patch "mei: don't unset read cb ptr on reset" added to char-misc tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    mei: don't unset read cb ptr on reset

to my char-misc git tree which can be found at
    git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git
in the char-misc-linus branch.

The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)

The patch will hopefully also be merged in Linus's tree for the
next -rc kernel release.

If you have any questions about this process, please let me know.


>From 5cb906c7035f03a3a44fecece9d3ff8fcc75d6e0 Mon Sep 17 00:00:00 2001
From: Alexander Usyskin <alexander.usyskin@xxxxxxxxx>
Date: Mon, 27 Jan 2014 22:27:24 +0200
Subject: mei: don't unset read cb ptr on reset

Don't set read callback to NULL during reset as
this leads to memory leak of both cb and its buffer.
The memory is correctly freed during mei_release.

The memory leak is detectable by kmemleak if
application has open read call while system is going through
suspend/resume.

unreferenced object 0xecead780 (size 64):
  comm "AsyncTask #1", pid 1018, jiffies 4294949621 (age 152.440s)
  hex dump (first 32 bytes):
    00 01 10 00 00 02 20 00 00 bf 30 f1 00 00 00 00  ...... ...0.....
    00 00 00 00 00 00 00 00 36 01 00 00 00 70 da e2  ........6....p..
  backtrace:
    [<c1a60aec>] kmemleak_alloc+0x3c/0xa0
    [<c131ed56>] kmem_cache_alloc_trace+0xc6/0x190
    [<c16243c9>] mei_io_cb_init+0x29/0x50
    [<c1625722>] mei_cl_read_start+0x102/0x360
    [<c16268f3>] mei_read+0x103/0x4e0
    [<c1324b09>] vfs_read+0x89/0x160
    [<c1324d5f>] SyS_read+0x4f/0x80
    [<c1a7b318>] syscall_call+0x7/0xb
    [<ffffffff>] 0xffffffff
unreferenced object 0xe2da7000 (size 512):
  comm "AsyncTask #1", pid 1018, jiffies 4294949621 (age 152.440s)
  hex dump (first 32 bytes):
    00 6c da e2 7c 00 00 00 00 00 00 00 c0 eb 0c 59  .l..|..........Y
    1b 00 00 00 01 00 00 00 02 10 00 00 01 00 00 00  ................
  backtrace:
    [<c1a60aec>] kmemleak_alloc+0x3c/0xa0
    [<c131f127>] __kmalloc+0xe7/0x1d0
    [<c162447e>] mei_io_cb_alloc_resp_buf+0x2e/0x60
    [<c162574c>] mei_cl_read_start+0x12c/0x360
    [<c16268f3>] mei_read+0x103/0x4e0
    [<c1324b09>] vfs_read+0x89/0x160
    [<c1324d5f>] SyS_read+0x4f/0x80
    [<c1a7b318>] syscall_call+0x7/0xb
    [<ffffffff>] 0xffffffff

Signed-off-by: Alexander Usyskin <alexander.usyskin@xxxxxxxxx>
Signed-off-by: Tomas Winkler <tomas.winkler@xxxxxxxxx>
Cc: stable <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/misc/mei/client.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/misc/mei/client.c b/drivers/misc/mei/client.c
index ccdacb5fcd8b..9b809cfc2899 100644
--- a/drivers/misc/mei/client.c
+++ b/drivers/misc/mei/client.c
@@ -908,7 +908,6 @@ void mei_cl_all_disconnect(struct mei_device *dev)
 	list_for_each_entry_safe(cl, next, &dev->file_list, link) {
 		cl->state = MEI_FILE_DISCONNECTED;
 		cl->mei_flow_ctrl_creds = 0;
-		cl->read_cb = NULL;
 		cl->timer_count = 0;
 	}
 }
-- 
1.8.5.1.163.gd7aced9


--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]