* [PATCH 1/2] of: overlay: fix properties memory leak
@ 2019-11-18 13:28 Vincent Whitchurch
2019-11-18 13:28 ` [PATCH 2/2] of: overlay: fix target_path " Vincent Whitchurch
2019-11-21 16:55 ` [PATCH 1/2] of: overlay: fix properties " Frank Rowand
0 siblings, 2 replies; 4+ messages in thread
From: Vincent Whitchurch @ 2019-11-18 13:28 UTC (permalink / raw)
To: pantelis.antoniou, frowand.list, robh+dt
Cc: devicetree, linux-kernel, Vincent Whitchurch
No changeset entries are created for #address-cells and #size-cells
properties, but the duplicated properies are never freed. This results
in a memory leak which is detected by kmemleak:
unreferenced object 0x85887180 (size 64):
backtrace:
kmem_cache_alloc_trace+0x1fb/0x1fc
__of_prop_dup+0x25/0x7c
add_changeset_property+0x17f/0x370
build_changeset_next_level+0x29/0x20c
of_overlay_fdt_apply+0x32b/0x6b4
...
Fixes: 6f75118800acf77f8 ("of: overlay: validate overlay properties #address-cells and #size-cells")
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
---
drivers/of/overlay.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
index c423e94baf0f..5f8869e2a8b3 100644
--- a/drivers/of/overlay.c
+++ b/drivers/of/overlay.c
@@ -360,7 +360,7 @@ static int add_changeset_property(struct overlay_changeset *ovcs,
pr_err("WARNING: memory leak will occur if overlay removed, property: %pOF/%s\n",
target->np, new_prop->name);
- if (ret) {
+ if (ret || !check_for_non_overlay_node) {
kfree(new_prop->name);
kfree(new_prop->value);
kfree(new_prop);
--
2.20.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] of: overlay: fix target_path memory leak
2019-11-18 13:28 [PATCH 1/2] of: overlay: fix properties memory leak Vincent Whitchurch
@ 2019-11-18 13:28 ` Vincent Whitchurch
2019-11-21 17:37 ` Frank Rowand
2019-11-21 16:55 ` [PATCH 1/2] of: overlay: fix properties " Frank Rowand
1 sibling, 1 reply; 4+ messages in thread
From: Vincent Whitchurch @ 2019-11-18 13:28 UTC (permalink / raw)
To: pantelis.antoniou, frowand.list, robh+dt
Cc: devicetree, linux-kernel, Vincent Whitchurch
target_path is used as a temporary buffer in dup_and_fixup_symbol_prop()
and should be freed even in the success path.
This was detected by kmemleak.
unreferenced object 0x8598f6c0 (size 64):
backtrace:
__kmalloc_track_caller+0x17d/0x228
kvasprintf+0x2b/0x64
kasprintf+0x15/0x20
add_changeset_property+0x225/0x364
of_overlay_fdt_apply+0x42d/0x6b4
...
Fixes: e0a58f3e08d4b7fa ("of: overlay: remove a dependency on device node full_name")
Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
---
drivers/of/overlay.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
index 5f8869e2a8b3..59455322a130 100644
--- a/drivers/of/overlay.c
+++ b/drivers/of/overlay.c
@@ -261,6 +261,8 @@ static struct property *dup_and_fixup_symbol_prop(
of_property_set_flag(new_prop, OF_DYNAMIC);
+ kfree(target_path);
+
return new_prop;
err_free_new_prop:
--
2.20.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] of: overlay: fix properties memory leak
2019-11-18 13:28 [PATCH 1/2] of: overlay: fix properties memory leak Vincent Whitchurch
2019-11-18 13:28 ` [PATCH 2/2] of: overlay: fix target_path " Vincent Whitchurch
@ 2019-11-21 16:55 ` Frank Rowand
1 sibling, 0 replies; 4+ messages in thread
From: Frank Rowand @ 2019-11-21 16:55 UTC (permalink / raw)
To: Vincent Whitchurch, pantelis.antoniou, robh+dt
Cc: devicetree, linux-kernel, Vincent Whitchurch
Hi Vincent,
On 11/18/19 7:28 AM, Vincent Whitchurch wrote:
> No changeset entries are created for #address-cells and #size-cells
> properties, but the duplicated properies are never freed. This results
> in a memory leak which is detected by kmemleak:
>
> unreferenced object 0x85887180 (size 64):
> backtrace:
> kmem_cache_alloc_trace+0x1fb/0x1fc
> __of_prop_dup+0x25/0x7c
> add_changeset_property+0x17f/0x370
> build_changeset_next_level+0x29/0x20c
> of_overlay_fdt_apply+0x32b/0x6b4
> ...
