Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754152Ab2JOHUI (ORCPT ); Mon, 15 Oct 2012 03:20:08 -0400 Received: from mga09.intel.com ([134.134.136.24]:46121 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752602Ab2JOHUF convert rfc822-to-8bit (ORCPT ); Mon, 15 Oct 2012 03:20:05 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.80,587,1344236400"; d="scan'208";a="205671746" From: "Tu, Xiaobing" To: "Tu, Xiaobing" , "ccross@android.com" , "davej@redhat.com" , "akpm@linux-foundation.org" , "mingo@elte.hu" , "rusty@rustcorp.com.au" , "a.p.zijlstra@chello.nl" , "linux-kernel@vger.kernel.org" , "rostedt@goodmis.org" CC: "Zhang, Di" , "Ma, Xindong" , "Zuo, Alex" Subject: Fix memory leak in binder--version2 Thread-Topic: Fix memory leak in binder--version2 Thread-Index: Ac2qoyERn9VOsHHUS6WvzdrsGtV9EAAAAtogAACO+HA= Date: Mon, 15 Oct 2012 07:20:01 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2177 Lines: 57 After enabling kmemleak and run monkey, following memleak is reported: unreferenced object 0xeed27f80 (size 64): comm "Binder_8", pid 641, jiffies 4294946341 (age 2275.810s) hex dump (first 32 bytes): 4f dd 00 00 84 7f d2 ee 84 7f d2 ee 01 00 00 00 O............... 00 00 00 00 00 00 00 00 00 aa 4c d7 00 00 00 00 ..........L..... backtrace: [] kmemleak_alloc+0x3c/0xa0 [] kmem_cache_alloc_trace+0x9e/0x180 [] binder_thread_write+0xcf5/0x23a0 [] binder_ioctl+0x1f1/0x530 [] do_vfs_ioctl+0x86/0x5e0 [] sys_ioctl+0x32/0x60 [] syscall_call+0x7/0xb [] 0xffffffff The work item in async_todo list is not freed when binder released. Also the async transaction should also be freed in binder_release_work. Signed-off-by: Leon Ma Signed-off-by: Di Zhang --- drivers/staging/android/binder.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c index 7df2a89..022c9f8 100644 --- a/drivers/staging/android/binder.c +++ b/drivers/staging/android/binder.c @@ -2509,6 +2509,11 @@ static void binder_release_work(struct list_head *list) t = container_of(w, struct binder_transaction, work); if (t->buffer->target_node && !(t->flags & TF_ONE_WAY)) binder_send_failed_reply(t, BR_DEAD_REPLY); + else { + t->buffer->transaction = NULL; + kfree(t); + binder_stats_deleted(BINDER_STAT_TRANSACTION); + } } break; case BINDER_WORK_TRANSACTION_COMPLETE: { kfree(w); @@ -2982,6 +2987,7 @@ static void binder_deferred_release(struct binder_proc *proc) nodes++; rb_erase(&node->rb_node, &proc->nodes); + binder_release_work(&node->async_todo); list_del_init(&node->work.entry); if (hlist_empty(&node->refs)) { kfree(node); -- 1.7.6 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/