On Thu, Sep 3, 2009 at 12:26 AM, Johannes Berg<johannes@xxxxxxxxxxxxxxxx> wrote: > On Thu, 2009-09-03 at 02:11 -0400, Luis R. Rodriguez wrote: >> This was giving false positives. We use eventually free this >> through kref_put(), things are not so obvious through >> cfg80211_bss_update(). >> >> Signed-off-by: Luis R. Rodriguez <lrodriguez@xxxxxxxxxxx> >> --- >> net/wireless/scan.c | 3 +++ >> 1 files changed, 3 insertions(+), 0 deletions(-) >> >> diff --git a/net/wireless/scan.c b/net/wireless/scan.c >> index 19c5a9a..79f7a5d 100644 >> --- a/net/wireless/scan.c >> +++ b/net/wireless/scan.c >> @@ -495,6 +495,9 @@ cfg80211_inform_bss(struct wiphy *wiphy, >> >> kref_init(&res->ref); >> >> + /* cfg80211_bss_update() eats up res - we ensure we free it there */ >> + kmemleak_ignore(res); >> + >> res = cfg80211_bss_update(wiphy_to_dev(wiphy), res, 0); >> if (!res) >> return NULL; > > That's not making sense. cfg80211_bss_update() doesn't actually take a > reference, it adds a new one for itself and then we return one to the > caller. What I meant is it gobbles it up and spits another thing out. When it gobbles it up the routine then uses kref_put(). > Why can it not track this? It probably can, just not sure if it follows kref_put(), I was under the impression here it doesn't and because of it we were getting false positives. Catalin, can you confirm? > Actually it looks like we do leak one in net/mac80211/ibss.c. Luis -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
