Possible memory leak in function (reserve_range) not freeing pointer (regionid)

All of lore.kernel.org
 help / color / mirror / Atom feed

* Possible memory leak in function (reserve_range) not freeing pointer (regionid)
@ 2014-11-30 20:00 Ahmed Tamrawi
  2014-12-01  2:51 ` Greg KH
  0 siblings, 1 reply; 7+ messages in thread
From: Ahmed Tamrawi @ 2014-11-30 20:00 UTC (permalink / raw)
  To: driverdev-devel

Bug Report: https://bugzilla.kernel.org/show_bug.cgi?id=89101
Linux Version [3.17-rc1]
Configuration: Default configuration for x86

Function (reserve_range) in file (drivers/pnp/system.c) allocates
pointer (regionid) on line (32) and passes it to function
(__request_region) through the macros: (request_region) at line (38)
or (request_mem_region) at line (40). However, if the resource (res)
is allocated through (__request_region) function, then the pointer
(res->name) points to the allocated pointer (regionid). Then, there is
no way in function (free_resource) or function (release_resource) to
free the pointer (regionid) or (res->name). Thus, causing a potential
memory leak!

Function (reserve_range) source code reference:
http://lxr.free-electrons.com/source/drivers/pnp/system.c#L25
Function (free_resource) source code
reference:http://lxr.free-electrons.com/source/kernel/resource.c#L172
Function (release_resource) source code
reference:http://lxr.free-electrons.com/source/kernel/resource.c#L322

~Ahmed
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Possible memory leak in function (reserve_range) not freeing pointer (regionid)
  2014-11-30 20:00 Possible memory leak in function (reserve_range) not freeing pointer (regionid) Ahmed Tamrawi
@ 2014-12-01  2:51 ` Greg KH
  2014-12-01  3:49   ` Ahmed Tamrawi
  0 siblings, 1 reply; 7+ messages in thread
From: Greg KH @ 2014-12-01  2:51 UTC (permalink / raw)
  To: Ahmed Tamrawi; +Cc: driverdev-devel

On Sun, Nov 30, 2014 at 02:00:45PM -0600, Ahmed Tamrawi wrote:
> Bug Report: https://bugzilla.kernel.org/show_bug.cgi?id=89101
> Linux Version [3.17-rc1]

That's a very old kernel version.

> Configuration: Default configuration for x86
> 
> 
> Function (reserve_range) in file (drivers/pnp/system.c) allocates
> pointer (regionid) on line (32) and passes it to function
> (__request_region) through the macros: (request_region) at line (38)
> or (request_mem_region) at line (40). However, if the resource (res)
> is allocated through (__request_region) function, then the pointer
> (res->name) points to the allocated pointer (regionid). Then, there is
> no way in function (free_resource) or function (release_resource) to
> free the pointer (regionid) or (res->name). Thus, causing a potential
> memory leak!

How does this relate to the mailing list you sent this to?

Please send a patch for the issue against Linus's latest kernel tree to
help explain things better.

thanks,

greg k-h
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Possible memory leak in function (reserve_range) not freeing pointer (regionid)
  2014-12-01  2:51 ` Greg KH
@ 2014-12-01  3:49   ` Ahmed Tamrawi
  2014-12-03  8:48     ` Dan Carpenter
  2014-12-04  1:12     ` Greg KH
  0 siblings, 2 replies; 7+ messages in thread
From: Ahmed Tamrawi @ 2014-12-01  3:49 UTC (permalink / raw)
  To: Greg KH; +Cc: driverdev-devel

On Sun, Nov 30, 2014 at 8:51 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
> On Sun, Nov 30, 2014 at 02:00:45PM -0600, Ahmed Tamrawi wrote:
>> Bug Report: https://bugzilla.kernel.org/show_bug.cgi?id=89101
>> Linux Version [3.17-rc1]
>
> That's a very old kernel version.
It does exist on the latest version (v3.18-rc7)
>
>> Configuration: Default configuration for x86
>>
>>
>> Function (reserve_range) in file (drivers/pnp/system.c) allocates
>> pointer (regionid) on line (32) and passes it to function
>> (__request_region) through the macros: (request_region) at line (38)
>> or (request_mem_region) at line (40). However, if the resource (res)
>> is allocated through (__request_region) function, then the pointer
>> (res->name) points to the allocated pointer (regionid). Then, there is
>> no way in function (free_resource) or function (release_resource) to
>> free the pointer (regionid) or (res->name). Thus, causing a potential
>> memory leak!
>
> How does this relate to the mailing list you sent this to?
The bug occurs in the drivers side code in pnp/system.c. I thought
this is the list to target. I have already posted the bug into
linux-kernel mailing list, does that suffice?
>
> Please send a patch for the issue against Linus's latest kernel tree to
> help explain things better.
I am not sure where the fix should be, but I can try one.
>
> thanks,
>
> greg k-h

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Possible memory leak in function (reserve_range) not freeing pointer (regionid)
  2014-12-01  3:49   ` Ahmed Tamrawi
@ 2014-12-03  8:48     ` Dan Carpenter
  2014-12-03 16:38       ` Ahmed Tamrawi
  2014-12-04  1:12     ` Greg KH
  1 sibling, 1 reply; 7+ messages in thread
From: Dan Carpenter @ 2014-12-03  8:48 UTC (permalink / raw)
  To: Ahmed Tamrawi; +Cc: Greg KH, driverdev-devel

This is a real bug, but it's very minor.  To trigger it, you would have
to modprobe and rmmod many many times in a loop.  If you report these
sorts of minor bugs when the code is new, then most times people fix
them but this one is old I doubt anyone is motivated to fix it.  Fixing
it seems a little complicated to me as well.

