| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Nov 2012 17:14:34 -0500 From: Richard Retanubun <richardretanubun@...gedcom.com> To: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> CC: Alan Stern <stern@...land.harvard.edu>, Greg KH <greg@...ah.com>, Lennart Sorensen <lsorense@...lub.uwaterloo.ca>, Tang Nguyen <TangNguyen@...gedcom.com>, linux-usb mailing list <linux-usb@...r.kernel.org> Subject: Re: kmemleak report on isp1763 and sierra MC8705 On 29/10/12 06:14 PM, Alan Stern wrote: > On Mon, 29 Oct 2012, Richard Retanubun wrote: >> Focusing down on one of the dumps: >> >> unreferenced object 0xd3849740 (size 8): >> comm "khubd", pid 1026, jiffies 232553037 (age 506.597s) >> hex dump (first 8 bytes): >> 4d 43 38 37 30 35 00 00 MC8705.. >> backtrace: >> [<e30efd74>] usb_cache_string+0x74/0xac [usbcore] >> [<e30e77bc>] usb_enumerate_device+0x44/0xf8 [usbcore] >> [<e30e7aa0>] usb_new_device+0x3c/0x13c [usbcore] >> [<e30e9824>] hub_thread+0xc8c/0x1544 [usbcore] >> [<c0043aa8>] kthread+0x7c/0x80 >> [<c000ed48>] kernel_thread+0x4c/0x68 >> >> I have a small question. How does the memory kmalloc-ed() in usb_cache_string is supposed to be released? >> (during usb_serial_disconnect()?) > > It doesn't get released during usb_serial_disconnect(). It gets > released during usb_release_dev() in drivers/usb/core/usb.c. > >> Is the sierra driver is supposed to participate >> in the tear down process (in sierra_release() maybe) and not doing something that is expected? > > Probably not. > >> I am still missing the link between the actions done by the hub_thread() for the caching the stings >> and the sierra driver code. > > They aren't all that closely related. > > usb_release_dev() won't be called until all references to the USB > device have been dropped. Maybe there's an extra reference hanging > around. > > Alan Stern > Thanks a lot for the hint Alan. I added a dev_dbg print in usb_release_dev() and saw that in the builds where there is a leak, this was simply never called! the last line printed in a trace with all dev_dbg on is this "usb_disable_device nuking all URBs" When the sierra modem is unplugged, the cleanup sequence never calls usb_release_dev() (on PL2303 it always calls usb_release_dev() This is the current state of versions from linux-stable 3.0.y (3.0.51) - Have the issue 3.2.y (3.2.33) - Have the issue 3.4.y (3.4.18) - Have the issue 3.5.y (3.5.7) - Does not have the issue (but leaks because the portdata patches is not backported yet) 3.6.y (3.6.6) - Does not have the issue So a diff between 3.4.y and 3.5.y ought to narrow it down further. I am posting just in case someone recalls a particular patch I should be trying out first... -- RR -- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists