diff mbox series

module: Refine kmemleak scanned areas

Message ID 20240906153856.22204-1-vdonnefort@google.com (mailing list archive)
State New
Headers show
Series module: Refine kmemleak scanned areas | expand

Checks

Context Check Description
mdraidci/vmtest-modules-next-PR success PR summary
mdraidci/vmtest-modules-next-VM_Test-1 success Logs for build-kernel
mdraidci/vmtest-modules-next-VM_Test-0 success Logs for build-kernel

Commit Message

Vincent Donnefort Sept. 6, 2024, 3:38 p.m. UTC 
commit ac3b43283923 ("module: replace module_layout with module_memory")
introduced a set of memory regions for the module layout sharing the
same attributes but didn't update the kmemleak scanned areas which
intended to limit kmemleak scan to sections containing writable data.
This means sections such as .text and .rodata are scanned by kmemleak.

Refine the scanned areas for modules by limiting it to MOD_TEXT and
MOD_INIT_TEXT mod_mem regions.

CC: Song Liu <song@kernel.org>
CC: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>


base-commit: 431c1646e1f86b949fa3685efc50b660a364c2b6

Comments

Luis Chamberlain Sept. 6, 2024, 11:26 p.m. UTC | #1 
On Fri, Sep 06, 2024 at 04:38:56PM +0100, Vincent Donnefort wrote:
> commit ac3b43283923 ("module: replace module_layout with module_memory")
> introduced a set of memory regions for the module layout sharing the
> same attributes but didn't update the kmemleak scanned areas which
> intended to limit kmemleak scan to sections containing writable data.
> This means sections such as .text and .rodata are scanned by kmemleak.
> 
> Refine the scanned areas for modules by limiting it to MOD_TEXT and
> MOD_INIT_TEXT mod_mem regions.
> 
> CC: Song Liu <song@kernel.org>
> CC: Catalin Marinas <catalin.marinas@arm.com>
> Signed-off-by: Vincent Donnefort <vdonnefort@google.com>


Refine or fix? If a fix, please use a Fixes tag.

  Luis
Catalin Marinas Sept. 7, 2024, 2:12 p.m. UTC | #2 
On Fri, Sep 06, 2024 at 04:38:56PM +0100, Vincent Donnefort wrote:
> commit ac3b43283923 ("module: replace module_layout with module_memory")
> introduced a set of memory regions for the module layout sharing the
> same attributes but didn't update the kmemleak scanned areas which
> intended to limit kmemleak scan to sections containing writable data.
> This means sections such as .text and .rodata are scanned by kmemleak.
> 
> Refine the scanned areas for modules by limiting it to MOD_TEXT and
> MOD_INIT_TEXT mod_mem regions.
> 
> CC: Song Liu <song@kernel.org>
> CC: Catalin Marinas <catalin.marinas@arm.com>
> Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
> 
> diff --git a/kernel/module/debug_kmemleak.c b/kernel/module/debug_kmemleak.c
> index 12a569d361e8..b4cc03842d70 100644
> --- a/kernel/module/debug_kmemleak.c
> +++ b/kernel/module/debug_kmemleak.c
> @@ -12,19 +12,9 @@
>  void kmemleak_load_module(const struct module *mod,
>  			  const struct load_info *info)
>  {
> -	unsigned int i;
> -
> -	/* only scan the sections containing data */
> -	kmemleak_scan_area(mod, sizeof(struct module), GFP_KERNEL);
> -
> -	for (i = 1; i < info->hdr->e_shnum; i++) {
> -		/* Scan all writable sections that's not executable */
> -		if (!(info->sechdrs[i].sh_flags & SHF_ALLOC) ||
> -		    !(info->sechdrs[i].sh_flags & SHF_WRITE) ||
> -		    (info->sechdrs[i].sh_flags & SHF_EXECINSTR))
> -			continue;
> -
> -		kmemleak_scan_area((void *)info->sechdrs[i].sh_addr,
> -				   info->sechdrs[i].sh_size, GFP_KERNEL);
> +	/* only scan writable, non-executable sections */
> +	for_each_mod_mem_type(type) {
> +		if (type != MOD_DATA && type != MOD_INIT_DATA)
> +			kmemleak_no_scan(mod->mem[type].base);
>  	}
>  }

