On Wed, Mar 25, 2015 at 03:05:33PM +0800, Pan Xinhui wrote: > when gsmtty_remove put dlci, it will cause memory leak if > dlci->port's refcount is zero. > So we do the cleanup work in .cleanup callback instead. > > dlci will be last put in two call chains. > 1) gsmld_close -> gsm_cleanup_mux -> gsm_dlci_release -> dlci_put > 2) gsmld_remove -> dlci_put > so there is a race. the memory leak depends on the race. > > In call chain 2. we hit the memory leak. bellow comment tells. > > release_tty -> tty_driver_remove_tty -> gsmtty_remove -> dlci_put -> > tty_port_destructor (WARN_ON(port->itty) and return directly) > | > --> tty->port->itty = NULL; > | > tty_kref_put ---> release_one_tty -> gsmtty_cleanup (now we do > the cleanup work here.)
That doesn't line up at all :( > So our patch fix it by doing the cleanup work after tty core did. > > Signed-off-by: xinhui.pan <xinhuix....@intel.com> I need a real name here, "xinhui.pan" is not your real name, according to your "From:" line, right? Please fix up and resend. And also include what changed from the previous version, this is much different. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/