From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
To: Arnd Bergmann <arnd@arndb.de>
Cc: Jann Horn <jann@thejh.net>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, linux-parport@lists.infradead.org,
Andy Lutomirski <luto@amacapital.net>
Subject: Re: [PATCH v2] ppdev: fix double-free of pp->pdev->name
Date: Thu, 10 Nov 2016 13:50:00 +0000 [thread overview]
Message-ID: <20161110134959.GA27565@sudip-tp> (raw)
In-Reply-To: <2721049.iK2v6rcyvW@wuerfel>
On Thu, Nov 10, 2016 at 02:18:12PM +0100, Arnd Bergmann wrote:
> On Sunday, October 30, 2016 11:19:24 PM CET Jann Horn wrote:
> > diff --git a/drivers/char/ppdev.c b/drivers/char/ppdev.c
> > index d23368874710..6af1ce04b3da 100644
> > --- a/drivers/char/ppdev.c
> > +++ b/drivers/char/ppdev.c
> > @@ -748,10 +748,7 @@ static int pp_release(struct inode *inode, struct file *file)
> > }
> >
> > if (pp->pdev) {
> > - const char *name = pp->pdev->name;
> > -
> > parport_unregister_device(pp->pdev);
> > - kfree(name);
> > pp->pdev = NULL;
> > pr_debug(CHRDEV "%x: unregistered pardevice\n", minor);
> > }
> >
>
> I took a closer look at this and found that we also leak the name
> that is passed in register_device() in the same file:
>
> name = kasprintf(GFP_KERNEL, CHRDEV "%x", minor);
> ...
> pdev = parport_register_dev_model(port, name, &ppdev_cb, minor);
>
> parport_register_dev_model() copies the name using kstrdup() and
> we should really free it after parport_register_dev_model().
yes. I missed that while converting the driver to use device model.
Thanks. I will send a patch to fix this tonight.
>
> It's not a huge problem, just leaking a few bytes of memory, but
> the extra kfree() probably came from this confusion.
No, it was the old code which was not in the device-model. The old code
uses parport_register_device() which just uses the same string that is
passed to it and so it was freed while releasing the device.
Regards
Sudip
prev parent reply other threads:[~2016-11-10 13:50 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-30 22:19 [PATCH v2] ppdev: fix double-free of pp->pdev->name Jann Horn
2016-11-10 6:57 ` Greg Kroah-Hartman
2016-11-10 12:40 ` Sudip Mukherjee
2016-11-10 13:18 ` Arnd Bergmann
2016-11-10 13:50 ` Sudip Mukherjee [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161110134959.GA27565@sudip-tp \
--to=sudipm.mukherjee@gmail.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=jann@thejh.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-parport@lists.infradead.org \
--cc=luto@amacapital.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.