I lost track of how module memory allocation works. Is struct module
still scanned after this change?
Vincent Donnefort Sept. 9, 2024, 7:40 a.m. UTC | #3 
On Sat, Sep 07, 2024 at 03:12:13PM +0100, Catalin Marinas wrote:
> On Fri, Sep 06, 2024 at 04:38:56PM +0100, Vincent Donnefort wrote:
> > commit ac3b43283923 ("module: replace module_layout with module_memory")
> > introduced a set of memory regions for the module layout sharing the
> > same attributes but didn't update the kmemleak scanned areas which
> > intended to limit kmemleak scan to sections containing writable data.
> > This means sections such as .text and .rodata are scanned by kmemleak.
> > 
> > Refine the scanned areas for modules by limiting it to MOD_TEXT and
> > MOD_INIT_TEXT mod_mem regions.
> > 
> > CC: Song Liu <song@kernel.org>
> > CC: Catalin Marinas <catalin.marinas@arm.com>
> > Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
> > 
> > diff --git a/kernel/module/debug_kmemleak.c b/kernel/module/debug_kmemleak.c
> > index 12a569d361e8..b4cc03842d70 100644
> > --- a/kernel/module/debug_kmemleak.c
> > +++ b/kernel/module/debug_kmemleak.c
> > @@ -12,19 +12,9 @@
> >  void kmemleak_load_module(const struct module *mod,
> >  			  const struct load_info *info)
> >  {
> > -	unsigned int i;
> > -
> > -	/* only scan the sections containing data */
> > -	kmemleak_scan_area(mod, sizeof(struct module), GFP_KERNEL);
> > -
> > -	for (i = 1; i < info->hdr->e_shnum; i++) {
> > -		/* Scan all writable sections that's not executable */
> > -		if (!(info->sechdrs[i].sh_flags & SHF_ALLOC) ||
> > -		    !(info->sechdrs[i].sh_flags & SHF_WRITE) ||
> > -		    (info->sechdrs[i].sh_flags & SHF_EXECINSTR))
> > -			continue;
> > -
> > -		kmemleak_scan_area((void *)info->sechdrs[i].sh_addr,
> > -				   info->sechdrs[i].sh_size, GFP_KERNEL);
> > +	/* only scan writable, non-executable sections */
> > +	for_each_mod_mem_type(type) {
> > +		if (type != MOD_DATA && type != MOD_INIT_DATA)
> > +			kmemleak_no_scan(mod->mem[type].base);
> >  	}
> >  }
> 
> I lost track of how module memory allocation works. Is struct module
> still scanned after this change?

That section being RW, it will be part of the MOD_DATA vmalloc and scanned.
Catalin Marinas Sept. 9, 2024, 8:52 a.m. UTC | #4 
On Mon, Sep 09, 2024 at 08:40:34AM +0100, Vincent Donnefort wrote:
> On Sat, Sep 07, 2024 at 03:12:13PM +0100, Catalin Marinas wrote:
> > On Fri, Sep 06, 2024 at 04:38:56PM +0100, Vincent Donnefort wrote:
> > > commit ac3b43283923 ("module: replace module_layout with module_memory")
> > > introduced a set of memory regions for the module layout sharing the
> > > same attributes but didn't update the kmemleak scanned areas which
> > > intended to limit kmemleak scan to sections containing writable data.
> > > This means sections such as .text and .rodata are scanned by kmemleak.
> > > 
> > > Refine the scanned areas for modules by limiting it to MOD_TEXT and
> > > MOD_INIT_TEXT mod_mem regions.
> > > 
> > > CC: Song Liu <song@kernel.org>
> > > CC: Catalin Marinas <catalin.marinas@arm.com>
> > > Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
> > > 
> > > diff --git a/kernel/module/debug_kmemleak.c b/kernel/module/debug_kmemleak.c
> > > index 12a569d361e8..b4cc03842d70 100644
> > > --- a/kernel/module/debug_kmemleak.c
> > > +++ b/kernel/module/debug_kmemleak.c
> > > @@ -12,19 +12,9 @@
> > >  void kmemleak_load_module(const struct module *mod,
> > >  			  const struct load_info *info)
> > >  {
> > > -	unsigned int i;
> > > -
> > > -	/* only scan the sections containing data */
> > > -	kmemleak_scan_area(mod, sizeof(struct module), GFP_KERNEL);
> > > -
> > > -	for (i = 1; i < info->hdr->e_shnum; i++) {
> > > -		/* Scan all writable sections that's not executable */
> > > -		if (!(info->sechdrs[i].sh_flags & SHF_ALLOC) ||
> > > -		    !(info->sechdrs[i].sh_flags & SHF_WRITE) ||
> > > -		    (info->sechdrs[i].sh_flags & SHF_EXECINSTR))
> > > -			continue;
> > > -
> > > -		kmemleak_scan_area((void *)info->sechdrs[i].sh_addr,
> > > -				   info->sechdrs[i].sh_size, GFP_KERNEL);
> > > +	/* only scan writable, non-executable sections */
> > > +	for_each_mod_mem_type(type) {
> > > +		if (type != MOD_DATA && type != MOD_INIT_DATA)
> > > +			kmemleak_no_scan(mod->mem[type].base);
> > >  	}
> > >  }
> > 
> > I lost track of how module memory allocation works. Is struct module
> > still scanned after this change?
> 
> That section being RW, it will be part of the MOD_DATA vmalloc and scanned.

