Message ID | 20230123170419.7292-8-george@enfabrica.net (mailing list archive) |
---|---|
State | New |
Headers | show
Return-Path: <owner-linux-mm@kvack.org> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D245AC38142 for <linux-mm@archiver.kernel.org>; Mon, 23 Jan 2023 17:05:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6EA226B007E; Mon, 23 Jan 2023 12:05:25 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 698DC6B0080; Mon, 23 Jan 2023 12:05:25 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 538D96B0081; Mon, 23 Jan 2023 12:05:25 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 4095D6B007E for <linux-mm@kvack.org>; Mon, 23 Jan 2023 12:05:25 -0500 (EST) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id F1854ABE71 for <linux-mm@kvack.org>; Mon, 23 Jan 2023 17:05:24 +0000 (UTC) X-FDA: 80386689768.02.D32224A Received: from mail-ot1-f52.google.com (mail-ot1-f52.google.com [209.85.210.52]) by imf17.hostedemail.com (Postfix) with ESMTP id 813DC4001E for <linux-mm@kvack.org>; Mon, 23 Jan 2023 17:05:21 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=enfabrica.net header.s=google header.b=eRHkK9RS; spf=pass (imf17.hostedemail.com: domain of george@enfabrica.net designates 209.85.210.52 as permitted sender) smtp.mailfrom=george@enfabrica.net; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1674493521; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6ru6CLB0URVzEwIi8l9mzpkjbwVXFEWjh4LnzIwtBgg=; b=1pATbomrLzn6slc4NUEqzqZAHqI6IXEFt9CeHnTALzVSJ/4CUOVNe2iJPyswCohFzvZk6h KWZnOME1ERz4HR1K5MZcbW1WKAF1bbIUfF7UMlzq6a1kwzDoe5SRe6XN29MZvgQUMAU3F4 ESl+5dX6DP4L5DBnSyZAK+2zVCcKNa8= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=enfabrica.net header.s=google header.b=eRHkK9RS; spf=pass (imf17.hostedemail.com: domain of george@enfabrica.net designates 209.85.210.52 as permitted sender) smtp.mailfrom=george@enfabrica.net; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1674493521; a=rsa-sha256; cv=none; b=SxJpEkXK3KRfLsqMKtpwOW8mRr9C4ijgRfGfHaVo71DaHquPd74cSixInW5QFPg3Ao6gv0 f0HJIEO7FgXp+ivCgI1cT6vFPZNqQCqOfd6Di0p93AG0oC9GYeS/ZDfggySU6bYjv0A6BR +t4Q/91kRpeRKcdBqh8C+SfZBt891nU= Received: by mail-ot1-f52.google.com with SMTP id k1-20020a056830150100b006864d1cb279so7683360otp.5 for <linux-mm@kvack.org>; Mon, 23 Jan 2023 09:05:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enfabrica.net; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6ru6CLB0URVzEwIi8l9mzpkjbwVXFEWjh4LnzIwtBgg=; b=eRHkK9RSp5RdUPbYzc2ONDyMk1JVlFNsVwUGHf/NxgfjQtB2EguW9rSon5vUJDEQcR csImBlv1J/8eJb0qw56nUOkalGbV3a9x7Y+1iaTyUJQzHKwhtDEC6PfRxanAeXV8m/hK nTV9ZRDqUFiBL5abS70FxjIdsRGoYa90GQtfcK5xG7MVLKvFuzLiCfhSXpOsVNqfGowy yaZpYooq8OyDfvz1AP5wzOv1luRGdwp9M89VSrRpL+BaQ2XkmmKQ86jTzfYdyjLqmp4z KGg5dcZYHnUHIh/GT9M4dDHpW67G6ZesHaPm+nvGRaQp/gfK7aqKufdBPwIZeV8GR0OF sltA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6ru6CLB0URVzEwIi8l9mzpkjbwVXFEWjh4LnzIwtBgg=; b=QWzTneSxz1dg0GHABiADvCE8quTpSS1Lo42X+pPHHB1o/X+879oQ1jgZ3c2PNOTZpd