Re: [PATCH] cfg80211: clear cfg80211_inform_bss() from kmemleakreports

From: Catalin Marinas
Date: Fri Sep 04 2009 - 04:26:22 EST

On Fri, 2009-09-04 at 07:04 +0200, Johannes Berg wrote:
> On Thu, 2009-09-03 at 13:43 -0700, Luis R. Rodriguez wrote:
> > On Thu, Sep 03, 2009 at 11:17:17AM -0700, Johannes Berg wrote:
> > > On Thu, 2009-09-03 at 11:13 -0700, Luis R. Rodriguez wrote:
> > >
> > > > What I meant is it gobbles it up and spits another thing out. When it
> > > > gobbles it up the routine then uses kref_put().
> > > >
> > > > > Why can it not track this?
> > > >
> > > > It probably can, just not sure if it follows kref_put(), I was under
> > > > the impression here it doesn't and because of it we were getting false
> > > > positives. Catalin, can you confirm?
> > >
> > > Ah I'd think that if it can't track it then that's because we use a
> > > pointer to the middle of the struct to keep track of it much of the
> > > time.
> >
> > So you agree with the patch but not the commit log entry?
> I'm not sure -- I think kmemleak should be able to figure it out, and if
> you were using IBSS then we actually have a leak that we need to plug,
> but otherwise I'd prefer to get some more input from Catalin first.

First of all, kmemleak_ignore() is not the right function to mark a
false positive as it completely ignores an object even though it may
have pointers to others. The kmemleak_not_leak() function should be
used. However, there are only two places in the kernel where this was
actually needed (one of them is a real leak but we ignore it as it makes
the code more complicated).

So, I think we should try to figure out why kmemleak reports it. There
are a few common cases:
1. transient false positive - this should disappear after a few
2. a pointer leading to the reported object is stored in an area of
memory not scanned by kmemleak - most commonly pages allocated
explicitly (alloc_pages etc.) as kmemleak doesn't track these.
The preferred solution is to inform kmemleak about such page
(kmemleak_alloc/kmemleak_free) rather than marking the false
3. a pointer leading to the reported object isn't actually pointing
to anywhere inside the structure (i.e. using the physical
address). Here we would use kmemleak_not_leak()

> Catalin, is it conceivable that kmemleak reports false positives if we
> use a struct like
> struct pubbss {
> ...
> };
> struct bss {
> ...
> struct pubbss pub;
> };
> and then keep track of &bss->pub; pointers instead of bss directly?

It should not report false positive here. That's a pretty common case
with struct list_head, struct device etc. and kmemleak handles them
properly - if there is a memory location pointing to *anywhere* inside a
structure, the object is considered referenced and not reported.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at