Ah, makes sense. I'm fine with this patch, it simplifies the code now
that we have mod->mem[type]. I wouldn't say it's a fix, though no
backporting needed.

Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Vincent Donnefort Sept. 9, 2024, 10:23 a.m. UTC | #5 
On Mon, Sep 09, 2024 at 09:52:57AM +0100, Catalin Marinas wrote:
> On Mon, Sep 09, 2024 at 08:40:34AM +0100, Vincent Donnefort wrote:
> > On Sat, Sep 07, 2024 at 03:12:13PM +0100, Catalin Marinas wrote:
> > > On Fri, Sep 06, 2024 at 04:38:56PM +0100, Vincent Donnefort wrote:
> > > > commit ac3b43283923 ("module: replace module_layout with module_memory")
> > > > introduced a set of memory regions for the module layout sharing the
> > > > same attributes but didn't update the kmemleak scanned areas which
> > > > intended to limit kmemleak scan to sections containing writable data.
> > > > This means sections such as .text and .rodata are scanned by kmemleak.
> > > > 
> > > > Refine the scanned areas for modules by limiting it to MOD_TEXT and
> > > > MOD_INIT_TEXT mod_mem regions.
> > > > 
> > > > CC: Song Liu <song@kernel.org>
> > > > CC: Catalin Marinas <catalin.marinas@arm.com>
> > > > Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
> > > > 
> > > > diff --git a/kernel/module/debug_kmemleak.c b/kernel/module/debug_kmemleak.c
> > > > index 12a569d361e8..b4cc03842d70 100644
> > > > --- a/kernel/module/debug_kmemleak.c
> > > > +++ b/kernel/module/debug_kmemleak.c
> > > > @@ -12,19 +12,9 @@
> > > >  void kmemleak_load_module(const struct module *mod,
> > > >  			  const struct load_info *info)
> > > >  {
> > > > -	unsigned int i;
> > > > -
> > > > -	/* only scan the sections containing data */
> > > > -	kmemleak_scan_area(mod, sizeof(struct module), GFP_KERNEL);
> > > > -
> > > > -	for (i = 1; i < info->hdr->e_shnum; i++) {
> > > > -		/* Scan all writable sections that's not executable */
> > > > -		if (!(info->sechdrs[i].sh_flags & SHF_ALLOC) ||
> > > > -		    !(info->sechdrs[i].sh_flags & SHF_WRITE) ||
> > > > -		    (info->sechdrs[i].sh_flags & SHF_EXECINSTR))
> > > > -			continue;
> > > > -
> > > > -		kmemleak_scan_area((void *)info->sechdrs[i].sh_addr,
> > > > -				   info->sechdrs[i].sh_size, GFP_KERNEL);
> > > > +	/* only scan writable, non-executable sections */
> > > > +	for_each_mod_mem_type(type) {
> > > > +		if (type != MOD_DATA && type != MOD_INIT_DATA)
> > > > +			kmemleak_no_scan(mod->mem[type].base);
> > > >  	}
> > > >  }
> > > 
> > > I lost track of how module memory allocation works. Is struct module
> > > still scanned after this change?
> > 
> > That section being RW, it will be part of the MOD_DATA vmalloc and scanned.
> 
> Ah, makes sense. I'm fine with this patch, it simplifies the code now
> that we have mod->mem[type]. I wouldn't say it's a fix, though no
> backporting needed.

Agreed, it's "fixing" because it was scanning unecessary regions, but it's not
worth any backport.

Aside, judging by the size of this function, I am not sure it's worth to keep
a separated file, but the patch that introduced it didn't really explain why so
I kept it that way.

