On Thu, Nov 13, 2014 at 01:20:20PM +0100, Thierry Reding wrote: > kmemleak started complaining for me recently and the stacktrace (see > below) points to this function: > > unreferenced object 0xec0f77c0 (size 192): > comm "kworker/u8:0", pid 169, jiffies 4294939367 (age 86.360s) > hex dump (first 32 bytes): > 01 00 00 70 1c ef 01 00 1c ef 01 00 1c ef 01 00 ...p............ > a0 00 00 00 a0 00 00 00 04 00 00 00 04 00 00 00 ................ > backtrace: > [<c00ec080>] __kmalloc+0x104/0x190 > [<c01387d4>] load_elf_phdrs+0x60/0x8c > [<c0138cb4>] load_elf_binary+0x280/0x12d8 > [<c00f8ef0>] search_binary_handler+0x80/0x1f0 > [<c00fa370>] do_execveat_common+0x570/0x658 > [<c00fa480>] do_execve+0x28/0x30 > [<c0038eb4>] ____call_usermodehelper+0x144/0x19c > [<c000e638>] ret_from_fork+0x14/0x3c > [<ffffffff>] 0xffffffff [...] > I think what happens is that the interp_elf_phdata memory is freed only > in the error cleanup path, but not when the function actually succeeds. > > The attached patch plugs the leak for me. > > Thierry > diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c > index f95da60e440e..8a9be83e88c2 100644 > --- a/fs/binfmt_elf.c > +++ b/fs/binfmt_elf.c > @@ -1029,6 +1029,7 @@ static int load_elf_binary(struct linux_binprm *bprm) > } > } > > + kfree(interp_elf_phdata); > kfree(elf_phdata); > > set_binfmt(&elf_format); Folded in and testing now. Ralf
