Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965290AbWHOIQu (ORCPT ); Tue, 15 Aug 2006 04:16:50 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S965291AbWHOIQu (ORCPT ); Tue, 15 Aug 2006 04:16:50 -0400 Received: from py-out-1112.google.com ([64.233.166.177]:24617 "EHLO py-out-1112.google.com") by vger.kernel.org with ESMTP id S965290AbWHOIQt (ORCPT ); Tue, 15 Aug 2006 04:16:49 -0400 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=DQyYord7dpEllrp0s1iOTMNGGrHVtM3ERNKUUcxIECh4hbIrTHtcDHbLBKx+Hyr4fXPEajOetzGM3TMc1Sz1fUgj8ibks9yeJmOlJPzeuTx6ZA9U5xow3XTJdnENwiKR6Kg+c8LumSNeAvYTOMvl5vhYl2WywlFMcomGyc13ILE= Message-ID: Date: Tue, 15 Aug 2006 09:16:48 +0100 From: "Catalin Marinas" To: "Andrew Morton" Subject: Re: [PATCH] Fix memory leak in vc_resize/vc_allocate Cc: linux-kernel@vger.kernel.org, "Antonino A. Daplas" In-Reply-To: <20060814154356.61fc89ca.akpm@osdl.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20060810142221.31793.20635.stgit@localhost.localdomain> <20060814154356.61fc89ca.akpm@osdl.org> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1922 Lines: 48 On 14/08/06, Andrew Morton wrote: > On Thu, 10 Aug 2006 15:22:21 +0100 > Catalin Marinas wrote: > > diff --git a/drivers/char/vt.c b/drivers/char/vt.c > > index da7e66a..31c8b32 100644 > > --- a/drivers/char/vt.c > > +++ b/drivers/char/vt.c > > @@ -730,7 +730,8 @@ int vc_allocate(unsigned int currcons) / > > visual_init(vc, currcons, 1); > > if (!*vc->vc_uni_pagedir_loc) > > con_set_default_unimap(vc); > > - vc->vc_screenbuf = kmalloc(vc->vc_screenbuf_size, GFP_KERNEL); > > + if (!vc->vc_kmalloced) > > + vc->vc_screenbuf = kmalloc(vc->vc_screenbuf_size, GFP_KERNEL); > > if (!vc->vc_screenbuf) { > > kfree(vc); > > vc_cons[currcons].d = NULL; > > hm. Maybe. I'd worry that the memory at vc->vc_screenbuf isn't of the > correct size and this patch will convert a leak into a buffer overrun. My initial attempt was to free the kmalloc'ed buffer and reallocate it in vc_allocate (similar to the code in vc_resize) but I realised that vc_screenbuf kmalloced block is always of the vs_screenbuf_size length. > Also, what's up with this, in vc_resize()? > > if (vc->vc_kmalloced) > kfree(vc->vc_screenbuf); > vc->vc_screenbuf = newscreen; > vc->vc_kmalloced = 1; > > if vc->vc_kmalloced means "there is kmalloced memory at vc->vc_screenbuf" > then this is wrong. I think the above should be fine because vc_resize can be called either via vc_allocate->visual_init->fbcon_init when the buffer was not yet allocated or via a tty ioctl etc. and it needs to free the old buffer. -- Catalin - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/