From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Jakub Kicinski <kuba@kernel.org>
Cc: "Rafael J. Wysocki" <rafael@kernel.org>,
"Ronald Tschalär" <ronald@innovation.ch>,
"Nicolai Stange" <nicstange@gmail.com>,
"David Rientjes" <rientjes@google.com>,
"Srivatsa Vaddagiri" <vatsa@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org
Subject: Re: debugfs_create_u32_array() memory leaks
Date: Mon, 22 Jun 2020 21:31:09 +0200 [thread overview]
Message-ID: <20200622193109.GA2163148@kroah.com> (raw)
In-Reply-To: <20200622122332.274c842e@kicinski-fedora-PC1C0HJN>
On Mon, Jun 22, 2020 at 12:23:32PM -0700, Jakub Kicinski wrote:
> On Sat, 20 Jun 2020 09:45:42 +0200 Greg Kroah-Hartman wrote:
> > On Fri, Jun 19, 2020 at 04:17:34PM -0700, Jakub Kicinski wrote:
> > > Hi!
> > >
> > > I'm trying to use debugfs_create_u32_array() in drivers/net/netdevsim
> > > and it causes memory leaks:
> > >
> > > unreferenced object 0xffff8880546642a0 (size 16):
> > > comm "test_udp_tuns.s", pid 2146, jiffies 4294928368 (age 3772.435s)
> > > hex dump (first 16 bytes):
> > > 84 52 6a 4d 80 88 ff ff 04 00 00 00 f3 78 7e 89 .RjM.........x~.
> > > backtrace:
> > > [<000000006962a447>] debugfs_create_u32_array+0x3f/0x90
> > >
> > > I can see that debugfs_create_u32_array() allocates a structure at
> > > create time that ends up assigned to inode->i_private, but I don't
> > > see it freed anywhere.
> > >
> > > Am I missing something? I'm pretty sure files get removed, cause the
> > > driver calls debugfs_remove_recursive() and no other file types leaks.
> >
> > Yeah, that's a bug, nice catch. The debugfs_create*() functions should
> > not allocate local memory as we can't know to free that memory when the
> > file is removed.
> >
> > Can you fix this up, or do you want me to? I only see one in-kernel
> > user of this, so it shouldn't be that tough to do so. The one user
> > never removes that file so that's why no one noticed this before.
>
> Ah, I wasn't sure how to fix but since you say that create functions
> shouldn't allocate memory seems like the fix will be to make callers
> pass an equivalent of struct debugfs_blob_wrapper for u32.
Sounds good.
> I'm happy to send a patch to that effect - I have a process question
> tho - I need this change in net-next, should I sent the patch to you?
> Can it still make it into 5.8 (debugfs -> Linus -> net -> net-next) or
> perhaps can it go via net-next since there is no de facto bug in 5.8?
I can take a fix now, and get it into 5.8 if that makes things easier
for you.
thanks,
greg k-h
next prev parent reply other threads:[~2020-06-22 19:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-19 23:17 debugfs_create_u32_array() memory leaks Jakub Kicinski
2020-06-20 7:45 ` Greg Kroah-Hartman
2020-06-22 19:23 ` Jakub Kicinski
2020-06-22 19:31 ` Greg Kroah-Hartman [this message]
2020-06-23 20:21 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200622193109.GA2163148@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nicstange@gmail.com \
--cc=rafael@kernel.org \
--cc=rientjes@google.com \
--cc=ronald@innovation.ch \
--cc=vatsa@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.