aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Borntraeger <borntraeger@de.ibm.com>2009-10-06 04:34:00 -0400
committerMartin Schwidefsky <sky@mschwide.boeblingen.de.ibm.com>2009-10-06 04:35:07 -0400
commit05d419b11fa2445f71ff495de6394ce8c2960343 (patch)
treef31358c166bc937bc91d1eb7f246507a03f0fe85
parentec00440786f413133997396308f41184eb705a6d (diff)
[S390] Fix memory leak in /proc/cio_ignore
There is a memory leak in /proc/cio_ignore. The iterator is allocated in cio_ignore_proc_seq_start, but never freed in cio_ignore_proc_seq_stop, because we cannot use the iterator that was passed by seqfile. The seqfile interface passes the last seen iterator to the stop function and not the first one. Since our next function will return NULL at the end, the iter passed to cio_ignore_proc_seq_stop is NULL. The original iter has leaked. The solution is to use seq_open_private. Found with kmemleak: unreferenced object 0x1c720580 (size 32): comm "head", pid 973, jiffies 4294958302 hex dump (first 32 bytes): 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000000203154>] kmem_cache_alloc+0x190/0x19c [<00000000003fb462>] cio_ignore_proc_seq_start+0x5e/0x128 [<0000000000231018>] seq_read+0xc8/0x4bc [<0000000000273954>] proc_reg_read+0xa8/0xf4 [<000000000020e3d8>] vfs_read+0xac/0x1a4 [<000000000020e5c6>] SyS_read+0x52/0xa8 [<000000000011836e>] sysc_noemu+0x10/0x16 [<0000004690b7936c>] 0x4690b7936c Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-rw-r--r--drivers/s390/cio/blacklist.c13
1 files changed, 5 insertions, 8 deletions
diff --git a/drivers/s390/cio/blacklist.c b/drivers/s390/cio/blacklist.c
index 6565f027791e..7eab9ab9f406 100644
--- a/drivers/s390/cio/blacklist.c
+++ b/drivers/s390/cio/blacklist.c
@@ -265,13 +265,11 @@ struct ccwdev_iter {
265static void * 265static void *
266cio_ignore_proc_seq_start(struct seq_file *s, loff_t *offset) 266cio_ignore_proc_seq_start(struct seq_file *s, loff_t *offset)
267{ 267{
268 struct ccwdev_iter *iter; 268 struct ccwdev_iter *iter = s->private;
269 269
270 if (*offset >= (__MAX_SUBCHANNEL + 1) * (__MAX_SSID + 1)) 270 if (*offset >= (__MAX_SUBCHANNEL + 1) * (__MAX_SSID + 1))
271 return NULL; 271 return NULL;
272 iter = kzalloc(sizeof(struct ccwdev_iter), GFP_KERNEL); 272 memset(iter, 0, sizeof(*iter));
273 if (!iter)
274 return ERR_PTR(-ENOMEM);
275 iter->ssid = *offset / (__MAX_SUBCHANNEL + 1); 273 iter->ssid = *offset / (__MAX_SUBCHANNEL + 1);
276 iter->devno = *offset % (__MAX_SUBCHANNEL + 1); 274 iter->devno = *offset % (__MAX_SUBCHANNEL + 1);
277 return iter; 275 return iter;
@@ -280,8 +278,6 @@ cio_ignore_proc_seq_start(struct seq_file *s, loff_t *offset)
280static void 278static void
281cio_ignore_proc_seq_stop(struct seq_file *s, void *it) 279cio_ignore_proc_seq_stop(struct seq_file *s, void *it)
282{ 280{
283 if (!IS_ERR(it))
284 kfree(it);
285} 281}
286 282
287static void * 283static void *
@@ -378,14 +374,15 @@ static const struct seq_operations cio_ignore_proc_seq_ops = {
378static int 374static int
379cio_ignore_proc_open(struct inode *inode, struct file *file) 375cio_ignore_proc_open(struct inode *inode, struct file *file)
380{ 376{
381 return seq_open(file, &cio_ignore_proc_seq_ops); 377 return seq_open_private(file, &cio_ignore_proc_seq_ops,
378 sizeof(struct ccwdev_iter));
382} 379}
383 380
384static const struct file_operations cio_ignore_proc_fops = { 381static const struct file_operations cio_ignore_proc_fops = {
385 .open = cio_ignore_proc_open, 382 .open = cio_ignore_proc_open,
386 .read = seq_read, 383 .read = seq_read,
387 .llseek = seq_lseek, 384 .llseek = seq_lseek,
388 .release = seq_release, 385 .release = seq_release_private,
389 .write = cio_ignore_write, 386 .write = cio_ignore_write,
390}; 387};
391 388