> 
> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>

Cheers!
Luis Chamberlain Sept. 9, 2024, 9:25 p.m. UTC | #6 
On Mon, Sep 09, 2024 at 11:23:56AM +0100, Vincent Donnefort wrote:
> On Mon, Sep 09, 2024 at 09:52:57AM +0100, Catalin Marinas wrote:
> > On Mon, Sep 09, 2024 at 08:40:34AM +0100, Vincent Donnefort wrote:
> > > On Sat, Sep 07, 2024 at 03:12:13PM +0100, Catalin Marinas wrote:
> > > > On Fri, Sep 06, 2024 at 04:38:56PM +0100, Vincent Donnefort wrote:
> > > > > commit ac3b43283923 ("module: replace module_layout with module_memory")
> > > > > introduced a set of memory regions for the module layout sharing the
> > > > > same attributes but didn't update the kmemleak scanned areas which
> > > > > intended to limit kmemleak scan to sections containing writable data.
> > > > > This means sections such as .text and .rodata are scanned by kmemleak.
> > > > > 
> > > > > Refine the scanned areas for modules by limiting it to MOD_TEXT and
> > > > > MOD_INIT_TEXT mod_mem regions.
> > > > > 
> > > > > CC: Song Liu <song@kernel.org>
> > > > > CC: Catalin Marinas <catalin.marinas@arm.com>
> > > > > Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
> > > > > 
> > > > > diff --git a/kernel/module/debug_kmemleak.c b/kernel/module/debug_kmemleak.c
> > > > > index 12a569d361e8..b4cc03842d70 100644
> > > > > --- a/kernel/module/debug_kmemleak.c
> > > > > +++ b/kernel/module/debug_kmemleak.c
> > > > > @@ -12,19 +12,9 @@
> > > > >  void kmemleak_load_module(const struct module *mod,
> > > > >  			  const struct load_info *info)
> > > > >  {
> > > > > -	unsigned int i;
> > > > > -
> > > > > -	/* only scan the sections containing data */
> > > > > -	kmemleak_scan_area(mod, sizeof(struct module), GFP_KERNEL);
> > > > > -
> > > > > -	for (i = 1; i < info->hdr->e_shnum; i++) {
> > > > > -		/* Scan all writable sections that's not executable */
> > > > > -		if (!(info->sechdrs[i].sh_flags & SHF_ALLOC) ||
> > > > > -		    !(info->sechdrs[i].sh_flags & SHF_WRITE) ||
> > > > > -		    (info->sechdrs[i].sh_flags & SHF_EXECINSTR))
> > > > > -			continue;
> > > > > -
> > > > > -		kmemleak_scan_area((void *)info->sechdrs[i].sh_addr,
> > > > > -				   info->sechdrs[i].sh_size, GFP_KERNEL);
> > > > > +	/* only scan writable, non-executable sections */
> > > > > +	for_each_mod_mem_type(type) {
> > > > > +		if (type != MOD_DATA && type != MOD_INIT_DATA)
> > > > > +			kmemleak_no_scan(mod->mem[type].base);
> > > > >  	}
> > > > >  }
> > > > 
> > > > I lost track of how module memory allocation works. Is struct module
> > > > still scanned after this change?
> > > 
> > > That section being RW, it will be part of the MOD_DATA vmalloc and scanned.
> > 
> > Ah, makes sense. I'm fine with this patch, it simplifies the code now
> > that we have mod->mem[type]. I wouldn't say it's a fix, though no
> > backporting needed.
> 
> Agreed, it's "fixing" because it was scanning unecessary regions, but it's not
> worth any backport.

Please send a v2.

  Luis
diff mbox series

Patch

diff --git a/kernel/module/debug_kmemleak.c b/kernel/module/debug_kmemleak.c
index 12a569d361e8..b4cc03842d70 100644
--- a/kernel/module/debug_kmemleak.c
+++ b/kernel/module/debug_kmemleak.c
@@ -12,19 +12,9 @@ 
 void kmemleak_load_module(const struct module *mod,
 			  const struct load_info *info)
 {
-	unsigned int i;
-
-	/* only scan the sections containing data */
-	kmemleak_scan_area(mod, sizeof(struct module), GFP_KERNEL);
-
-	for (i = 1; i < info->hdr->e_shnum; i++) {
-		/* Scan all writable sections that's not executable */
-		if (!(info->sechdrs[i].sh_flags & SHF_ALLOC) ||
-		    !(info->sechdrs[i].sh_flags & SHF_WRITE) ||
-		    (info->sechdrs[i].sh_flags & SHF_EXECINSTR))
-			continue;
-
-		kmemleak_scan_area((void *)info->sechdrs[i].sh_addr,
-				   info->sechdrs[i].sh_size, GFP_KERNEL);
+	/* only scan writable, non-executable sections */
+	for_each_mod_mem_type(type) {
+		if (type != MOD_DATA && type != MOD_INIT_DATA)
+			kmemleak_no_scan(mod->mem[type].base);
 	}
 }