[PATCH 1/1] Resubmit mtd: mtdoops: fix for a potential memory leak in mtdoops_notify_remove
we are allocating cxt->oops_page_used using vmalloc in mtdoops_notify_add for every mtd_info addition but not freeing it in mtdoops_notify_remove. Also care is taken so that we do not free the same pointer again in module remove. Signed-off-by: Nilanjan Roychowdhury --- drivers/mtd/mtdoops.c |5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/mtdoops.c b/drivers/mtd/mtdoops.c index 97bb8f6..4b8b621 100644 --- a/drivers/mtd/mtdoops.c +++ b/drivers/mtd/mtdoops.c @@ -386,6 +386,8 @@ static void mtdoops_notify_remove(struct mtd_info *mtd) cxt->mtd = NULL; flush_work(>work_erase); flush_work(>work_write); + vfree(cxt->oops_page_used); + cxt->oops_page_used = NULL; } @@ -439,7 +441,8 @@ static void __exit mtdoops_exit(void) unregister_mtd_user(_notifier); vfree(cxt->oops_buf); - vfree(cxt->oops_page_used); + if (cxt->oops_page_used) + vfree(cxt->oops_page_used); } -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 1/1] mtd: mtdoops: fix for a potential memory leak in mtdoops_notify_remove
On Mon, Aug 12, 2013 at 10:56 PM, Ezequiel Garcia wrote: > > On Sun, Aug 11, 2013 at 01:11:48PM -0700, Nilanjan Roychowdhury wrote: > > we are allocating cxt->oops_page_used using vmalloc in mtdoops_notify_add > > for > > every mtd_info addition but not freeing it in mtdoops_notify_remove > > > > Signed-off-by: Nilanjan Roychowdhury > > --- > > drivers/mtd/mtdoops.c |1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/drivers/mtd/mtdoops.c b/drivers/mtd/mtdoops.c > > index 97bb8f6..02f49aa 100644 > > --- a/drivers/mtd/mtdoops.c > > +++ b/drivers/mtd/mtdoops.c > > @@ -386,6 +386,7 @@ static void mtdoops_notify_remove(struct mtd_info *mtd) > > cxt->mtd = NULL; > > flush_work(>work_erase); > > flush_work(>work_write); > > + vfree(cxt->oops_page_used); > > } > > > > -- > > 1.7.9.5 > > > > Have you tested this patch doing an unregister/module remove cycle? > > I'm not entirely sure, but I *think* you must also remove the > vfree(cxt->oops_page_used); at mtdoops_exit(). Otherwise, > you might call vfree() twice, the second time on a garbage pointer. > > The reason for this is that the unregister_mtd_user(_notifier); > call in mtdoops_exit() will call the .remove callback (causing the first > vfree() with this patch) and then call vfree() for the second time, > explicitly. > -- > Ezequiel García, Free Electrons > Embedded Linux, Kernel and Android Engineering > http://free-electrons.com i did not do a module remove. I agree with your observation. I will resubmit the patch. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH 1/1] mtd: mtdoops: fix for a potential memory leak in mtdoops_notify_remove
On Mon, Aug 12, 2013 at 10:56 PM, Ezequiel Garcia ezequiel.gar...@free-electrons.com wrote: On Sun, Aug 11, 2013 at 01:11:48PM -0700, Nilanjan Roychowdhury wrote: we are allocating cxt-oops_page_used using vmalloc in mtdoops_notify_add for every mtd_info addition but not freeing it in mtdoops_notify_remove Signed-off-by: Nilanjan Roychowdhury nilanjan.roychowdh...@gmail.com --- drivers/mtd/mtdoops.c |1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/mtdoops.c b/drivers/mtd/mtdoops.c index 97bb8f6..02f49aa 100644 --- a/drivers/mtd/mtdoops.c +++ b/drivers/mtd/mtdoops.c @@ -386,6 +386,7 @@ static void mtdoops_notify_remove(struct mtd_info *mtd) cxt-mtd = NULL; flush_work(cxt-work_erase); flush_work(cxt-work_write); + vfree(cxt-oops_page_used); } -- 1.7.9.5 Have you tested this patch doing an unregister/module remove cycle? I'm not entirely sure, but I *think* you must also remove the vfree(cxt-oops_page_used); at mtdoops_exit(). Otherwise, you might call vfree() twice, the second time on a garbage pointer. The reason for this is that the unregister_mtd_user(mtdoops_notifier); call in mtdoops_exit() will call the .remove callback (causing the first vfree() with this patch) and then call vfree() for the second time, explicitly. -- Ezequiel García, Free Electrons Embedded Linux, Kernel and Android Engineering http://free-electrons.com i did not do a module remove. I agree with your observation. I will resubmit the patch. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 1/1] Resubmit mtd: mtdoops: fix for a potential memory leak in mtdoops_notify_remove
we are allocating cxt-oops_page_used using vmalloc in mtdoops_notify_add for every mtd_info addition but not freeing it in mtdoops_notify_remove. Also care is taken so that we do not free the same pointer again in module remove. Signed-off-by: Nilanjan Roychowdhury nilanjan.roychowdh...@gmail.com --- drivers/mtd/mtdoops.c |5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/mtdoops.c b/drivers/mtd/mtdoops.c index 97bb8f6..4b8b621 100644 --- a/drivers/mtd/mtdoops.c +++ b/drivers/mtd/mtdoops.c @@ -386,6 +386,8 @@ static void mtdoops_notify_remove(struct mtd_info *mtd) cxt-mtd = NULL; flush_work(cxt-work_erase); flush_work(cxt-work_write); + vfree(cxt-oops_page_used); + cxt-oops_page_used = NULL; } @@ -439,7 +441,8 @@ static void __exit mtdoops_exit(void) unregister_mtd_user(mtdoops_notifier); vfree(cxt-oops_buf); - vfree(cxt-oops_page_used); + if (cxt-oops_page_used) + vfree(cxt-oops_page_used); } -- 1.7.9.5 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 1/1] mtd: mtdoops: fix for a potential memory leak in mtdoops_notify_remove
we are allocating cxt->oops_page_used using vmalloc in mtdoops_notify_add for every mtd_info addition but not freeing it in mtdoops_notify_remove Signed-off-by: Nilanjan Roychowdhury --- drivers/mtd/mtdoops.c |1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/mtdoops.c b/drivers/mtd/mtdoops.c index 97bb8f6..02f49aa 100644 --- a/drivers/mtd/mtdoops.c +++ b/drivers/mtd/mtdoops.c @@ -386,6 +386,7 @@ static void mtdoops_notify_remove(struct mtd_info *mtd) cxt->mtd = NULL; flush_work(>work_erase); flush_work(>work_write); + vfree(cxt->oops_page_used); } -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH 1/1] mtd: mtdoops: fix for a potential memory leak in mtdoops_notify_remove
we are allocating cxt-oops_page_used using vmalloc in mtdoops_notify_add for every mtd_info addition but not freeing it in mtdoops_notify_remove Signed-off-by: Nilanjan Roychowdhury nilanjan.roychowdh...@gmail.com --- drivers/mtd/mtdoops.c |1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/mtdoops.c b/drivers/mtd/mtdoops.c index 97bb8f6..02f49aa 100644 --- a/drivers/mtd/mtdoops.c +++ b/drivers/mtd/mtdoops.c @@ -386,6 +386,7 @@ static void mtdoops_notify_remove(struct mtd_info *mtd) cxt-mtd = NULL; flush_work(cxt-work_erase); flush_work(cxt-work_write); + vfree(cxt-oops_page_used); } -- 1.7.9.5 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/