>
> Fixes: 6f75118800acf77f8 ("of: overlay: validate overlay properties #address-cells and #size-cells")
> Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
> ---
> drivers/of/overlay.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
> index c423e94baf0f..5f8869e2a8b3 100644
> --- a/drivers/of/overlay.c
> +++ b/drivers/of/overlay.c
> @@ -360,7 +360,7 @@ static int add_changeset_property(struct overlay_changeset *ovcs,
> pr_err("WARNING: memory leak will occur if overlay removed, property: %pOF/%s\n",
> target->np, new_prop->name);
>
> - if (ret) {
> + if (ret || !check_for_non_overlay_node) {
> kfree(new_prop->name);
> kfree(new_prop->value);
> kfree(new_prop);
>
Thanks for finding and proposing a fix for the memory leak.
The proposed patch conveniently uses check_for_non_overlay_node
which leads to a nice small patch. But ends up adding an
additional hidden meaning to the variable, resulting in more
fragile code.
I will propose a different solution and ask you to test it
to make sure it also solves the memory leak.
-Frank
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] of: overlay: fix target_path memory leak
2019-11-18 13:28 ` [PATCH 2/2] of: overlay: fix target_path " Vincent Whitchurch
@ 2019-11-21 17:37 ` Frank Rowand
0 siblings, 0 replies; 4+ messages in thread
From: Frank Rowand @ 2019-11-21 17:37 UTC (permalink / raw)
To: Vincent Whitchurch, pantelis.antoniou, robh+dt
Cc: devicetree, linux-kernel, Vincent Whitchurch
Hi Rob,
On 11/18/19 7:28 AM, Vincent Whitchurch wrote:
> target_path is used as a temporary buffer in dup_and_fixup_symbol_prop()
> and should be freed even in the success path.
>
> This was detected by kmemleak.
>
> unreferenced object 0x8598f6c0 (size 64):
> backtrace:
> __kmalloc_track_caller+0x17d/0x228
> kvasprintf+0x2b/0x64
> kasprintf+0x15/0x20
> add_changeset_property+0x225/0x364
> of_overlay_fdt_apply+0x42d/0x6b4
> ...
>
> Fixes: e0a58f3e08d4b7fa ("of: overlay: remove a dependency on device node full_name")
> Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
> ---
> drivers/of/overlay.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
> index 5f8869e2a8b3..59455322a130 100644
> --- a/drivers/of/overlay.c
> +++ b/drivers/of/overlay.c
> @@ -261,6 +261,8 @@ static struct property *dup_and_fixup_symbol_prop(
>
> of_property_set_flag(new_prop, OF_DYNAMIC);
>
> + kfree(target_path);
> +
> return new_prop;
>
> err_free_new_prop:
>
Reviewed-by: Frank Rowand <frowand.list@gmail.com>
I would suggest changing the subject to:
of: overlay: dup_and_fixup_symbol_prop() memory leak
but I am also fine with you not changing the subject.
-Frank
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-11-21 17:37 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-18 13:28 [PATCH 1/2] of: overlay: fix properties memory leak Vincent Whitchurch
2019-11-18 13:28 ` [PATCH 2/2] of: overlay: fix target_path " Vincent Whitchurch
2019-11-21 17:37 ` Frank Rowand
2019-11-21 16:55 ` [PATCH 1/2] of: overlay: fix properties " Frank Rowand
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).