Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754163AbZGFWas (ORCPT ); Mon, 6 Jul 2009 18:30:48 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753606AbZGFWal (ORCPT ); Mon, 6 Jul 2009 18:30:41 -0400 Received: from mail-bw0-f225.google.com ([209.85.218.225]:37312 "EHLO mail-bw0-f225.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753213AbZGFWak (ORCPT ); Mon, 6 Jul 2009 18:30:40 -0400 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; b=wbYfw0bKqAxB7nQUSBh5BmD4OD/P6E9WGMB6rMwbPE/HfvvNRf/Y9FnIPOOKXXaGQY x5Gzzx0X049zFPgAQ2oqHf6wkt8YoTmiZZT5NDIdgrZgXubUtvsidgWySyZZz8aYIX3z 405rhb3gPXPe3x90kj6c8ZjvQBonz9uVj4Gak= MIME-Version: 1.0 Date: Mon, 6 Jul 2009 23:30:41 +0100 X-Google-Sender-Auth: f4f4bb58e874b1d8 Message-ID: Subject: Possible memory leak in fs/sysfs/bin.c From: Catalin Marinas To: Li Zefan Cc: Al Viro , Linux Kernel Mailing List Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1441 Lines: 45 Hi, I get about 28 (after 1 hour uptime) kmemleak reports like the one below: unreferenced object 0xc24ab090 (size 4096): comm "cat", pid 2930, jiffies 4294902918 backtrace: [] create_object+0xfa/0x250 [] kmemleak_alloc+0x5d/0x70 [] __kmalloc_track_caller+0x10d/0x1e0 [] memdup_user+0x24/0x70 [] write+0xb9/0x1b0 [] vfs_write+0x9c/0x190 [] sys_write+0x3d/0x70 [] sysenter_do_call+0x12/0x38 [] 0xffffffff This is the write() function in the file mention in subject. It looks to me like commit 1c8542c7bb replaced kmalloc() with memdup_user() but also dropped the kfree(temp). The memdup_user() function allocates memory but that's never freed in write(). Maybe something like this: diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c index 9345806..bde6602 100644 --- a/fs/sysfs/bin.c +++ b/fs/sysfs/bin.c @@ -164,6 +164,7 @@ static ssize_t write(struct file *file, const char __user *userbuf, mutex_lock(&bb->mutex); memcpy(bb->buffer, temp, count); + kfree(temp); count = flush_write(dentry, bb->buffer, offs, count); mutex_unlock(&bb->mutex); -- Catalin -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/