Re: Possible memory leak in request_firmware()
From: Catalin Marinas
Date: Tue Jul 07 2009 - 17:50:59 EST
On Tue, 2009-07-07 at 19:01 +0200, Cornelia Huck wrote:
> On Tue, 07 Jul 2009 16:17:00 +0100,
> Catalin Marinas <catalin.marinas@xxxxxxx> wrote:
>
> > The patch below may fix the problem but it's only later tonight that I
> > can test it and confirm:
>
> Your patch looks fine to me (didn't test it either), just one minor nit:
I tested it and it solves this leak.
> > @@ -407,14 +407,13 @@ static int fw_register_device(struct device **dev_p, const char *fw_name,
> > retval = device_register(f_dev);
> > if (retval) {
> > dev_err(device, "%s: device_register failed\n", __func__);
> > + kfree(fw_priv->fw_id);
>
> fw_priv->fw_id will be freed in the release function, so you don't need
> to free it here.
OK, thanks.
There is one more leak in this area which I couldn't figure out where it
should be freed:
unreferenced object 0xc353e530 (size 512):
comm "cat", pid 3130, jiffies 4294903232
backtrace:
[<c01e6f6a>] create_object+0xfa/0x250
[<c01e753d>] kmemleak_alloc+0x5d/0x70
[<c01e223d>] __kmalloc+0x10d/0x210
[<c03b2d2f>] firmware_data_write+0x1df/0x270
[<c024163a>] write+0x13a/0x1b0
[<c01eae1c>] vfs_write+0x9c/0x190
[<c01eafcd>] sys_write+0x3d/0x70
[<c010319c>] sysenter_do_call+0x12/0x38
[<ffffffff>] 0xffffffff
Any idea? It looks like this is the kmalloc() in fw_realloc_buffer()
(inlined in firmware_data_write).
--
Catalin
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/