From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E5BF5C433FE for ; Fri, 21 Oct 2022 08:52:36 +0000 (UTC) Received: from localhost ([::1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1olnlb-0003eD-Qf for qemu-devel@archiver.kernel.org; Fri, 21 Oct 2022 04:52:35 -0400 Received: from [::1] (helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1olmQD-0000NG-MP for qemu-devel@archiver.kernel.org; Fri, 21 Oct 2022 03:26:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1olmQ7-0000BX-DF for qemu-devel@nongnu.org; Fri, 21 Oct 2022 03:26:19 -0400 Received: from szxga02-in.huawei.com ([45.249.212.188]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1olmPx-0007GD-Hp for qemu-devel@nongnu.org; Fri, 21 Oct 2022 03:26:12 -0400 Received: from dggpemm500024.china.huawei.com (unknown [172.30.72.54]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4Mtwr34fC2zVj5k; Fri, 21 Oct 2022 15:21:23 +0800 (CST) Received: from dggpemm500007.china.huawei.com (7.185.36.183) by dggpemm500024.china.huawei.com (7.185.36.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Fri, 21 Oct 2022 15:25:54 +0800 Received: from [10.174.178.174] (10.174.178.174) by dggpemm500007.china.huawei.com (7.185.36.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Fri, 21 Oct 2022 15:25:53 +0800 Subject: Re: [PATCH 00/11] fix memory leak while kset_register() fails To: Luben Tuikov , , , , , , , CC: , , , , , , , , , , , , , , References: <20221021022102.2231464-1-yangyingliang@huawei.com> Message-ID: <2a99c52c-d29c-5f5c-57a8-9851018e7420@huawei.com> Date: Fri, 21 Oct 2022 15:25:51 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Originating-IP: [10.174.178.174] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggpemm500007.china.huawei.com (7.185.36.183) X-CFilter-Loop: Reflected Received-SPF: pass client-ip=45.249.212.188; envelope-from=yangyingliang@huawei.com; helo=szxga02-in.huawei.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Reply-to: Yang Yingliang From: Yang Yingliang via Hi, On 2022/10/21 13:29, Luben Tuikov wrote: > On 2022-10-20 22:20, Yang Yingliang wrote: >> The previous discussion link: >> https://lore.kernel.org/lkml/0db486eb-6927-927e-3629-958f8f211194@huawei.com/T/ > The very first discussion on this was here: > > https://www.spinics.net/lists/dri-devel/msg368077.html > > Please use this link, and not the that one up there you which quoted above, > and whose commit description is taken verbatim from the this link. I found this leaks in bus_register()/class_register()/kset_create_and_add() at first, and describe the reason in these patches which is using kobject_set_name() description, here is the patches: https://lore.kernel.org/lkml/20221017014957.156645-1-yangyingliang@huawei.com/T/ https://lore.kernel.org/lkml/20221017031335.1845383-1-yangyingliang@huawei.com/ https://lore.kernel.org/lkml/Y0zfPKAgQSrYZg5o@kroah.com/T/ And then I found other subsystem also have this problem, so posted the fix patches for them (including qemu_fw_cfg/f2fs/erofs/ocfs2/amdgpu_discovery): https://www.mail-archive.com/qemu-devel@nongnu.org/msg915553.html https://lore.kernel.org/linux-f2fs-devel/7908686b-9a7c-b754-d312-d689fc28366e@kernel.org/T/#t https://lore.kernel.org/linux-erofs/20221018073947.693206-1-yangyingliang@huawei.com/ https://lore.kernel.org/lkml/0db486eb-6927-927e-3629-958f8f211194@huawei.com/T/ https://www.spinics.net/lists/dri-devel/msg368092.html In the amdgpu_discovery patch, I sent a old one which using wrong description and you pointer out, and then I send a v2. And then the maintainer of ocfs2 has different thought about this, so we had a discussion in the link that I gave out, and Greg suggested me to update kset_register() documentation and then put the fix patches together in one series, so I sent this patchset and use the link. Thanks, Yang > >> kset_register() is currently used in some places without calling >> kset_put() in error path, because the callers think it should be >> kset internal thing to do, but the driver core can not know what >> caller doing with that memory at times. The memory could be freed >> both in kset_put() and error path of caller, if it is called in >> kset_register(). > As I explained in the link above, the reason there's > a memory leak is that one cannot call kset_register() without > the kset->kobj.name being set--kobj_add_internal() returns -EINVAL, > in this case, i.e. kset_register() fails with -EINVAL. > > Thus, the most common usage is something like this: > > kobj_set_name(&kset->kobj, format, ...); > kset->kobj.kset = parent_kset; > kset->kobj.ktype = ktype; > res = kset_register(kset); > > So, what is being leaked, is the memory allocated in kobj_set_name(), > by the common idiom shown above. This needs to be mentioned in > the documentation, at least, in case, in the future this is absolved > in kset_register() redesign, etc. > > Regards, > Luben > >> So make the function documentation more explicit about calling >> kset_put() in the error path of caller first, so that people >> have a chance to know what to do here, then fixes this leaks >> by calling kset_put() from callers. >> >> Liu Shixin (1): >> ubifs: Fix memory leak in ubifs_sysfs_init() >> >> Yang Yingliang (10): >> kset: fix documentation for kset_register() >> kset: add null pointer check in kset_put() >> bus: fix possible memory leak in bus_register() >> kobject: fix possible memory leak in kset_create_and_add() >> class: fix possible memory leak in __class_register() >> firmware: qemu_fw_cfg: fix possible memory leak in >> fw_cfg_build_symlink() >> f2fs: fix possible memory leak in f2fs_init_sysfs() >> erofs: fix possible memory leak in erofs_init_sysfs() >> ocfs2: possible memory leak in mlog_sys_init() >> drm/amdgpu/discovery: fix possible memory leak >> >> drivers/base/bus.c | 4 +++- >> drivers/base/class.c | 6 ++++++ >> drivers/firmware/qemu_fw_cfg.c | 2 +- >> drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 5 +++-- >> fs/erofs/sysfs.c | 4 +++- >> fs/f2fs/sysfs.c | 4 +++- >> fs/ocfs2/cluster/masklog.c | 7 ++++++- >> fs/ubifs/sysfs.c | 2 ++ >> include/linux/kobject.h | 3 ++- >> lib/kobject.c | 5 ++++- >> 10 files changed, 33 insertions(+), 9 deletions(-) >> > .