Mathieu,

On 06/15/16 08:01, Mathieu Malaterre wrote:
> On my PowerMac device-tree would generate a duplicate name:
> 
> [    0.023043] device-tree: Duplicate name in PowerPC,G4@0, renamed to 
> "l2-cache#1"
> 
> in this case a newly allocated name is generated by `safe_name`. However
> in this case it is never deallocated.
> 
> The bug was found using kmemleak reported as:
> 
> unreferenced object 0xdf532e60 (size 32):
>   comm "swapper", pid 1, jiffies 4294892300 (age 1993.532s)
>   hex dump (first 32 bytes):
>     6c 32 2d 63 61 63 68 65 23 31 00 dd e4 dd 1e c2  l2-cache#1......
>     ec d4 ba ce 04 ec cc de 8e 85 e9 ca c4 ec cc 9e  ................
>   backtrace:
>     [<c02d3350>] kvasprintf+0x64/0xc8
>     [<c02d3400>] kasprintf+0x4c/0x5c
>     [<c0453814>] safe_name.isra.1+0x80/0xc4
>     [<c04545d8>] __of_attach_node_sysfs+0x6c/0x11c
>     [<c075f21c>] of_core_init+0x8c/0xf8
>     [<c0729594>] kernel_init_freeable+0xd4/0x208
>     [<c00047e8>] kernel_init+0x24/0x11c
>     [<c00158ec>] ret_from_kernel_thread+0x5c/0x64
> 
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=120331
> Signed-off-by: Mathieu Malaterre <mathieu.malate...@gmail.com>
> ---
>  drivers/of/base.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/of/base.c b/drivers/of/base.c
> index ebf84e3..3cb11df 100644
> --- a/drivers/of/base.c
> +++ b/drivers/of/base.c
> @@ -174,11 +174,15 @@ int __of_attach_node_sysfs(struct device_node *np)
>               rc = kobject_add(&np->kobj, NULL, "%s",
>                                safe_name(&of_kset->kobj, "base"));
>       } else {
> -             name = safe_name(&np->parent->kobj, kbasename(np->full_name));
> +             const char *orig_name = kbasename(np->full_name);
> +
> +             name = safe_name(&np->parent->kobj, orig_name);
>               if (!name || !name[0])
>                       return -EINVAL;
>  
>               rc = kobject_add(&np->kobj, &np->parent->kobj, "%s", name);
> +             if (name != orig_name)
> +                     kfree(name);
>       }
>       if (rc)
>               return rc;
> 

Thanks for reporting the issue and the cause of the issue.
You have exposed an issue that affects additional safe_name() call
sites that the proposed patch does not fix.

I will send you another patch that also addresses the other safe_name()
call sites, please test it to see if it fixes the memory leak that you
reported.

-Frank
_______________________________________________
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev

Reply via email to