From: Rusty Russell Date: Mon, 14 Oct 2013 07:38:45 +0000 (+1030) Subject: virtio_ring: plug kmemleak false positive. X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=bb478d8b167cf875565ac7d927ffbdc0b6d280e8;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git virtio_ring: plug kmemleak false positive. unreferenced object 0xffff88003d467e20 (size 32): comm "softirq", pid 0, jiffies 4295197765 (age 6.364s) hex dump (first 32 bytes): 28 19 bf 3d 00 00 00 00 0c 00 00 00 01 00 01 00 (..=............ 02 dc 51 3c 00 00 00 00 56 00 00 00 00 00 00 00 ..Q<....V....... backtrace: [] kmemleak_alloc+0x59/0xc0 [] __kmalloc+0xf3/0x180 [] vring_add_indirect+0x36/0x280 [] virtqueue_add_outbuf+0xbf/0x4e0 [] start_xmit+0x1a0/0x3b0 [] dev_hard_start_xmit+0x2d1/0x4d0 [] sch_direct_xmit+0xf2/0x1c0 [] dev_queue_xmit+0x1c8/0x460 [] ip6_finish_output2+0x1d7/0x470 [] ip6_finish_output+0x90/0xb0 [] ip6_output+0x37/0xb0 [] igmp6_send+0x2db/0x470 [] igmp6_timer_handler+0x95/0xa0 [] call_timer_fn+0x2c/0x90 [] run_timer_softirq+0x1da/0x1f0 [] __do_softirq+0xd1/0x1b0 Address gets embedded in a descriptor via virt_to_phys(). See detach_buf, which frees it: if (vq->vring.desc[i].flags & VRING_DESC_F_INDIRECT) kfree(phys_to_virt(vq->vring.desc[i].addr)); Reported-by: Christoph Paasch Fix-suggested-by: Christoph Paasch Typing-done-by: Rusty Russell Signed-off-by: Rusty Russell --- diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c index 6b4a4db4404d..6547d46171b3 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -173,6 +173,8 @@ static inline int vring_add_indirect(struct vring_virtqueue *vq, head = vq->free_head; vq->vring.desc[head].flags = VRING_DESC_F_INDIRECT; vq->vring.desc[head].addr = virt_to_phys(desc); + /* kmemleak gives a false positive, as it's hidden by virt_to_phys */ + kmemleak_ignore(desc); vq->vring.desc[head].len = i * sizeof(struct vring_desc); /* Update free pointer */