Bug 176441

Summary: fb_get_options creates leaks sometimes
Product: Drivers Reporter: Mathieu Malaterre (mathieu.malaterre)
Component: Console/FramebuffersAssignee: other_other
Status: NEW ---    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 3.7.5 Subsystem:
Regression: No Bisected commit-id:

Description Mathieu Malaterre 2016-10-05 18:50:18 UTC 
There seems to be some memory leak when passing:

$ cat /etc/yaboot.conf
[...]
        append="video=1680x1050-32"

This is reported as:

# cat /sys/kernel/debug/kmemleak
unreferenced object 0xdea17ac0 (size 32):
  comm "swapper", pid 1, jiffies 4294892503 (age 7776.836s)
  hex dump (first 32 bytes):
    31 36 38 30 78 31 30 35 30 2d 33 32 00 65 73 73  1680x1050-32.ess
    2f 64 72 69 76 65 72 73 2f 61 65 72 00 00 00 00  /drivers/aer....
  backtrace:
    [<c021b3b8>] kstrdup+0x48/0x88
    [<c051f3a8>] fb_get_options+0x60/0x2b0
    [<c0ae13b8>] matroxfb_init+0x28/0x568
    [<c00041d4>] do_one_initcall+0xf0/0x2a4
    [<c0aabb1c>] kernel_init_freeable+0x300/0x3a4
    [<c0004b34>] kernel_init+0x24/0x130
    [<c001d4a0>] ret_from_kernel_thread+0x5c/0x64
unreferenced object 0xdea17a60 (size 32):
  comm "swapper", pid 1, jiffies 4294892503 (age 7776.836s)
  hex dump (first 32 bytes):
    31 36 38 30 78 31 30 35 30 2d 33 32 00 65 72 73  1680x1050-32.ers
    2f 61 74 79 31 32 38 66 62 00 00 00 00 00 00 00  /aty128fb.......
  backtrace:
    [<c021b3b8>] kstrdup+0x48/0x88
    [<c051f3a8>] fb_get_options+0x60/0x2b0
    [<c0ae2a38>] sisfb_init+0x2c/0x70
    [<c00041d4>] do_one_initcall+0xf0/0x2a4
    [<c0aabb1c>] kernel_init_freeable+0x300/0x3a4
    [<c0004b34>] kernel_init+0x24/0x130
    [<c001d4a0>] ret_from_kernel_thread+0x5c/0x64
unreferenced object 0xdea17a20 (size 32):
  comm "swapper", pid 1, jiffies 4294892503 (age 7776.836s)
  hex dump (first 32 bytes):
    31 36 38 30 78 31 30 35 30 2d 33 32 00 65 72 73  1680x1050-32.ers
    2f 74 64 66 78 66 62 00 00 00 00 00 00 00 00 00  /tdfxfb.........
  backtrace:
    [<c021b3b8>] kstrdup+0x48/0x88
    [<c051f3a8>] fb_get_options+0x60/0x2b0
    [<c0ae3170>] control_init+0x30/0x62c
    [<c00041d4>] do_one_initcall+0xf0/0x2a4
    [<c0aabb1c>] kernel_init_freeable+0x300/0x3a4
    [<c0004b34>] kernel_init+0x24/0x130
    [<c001d4a0>] ret_from_kernel_thread+0x5c/0x64
unreferenced object 0xdea179e0 (size 32):
  comm "swapper", pid 1, jiffies 4294892503 (age 7776.836s)
  hex dump (first 32 bytes):
    31 36 38 30 78 31 30 35 30 2d 33 32 00 00 00 00  1680x1050-32....
    de 3b 1b 00 00 00 00 10 73 2f 66 62 30 00 00 00  .;......s/fb0...
  backtrace:
    [<c021b3b8>] kstrdup+0x48/0x88
    [<c051f3a8>] fb_get_options+0x60/0x2b0
    [<c0ae3794>] platinumfb_init+0x28/0x17c
    [<c00041d4>] do_one_initcall+0xf0/0x2a4
    [<c0aabb1c>] kernel_init_freeable+0x300/0x3a4
    [<c0004b34>] kernel_init+0x24/0x130
    [<c001d4a0>] ret_from_kernel_thread+0x5c/0x64
unreferenced object 0xdea179c0 (size 32):
  comm "swapper", pid 1, jiffies 4294892503 (age 7776.836s)
  hex dump (first 32 bytes):
    31 36 38 30 78 31 30 35 30 2d 33 32 00 df dc 4b  1680x1050-32...K
    cc 5f ce c5 da 29 cd ed c8 4a 4c ac ca 9a 4b 4d  ._...)...JL...KM
  backtrace:
    [<c021b3b8>] kstrdup+0x48/0x88
    [<c051f3a8>] fb_get_options+0x60/0x2b0
    [<c0ae3a28>] valkyriefb_init+0x38/0x668
    [<c00041d4>] do_one_initcall+0xf0/0x2a4
    [<c0aabb1c>] kernel_init_freeable+0x300/0x3a4
    [<c0004b34>] kernel_init+0x24/0x130
    [<c001d4a0>] ret_from_kernel_thread+0x5c/0x64
unreferenced object 0xdea179a0 (size 32):
  comm "swapper", pid 1, jiffies 4294892503 (age 7776.836s)
  hex dump (first 32 bytes):
    31 36 38 30 78 31 30 35 30 2d 33 32 00 65 72 73  1680x1050-32.ers
    2f 63 68 69 70 73 66 62 00 00 00 00 00 00 00 00  /chipsfb........
  backtrace:
    [<c021b3b8>] kstrdup+0x48/0x88
    [<c051f3a8>] fb_get_options+0x60/0x2b0
    [<c0ae40f4>] imsttfb_init+0x34/0x2a0
    [<c00041d4>] do_one_initcall+0xf0/0x2a4
    [<c0aabb1c>] kernel_init_freeable+0x300/0x3a4
    [<c0004b34>] kernel_init+0x24/0x130
    [<c001d4a0>] ret_from_kernel_thread+0x5c/0x64
Comment 1 Mathieu Malaterre 2016-10-09 16:16:38 UTC 
So the function `fb_get_options` is implemented this way:

```
int fb_get_options(const char *name, char **option)
{
[...]
  /* No match, pass global option */
  if (!options && option && fb_mode_option)
    options = kstrdup(fb_mode_option, GFP_KERNEL);
```

How does the site caller knows when to `kfree` the `kstrdup` string ?