fpga: Fix memory leak for fpga_region_test_class_find()

Commit Message

Jinjie Ruan Oct. 7, 2023, 9:43 a.m. UTC

When CONFIG_FPGA_KUNIT_TESTS=m and making CONFIG_DEBUG_KMEMLEAK=y
and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, modprobe fpga-region-test and then
rmmod fpga-region-test, the below memory leak is detected.

fpga_region_class_find() in fpga_region_test_class_find() will call
get_device() if the data is matched, which will increment refcount for
dev->kobj, so it should call put_device() to decrement refcount for
dev->kobj to free the region, because fpga_region_unregister() will call
fpga_region_dev_release() only when the refcount for dev->kobj is zero
but fpga_region_test_init() call device_register() in
fpga_region_register_full(), which also increment refcount.

So call put_device() after calling fpga_region_class_find() in
fpga_region_test_class_find(). After applying this patch, the following
memory leak is never detected.

unreferenced object 0xffff88810c8ef000 (size 1024):
  comm "kunit_try_catch", pid 1875, jiffies 4294715298 (age 836.836s)
  hex dump (first 32 bytes):
    b8 d1 fb 05 81 88 ff ff 08 f0 8e 0c 81 88 ff ff  ................
    08 f0 8e 0c 81 88 ff ff 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<ffffffff817ebad7>] kmalloc_trace+0x27/0xa0
    [<ffffffffa02385e1>] fpga_region_register_full+0x51/0x430 [fpga_region]
    [<ffffffffa0228e47>] 0xffffffffa0228e47
    [<ffffffff829c479d>] kunit_try_run_case+0xdd/0x250
    [<ffffffff829c9f2a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
    [<ffffffff81238b85>] kthread+0x2b5/0x380
    [<ffffffff81097ded>] ret_from_fork+0x2d/0x70
    [<ffffffff810034d1>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff888105fbd1b8 (size 8):
  comm "kunit_try_catch", pid 1875, jiffies 4294715298 (age 836.836s)
  hex dump (first 8 bytes):
    72 65 67 69 6f 6e 30 00                          region0.
  backtrace:
    [<ffffffff817ec023>] __kmalloc_node_track_caller+0x53/0x150
    [<ffffffff82995590>] kvasprintf+0xb0/0x130
    [<ffffffff83f713b1>] kobject_set_name_vargs+0x41/0x110
    [<ffffffff8304ac1b>] dev_set_name+0xab/0xe0
    [<ffffffffa02388a2>] fpga_region_register_full+0x312/0x430 [fpga_region]
    [<ffffffffa0228e47>] 0xffffffffa0228e47
    [<ffffffff829c479d>] kunit_try_run_case+0xdd/0x250
    [<ffffffff829c9f2a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
    [<ffffffff81238b85>] kthread+0x2b5/0x380
    [<ffffffff81097ded>] ret_from_fork+0x2d/0x70
    [<ffffffff810034d1>] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff88810b3b8a00 (size 256):
  comm "kunit_try_catch", pid 1875, jiffies 4294715298 (age 836.836s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 08 8a 3b 0b 81 88 ff ff  ..........;.....
    08 8a 3b 0b 81 88 ff ff e0 ac 04 83 ff ff ff ff  ..;.............
  backtrace:
    [<ffffffff817ebad7>] kmalloc_trace+0x27/0xa0
    [<ffffffff83056d7a>] device_add+0xa2a/0x15e0
    [<ffffffffa02388b1>] fpga_region_register_full+0x321/0x430 [fpga_region]
    [<ffffffffa0228e47>] 0xffffffffa0228e47
    [<ffffffff829c479d>] kunit_try_run_case+0xdd/0x250
    [<ffffffff829c9f2a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
    [<ffffffff81238b85>] kthread+0x2b5/0x380
    [<ffffffff81097ded>] ret_from_fork+0x2d/0x70
    [<ffffffff810034d1>] ret_from_fork_asm+0x11/0x20

Fixes: 64a5f972c93d ("fpga: add an initial KUnit suite for the FPGA Region")
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
---
 drivers/fpga/tests/fpga-region-test.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Marco Pagani Oct. 9, 2023, 12:03 p.m. UTC | #1

On 2023-10-07 11:43, Jinjie Ruan wrote:
> When CONFIG_FPGA_KUNIT_TESTS=m and making CONFIG_DEBUG_KMEMLEAK=y
> and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, modprobe fpga-region-test and then
> rmmod fpga-region-test, the below memory leak is detected.
> 
> fpga_region_class_find() in fpga_region_test_class_find() will call
> get_device() if the data is matched, which will increment refcount for
> dev->kobj, so it should call put_device() to decrement refcount for
> dev->kobj to free the region, because fpga_region_unregister() will call
> fpga_region_dev_release() only when the refcount for dev->kobj is zero
> but fpga_region_test_init() call device_register() in
> fpga_region_register_full(), which also increment refcount.
> 
> So call put_device() after calling fpga_region_class_find() in
> fpga_region_test_class_find(). After applying this patch, the following

Looks good to me. Thanks.

