From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <frowand.list@gmail.com>
Received: from mail-pa0-x242.google.com (mail-pa0-x242.google.com
 [IPv6:2607:f8b0:400e:c03::242])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by lists.ozlabs.org (Postfix) with ESMTPS id 3rVF1J5sKVzDqh8
 for <linuxppc-dev@lists.ozlabs.org>; Thu, 16 Jun 2016 04:10:28 +1000 (AEST)
Received: by mail-pa0-x242.google.com with SMTP id us13so1975590pab.1
 for <linuxppc-dev@lists.ozlabs.org>; Wed, 15 Jun 2016 11:10:28 -0700 (PDT)
Subject: Re: [PATCH] Remove a tiny memory leak in drivers/of
To: Mathieu Malaterre <mathieu.malaterre@gmail.com>,
 linuxppc-dev@lists.ozlabs.org
References: <1466002919-535-1-git-send-email-mathieu.malaterre@gmail.com>
Cc: robh+dt@kernel.org, devicetree@vger.kernel.org
From: Frank Rowand <frowand.list@gmail.com>
Message-ID: <57619A0D.5080906@gmail.com>
Date: Wed, 15 Jun 2016 11:10:21 -0700
MIME-Version: 1.0
In-Reply-To: <1466002919-535-1-git-send-email-mathieu.malaterre@gmail.com>
Content-Type: text/plain; charset=windows-1252
List-Id: Linux on PowerPC Developers Mail List <linuxppc-dev.lists.ozlabs.org>
List-Unsubscribe: <https://lists.ozlabs.org/options/linuxppc-dev>,
 <mailto:linuxppc-dev-request@lists.ozlabs.org?subject=unsubscribe>
List-Archive: <http://lists.ozlabs.org/pipermail/linuxppc-dev/>
List-Post: <mailto:linuxppc-dev@lists.ozlabs.org>
List-Help: <mailto:linuxppc-dev-request@lists.ozlabs.org?subject=help>
List-Subscribe: <https://lists.ozlabs.org/listinfo/linuxppc-dev>,
 <mailto:linuxppc-dev-request@lists.ozlabs.org?subject=subscribe>

Mathieu,

On 06/15/16 08:01, Mathieu Malaterre wrote:
> On my PowerMac device-tree would generate a duplicate name:
> 
> [    0.023043] device-tree: Duplicate name in PowerPC,G4@0, renamed to "l2-cache#1"
> 
> in this case a newly allocated name is generated by `safe_name`. However
> in this case it is never deallocated.
> 
> The bug was found using kmemleak reported as:
> 
> unreferenced object 0xdf532e60 (size 32):
>   comm "swapper", pid 1, jiffies 4294892300 (age 1993.532s)
>   hex dump (first 32 bytes):
>     6c 32 2d 63 61 63 68 65 23 31 00 dd e4 dd 1e c2  l2-cache#1......
>     ec d4 ba ce 04 ec cc de 8e 85 e9 ca c4 ec cc 9e  ................
>   backtrace:
>     [<c02d3350>] kvasprintf+0x64/0xc8
>     [<c02d3400>] kasprintf+0x4c/0x5c
>     [<c0453814>] safe_name.isra.1+0x80/0xc4
>     [<c04545d8>] __of_attach_node_sysfs+0x6c/0x11c
>     [<c075f21c>] of_core_init+0x8c/0xf8
>     [<c0729594>] kernel_init_freeable+0xd4/0x208
>     [<c00047e8>] kernel_init+0x24/0x11c
>     [<c00158ec>] ret_from_kernel_thread+0x5c/0x64
> 
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=120331
> Signed-off-by: Mathieu Malaterre <mathieu.malaterre@gmail.com>
> ---
>  drivers/of/base.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/of/base.c b/drivers/of/base.c
> index ebf84e3..3cb11df 100644
> --- a/drivers/of/base.c
> +++ b/drivers/of/base.c
> @@ -174,11 +174,15 @@ int __of_attach_node_sysfs(struct device_node *np)
>  		rc = kobject_add(&np->kobj, NULL, "%s",
>  				 safe_name(&of_kset->kobj, "base"));
>  	} else {
> -		name = safe_name(&np->parent->kobj, kbasename(np->full_name));
> +		const char *orig_name = kbasename(np->full_name);
> +
> +		name = safe_name(&np->parent->kobj, orig_name);
>  		if (!name || !name[0])
>  			return -EINVAL;
>  
>  		rc = kobject_add(&np->kobj, &np->parent->kobj, "%s", name);
> +		if (name != orig_name)
> +			kfree(name);
>  	}
>  	if (rc)
>  		return rc;
> 

Thanks for reporting the issue and the cause of the issue.
You have exposed an issue that affects additional safe_name() call
sites that the proposed patch does not fix.

I will send you another patch that also addresses the other safe_name()
call sites, please test it to see if it fixes the memory leak that you
reported.

-Frank