Re: [PATCH 2/6] Driver core: Fix memory leak on bus_register error path

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Patrick Pannuto <ppannuto@codeaurora.org>
To: Greg KH <greg@kroah.com>
Cc: linux-kernel@vger.kernel.org, Greg Kroah-Hartman <gregkh@suse.de>,
	Emese Revfy <re.emese@gmail.com>,
	Stephen Hemminger <shemminger@vyatta.com>,
	Jens Axboe <jens.axboe@oracle.com>
Subject: Re: [PATCH 2/6] Driver core: Fix memory leak on bus_register error path
Date: Fri, 23 Jul 2010 18:19:23 -0700	[thread overview]
Message-ID: <4C4A3F9B.6040600@codeaurora.org> (raw)
In-Reply-To: <20100722234107.GB674@kroah.com>

On 07/22/2010 04:41 PM, Greg KH wrote:
> On Thu, Jul 22, 2010 at 03:09:02PM -0700, Patrick Pannuto wrote:
>> There is a subtle memory leak in driver core error path.
>> Consider the simplified view of bus_register (drivers/base/bus.c):
>>
>> priv = kzalloc...
>> kobject_set_name(&priv->subsys.kobj,...) <== allocate in priv->subsys.kobj.name
>> if kset_register(&priv->subsys) FAILS:
> 
> Why would this fail?
> 

This is not a likely failure path at all, but (from my understanding), it
is possible:

kset_register {
   kobject_add_internal {
      create_dir()

is the most likely candidate to fail, mostly likely for EEXIST due to something
else screwy going on. Regardless of how likely it is to fail, it *is* possible,
otherwise, what is the point of checking the return code and having an error
path? If the error path exists (and a panic is not eminent), we shouldn't leak
memory on it IMHO.

>>  
>>  	retval = kset_register(&priv->subsys);
>> -	if (retval)
>> +	if (retval) {
>> +		kfree(priv->subsys.kobj.name);
> 
> I don't think we want to bury the logic of how kobject names are handled
> up here in the bus code, right?  Shouldn't the subsys kobject name be
> able to be cleaned up on its own somehow instead?
> 

So, my first instinct was to use kobject_cleanup, but a few lines above:

	priv->subsys.kobj.ktype = &bus_ktype;

and bus_ktype's definition, with the notable absence of a release method:

static struct kobj_type bus_ktype = {
	.sysfs_ops	= &bus_sysfs_ops,
};

which in kobject_cleanup would yield:

	struct kobj_type *t = get_ktype(kobj);

	if (t && !t->release)
		pr_debug("kobject: '%s' (%p): does not have a release() "
			 "function, it is broken and must be fixed.\n",
			 kobject_name(kobj), kobj);

(if I understand everything correctly)

I have no idea what would constitute a proper 'release' method in this
context, thus I did not write one (and am hoping this patchset would
motivate those who know more than me to write one, or indicate to me how
to write one, if that would be the correct course of action)


Sorry if any of this is trivial / obvious / incorrect; it's my first time
in this code at all, and kobject and friends aren't the easiest to
comprehend on first glance :)

-pat

next prev parent reply	other threads:[~2010-07-24  1:19 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-07-22 22:09 Possible memory leaks on driver core error paths Patrick Pannuto
2010-07-22 22:09 ` [PATCH 1/6] Driver core: Fix potential memory leak Patrick Pannuto
2010-07-22 23:39   ` Greg KH
2010-07-22 22:09 ` [PATCH 2/6] Driver core: Fix memory leak on bus_register error path Patrick Pannuto
2010-07-22 23:41   ` Greg KH
2010-07-24  1:19     ` Patrick Pannuto [this message]
2010-07-24  1:48       ` Patrick Pannuto
2010-07-27  0:00         ` Greg KH
2010-07-26 23:45       ` Greg KH
2010-07-22 22:09 ` [PATCH 3/6] Driver core: Fix memory leak on class_register " Patrick Pannuto
2010-07-22 23:41   ` Greg KH
2010-07-22 22:09 ` [PATCH 4/6] Driver core: Fix memory leak on sysdev_class_register " Patrick Pannuto
2010-07-22 23:41   ` Greg KH
2010-07-22 22:09 ` [PATCH 5/6] ocfs2: Fix memory leak on mlog_sys_init " Patrick Pannuto
2010-07-23 17:01   ` Pekka Enberg
2010-07-22 22:09 ` [PATCH 6/6] kobj: Fix memory leak on error path of kset_create_and_add Patrick Pannuto
2010-07-22 23:43   ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4C4A3F9B.6040600@codeaurora.org \
    --to=ppannuto@codeaurora.org \
    --cc=greg@kroah.com \
    --cc=gregkh@suse.de \
    --cc=jens.axboe@oracle.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=re.emese@gmail.com \
    --cc=shemminger@vyatta.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox