Patchwork : fix phy_device_free memory leak

login
register
mail settings
Submitter Petr Malat
Date Feb. 6, 2013, 11:07 p.m.
Message ID <201302070007.57434.oss@malat.biz>
Download mbox | patch
Permalink /patch/218792/
State Changes Requested
Delegated to: David Miller
Headers show

Comments

Petr Malat - Feb. 6, 2013, 11:07 p.m.
Hi,
there is a memory leak in phy_device handling:
phy_device_create() sets name of kobject using dev_set_name(), which allocates 
memory using kvasprintf(), but this memory isn't freed if the underlying 
device isn't registered properly, because kobject_cleanup() is not called in 
that case. This can happen (and actually is happening on our machines) if 
phy_device_register(), called by mdiobus_scan(), fails. I fixed this by the 
attached patch, so far it's working fine.

Patch description:
Name is freed by phy_device_free(). In the case a device is released trough 
kobject_cleanup()->device_release()->phy_device_release(), the name is set to 
NULL and it is not freed by phy_device_free(), because it will be freed later 
by kobject_cleanup().

Please put me on CC, I'm not signed into the mailing list.

   Petr


the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller - Feb. 8, 2013, 4:35 a.m.
From: Petr Malat <oss@malat.biz>
Date: Thu, 7 Feb 2013 00:07:57 +0100

> Hi,
> there is a memory leak in phy_device handling:
> phy_device_create() sets name of kobject using dev_set_name(), which allocates 
> memory using kvasprintf(), but this memory isn't freed if the underlying 
> device isn't registered properly, because kobject_cleanup() is not called in 
> that case. This can happen (and actually is happening on our machines) if 
> phy_device_register(), called by mdiobus_scan(), fails. I fixed this by the 
> attached patch, so far it's working fine.
> 
> Patch description:
> Name is freed by phy_device_free(). In the case a device is released trough 
> kobject_cleanup()->device_release()->phy_device_release(), the name is set to 
> NULL and it is not freed by phy_device_free(), because it will be freed later 
> by kobject_cleanup().
> 
> Please put me on CC, I'm not signed into the mailing list.

Please follow the directions in Documentation/SubmittingPatches, in
particular the part about providing a proper signoff.

Do not send an updated version of this patch as a reply to this thread,
instead create a completely new mailing list posting for that purpose.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

--- a/drivers/net/phy/phy_device.c	2013-02-06 19:44:11.000000000 +0100
+++ b/drivers/net/phy/phy_device.c	2013-02-06 20:56:57.000000000 +0100
@@ -41,12 +41,16 @@  MODULE_LICENSE("GPL");
 
 void phy_device_free(struct phy_device *phydev)
 {
+	kfree(phydev->dev.kobj.name);
 	kfree(phydev);
 }
 EXPORT_SYMBOL(phy_device_free);
 
 static void phy_device_release(struct device *dev)
 {
+	/* Name will be freed by kobject_cleanup() */
+	dev->kobj.name = NULL; 
+
 	phy_device_free(to_phy_device(dev));
 }
--
To unsubscribe from this list: send the line "unsubscribe netdev" in