suspend or otherwise).
> > > > > 
> > > > > Hi Stanislaw,
> > > > > 
> > > > > I guess the right moment to deallocate the skbs is during suspend since resume
> > > > > can happen in very far future
> > > 
> > > Yes, it's better to free on suspend, but in practice does not really matter since
> > > system is disabled till resume.
> > > 
> > > > > > > Fixes: b40b15e1521f ("mt76: add usb support to mt76 layer")
> > > > > > > Signed-off-by: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
> > > > > > > ---
> > > > > > >  drivers/net/wireless/mediatek/mt76/usb.c | 4 ++--
> > > > > > >  1 file changed, 2 insertions(+), 2 deletions(-)
> > > > > > > 
> > > > > > > diff --git a/drivers/net/wireless/mediatek/mt76/usb.c b/drivers/net/wireless/mediatek/mt76/usb.c
> > > > > > > index a3acc070063a..575207133775 100644
> > > > > > > --- a/drivers/net/wireless/mediatek/mt76/usb.c
> > > > > > > +++ b/drivers/net/wireless/mediatek/mt76/usb.c
> > > > > > > @@ -842,10 +842,10 @@ static void mt76u_stop_tx(struct mt76_dev *dev)
> > > > > > >  void mt76u_stop_queues(struct mt76_dev *dev)
> > > > > > >  {
> > > > > > >  	tasklet_disable(&dev->usb.rx_tasklet);
> > > > > > > -	tasklet_disable(&dev->usb.tx_tasklet);
> > > > > > > -
> > > > > > >  	mt76u_stop_rx(dev);
> > > > > > > +
> > > > > > >  	mt76u_stop_tx(dev);
> > > > > > > +	tasklet_disable(&dev->usb.tx_tasklet);
> > > > > > 
> > > > > > If tasklet is scheduled and we disable it and never enable, we end up
> > > > > > with infinite loop in tasklet_action_common(). This patch make the
> > > > > > problem less reproducible since tasklet_disable() is moved after
> > > > > > usb_kill_urb() -> tasklet_schedule(), but it is still possible.
> > > > > 
> > > > > I can see the point here. Maybe we can just run tasklet_kill instead of
> > > > > tasklet_disable here (at least for tx one)
> > > 
> > > I think you have right as tasklet_kill() will wait for scheduled tasklet .
> > > Originally in my patch (see below) I used wait_event as I thought
> > > tasklet_kill() may prevent scheduled tasklet to be executed (hence cause
> > > leak) but that seems to be not true.
> > 
> > I agree with rx side (good catch!!), but on tx one I guess usb_kill_urb()
> > is already waiting for tx pending so we just need to use tasklet_kill
> > at the end of mt76u_stop_queues, in this way we will free pending skbs during
> > suspend
> 
> I looked more into that and there are some issues with this approach.
> tx_tasklet do mt76_txq_schedule() which can queue tx frames. Also we
> do not free skb's that require status check and dev->usb.stat_work 
> is already (correctly) stopped on mac80211.stop. 

right

> 
> I'll use wait_event(dev->tx_wait) on mac80211 stop to handle those
> issues correctly.

ack

> 
> Stanislaw

during device removal I guess we should also flush skbs in status queue, doing
something like (after commit 0b5f71304cd9 (mt76: introduce mt76_free_device
routine))

diff --git a/drivers/net/wireless/mediatek/mt76/mt76x0/usb.c b/drivers/net/wireless/mediatek/mt76/mt76x0/usb.c
index 1ef00e971cfa..d4d1eb003148 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76x0/usb.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x0/usb.c
@@ -299,7 +299,7 @@ static void mt76x0_disconnect(struct usb_interface *usb_intf)
 	if (!initalized)
 		return;
 
-	ieee80211_unregister_hw(dev->mt76.hw);
+	mt76_unregister_device(&dev->mt76);
 	mt76x0u_cleanup(dev);
 
 	usb_set_intfdata(usb_intf, NULL);
diff --git a/drivers/net/wireless/mediatek/mt76/mt76x2/usb.c b/drivers/net/wireless/mediatek/mt76/mt76x2/usb.c
index d08bb964966b..4394c7c10535 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76x2/usb.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x2/usb.c
@@ -94,7 +94,7 @@ static void mt76x2u_disconnect(struct usb_interface *intf)
 	struct ieee80211_hw *hw = mt76_hw(dev);
 
 	set_bit(MT76_REMOVED, &dev->mt76.state);
-	ieee80211_unregister_hw(hw);
+	mt76_unregister_device(&dev->mt76);
 	mt76x2u_cleanup(dev);
 
 	ieee80211_free_hw(hw);

Regards,
Lorenzo

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux