[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1497283185.13388.0@smtp.gmail.com>
Date: Mon, 12 Jun 2017 17:59:45 +0200
From: Tomas Hlavacek <tmshlvck@...il.com>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: rtl8723bs memory leak
Hello!
It seems that we have discovered a memory leak in the rtl8723bs driver.
The problem is that when the SDIO read fails in sd_recv_rxfifo() (in
drivers/staging/rtl8723bs/hal/sdio_ops.c, l1016) the function simply
returns NULL, but the dequeued recvbuf is never returned to the
precvpriv->free_recv_buf_queue.
After several SDIO read failures it would bleed off the recvbuf queue
and it would subsequently stop processing packets while producing
endless flow of messages like this:
[ 49.618639] RTL8723BS: ERROR sd_recv_rxfifo: alloc recvbuf FAIL!
[ 49.624340] RTL8723BS: ERROR precvbuf is Null for 8 times because
alloc memory failed
[ 49.641654] RTL8723BS: ERROR sd_recv_rxfifo: alloc recvbuf FAIL!
[ 49.648015] RTL8723BS: ERROR precvbuf is Null for 9 times because
alloc memory failed
[ 49.665105] RTL8723BS: ERROR sd_recv_rxfifo: alloc recvbuf FAIL!
[ 49.671474] RTL8723BS: ERROR precvbuf is Null for 10 times because
alloc memory failed
[ 49.679394] RTL8723BS: ERROR exit because alloc memory failed more
than 10 times
...
A possible fix might look like the following (however, this is only my
testing hot-fix to make the driver work and I have to admit that I do
not fully understand the whole thing - that's why I am not posting a
patch at this point):
diff --git a/drivers/staging/rtl8723bs/hal/sdio_ops.c
b/drivers/staging/rtl8723bs/hal/sdio_ops.c
index 6285b72faa9a..ad65cd74c3c8 100644
--- a/drivers/staging/rtl8723bs/hal/sdio_ops.c
+++ b/drivers/staging/rtl8723bs/hal/sdio_ops.c
@@ -1008,6 +1008,7 @@ static struct recv_buf *sd_recv_rxfifo(struct
adapter *padapter, u32 size)
}
if (precvbuf->pskb == NULL) {
+ rtw_enqueue_recvbuf(precvbuf, &precvpriv->free_recv_buf_queue);
DBG_871X("%s: alloc_skb fail! read =%d\n", __func__, readsize);
return NULL;
}
@@ -1017,6 +1018,7 @@ static struct recv_buf *sd_recv_rxfifo(struct
adapter *padapter, u32 size)
preadbuf = precvbuf->pskb->data;
ret = sdio_read_port(&padapter->iopriv.intf, WLAN_RX0FF_DEVICE_ID,
readsize, preadbuf);
if (ret == _FAIL) {
+ rtw_enqueue_recvbuf(precvbuf, &precvpriv->free_recv_buf_queue);
RT_TRACE(_module_hci_ops_os_c_, _drv_err_, ("%s: read port FAIL!\n",
__func__));
return NULL;
}
Cheers,
Tomas
Powered by blists - more mailing lists