From: Qian Cai <cai@lca.pw>
To: Stefan Haberland <sth@linux.ibm.com>,
Jan Hoeppner <hoeppner@linux.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Christian Borntraeger <borntraeger@de.ibm.com>
Cc: linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: memory leaks in dasd_eckd_check_characteristics() error paths
Date: Wed, 02 Oct 2019 15:33:21 -0400 [thread overview]
Message-ID: <1570044801.5576.262.camel@lca.pw> (raw)
For some reasons, dasd_eckd_check_characteristics() received -ENOMEM and then
dasd_generic_set_online() emits this message,
dasd: 0.0.0122 Setting the DASD online with discipline ECKD failed with rc=-12
After that, there are several memory leaks below. There are "config_data" and
then stored as,
/* store per path conf_data */
device->path[pos].conf_data = conf_data;
When it processes the error path in dasd_generic_set_online(), it calls
dasd_delete_device() which nuke the whole "struct dasd_device" without freeing
the device->path[].conf_data first. Is it safe to free those in
dasd_free_device() without worrying about the double-free? Or, is it better to
free those in dasd_eckd_check_characteristics()'s goto error handling, i.e.,
out_err*?
--- a/drivers/s390/block/dasd.c
+++ b/drivers/s390/block/dasd.c
@@ -153,6 +153,9 @@ struct dasd_device *dasd_alloc_device(void)
*/
void dasd_free_device(struct dasd_device *device)
{
+ for (int i = 0; i < 8; i++)
+ kfree(device->path[i].conf_data);
+
kfree(device->private);
free_pages((unsigned long) device->ese_mem, 1);
free_page((unsigned long) device->erp_mem);
unreferenced object 0x0fcee900 (size 256):
comm "dasdconf.sh", pid 446, jiffies 4294940081 (age 170.340s)
hex dump (first 32 bytes):
dc 01 01 00 f0 f0 f2 f1 f0 f7 f9 f0 f0 c9 c2 d4 ................
f7 f5 f0 f0 f0 f0 f0 f0 f0 c6 d9 c2 f7 f1 62 33 ..............b3
backtrace:
[<00000000a83b1992>] kmem_cache_alloc_trace+0x200/0x388
[<00000000048ef3e2>] dasd_eckd_read_conf+0x408/0x1400 [dasd_eckd_mod]
[<00000000ce31f195>] dasd_eckd_check_characteristics+0x3cc/0x938
[dasd_eckd_mod]
[<00000000f6f1759b>] dasd_generic_set_online+0x150/0x4c0
[<00000000efca1efa>] ccw_device_set_online+0x324/0x808
[<00000000f9779774>] online_store_recog_and_online+0xe8/0x220
[<00000000349a5446>] online_store+0x2ce/0x420
[<000000005bd145f8>] kernfs_fop_write+0x1bc/0x270
[<0000000005664197>] vfs_write+0xce/0x220
[<0000000044a8bccb>] ksys_write+0xea/0x190
[<0000000037335938>] system_call+0x296/0x2b4
next reply other threads:[~2019-10-02 19:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-02 19:33 Qian Cai [this message]
2019-10-16 13:29 ` memory leaks in dasd_eckd_check_characteristics() error paths Stefan Haberland
2019-10-16 14:09 ` Qian Cai
2019-10-16 14:56 ` Stefan Haberland
2019-10-16 15:26 ` Qian Cai
2019-10-16 15:28 ` Stefan Haberland
2019-10-18 12:06 ` Stefan Haberland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1570044801.5576.262.camel@lca.pw \
--to=cai@lca.pw \
--cc=borntraeger@de.ibm.com \
--cc=gor@linux.ibm.com \
--cc=heiko.carstens@de.ibm.com \
--cc=hoeppner@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=sth@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).