Reviewed-by: Marco Pagani <marpagan@redhat.com>

> memory leak is never detected.
> 
> unreferenced object 0xffff88810c8ef000 (size 1024):
>   comm "kunit_try_catch", pid 1875, jiffies 4294715298 (age 836.836s)
>   hex dump (first 32 bytes):
>     b8 d1 fb 05 81 88 ff ff 08 f0 8e 0c 81 88 ff ff  ................
>     08 f0 8e 0c 81 88 ff ff 00 00 00 00 00 00 00 00  ................
>   backtrace:
>     [<ffffffff817ebad7>] kmalloc_trace+0x27/0xa0
>     [<ffffffffa02385e1>] fpga_region_register_full+0x51/0x430 [fpga_region]
>     [<ffffffffa0228e47>] 0xffffffffa0228e47
>     [<ffffffff829c479d>] kunit_try_run_case+0xdd/0x250
>     [<ffffffff829c9f2a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
>     [<ffffffff81238b85>] kthread+0x2b5/0x380
>     [<ffffffff81097ded>] ret_from_fork+0x2d/0x70
>     [<ffffffff810034d1>] ret_from_fork_asm+0x11/0x20
> unreferenced object 0xffff888105fbd1b8 (size 8):
>   comm "kunit_try_catch", pid 1875, jiffies 4294715298 (age 836.836s)
>   hex dump (first 8 bytes):
>     72 65 67 69 6f 6e 30 00                          region0.
>   backtrace:
>     [<ffffffff817ec023>] __kmalloc_node_track_caller+0x53/0x150
>     [<ffffffff82995590>] kvasprintf+0xb0/0x130
>     [<ffffffff83f713b1>] kobject_set_name_vargs+0x41/0x110
>     [<ffffffff8304ac1b>] dev_set_name+0xab/0xe0
>     [<ffffffffa02388a2>] fpga_region_register_full+0x312/0x430 [fpga_region]
>     [<ffffffffa0228e47>] 0xffffffffa0228e47
>     [<ffffffff829c479d>] kunit_try_run_case+0xdd/0x250
>     [<ffffffff829c9f2a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
>     [<ffffffff81238b85>] kthread+0x2b5/0x380
>     [<ffffffff81097ded>] ret_from_fork+0x2d/0x70
>     [<ffffffff810034d1>] ret_from_fork_asm+0x11/0x20
> unreferenced object 0xffff88810b3b8a00 (size 256):
>   comm "kunit_try_catch", pid 1875, jiffies 4294715298 (age 836.836s)
>   hex dump (first 32 bytes):
>     00 00 00 00 00 00 00 00 08 8a 3b 0b 81 88 ff ff  ..........;.....
>     08 8a 3b 0b 81 88 ff ff e0 ac 04 83 ff ff ff ff  ..;.............
>   backtrace:
>     [<ffffffff817ebad7>] kmalloc_trace+0x27/0xa0
>     [<ffffffff83056d7a>] device_add+0xa2a/0x15e0
>     [<ffffffffa02388b1>] fpga_region_register_full+0x321/0x430 [fpga_region]
>     [<ffffffffa0228e47>] 0xffffffffa0228e47
>     [<ffffffff829c479d>] kunit_try_run_case+0xdd/0x250
>     [<ffffffff829c9f2a>] kunit_generic_run_threadfn_adapter+0x4a/0x90
>     [<ffffffff81238b85>] kthread+0x2b5/0x380
>     [<ffffffff81097ded>] ret_from_fork+0x2d/0x70
>     [<ffffffff810034d1>] ret_from_fork_asm+0x11/0x20
> 
> Fixes: 64a5f972c93d ("fpga: add an initial KUnit suite for the FPGA Region")
> Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
> ---
>  drivers/fpga/tests/fpga-region-test.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/fpga/tests/fpga-region-test.c b/drivers/fpga/tests/fpga-region-test.c
> index 5ff688b394f9..7cd2667d52be 100644
> --- a/drivers/fpga/tests/fpga-region-test.c
> +++ b/drivers/fpga/tests/fpga-region-test.c
> @@ -95,6 +95,8 @@ static void fpga_region_test_class_find(struct kunit *test)
>  
>  	region = fpga_region_class_find(NULL, &ctx->region_pdev->dev, fake_region_match);
>  	KUNIT_EXPECT_PTR_EQ(test, region, ctx->region);
> +
> +	put_device(&region->dev);
>  }
>  
>  /*

Xu Yilun Oct. 12, 2023, 5:05 a.m. UTC | #2

On Mon, Oct 09, 2023 at 02:03:18PM +0200, Marco Pagani wrote:
> 
> 
> On 2023-10-07 11:43, Jinjie Ruan wrote:
> > When CONFIG_FPGA_KUNIT_TESTS=m and making CONFIG_DEBUG_KMEMLEAK=y
> > and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, modprobe fpga-region-test and then
> > rmmod fpga-region-test, the below memory leak is detected.
> > 
> > fpga_region_class_find() in fpga_region_test_class_find() will call
> > get_device() if the data is matched, which will increment refcount for
> > dev->kobj, so it should call put_device() to decrement refcount for
> > dev->kobj to free the region, because fpga_region_unregister() will call
> > fpga_region_dev_release() only when the refcount for dev->kobj is zero
> > but fpga_region_test_init() call device_register() in
> > fpga_region_register_full(), which also increment refcount.
> > 
> > So call put_device() after calling fpga_region_class_find() in
> > fpga_region_test_class_find(). After applying this patch, the following
> 
> Looks good to me. Thanks.
> 
> Reviewed-by: Marco Pagani <marpagan@redhat.com>

Acked-by: Xu Yilun <yilun.xu@intel.com>

Applied.

Patch

diff --git a/drivers/fpga/tests/fpga-region-test.c b/drivers/fpga/tests/fpga-region-test.c
index 5ff688b394f9..7cd2667d52be 100644
--- a/drivers/fpga/tests/fpga-region-test.c
+++ b/drivers/fpga/tests/fpga-region-test.c
@@ -95,6 +95,8 @@  static void fpga_region_test_class_find(struct kunit *test)
 
 	region = fpga_region_class_find(NULL, &ctx->region_pdev->dev, fake_region_match);
 	KUNIT_EXPECT_PTR_EQ(test, region, ctx->region);
+
+	put_device(&region->dev);
 }
 
 /*