From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Chen Tingjie <tingjie.chen@intel.com>
Cc: Jiri Slaby <jslaby@suse.cz>,
linux-kernel@vger.kernel.org, Zhang Jun <jun.zhang@intel.com>
Subject: Re: [PATCH] [PATCH V2] tty: memleak in alloc_pid
Date: Mon, 14 Apr 2014 04:47:04 -0700 [thread overview]
Message-ID: <20140414114704.GB19027@kroah.com> (raw)
In-Reply-To: <1397460675-17983-1-git-send-email-tingjie.chen@intel.com>
On Mon, Apr 14, 2014 at 03:31:15PM +0800, Chen Tingjie wrote:
> There is memleak in alloc_pid:
> ------------------------------
> unreferenced object 0xd3453a80 (size 64):
> comm "adbd", pid 1730, jiffies 66363 (age 6586.950s)
> hex dump (first 32 bytes):
> 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 40 c2 f6 d5 00 d3 25 c1 59 28 00 00 ....@.....%.Y(..
> backtrace:
> [<c1a6f15c>] kmemleak_alloc+0x3c/0xa0
> [<c1320546>] kmem_cache_alloc+0xc6/0x190
> [<c125d51e>] alloc_pid+0x1e/0x400
> [<c123d344>] copy_process.part.39+0xad4/0x1120
> [<c123da59>] do_fork+0x99/0x330
> [<c123dd58>] sys_fork+0x28/0x30
> [<c1a89a08>] syscall_call+0x7/0xb
> [<ffffffff>] 0xffffffff
>
> the leak is due to unreleased pid->count, which execute in function:
> get_pid()(pid->count++) and put_pid()(pid->count--).
>
> The race condition as following:
> task[dumpsys] task[adbd]
> in disassociate_ctty() in tty_signal_session_leader()
> ----------------------- -------------------------
> tty = get_current_tty();
> // tty is not NULL
> ...
> spin_lock_irq(¤t->sighand->siglock);
> put_pid(current->signal->tty_old_pgrp);
> current->signal->tty_old_pgrp = NULL;
> spin_unlock_irq(¤t->sighand->siglock);
>
> spin_lock_irq(&p->sighand->siglock);
> ...
> p->signal->tty = NULL;
> ...
> spin_unlock_irq(&p->sighand->siglock);
>
> tty = get_current_tty();
> // tty NULL, goto else branch by accident.
> if (tty) {
> ...
> put_pid(tty_session);
> put_pid(tty_pgrp);
> ...
> } else {
> print msg
> }
>
> in task[dumpsys], in disassociate_ctty(), tty is set NULL by task[adbd],
> tty_signal_session_leader(), then it goto else branch and lack of
> put_pid(), cause memleak.
>
> move spin_unlock(sighand->siglock) after get_current_tty() can avoid
> the race and fix the memleak.
>
> Change-Id: Ic960dda039c8f99aad3e0f4d176489a966c62f6a
Why is this line here?
next prev parent reply other threads:[~2014-04-14 11:44 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-14 7:31 [PATCH] [PATCH V2] tty: memleak in alloc_pid Chen Tingjie
2014-04-14 11:47 ` Greg Kroah-Hartman [this message]
2014-04-15 2:49 ` Chen, Tingjie
2014-04-15 2:54 ` Liu, Chuansheng
2014-04-15 3:02 ` Chen, Tingjie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140414114704.GB19027@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=jslaby@suse.cz \
--cc=jun.zhang@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tingjie.chen@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.