On Thu, 2009-09-03 at 02:11 -0400, Luis R. Rodriguez wrote: > This was giving false positives. We use eventually free this > through kref_put(), things are not so obvious through > cfg80211_bss_update(). > > Signed-off-by: Luis R. Rodriguez <lrodriguez@xxxxxxxxxxx> > --- > net/wireless/scan.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/net/wireless/scan.c b/net/wireless/scan.c > index 19c5a9a..79f7a5d 100644 > --- a/net/wireless/scan.c > +++ b/net/wireless/scan.c > @@ -495,6 +495,9 @@ cfg80211_inform_bss(struct wiphy *wiphy, > > kref_init(&res->ref); > > + /* cfg80211_bss_update() eats up res - we ensure we free it there */ > + kmemleak_ignore(res); > + > res = cfg80211_bss_update(wiphy_to_dev(wiphy), res, 0); > if (!res) > return NULL; That's not making sense. cfg80211_bss_update() doesn't actually take a reference, it adds a new one for itself and then we return one to the caller. Why can it not track this? Actually it looks like we do leak one in net/mac80211/ibss.c. johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