I suppose that linux-kernel@vger.kernel.org is the correct mailing list
to report this but the truth is that no one reads that list.

Anyway, it seems that you have written a good bug finding tool.  :)
Congratulations for that!

regards,
dan carpenter
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Possible memory leak in function (reserve_range) not freeing pointer (regionid)
  2014-12-03  8:48     ` Dan Carpenter
@ 2014-12-03 16:38       ` Ahmed Tamrawi
  0 siblings, 0 replies; 7+ messages in thread
From: Ahmed Tamrawi @ 2014-12-03 16:38 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: Greg KH, driverdev-devel

The bug was found via the  memory-leak static analysis tool that we
have built on top of C-Atlas framework from EnSoft. You can check it
out (http://www.ensoftcorp.com/atlas/).

Thanks for clarifying things!

~Ahmed

On Wed, Dec 3, 2014 at 2:48 AM, Dan Carpenter <dan.carpenter@oracle.com> wrote:
> This is a real bug, but it's very minor.  To trigger it, you would have
> to modprobe and rmmod many many times in a loop.  If you report these
> sorts of minor bugs when the code is new, then most times people fix
> them but this one is old I doubt anyone is motivated to fix it.  Fixing
> it seems a little complicated to me as well.
>
> I suppose that linux-kernel@vger.kernel.org is the correct mailing list
> to report this but the truth is that no one reads that list.
>
> Anyway, it seems that you have written a good bug finding tool.  :)
> Congratulations for that!
>
> regards,
> dan carpenter

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Possible memory leak in function (reserve_range) not freeing pointer (regionid)
  2014-12-01  3:49   ` Ahmed Tamrawi
  2014-12-03  8:48     ` Dan Carpenter
@ 2014-12-04  1:12     ` Greg KH
  1 sibling, 0 replies; 7+ messages in thread
From: Greg KH @ 2014-12-04  1:12 UTC (permalink / raw)
  To: Ahmed Tamrawi; +Cc: driverdev-devel

On Sun, Nov 30, 2014 at 09:49:23PM -0600, Ahmed Tamrawi wrote:
> On Sun, Nov 30, 2014 at 8:51 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
> > On Sun, Nov 30, 2014 at 02:00:45PM -0600, Ahmed Tamrawi wrote:
> >> Bug Report: https://bugzilla.kernel.org/show_bug.cgi?id=89101
> >> Linux Version [3.17-rc1]
> >
> > That's a very old kernel version.
> It does exist on the latest version (v3.18-rc7)

Good to know.

> >> Configuration: Default configuration for x86
> >>
> >>
> >> Function (reserve_range) in file (drivers/pnp/system.c) allocates
> >> pointer (regionid) on line (32) and passes it to function
> >> (__request_region) through the macros: (request_region) at line (38)
> >> or (request_mem_region) at line (40). However, if the resource (res)
> >> is allocated through (__request_region) function, then the pointer
> >> (res->name) points to the allocated pointer (regionid). Then, there is
> >> no way in function (free_resource) or function (release_resource) to
> >> free the pointer (regionid) or (res->name). Thus, causing a potential
> >> memory leak!
> >
> > How does this relate to the mailing list you sent this to?
> The bug occurs in the drivers side code in pnp/system.c. I thought
> this is the list to target. I have already posted the bug into
> linux-kernel mailing list, does that suffice?

Use the tool, scripts/get_maintainer.pl to determine what people and
mailing lists to send issues to for specific files.  Just sending them
to random mailing lists without cc: developers is a sure way to get them
ignored.

thanks,

greg k-h
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Possible memory leak in function (reserve_range) not freeing pointer (regionid)
@ 2014-12-01  1:08 Ahmed Tamrawi
  0 siblings, 0 replies; 7+ messages in thread
From: Ahmed Tamrawi @ 2014-12-01  1:08 UTC (permalink / raw)
  To: linux-kernel

Bug Report: https://bugzilla.kernel.org/show_bug.cgi?id=89101
Linux Version [3.17-rc1]
Configuration: Default configuration for x86

Function (reserve_range) in file (drivers/pnp/system.c) allocates
pointer (regionid) on line (32) and passes it to function
(__request_region) through the macros: (request_region) at line (38)
or (request_mem_region) at line (40). However, if the resource (res)
is allocated through (__request_region) function, then the pointer
(res->name) points to the allocated pointer (regionid). Then, there is
no way in function (free_resource) or function (release_resource) to
free the pointer (regionid) or (res->name). Thus, causing a potential
memory leak!

Function (reserve_range) source code reference:
http://lxr.free-electrons.com/source/drivers/pnp/system.c#L25
Function (free_resource) source code
reference:http://lxr.free-electrons.com/source/kernel/resource.c#L172
Function (release_resource) source code
reference:http://lxr.free-electrons.com/source/kernel/resource.c#L322

~Ahmed

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2014-12-04  1:12 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-11-30 20:00 Possible memory leak in function (reserve_range) not freeing pointer (regionid) Ahmed Tamrawi
2014-12-01  2:51 ` Greg KH
2014-12-01  3:49   ` Ahmed Tamrawi
2014-12-03  8:48     ` Dan Carpenter
2014-12-03 16:38       ` Ahmed Tamrawi
2014-12-04  1:12     ` Greg KH
2014-12-01  1:08 Ahmed Tamrawi

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.