lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 15 Oct 2012 07:20:01 +0000
From:	"Tu, Xiaobing" <xiaobing.tu@...el.com>
To:	"Tu, Xiaobing" <xiaobing.tu@...el.com>,
	"ccross@...roid.com" <ccross@...roid.com>,
	"davej@...hat.com" <davej@...hat.com>,
	"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
	"mingo@...e.hu" <mingo@...e.hu>,
	"rusty@...tcorp.com.au" <rusty@...tcorp.com.au>,
	"a.p.zijlstra@...llo.nl" <a.p.zijlstra@...llo.nl>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"rostedt@...dmis.org" <rostedt@...dmis.org>
CC:	"Zhang, Di" <di.zhang@...el.com>,
	"Ma, Xindong" <xindong.ma@...el.com>,
	"Zuo, Alex" <alex.zuo@...el.com>
Subject: Fix memory leak in binder--version2

After enabling kmemleak and run monkey, following memleak is reported:
unreferenced object 0xeed27f80 (size 64):
  comm "Binder_8", pid 641, jiffies 4294946341 (age 2275.810s)
  hex dump (first 32 bytes):
    4f dd 00 00 84 7f d2 ee 84 7f d2 ee 01 00 00 00  O...............
    00 00 00 00 00 00 00 00 00 aa 4c d7 00 00 00 00  ..........L.....
  backtrace:
    [<c184fabc>] kmemleak_alloc+0x3c/0xa0
    [<c12f391e>] kmem_cache_alloc_trace+0x9e/0x180
    [<c1668bb5>] binder_thread_write+0xcf5/0x23a0
    [<c166b091>] binder_ioctl+0x1f1/0x530
    [<c130dcf6>] do_vfs_ioctl+0x86/0x5e0
    [<c130e282>] sys_ioctl+0x32/0x60
    [<c1872e01>] syscall_call+0x7/0xb
    [<ffffffff>] 0xffffffff

The work item in async_todo list is not freed when binder released.
Also the async transaction should also be freed in binder_release_work.

Signed-off-by: Leon Ma <xindong.ma@...el.com>
Signed-off-by: Di Zhang <di.zhang@...el.com>
---
 drivers/staging/android/binder.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c
index 7df2a89..022c9f8 100644
--- a/drivers/staging/android/binder.c
+++ b/drivers/staging/android/binder.c
@@ -2509,6 +2509,11 @@ static void binder_release_work(struct list_head *list)
 			t = container_of(w, struct binder_transaction, work);
 			if (t->buffer->target_node && !(t->flags & TF_ONE_WAY))
 				binder_send_failed_reply(t, BR_DEAD_REPLY);
+			else {
+				t->buffer->transaction = NULL;
+				kfree(t);
+				binder_stats_deleted(BINDER_STAT_TRANSACTION);
+			}
 		} break;
 		case BINDER_WORK_TRANSACTION_COMPLETE: {
 			kfree(w);
@@ -2982,6 +2987,7 @@ static void binder_deferred_release(struct binder_proc *proc)
 
 		nodes++;
 		rb_erase(&node->rb_node, &proc->nodes);
+		binder_release_work(&node->async_todo);
 		list_del_init(&node->work.entry);
 		if (hlist_empty(&node->refs)) {
 			kfree(node);
-- 
1.7.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists