rtl8723bs memory leak

From: Tomas Hlavacek
Date: Mon Jun 12 2017 - 11:59:56 EST

Next message: Rob Herring: "Re: [PATCH] PCI: imx6: add regulator support"
Previous message: Greg Kroah-Hartman: "[PATCH 4.4 72/90] drm/nouveau/tmr: fully separate alarm execution/pending lists"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello!

It seems that we have discovered a memory leak in the rtl8723bs driver. The problem is that when the SDIO read fails in sd_recv_rxfifo() (in drivers/staging/rtl8723bs/hal/sdio_ops.c, l1016) the function simply returns NULL, but the dequeued recvbuf is never returned to the precvpriv->free_recv_buf_queue.

After several SDIO read failures it would bleed off the recvbuf queue and it would subsequently stop processing packets while producing endless flow of messages like this:

[ 49.618639] RTL8723BS: ERROR sd_recv_rxfifo: alloc recvbuf FAIL!
[ 49.624340] RTL8723BS: ERROR precvbuf is Null for 8 times because alloc memory failed
[ 49.641654] RTL8723BS: ERROR sd_recv_rxfifo: alloc recvbuf FAIL!
[ 49.648015] RTL8723BS: ERROR precvbuf is Null for 9 times because alloc memory failed
[ 49.665105] RTL8723BS: ERROR sd_recv_rxfifo: alloc recvbuf FAIL!
[ 49.671474] RTL8723BS: ERROR precvbuf is Null for 10 times because alloc memory failed
[ 49.679394] RTL8723BS: ERROR exit because alloc memory failed more than 10 times
...

A possible fix might look like the following (however, this is only my testing hot-fix to make the driver work and I have to admit that I do not fully understand the whole thing - that's why I am not posting a patch at this point):

diff --git a/drivers/staging/rtl8723bs/hal/sdio_ops.c b/drivers/staging/rtl8723bs/hal/sdio_ops.c
index 6285b72faa9a..ad65cd74c3c8 100644
--- a/drivers/staging/rtl8723bs/hal/sdio_ops.c
+++ b/drivers/staging/rtl8723bs/hal/sdio_ops.c
@@ -1008,6 +1008,7 @@ static struct recv_buf *sd_recv_rxfifo(struct adapter *padapter, u32 size)
}

if (precvbuf->pskb == NULL) {
+ rtw_enqueue_recvbuf(precvbuf, &precvpriv->free_recv_buf_queue);
DBG_871X("%s: alloc_skb fail! read =%d\n", __func__, readsize);
return NULL;
}
@@ -1017,6 +1018,7 @@ static struct recv_buf *sd_recv_rxfifo(struct adapter *padapter, u32 size)
preadbuf = precvbuf->pskb->data;
ret = sdio_read_port(&padapter->iopriv.intf, WLAN_RX0FF_DEVICE_ID, readsize, preadbuf);
if (ret == _FAIL) {
+ rtw_enqueue_recvbuf(precvbuf, &precvpriv->free_recv_buf_queue);
RT_TRACE(_module_hci_ops_os_c_, _drv_err_, ("%s: read port FAIL!\n", __func__));
return NULL;
}

Cheers,
Tomas

Next message: Rob Herring: "Re: [PATCH] PCI: imx6: add regulator support"
Previous message: Greg Kroah-Hartman: "[PATCH 4.4 72/90] drm/nouveau/tmr: fully separate alarm execution/pending lists"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]