[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+7wUsz0OnOHVyGTE=nzAbCi_GbmLvU-Q4wQHjs=SOLRUB4E5w@mail.gmail.com>
Date: Thu, 16 Jun 2016 09:51:41 +0200
From: Mathieu Malaterre <mathieu.malaterre@...il.com>
To: Frank Rowand <frowand.list@...il.com>
Cc: Rob Herring <robh+dt@...nel.org>,
"devicetree@...r.kernel.org" <devicetree@...r.kernel.org>,
linuxppc-dev <linuxppc-dev@...ts.ozlabs.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] of: fix memory leak related to safe_name()
Sorry, symptoms not solved. According to kmemleak, I have now:
[ 661.323100] kmemleak: 100 new suspected memory leaks (see
/sys/kernel/debug/kmemleak)
[ 1260.226120] kmemleak: 1 new suspected memory leaks (see
/sys/kernel/debug/kmemleak)
# head -40 /sys/kernel/debug/kmemleak
unreferenced object 0xdf5326a0 (size 32):
comm "swapper", pid 1, jiffies 4294892300 (age 2564.708s)
hex dump (first 32 bytes):
62 61 73 65 00 00 4c d8 c5 78 df dc cc 43 e4 bc base..L..x...C..
c4 c8 ec 8c ee de ce cf e8 c9 8a ea dc cc c6 fd ................
backtrace:
[<c014d4d8>] kstrdup+0x48/0x88
[<c0454678>] __of_attach_node_sysfs+0xf0/0x100
[<c075f21c>] of_core_init+0x8c/0xf8
[<c0729594>] kernel_init_freeable+0xd4/0x208
[<c00047e8>] kernel_init+0x24/0x11c
[<c00158ec>] ret_from_kernel_thread+0x5c/0x64
unreferenced object 0xdf532240 (size 32):
comm "swapper", pid 1, jiffies 4294892300 (age 2564.708s)
hex dump (first 32 bytes):
63 70 75 73 00 68 65 2d 73 69 7a 65 00 c6 dc ac cpus.he-size....
ac 6f 48 ec ec 99 86 78 ac eb c9 ac 4c 4c ee db .oH....x....LL..
backtrace:
[<c014d4d8>] kstrdup+0x48/0x88
[<c04545f4>] __of_attach_node_sysfs+0x6c/0x100
[<c075f21c>] of_core_init+0x8c/0xf8
[<c0729594>] kernel_init_freeable+0xd4/0x208
[<c00047e8>] kernel_init+0x24/0x11c
[<c00158ec>] ret_from_kernel_thread+0x5c/0x64
unreferenced object 0xdf5320a0 (size 32):
comm "swapper", pid 1, jiffies 4294892300 (age 2564.708s)
hex dump (first 32 bytes):
50 6f 77 65 72 50 43 2c 47 34 40 30 00 4f 5c 5c PowerPC,G4@0.O\\
c4 4d c0 d8 0e ec ed cc 9e cc 4d ce a8 2c cc c6 .M........M..,..
backtrace:
[<c014d4d8>] kstrdup+0x48/0x88
[<c04545f4>] __of_attach_node_sysfs+0x6c/0x100
[<c075f21c>] of_core_init+0x8c/0xf8
[<c0729594>] kernel_init_freeable+0xd4/0x208
[<c00047e8>] kernel_init+0x24/0x11c
[<c00158ec>] ret_from_kernel_thread+0x5c/0x64
unreferenced object 0xdf5586c0 (size 32):
comm "swapper", pid 1, jiffies 4294892300 (age 2564.708s)
hex dump (first 32 bytes):
6c 32 2d 63 61 63 68 65 23 31 00 ac c0 21 02 f4 l2-cache#1...!..
On Thu, Jun 16, 2016 at 9:15 AM, Mathieu Malaterre
<mathieu.malaterre@...il.com> wrote:
> I only tested v2. I confirm this solve the symptoms I was seeing in
> the bug report.
>
> Tested-by: Mathieu Malaterre <mathieu.malaterre@...il.com>
>
> thanks, your patch is actually much cleaner!
>
> On Wed, Jun 15, 2016 at 10:42 PM, Frank Rowand <frowand.list@...il.com> wrote:
>> From: Frank Rowand <frank.rowand@...sony.com>
>>
>> Fix a memory leak resulting from memory allocation in safe_name().
>> This patch fixes all call sites of safe_name().
>>
>> Mathieu Malaterre reported the memory leak on boot:
>>
>> On my PowerMac device-tree would generate a duplicate name:
>>
>> [ 0.023043] device-tree: Duplicate name in PowerPC,G4@0, renamed to "l2-cache#1"
>>
>> in this case a newly allocated name is generated by `safe_name`. However
>> in this case it is never deallocated.
>>
>> The bug was found using kmemleak reported as:
>>
>> unreferenced object 0xdf532e60 (size 32):
>> comm "swapper", pid 1, jiffies 4294892300 (age 1993.532s)
>> hex dump (first 32 bytes):
>> 6c 32 2d 63 61 63 68 65 23 31 00 dd e4 dd 1e c2 l2-cache#1......
>> ec d4 ba ce 04 ec cc de 8e 85 e9 ca c4 ec cc 9e ................