NlQRSHTFzIkjXiIkp6fY1QMN5KEGa/Vwdu8k/E7QZfHyJrOO5vfUzDF4lIK7UA8uNMrZ QLaBYro6d9lvkIJ5Gl3y827ctqXbwKGvINLP7EZZgdij0SUEExW41/zUnI/Ljurb1vwH tflSDBQzJ56QMcj75Fk+UFZDlKLcN02pvAMqHPBNgxBDBGTDpw2wh3mnsiVFvIHee6Ew +Glk6zbshqM3M5J6QhEIKo0P7VLjQ4cinPVCoIYepyuQZnZd1seY8mMXODIeJkkpzt5b mx4g== X-Gm-Message-State: AFqh2ko7Ys+8KjYmFAhmwHhZh5GHAfSr5fZXcwkL3PUDYP1qR9W0mQnf OJ9DgJd75/W3HbcL30nKZ8t/iQ== X-Google-Smtp-Source: AMrXdXvByCWK7YSdHMdSB0mW02MoC6pySSXn6CG8IdG7KukUbpOeHf13LuBKC6y/KYQF7TZq9bxuGw== X-Received: by 2002:a05:6830:1358:b0:670:9f08:2c48 with SMTP id r24-20020a056830135800b006709f082c48mr12522432otq.9.1674493520590; Mon, 23 Jan 2023 09:05:20 -0800 (PST) Received: from DESKTOP-B7RB26P.localdomain (cpe-70-114-202-97.austin.res.rr.com. [70.114.202.97]) by smtp.gmail.com with ESMTPSA id 2-20020aca0502000000b0035ec1384c9esm23160163oif.23.2023.01.23.09.05.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Jan 2023 09:05:20 -0800 (PST) From: George Prekas <george@enfabrica.net> To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Catalin Marinas <catalin.marinas@arm.com>, Andrew Morton <akpm@linux-foundation.org>, Christoph Lameter <cl@linux.com>, Pekka Enberg <penberg@kernel.org>, David Rientjes <rientjes@google.com>, Joonsoo Kim <iamjoonsoo.kim@lge.com>, Vlastimil Babka <vbabka@suse.cz>, Roman Gushchin <roman.gushchin@linux.dev>, Hyeonggon Yoo <42.hyeyoo@gmail.com>, Thomas Gleixner <tglx@linutronix.de>, "Eric W. Biederman" <ebiederm@xmission.com>, Sebastian Andrzej Siewior <bigeasy@linutronix.de>, Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org>, "Liam R. Howlett" <Liam.Howlett@Oracle.com>, Fenghua Yu <fenghua.yu@intel.com>, Andrei Vagin <avagin@gmail.com>, George Prekas <george@enfabrica.net> Subject: [PATCH 7/9] mm: kmemleak: erase page->s_mem in slab_destroy Date: Mon, 23 Jan 2023 11:04:17 -0600 Message-Id: <20230123170419.7292-8-george@enfabrica.net> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230123170419.7292-1-george@enfabrica.net> References: <20230123170419.7292-1-george@enfabrica.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Stat-Signature: 6stfp33bz8w9of5aarbrr9hperaixfct X-Rspam-User: X-Rspamd-Queue-Id: 813DC4001E X-Rspamd-Server: rspam06 X-HE-Tag: 1674493521-259530 X-HE-Meta: U2FsdGVkX1+RneKmMxSmVKvvkJsNBnEXUrkbAyhea6J/UfUHh4Vc8PsCQ791tzV23U77eVm7llY+I5VbU7kphShREmRgOfhYO5h3aI3mSZ/so89aIB1ehBt7yEppypx4kC4HHDzctgLgld0tKaGq8T3qwKLJU169d0xynzI3hwPPLoEbtMMvHgRnp616PhcNBSisyBTj2tuASYT6/WEzT4WY1xLUjSAnfFBKUCkRMQ3FK8XIxGuZNpv9+WDppa1gZtwiiRsI4uv1R1b0au35xgJpFQ11JFkojFRfz7vslbBPHWQ1nK+xosw6T+ToJyqSTYYRfzEUC9GI/fUYbdc4BhJ0wBGcUFgkFxz6zEDr2M88mRHrC0jgiNowA5VPzjXMdxHIK7k37DoX0ppHk+HpCL7eY0Cf3YmBihS35LMMHx3Qmb6fU8RB3R7kG5K65/BAeS3XuqRt6cjLfYN0RyFCaH2e+8KKO3e2TMi+5BdYnyqDECMRZKeJc7+Q0KFLNL7H678cNSY4PYdCcqTOvxeEGsWwagEbNjt8qIoH+g45GhY8J6datD3r9v4TuzlYG10QDMbEH1sCw5AFhOPgvumZ00pt+9G4P8y3M+u9YYoG3HLyGF3gI9SOLFr/3DmEs6udEoMFkaaatUxmKdFMSIJCClHivej9npMqNi/LeUyN5ptBn2dRkmJSEXxD5vpohXqvLiYzJYVSMuEGj01Xh/041lqnuYfxJfVJc91YkGF6wuztztkZpoZHRARAHehojjp3f/yLJJ4SzJhp7X9x4a4iAmBkPflciDTDamgar/tPcA5MKRgpKqW2G/Cj/esqLx4yhxCdwUxt605JZ1osFyzExJIqVj6i2duYwuIoYqSSwG5NqeZH5c+6pURSCTqZGWzU7zAnC1EV99PMDJtIY4Bi4dcVVy6Lch3ysm8wZ8ozQsGTHQP3sELVZ3OG1OwmucMPtrfia2FaI9Pshvuq1S0 