Freeing non heap memory

Question

static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
    .forwarding     = 0,
    .hop_limit      = IPV6_DEFAULT_HOPLIMIT,
    .mtu6           = IPV6_MIN_MTU,
};

static int __net_init addrconf_init_net(struct net *net)
{
    struct ipv6_devconf *dflt;
    dflt = &ipv6_devconf_dflt;
    kfree(dflt);
}

ipv6_devconf_dflt is a static structure variable. Address of ipv6_devconf_dflt is assigned to local variable. which is then freed using kfree().

Is it allowed to free non-heap memory?

Asherah · Accepted Answer · 2012-06-28T04:28:49.537

4

No—it doesn't make sense to free memory outside the heap, because kfree() only works to free up memory in the context of kmalloc()ed chunks!

Timeline:

Committed in January 2008 when the IPv6 devconfs for namespaces came into being.
Noticed on linux-netdev in August 2008, to no fanfare.
Pointed out again on the LKML in 2010, with a patch request coming back from the original author, with no patch ever materialised.

edited Jun 28 '12 at 04:28

answered Jun 28 '12 at 00:50

Asherah

18,948
5
53
72

Code I am looking is Linux kernel version 3.0.22. – shunty Jun 28 '12 at 00:56
From what I can see this code is [still present in 3.4.4](http://lxr.linux.no/linux+v3.4.4/net/ipv6/addrconf.c#L4721), so it's still an outstanding bug. – Asherah Jun 28 '12 at 01:00
Can you please suggest a Fix? – shunty Jun 28 '12 at 01:26
Unbelievable. Such a bug in Linux stable release. – ciphor Jun 28 '12 at 01:38
@shunty: I'm not intimately familiar with the details of what's happening here; I'm just being your Google assistant. The email in 2010 asked for a patch and didn't receive one. – Asherah Jun 28 '12 at 04:23
@ciphor: what? Linux isn't bug-free, and as [Ben Greear pointed out in 2008](http://amailbox.org/mailarchive/linux-netdev/2008/6/18/2164014/thread), it's not actually clear whether the case will occur in real-world settings. If you think it's unbelievable that this exists (and has existed since [January 2008 when it was introduced with the IPv6 devconfs for namespaces](https://github.com/torvalds/linux/commit/e0da5a480cafc7ca228d6b5a05dbd77344a6bd29#L1R4177)), then you might want to consider fixing it. – Asherah Jun 28 '12 at 04:25
1

@Len: I'm not doubting the truth of this bug. I'm just curious how could such an obvious bug be released into a stable release of linux kernel. – ciphor Jun 28 '12 at 05:36
@ciphor: I didn't meant to say you were literally doubting its truth (I was just reusing the word you used)—my point is, the bug is not obvious at all, seeing as three people have noticed it in four years (and the OP is one of them), and only one of them because they actually *hit* the bug (and they were developing in this area). – Asherah Jun 28 '12 at 06:08
1

Failure handling paths are always the buggiest code. My guess is that `__addrconf_sysctl_register` never fails, and this code is never reached. If it runs during boot, there should be plenty of free memory and no reason for failure. – ugoren Jun 28 '12 at 07:22

Freeing non heap memory

1 Answers1