Ralf Baechle wrote:
On Thu, Sep 01, 2005 at 08:56:19PM +0200, Patrick McHardy wrote:
I believe the SO_BINDTODEVICE case in net/ax25/af_x25.c (line 613 or so)
leaks a reference to a net device. It does a dev_get_by_name,
which holds a reference, but since it never assigns the pointer
anywhere, I do not see how it can ever free it later.
Please clue me in as to where it's released if it actually is.
I can't find the code you're talking about, there's no dev_get* in my
version of af_x25.c. Please paste the code you're talking about in
your bugreports, thanks.
Ben meant net/ax25/af_ax25. The dev value is stored in the ax25_cb
indirectly after converting it to an ax25dev pointer and will be freed
what that ax25_cb (which really is the protocol-specific part of the
socket) is going to be closed.
Ok, I'm getting hopelessly lost in the ax25 code trying to follow
references, so I'm just going to use the generic ref counting debugging.
That will still point to the right module, but not the line of code,
should a leak occur (and should the patch be accepted) :)
You poked my nose at a bug though - it is possible to leak references by
performing multiple SO_BINDTODEVICE operations; we should either only
permit the first one to succeed or to drop the reference of the old
device in case of a repeated SO_BINDTODEVICE. After the weekend ...
Thanks for taking a look.
Ben
--
Ben Greear <[EMAIL PROTECTED]>
Candela Technologies Inc http://www.candelatech.com
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
