Re: [PATCH] Fix "notes" kobject leak
From: Alexey Dobriyan
Date: Mon Sep 15 2008 - 19:33:18 EST
On Mon, Sep 15, 2008 at 03:53:22PM -0700, Greg KH wrote:
> On Sun, Sep 14, 2008 at 12:42:25PM +0400, Alexey Dobriyan wrote:
> > On Fri, Sep 12, 2008 at 08:51:05AM -0700, Greg KH wrote:
> > > On Sat, Sep 06, 2008 at 09:45:22AM +0400, Alexey Dobriyan wrote:
> > > > On Fri, Aug 29, 2008 at 10:43:43PM -0700, Greg KH wrote:
> > > > > On Sat, Aug 30, 2008 at 08:42:46AM +0400, Alexey Dobriyan wrote:
> > > > > > size-32: 3511 kvasprintf+0x57/0x90
> > > > > > size-64: 3059 kobject_create+0x1c/0x40
> > > > > >
> > > > > > These two buddies increase after every "modprobe; rmmod" sequence.
> > > > >
> > > > > Do they also do so in mainline?
> > > >
> > > > Yep, same bug in mainline.
> > >
> > > Not good. Does 2.6.26 show this as well?
> >
> > Uh-oh, this was actually 10-minute exercise.
> >
> >
> >
> > [PATCH] Fix "notes" kobject leak
> >
> > It happens every rmmod if KALLSYMS=y and SYSFS=y.
> >
> > # modprobe foo
> >
> > kobject: 'foo' (ffffffffa00743d0): kobject_add_internal: parent: 'module', set: 'module'
> > kobject: 'holders' (ffff88017e7c5770): kobject_add_internal: parent: 'foo', set: '<NULL>'
> > kobject: 'foo' (ffffffffa00743d0): kobject_uevent_env
> > kobject: 'foo' (ffffffffa00743d0): fill_kobj_path: path = '/module/foo'
> > kobject: 'notes' (ffff88017fa9b668): kobject_add_internal: parent: 'foo', set: '<NULL>'
> > ^^^^^
> >
> > # rmmod foo
> >
> > kobject: 'holders' (ffff88017e7c5770): kobject_cleanup
> > kobject: 'holders' (ffff88017e7c5770): auto cleanup kobject_del
> > kobject: 'holders' (ffff88017e7c5770): calling ktype release
> > kobject: (ffff88017e7c5770): dynamic_kobj_release
> > kobject: 'holders': free name
> > kobject: 'foo' (ffffffffa00743d0): kobject_cleanup
> > kobject: 'foo' (ffffffffa00743d0): does not have a release() function, it is broken and must be fixed.
> > kobject: 'foo' (ffffffffa00743d0): auto cleanup 'remove' event
> > kobject: 'foo' (ffffffffa00743d0): kobject_uevent_env
> > kobject: 'foo' (ffffffffa00743d0): fill_kobj_path: path = '/module/foo'
> > kobject: 'foo' (ffffffffa00743d0): auto cleanup kobject_del
> > kobject: 'foo': free name
> >
> > [whooops]
> >
> > Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>
> > ---
> >
> > kernel/module.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > --- a/kernel/module.c
> > +++ b/kernel/module.c
> > @@ -1174,6 +1174,7 @@ static void free_notes_attrs(struct module_notes_attrs *notes_attrs,
> > sysfs_remove_bin_file(notes_attrs->dir,
> > ¬es_attrs->attrs[i]);
> > kobject_del(notes_attrs->dir);
> > + kobject_put(notes_attrs->dir);
>
> Hm, no, that should just be a call to kobject_put() instead of
> kobject_del(), can you try that instead and see if that solves the issue
> (am at a conference and can't test that at the moment, sorry.)
Why?! kobject_del() puts parent kobject.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/