>> backtrace:
>> [<c02d3350>] kvasprintf+0x64/0xc8
>> [<c02d3400>] kasprintf+0x4c/0x5c
>> [<c0453814>] safe_name.isra.1+0x80/0xc4
>> [<c04545d8>] __of_attach_node_sysfs+0x6c/0x11c
>> [<c075f21c>] of_core_init+0x8c/0xf8
>> [<c0729594>] kernel_init_freeable+0xd4/0x208
>> [<c00047e8>] kernel_init+0x24/0x11c
>> [<c00158ec>] ret_from_kernel_thread+0x5c/0x64
>>
>> Link: https://bugzilla.kernel.org/show_bug.cgi?id=120331
>>
>> Signed-off-by: Frank Rowand <frank.rowand@...sony.com>
>> Reported-by: mathieu.malaterre@...il.com
>> ---
>>
>> changes from v1
>> Move the prototype of __of_sysfs_remove_bin_file() into of_private.h
>>
>> drivers/of/base.c | 29 ++++++++++++++++++++---------
>> drivers/of/dynamic.c | 2 +-
>> drivers/of/of_private.h | 3 +++
>> 3 files changed, 24 insertions(+), 10 deletions(-)
>>
>> Index: b/drivers/of/base.c
>> ===================================================================
>> --- a/drivers/of/base.c
>> +++ b/drivers/of/base.c
>> @@ -112,6 +112,7 @@ static ssize_t of_node_property_read(str
>> return memory_read_from_buffer(buf, count, &offset, pp->value, pp->length);
>> }
>>
>> +/* always return newly allocated name, caller must free after use */
>> static const char *safe_name(struct kobject *kobj, const char *orig_name)
>> {
>> const char *name = orig_name;
>> @@ -126,9 +127,12 @@ static const char *safe_name(struct kobj
>> name = kasprintf(GFP_KERNEL, "%s#%i", orig_name, ++i);
>> }
>>
>> - if (name != orig_name)
>> + if (name == orig_name) {
>> + name = kstrdup(orig_name, GFP_KERNEL);
>> + } else {
>> pr_warn("device-tree: Duplicate name in %s, renamed to \"%s\"\n",
>> kobject_name(kobj), name);
>> + }
>> return name;
>> }
>>
>> @@ -159,6 +163,7 @@ int __of_add_property_sysfs(struct devic
>> int __of_attach_node_sysfs(struct device_node *np)
>> {
>> const char *name;
>> + struct kobject *parent;
>> struct property *pp;
>> int rc;
>>
>> @@ -171,15 +176,15 @@ int __of_attach_node_sysfs(struct device
>> np->kobj.kset = of_kset;
>> if (!np->parent) {
>> /* Nodes without parents are new top level trees */
>> - rc = kobject_add(&np->kobj, NULL, "%s",
>> - safe_name(&of_kset->kobj, "base"));
>> + name = safe_name(&of_kset->kobj, "base");
>> + parent = NULL;
>> } else {
>> name = safe_name(&np->parent->kobj, kbasename(np->full_name));
>> - if (!name || !name[0])
>> - return -EINVAL;
>> -
>> - rc = kobject_add(&np->kobj, &np->parent->kobj, "%s", name);
>> + parent = &np->parent->kobj;
>> }
>> + if (!name)
>> + return -ENOMEM;
>> + rc = kobject_add(&np->kobj, parent, "%s", name);
>> if (rc)
>> return rc;
>>
>> @@ -1815,6 +1820,12 @@ int __of_remove_property(struct device_n
>> return 0;
>> }
>>
>> +void __of_sysfs_remove_bin_file(struct device_node *np, struct property *prop)
>> +{
>> + sysfs_remove_bin_file(&np->kobj, &prop->attr);
>> + kfree(prop->attr.attr.name);
>> +}
>> +
>> void __of_remove_property_sysfs(struct device_node *np, struct property *prop)
>> {
>> if (!IS_ENABLED(CONFIG_SYSFS))
>> @@ -1822,7 +1833,7 @@ void __of_remove_property_sysfs(struct d
>>
>> /* at early boot, bail here and defer setup to of_init() */
>> if (of_kset && of_node_is_attached(np))
>> - sysfs_remove_bin_file(&np->kobj, &prop->attr);
>> + __of_sysfs_remove_bin_file(np, prop);
>> }
>>
>> /**
>> @@ -1895,7 +1906,7 @@ void __of_update_property_sysfs(struct d
>> return;
>>
>> if (oldprop)
>> - sysfs_remove_bin_file(&np->kobj, &oldprop->attr);
>> + __of_sysfs_remove_bin_file(np, oldprop);
>> __of_add_property_sysfs(np, newprop);
>> }
>>
>> Index: b/drivers/of/dynamic.c
>> ===================================================================
>> --- a/drivers/of/dynamic.c
>> +++ b/drivers/of/dynamic.c
>> @@ -55,7 +55,7 @@ void __of_detach_node_sysfs(struct devic
>> /* only remove properties if on sysfs */
>> if (of_node_is_attached(np)) {
>> for_each_property_of_node(np, pp)
>> - sysfs_remove_bin_file(&np->kobj, &pp->attr);
>> + __of_sysfs_remove_bin_file(np, pp);
>> kobject_del(&np->kobj);
>> }
>>
>> Index: b/drivers/of/of_private.h
>> ===================================================================
>> --- a/drivers/of/of_private.h
>> +++ b/drivers/of/of_private.h
>> @@ -83,6 +83,9 @@ extern int __of_attach_node_sysfs(struct
>> extern void __of_detach_node(struct device_node *np);
>> extern void __of_detach_node_sysfs(struct device_node *np);
>>
>> +extern void __of_sysfs_remove_bin_file(struct device_node *np,
>> + struct property *prop);
>> +
>> /* iterators for transactions, used for overlays */
>> /* forward iterator */
>> #define for_each_transaction_entry(_oft, _te) \
>
>
>
> --
> Mathieu
--
Mathieu
Powered by blists - more mailing lists