Re: [PATCH] Fix "notes" kobject leak
From: Greg KH
Date: Mon Sep 15 2008 - 19:58:18 EST
On Tue, Sep 16, 2008 at 03:35:04AM +0400, Alexey Dobriyan wrote:
> On Mon, Sep 15, 2008 at 03:53:22PM -0700, Greg KH wrote:
> > On Sun, Sep 14, 2008 at 12:42:25PM +0400, Alexey Dobriyan wrote:
> > > On Fri, Sep 12, 2008 at 08:51:05AM -0700, Greg KH wrote:
> > > > On Sat, Sep 06, 2008 at 09:45:22AM +0400, Alexey Dobriyan wrote:
> > > > > On Fri, Aug 29, 2008 at 10:43:43PM -0700, Greg KH wrote:
> > > > > > On Sat, Aug 30, 2008 at 08:42:46AM +0400, Alexey Dobriyan wrote:
> > > > > > > size-32: 3511 kvasprintf+0x57/0x90
> > > > > > > size-64: 3059 kobject_create+0x1c/0x40
> > > > > > >
> > > > > > > These two buddies increase after every "modprobe; rmmod" sequence.
> > > > > >
> > > > > > Do they also do so in mainline?
> > > > >
> > > > > Yep, same bug in mainline.
> > > >
> > > > Not good. Does 2.6.26 show this as well?
> > >
> > > Uh-oh, this was actually 10-minute exercise.
> > >
> > >
> > >
> > > [PATCH] Fix "notes" kobject leak
> > >
> > > It happens every rmmod if KALLSYMS=y and SYSFS=y.
> > >
> > > # modprobe foo
> > >
> > > kobject: 'foo' (ffffffffa00743d0): kobject_add_internal: parent: 'module', set: 'module'
> > > kobject: 'holders' (ffff88017e7c5770): kobject_add_internal: parent: 'foo', set: '<NULL>'
> > > kobject: 'foo' (ffffffffa00743d0): kobject_uevent_env
> > > kobject: 'foo' (ffffffffa00743d0): fill_kobj_path: path = '/module/foo'
> > > kobject: 'notes' (ffff88017fa9b668): kobject_add_internal: parent: 'foo', set: '<NULL>'
> > > ^^^^^
> > >
> > > # rmmod foo
> > >
> > > kobject: 'holders' (ffff88017e7c5770): kobject_cleanup
> > > kobject: 'holders' (ffff88017e7c5770): auto cleanup kobject_del
> > > kobject: 'holders' (ffff88017e7c5770): calling ktype release
> > > kobject: (ffff88017e7c5770): dynamic_kobj_release
> > > kobject: 'holders': free name
> > > kobject: 'foo' (ffffffffa00743d0): kobject_cleanup
> > > kobject: 'foo' (ffffffffa00743d0): does not have a release() function, it is broken and must be fixed.
> > > kobject: 'foo' (ffffffffa00743d0): auto cleanup 'remove' event
> > > kobject: 'foo' (ffffffffa00743d0): kobject_uevent_env
> > > kobject: 'foo' (ffffffffa00743d0): fill_kobj_path: path = '/module/foo'
> > > kobject: 'foo' (ffffffffa00743d0): auto cleanup kobject_del
> > > kobject: 'foo': free name
> > >
> > > [whooops]
> > >
> > > Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>
> > > ---
> > >
> > > kernel/module.c | 1 +
> > > 1 file changed, 1 insertion(+)
> > >
> > > --- a/kernel/module.c
> > > +++ b/kernel/module.c
> > > @@ -1174,6 +1174,7 @@ static void free_notes_attrs(struct module_notes_attrs *notes_attrs,
> > > sysfs_remove_bin_file(notes_attrs->dir,
> > > ¬es_attrs->attrs[i]);
> > > kobject_del(notes_attrs->dir);
> > > + kobject_put(notes_attrs->dir);
> >
> > Hm, no, that should just be a call to kobject_put() instead of
> > kobject_del(), can you try that instead and see if that solves the issue
> > (am at a conference and can't test that at the moment, sorry.)
>
> Why?! kobject_del() puts parent kobject.
And that's about it (well, it also tears down the sysfs stuff.)
If you call kobject_put() instead, and it's the last put, it will also
call kobject_del() and do everything else that it needs to do.
Try it and let me know if I'm right or not :)
thanks,
greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/