From: Frank Rowand <frowand.list@gmail.com>
To: Mathieu Malaterre <mathieu.malaterre@gmail.com>,
linuxppc-dev@lists.ozlabs.org
Cc: robh+dt@kernel.org, devicetree@vger.kernel.org
Subject: Re: [PATCH] Remove a tiny memory leak in drivers/of
Date: Wed, 15 Jun 2016 11:10:21 -0700 [thread overview]
Message-ID: <57619A0D.5080906@gmail.com> (raw)
In-Reply-To: <1466002919-535-1-git-send-email-mathieu.malaterre@gmail.com>
Mathieu,
On 06/15/16 08:01, Mathieu Malaterre wrote:
> On my PowerMac device-tree would generate a duplicate name:
>
> [ 0.023043] device-tree: Duplicate name in PowerPC,G4@0, renamed to "l2-cache#1"
>
> in this case a newly allocated name is generated by `safe_name`. However
> in this case it is never deallocated.
>
> The bug was found using kmemleak reported as:
>
> unreferenced object 0xdf532e60 (size 32):
> comm "swapper", pid 1, jiffies 4294892300 (age 1993.532s)
> hex dump (first 32 bytes):
> 6c 32 2d 63 61 63 68 65 23 31 00 dd e4 dd 1e c2 l2-cache#1......
> ec d4 ba ce 04 ec cc de 8e 85 e9 ca c4 ec cc 9e ................
> backtrace:
> [<c02d3350>] kvasprintf+0x64/0xc8
> [<c02d3400>] kasprintf+0x4c/0x5c
> [<c0453814>] safe_name.isra.1+0x80/0xc4
> [<c04545d8>] __of_attach_node_sysfs+0x6c/0x11c
> [<c075f21c>] of_core_init+0x8c/0xf8
> [<c0729594>] kernel_init_freeable+0xd4/0x208
> [<c00047e8>] kernel_init+0x24/0x11c
> [<c00158ec>] ret_from_kernel_thread+0x5c/0x64
>
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=120331
> Signed-off-by: Mathieu Malaterre <mathieu.malaterre@gmail.com>
> ---
> drivers/of/base.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/of/base.c b/drivers/of/base.c
> index ebf84e3..3cb11df 100644
> --- a/drivers/of/base.c
> +++ b/drivers/of/base.c
> @@ -174,11 +174,15 @@ int __of_attach_node_sysfs(struct device_node *np)
> rc = kobject_add(&np->kobj, NULL, "%s",
> safe_name(&of_kset->kobj, "base"));
> } else {
> - name = safe_name(&np->parent->kobj, kbasename(np->full_name));
> + const char *orig_name = kbasename(np->full_name);
> +
> + name = safe_name(&np->parent->kobj, orig_name);
> if (!name || !name[0])
> return -EINVAL;
>
> rc = kobject_add(&np->kobj, &np->parent->kobj, "%s", name);
> + if (name != orig_name)
> + kfree(name);
> }
> if (rc)
> return rc;
>
Thanks for reporting the issue and the cause of the issue.
You have exposed an issue that affects additional safe_name() call
sites that the proposed patch does not fix.
I will send you another patch that also addresses the other safe_name()
call sites, please test it to see if it fixes the memory leak that you
reported.
-Frank
WARNING: multiple messages have this Message-ID (diff)
From: Frank Rowand <frowand.list-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Mathieu Malaterre
<mathieu.malaterre-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
linuxppc-dev-uLR06cmDAlY/bJ5BZ2RsiQ@public.gmane.org
Cc: robh+dt-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org,
devicetree-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH] Remove a tiny memory leak in drivers/of
Date: Wed, 15 Jun 2016 11:10:21 -0700 [thread overview]
Message-ID: <57619A0D.5080906@gmail.com> (raw)
In-Reply-To: <1466002919-535-1-git-send-email-mathieu.malaterre-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Mathieu,
On 06/15/16 08:01, Mathieu Malaterre wrote:
> On my PowerMac device-tree would generate a duplicate name:
>
> [ 0.023043] device-tree: Duplicate name in PowerPC,G4@0, renamed to "l2-cache#1"
>
> in this case a newly allocated name is generated by `safe_name`. However
> in this case it is never deallocated.
>
> The bug was found using kmemleak reported as:
>
> unreferenced object 0xdf532e60 (size 32):
> comm "swapper", pid 1, jiffies 4294892300 (age 1993.532s)
> hex dump (first 32 bytes):
> 6c 32 2d 63 61 63 68 65 23 31 00 dd e4 dd 1e c2 l2-cache#1......
> ec d4 ba ce 04 ec cc de 8e 85 e9 ca c4 ec cc 9e ................
> backtrace:
> [<c02d3350>] kvasprintf+0x64/0xc8
> [<c02d3400>] kasprintf+0x4c/0x5c
> [<c0453814>] safe_name.isra.1+0x80/0xc4
> [<c04545d8>] __of_attach_node_sysfs+0x6c/0x11c
> [<c075f21c>] of_core_init+0x8c/0xf8
> [<c0729594>] kernel_init_freeable+0xd4/0x208
> [<c00047e8>] kernel_init+0x24/0x11c
> [<c00158ec>] ret_from_kernel_thread+0x5c/0x64
>
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=120331
> Signed-off-by: Mathieu Malaterre <mathieu.malaterre-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> ---
> drivers/of/base.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/of/base.c b/drivers/of/base.c
> index ebf84e3..3cb11df 100644
> --- a/drivers/of/base.c
> +++ b/drivers/of/base.c
> @@ -174,11 +174,15 @@ int __of_attach_node_sysfs(struct device_node *np)
> rc = kobject_add(&np->kobj, NULL, "%s",
> safe_name(&of_kset->kobj, "base"));
> } else {
> - name = safe_name(&np->parent->kobj, kbasename(np->full_name));
> + const char *orig_name = kbasename(np->full_name);
> +
> + name = safe_name(&np->parent->kobj, orig_name);
> if (!name || !name[0])
> return -EINVAL;
>
> rc = kobject_add(&np->kobj, &np->parent->kobj, "%s", name);
> + if (name != orig_name)
> + kfree(name);
> }
> if (rc)
> return rc;
>
Thanks for reporting the issue and the cause of the issue.
You have exposed an issue that affects additional safe_name() call
sites that the proposed patch does not fix.
I will send you another patch that also addresses the other safe_name()
call sites, please test it to see if it fixes the memory leak that you
reported.
-Frank
--
To unsubscribe from this list: send the line "unsubscribe devicetree" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2016-06-15 18:10 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-15 15:01 [PATCH] Remove a tiny memory leak in drivers/of Mathieu Malaterre
2016-06-15 15:01 ` Mathieu Malaterre
2016-06-15 18:10 ` Frank Rowand [this message]
2016-06-15 18:10 ` Frank Rowand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57619A0D.5080906@gmail.com \
--to=frowand.list@gmail.com \
--cc=devicetree@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mathieu.malaterre@gmail.com \
--cc=robh+dt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.