lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Oct 2012 07:20:01 +0000 From: "Tu, Xiaobing" <xiaobing.tu@...el.com> To: "Tu, Xiaobing" <xiaobing.tu@...el.com>, "ccross@...roid.com" <ccross@...roid.com>, "davej@...hat.com" <davej@...hat.com>, "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>, "mingo@...e.hu" <mingo@...e.hu>, "rusty@...tcorp.com.au" <rusty@...tcorp.com.au>, "a.p.zijlstra@...llo.nl" <a.p.zijlstra@...llo.nl>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "rostedt@...dmis.org" <rostedt@...dmis.org> CC: "Zhang, Di" <di.zhang@...el.com>, "Ma, Xindong" <xindong.ma@...el.com>, "Zuo, Alex" <alex.zuo@...el.com> Subject: Fix memory leak in binder--version2 After enabling kmemleak and run monkey, following memleak is reported: unreferenced object 0xeed27f80 (size 64): comm "Binder_8", pid 641, jiffies 4294946341 (age 2275.810s) hex dump (first 32 bytes): 4f dd 00 00 84 7f d2 ee 84 7f d2 ee 01 00 00 00 O............... 00 00 00 00 00 00 00 00 00 aa 4c d7 00 00 00 00 ..........L..... backtrace: [<c184fabc>] kmemleak_alloc+0x3c/0xa0 [<c12f391e>] kmem_cache_alloc_trace+0x9e/0x180 [<c1668bb5>] binder_thread_write+0xcf5/0x23a0 [<c166b091>] binder_ioctl+0x1f1/0x530 [<c130dcf6>] do_vfs_ioctl+0x86/0x5e0 [<c130e282>] sys_ioctl+0x32/0x60 [<c1872e01>] syscall_call+0x7/0xb [<ffffffff>] 0xffffffff The work item in async_todo list is not freed when binder released. Also the async transaction should also be freed in binder_release_work. Signed-off-by: Leon Ma <xindong.ma@...el.com> Signed-off-by: Di Zhang <di.zhang@...el.com> --- drivers/staging/android/binder.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c index 7df2a89..022c9f8 100644 --- a/drivers/staging/android/binder.c +++ b/drivers/staging/android/binder.c @@ -2509,6 +2509,11 @@ static void binder_release_work(struct list_head *list) t = container_of(w, struct binder_transaction, work); if (t->buffer->target_node && !(t->flags & TF_ONE_WAY)) binder_send_failed_reply(t, BR_DEAD_REPLY); + else { + t->buffer->transaction = NULL; + kfree(t); + binder_stats_deleted(BINDER_STAT_TRANSACTION); + } } break; case BINDER_WORK_TRANSACTION_COMPLETE: { kfree(w); @@ -2982,6 +2987,7 @@ static void binder_deferred_release(struct binder_proc *proc) nodes++; rb_erase(&node->rb_node, &proc->nodes); + binder_release_work(&node->async_todo); list_del_init(&node->work.entry); if (hlist_empty(&node->refs)) { kfree(node); -- 1.7.6 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists