On 10 August 2015 at 13:30, pavi1729 <pavitra1729@xxxxxxxxx> wrote:
> Hi,
>
> ISSUE: kfree frees an array
>
>
> I see that FUNCTION: tracing_splice_read_pipe (in
> FILE:src/kernel/trace/trace.c) calls FUNCTION:splice_shrink_spd (in
> FILE:fs/splice.c) which does kfree(spd->partial) on error path.
>
>
> But the spd->partial in FUNCTION "tracing_splice_read_pipe" is an array as below
>
>
> FILE: src/kernel/trace/trace.c
> static ssize_t tracing_splice_read_pipe(struct file *filp,
> loff_t *ppos,
> struct pipe_inode_info *pipe,
> size_t len,
> unsigned int flags)
> {
> struct page *pages_def[PIPE_DEF_BUFFERS];
> struct partial_page partial_def[PIPE_DEF_BUFFERS]; <----- This is an array
> struct trace_iterator *iter = filp->private_data;
> struct splice_pipe_desc spd = {
> .pages = pages_def,
> .partial = partial_def,
> <---------------------------------------- Kfree'ing this pointer ??
> .nr_pages = 0, /* This gets updated below. */
> .nr_pages_max = PIPE_DEF_BUFFERS,
> .flags = flags,
> .ops = &tracing_pipe_buf_ops,
> .spd_release = tracing_spd_release_pipe,
> };
>
> ..
> ..
> }
>
>
> FILE:fs/splice.c
> void splice_shrink_spd(struct splice_pipe_desc *spd)
> {
> if (spd->nr_pages_max <= PIPE_DEF_BUFFERS)
> return;
>
> kfree(spd->pages);
> kfree(spd->partial); <----------------------- Freeing the array ??
> }
No. If the condition above is false, the memory got reallocated in
FUNCTION:splice_grow_spd.
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
