rtl8723bs memory leak

Mon, 12 Jun 2017 09:00:12 -0700 

Hello!
It seems that we have discovered a memory leak in the rtl8723bs driver. The problem is that when the SDIO read fails in sd_recv_rxfifo() (in drivers/staging/rtl8723bs/hal/sdio_ops.c, l1016) the function simply returns NULL, but the dequeued recvbuf is never returned to the precvpriv->free_recv_buf_queue. 


After several SDIO read failures it would bleed off the recvbuf queue 
and it would subsequently stop processing packets while producing 
endless flow of messages like this:


[   49.618639] RTL8723BS: ERROR sd_recv_rxfifo: alloc recvbuf FAIL!

[   49.624340] RTL8723BS: ERROR precvbuf is Null for 8 times because 
alloc memory failed

[   49.641654] RTL8723BS: ERROR sd_recv_rxfifo: alloc recvbuf FAIL!

[   49.648015] RTL8723BS: ERROR precvbuf is Null for 9 times because 
alloc memory failed

[   49.665105] RTL8723BS: ERROR sd_recv_rxfifo: alloc recvbuf FAIL!

[   49.671474] RTL8723BS: ERROR precvbuf is Null for 10 times because 
alloc memory failed
[   49.679394] RTL8723BS: ERROR exit because alloc memory failed more 
than 10 times

...


A possible fix might look like the following (however, this is only my 
testing hot-fix to make the driver work and I have to admit that I do 
not fully understand the whole thing - that's why I am not posting a 
patch at this point):



diff --git a/drivers/staging/rtl8723bs/hal/sdio_ops.c 
b/drivers/staging/rtl8723bs/hal/sdio_ops.c

index 6285b72faa9a..ad65cd74c3c8 100644
--- a/drivers/staging/rtl8723bs/hal/sdio_ops.c
+++ b/drivers/staging/rtl8723bs/hal/sdio_ops.c

@@ -1008,6 +1008,7 @@ static struct recv_buf *sd_recv_rxfifo(struct 
adapter *padapter, u32 size)

                }

                if (precvbuf->pskb == NULL) {
+                       rtw_enqueue_recvbuf(precvbuf, 
&precvpriv->free_recv_buf_queue);
                        DBG_871X("%s: alloc_skb fail! read =%d\n", __func__, 
readsize);
                        return NULL;
                }

@@ -1017,6 +1018,7 @@ static struct recv_buf *sd_recv_rxfifo(struct 
adapter *padapter, u32 size)

        preadbuf = precvbuf->pskb->data;

	ret = sdio_read_port(&padapter->iopriv.intf, WLAN_RX0FF_DEVICE_ID, 
readsize, preadbuf);

        if (ret == _FAIL) {
+               rtw_enqueue_recvbuf(precvbuf, &precvpriv->free_recv_buf_queue);

		RT_TRACE(_module_hci_ops_os_c_, _drv_err_, ("%s: read port FAIL!\n", 
__func__));

                return NULL;
        }

Cheers,
Tomas















    











					Reply via email to