r3W87vp6 ucT/fio7QqjtWoBxgYXz3W8oRao5tDexiGrD4fa2AdjLlIZdkZk+HD1Wr27rcHuo6ylh3dqjuSIFeQ8f5YLkumnciMK8fHwCZSjSirfzXX+bUeE4iKK8nYx6pNU4O4+oFb6ioTPPws/J6txnlcIrldiK2XPpGLZJw2ONbgZqdo6gj7PfRyFv3Q6rv1BoZbVbj35K5qmhLArB7j3LPP/7s4lSA+3RY8wARnh7jVYajOR0uMzUju9F/XIdfketIprIPXLdBA0yYAKIchKrHrk3I75+u/r0n7CIdpmCMoX+9Qnsg65YNT+iG4me7XOzYg/xbICwq9lX/SExbaiADwgGjKUPIIY2NZsTXfoRzaD1FTglLnKohOKq1Lli+jciiCIUnyXU/Puz0qNLD0Cdg800gFegN1v2Vg0JYMoiDoeSpv3dJeteRVQRbvHuAoV05G5q5RHESdsaHYVq2/zgvEYoKeuuqOYIkj/HMyu4EOBB7wTU7XVCb7OX+miRi3N/KVjzYzZrTrGr5WYEdu0s= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: <linux-mm.kvack.org> |
Series |
mm: kmemleak: fix unreported memory leaks
|
expand
|
On Mon, 23 Jan 2023, George Prekas wrote: > The field s_mem of struct page is initialized with the virtual address > of the page in function alloc_slabmgmt. If kmalloc allocates an object > that starts on this page, then kmemleak knows that this object has 2 > references. On slab_destroy, s_mem should not continue referring to any > allocated object in the future. Nope. s_mem is a pointer to an array of objects. It is not a pointer to a page. If a slab-caches is used for slabmanagement then these objects contain slab metadata which may be a bit confusing.
diff --git a/mm/slab.c b/mm/slab.c index a927e1a285d1..aa5eb725ee9c 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -1611,6 +1611,9 @@ static void slab_destroy(struct kmem_cache *cachep, struct slab *slab) { void *freelist; + /* Erase the page's virtual address from s_mem */ + kmemleak_erase(&slab->s_mem); + freelist = slab->freelist; slab_destroy_debugcheck(cachep, slab); if (unlikely(cachep->flags & SLAB_TYPESAFE_BY_RCU))
The field s_mem of struct page is initialized with the virtual address of the page in function alloc_slabmgmt. If kmalloc allocates an object that starts on this page, then kmemleak knows that this object has 2 references. On slab_destroy, s_mem should not continue referring to any allocated object in the future. Specifically, assume that initially the 4KB cache uses page[5] and its s_mem = 0x5000. Then assume that this cache releases page[5] and the 8KB cache allocates page[4] and page[5]. Subsequently, kmalloc returns an 8KB object at address 0x4000 which will have 3 references: the returned pointer from kmalloc, page[4].s_mem = 0x4000, and page[5].s_mem. This object can leak without detection. Signed-off-by: George Prekas <george@enfabrica.net> --- mm/slab.c | 3 +++ 1 file changed, 3 insertions(+)