Hi Tomasz, Below you find my valgrind output.
As you mentioned, the network reference device is freeing is the the one it creates, in this case, it is created in eth_newlink. I could not see any network referenced by eth which is not via device, so that's the reason I patched by removing network_unref and letting device manage it by its own. Cheers. ================= ==23771== Invalid read of size 4 ==23771== at 0x445A0F: connman_network_unref_debug (network.c:1037) ==23771== by 0x41F5A5: remove_network (ethernet.c:131) ==23771== by 0x41F86E: eth_dev_remove (ethernet.c:197) ==23771== by 0x4420C6: remove_device (device.c:295) ==23771== by 0x442149: remove_driver (device.c:310) ==23771== by 0x44229C: connman_device_driver_unregister (device.c:363) ==23771== by 0x41FCBD: ethernet_exit (ethernet.c:365) ==23771== by 0x440C45: __connman_plugin_cleanup (plugin.c:200) ==23771== by 0x43F5FB: main (main.c:697) ==23771== Address 0x7917d20 is 0 bytes inside a block of size 232 free'd ==23771== at 0x4C2BCD7: free (vg_replace_malloc.c:469) ==23771== by 0x445863: network_destruct (network.c:968) ==23771== by 0x445A98: connman_network_unref_debug (network.c:1045) ==23771== by 0x44230B: free_network (device.c:374) ==23771== by 0x4E6D8F9: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1) ==23771== by 0x44310F: connman_device_remove_network (device.c:901) ==23771== by 0x41F586: remove_network (ethernet.c:130) ==23771== by 0x41F86E: eth_dev_remove (ethernet.c:197) ==23771== by 0x4420C6: remove_device (device.c:295) ==23771== by 0x442149: remove_driver (device.c:310) ==23771== by 0x44229C: connman_device_driver_unregister (device.c:363) ==23771== by 0x41FCBD: ethernet_exit (ethernet.c:365) ==23771== ==23771== Invalid read of size 8 ==23771== at 0x445A18: connman_network_unref_debug (network.c:1037) ==23771== by 0x41F5A5: remove_network (ethernet.c:131) ==23771== by 0x41F86E: eth_dev_remove (ethernet.c:197) ==23771== by 0x4420C6: remove_device (device.c:295) ==23771== by 0x442149: remove_driver (device.c:310) ==23771== by 0x44229C: connman_device_driver_unregister (device.c:363) ==23771== by 0x41FCBD: ethernet_exit (ethernet.c:365) ==23771== by 0x440C45: __connman_plugin_cleanup (plugin.c:200) ==23771== by 0x43F5FB: main (main.c:697) ==23771== Address 0x7917d38 is 24 bytes inside a block of size 232 free'd ==23771== at 0x4C2BCD7: free (vg_replace_malloc.c:469) ==23771== by 0x445863: network_destruct (network.c:968) ==23771== by 0x445A98: connman_network_unref_debug (network.c:1045) ==23771== by 0x44230B: free_network (device.c:374) ==23771== by 0x4E6D8F9: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3800.1) ==23771== by 0x44310F: connman_device_remove_network (device.c:901) ==23771== by 0x41F586: remove_network (ethernet.c:130) ==23771== by 0x41F86E: eth_dev_remove (ethernet.c:197) ==23771== by 0x4420C6: remove_device (device.c:295) ==23771== by 0x442149: remove_driver (device.c:310) ==23771== by 0x44229C: connman_device_driver_unregister (device.c:363) ==23771== by 0x41FCBD: ethernet_exit (ethernet.c:365) On Thu, Apr 17, 2014 at 3:37 AM, Tomasz Bursztyka < tomasz.burszt...@linux.intel.com> wrote: > Hi Eduardo, > > > Network unreference is already being done by free_network, >> called by g_hash_table_remove. This patche prevents from >> an invalid read during nework removal. >> > > I would be curious to see your valgrind output. > > The reference ethernet.c is removing is the one which is set when the > network is created. > device.c remove it's own reference (added in connman_device_add_network). > > If there is a reference bug, it does not seem to be where you found it. > > Tomasz > _______________________________________________ > connman mailing list > connman@connman.net > https://lists.connman.net/mailman/listinfo/connman > _______________________________________________ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
