[PATCH] Remove a tiny memory leak in drivers/of

Frank Rowand frowand.list at gmail.com
Thu Jun 16 04:10:21 AEST 2016 

Mathieu,

On 06/15/16 08:01, Mathieu Malaterre wrote:
> On my PowerMac device-tree would generate a duplicate name:
> 
> [    0.023043] device-tree: Duplicate name in PowerPC,G4 at 0, renamed to "l2-cache#1"
> 
> in this case a newly allocated name is generated by `safe_name`. However
> in this case it is never deallocated.
> 
> The bug was found using kmemleak reported as:
> 
> unreferenced object 0xdf532e60 (size 32):
>   comm "swapper", pid 1, jiffies 4294892300 (age 1993.532s)
>   hex dump (first 32 bytes):
>     6c 32 2d 63 61 63 68 65 23 31 00 dd e4 dd 1e c2  l2-cache#1......
>     ec d4 ba ce 04 ec cc de 8e 85 e9 ca c4 ec cc 9e  ................
>   backtrace:
>     [<c02d3350>] kvasprintf+0x64/0xc8
>     [<c02d3400>] kasprintf+0x4c/0x5c
>     [<c0453814>] safe_name.isra.1+0x80/0xc4
>     [<c04545d8>] __of_attach_node_sysfs+0x6c/0x11c
>     [<c075f21c>] of_core_init+0x8c/0xf8
>     [<c0729594>] kernel_init_freeable+0xd4/0x208
>     [<c00047e8>] kernel_init+0x24/0x11c
>     [<c00158ec>] ret_from_kernel_thread+0x5c/0x64
> 
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=120331
> Signed-off-by: Mathieu Malaterre <mathieu.malaterre at gmail.com>
> ---
>  drivers/of/base.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/of/base.c b/drivers/of/base.c
> index ebf84e3..3cb11df 100644
> --- a/drivers/of/base.c
> +++ b/drivers/of/base.c
> @@ -174,11 +174,15 @@ int __of_attach_node_sysfs(struct device_node *np)
>  		rc = kobject_add(&np->kobj, NULL, "%s",
>  				 safe_name(&of_kset->kobj, "base"));
>  	} else {
> -		name = safe_name(&np->parent->kobj, kbasename(np->full_name));
> +		const char *orig_name = kbasename(np->full_name);
> +
> +		name = safe_name(&np->parent->kobj, orig_name);
>  		if (!name || !name[0])
>  			return -EINVAL;
>  
>  		rc = kobject_add(&np->kobj, &np->parent->kobj, "%s", name);
> +		if (name != orig_name)
> +			kfree(name);
>  	}
>  	if (rc)
>  		return rc;
> 

Thanks for reporting the issue and the cause of the issue.
You have exposed an issue that affects additional safe_name() call
sites that the proposed patch does not fix.

I will send you another patch that also addresses the other safe_name()
call sites, please test it to see if it fixes the memory leak that you
reported.

-Frank

More information about the Linuxppc-dev mailing list