From patchwork Mon Jan 23 17:04:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: George Prekas X-Patchwork-Id: 13112586 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF458C05027 for ; Mon, 23 Jan 2023 17:05:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 70EE56B0080; Mon, 23 Jan 2023 12:05:27 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 6990B6B0081; Mon, 23 Jan 2023 12:05:27 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5392D6B0082; Mon, 23 Jan 2023 12:05:27 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 3D08E6B0080 for ; Mon, 23 Jan 2023 12:05:27 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 11300ABE4C for ; Mon, 23 Jan 2023 17:05:27 +0000 (UTC) X-FDA: 80386689894.18.FAE8A1F Received: from mail-oa1-f46.google.com (mail-oa1-f46.google.com [209.85.160.46]) by imf12.hostedemail.com (Postfix) with ESMTP id B1F8340041 for ; Mon, 23 Jan 2023 17:05:23 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=enfabrica.net header.s=google header.b=APL7TitI; spf=pass (imf12.hostedemail.com: domain of george@enfabrica.net designates 209.85.160.46 as permitted sender) smtp.mailfrom=george@enfabrica.net; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1674493523; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ybecE7vl8IXqIAJRMP/wGF59IDlD/hkvogtnVPzlVAI=; b=Hjz+4qb6E9cw4KH7lpdEqHOlviuaSFWcQphEdYLD4x5+IKfaFnEHNTYX+RQFIBU7IAEmQH QPWxEP7nPIXK4bIMtoANmwD+BBQUaojCY0Da+5gyPPArLLNNGyWAWG/a+q4f3d/ODwXwkV pZ+5icUi8DGo7P2ZSb59y89bBU0UMqg= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=enfabrica.net header.s=google header.b=APL7TitI; spf=pass (imf12.hostedemail.com: domain of george@enfabrica.net designates 209.85.160.46 as permitted sender) smtp.mailfrom=george@enfabrica.net; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1674493523; a=rsa-sha256; cv=none; b=cvFgk0Pgc1zYmU0/DxSpEApZzRydgUtFbNfDDkxqTrbRxGwSwZY+j4I+bpYf61zS0Rt7wp NmBcd0sHHXd0ScTeKHwv87R8DhmoDCITxJLL04q30GMAiaRj6jI7IQyhAB45KzVl3VxYsV tV7C+yblEjkMrrGWFNo4dpXWC3xzjSA= Received: by mail-oa1-f46.google.com with SMTP id 586e51a60fabf-1433ef3b61fso14628939fac.10 for ; Mon, 23 Jan 2023 09:05:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enfabrica.net; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ybecE7vl8IXqIAJRMP/wGF59IDlD/hkvogtnVPzlVAI=; b=APL7TitIWu54rYa8SCVe8M3t0wMgLY+EV18cpTS1TnvN1zchHcLl1Ucf9YXLj3UDrT 7NgDbZrD/5d1Ri7Y5BX5j4wEvWROYTj6Ah0D07piXUurw4bQNf8fHkltGPmYEovdFyir W9EIKbIvyhtvwkPubU2J5RShw8WGwD7mOV65YKKY+C8iQUexFcSXqJ8D+Nu/qoUYtrgr UDfKq36+TkUnpoof+BMglXhqxWwr95hspOcKgpJ0NxFlgRsNSWsde/dbjtRXeJJuWh+J e0Jus9A143Rj74MtKcxi6llOf07toQnooc0l0KLGRcLgGCvhUs8IrZwiXNMGjX99G0Ta FxNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ybecE7vl8IXqIAJRMP/wGF59IDlD/hkvogtnVPzlVAI=; b=VWGwgG9C29RlbxsqOPsa/qwNV4muyOdncO+UcO9xu5GyaPxGvxP2EHunv8qf4DbiT0 BvoS8qBvgHEiD1nM8cFJw4OM8ma4VufG6WF9zhZyr3D9hPH/YN3mJaPm8VZC9aEVlhVz R9gVw93d3yoriErLxSAF8Ng+4owyoFNgXd+eBEmnxpIpBWtqlp3424XzBjp1DCTcvzml 27urvtOY0052Kuf9ezeCeZbY1l4TLNKdde8RIQ0eCpT11nv5FH0RsEB3NeJ+wYfzEb51 FEH+V7cfnBtYWvj9ztZ1frD70qxinMsxB0L2a+ob9TYdHYOAPd2l9F5YwLfheNQqz/ff hX7A== X-Gm-Message-State: AFqh2kqnwATO9wjv3oyGJT/HN1631+k7Ev/E1m/xscvlSpwqUEWFpYEn zMrPvHG1FqiJ3z23ekViUbSReA== X-Google-Smtp-Source: AMrXdXsRhvT7IPixwWUMSoAngcVnbBU4uqLsWAOHwwINbPYyJOELbPpvjBW1uZWQE2O5oDk3JmtS4w== X-Received: by 2002:a05:6870:ab84:b0:15f:32b:6e46 with SMTP id gs4-20020a056870ab8400b0015f032b6e46mr13704980oab.49.1674493522851; Mon, 23 Jan 2023 09:05:22 -0800 (PST) Received: from DESKTOP-B7RB26P.localdomain (cpe-70-114-202-97.austin.res.rr.com. [70.114.202.97]) by smtp.gmail.com with ESMTPSA id 2-20020aca0502000000b0035ec1384c9esm23160163oif.23.2023.01.23.09.05.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Jan 2023 09:05:22 -0800 (PST) From: George Prekas To: linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Catalin Marinas , Andrew Morton , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Vlastimil Babka , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Thomas Gleixner , "Eric W. Biederman" , Sebastian Andrzej Siewior , Andy Lutomirski , Peter Zijlstra , "Liam R. Howlett" , Fenghua Yu , Andrei Vagin , George Prekas Subject: [PATCH 8/9] mm: kmemleak: erase page->freelist in slab_destroy Date: Mon, 23 Jan 2023 11:04:18 -0600 Message-Id: <20230123170419.7292-9-george@enfabrica.net> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230123170419.7292-1-george@enfabrica.net> References: <20230123170419.7292-1-george@enfabrica.net> MIME-Version: 1.0 X-Rspam-User: X-Rspamd-Server: rspam03 X-Stat-Signature: cmgoy9cmg9jzbe4i19yzqhxrt9a816dg X-Rspamd-Queue-Id: B1F8340041 X-HE-Tag: 1674493523-261332 X-HE-Meta: U2FsdGVkX18wuRI2YSxOzeZ/LsnG485js+xPA2gBAiTJ8UMoj/H+D+7DmRe/vqI+thBLjySaugIMHApsSgi6DcYtKaeEzG8VGvCme2Lw6Jg1axI2teBkjppSbTRfwldIlDAqKwyMdzLXZOofZf9Qs6X2tUsBTpsSucnAAX5liMECUZQkYwn8qaQoiiRbJbJgZHRPFvoM+hCSlm2L+EY6rhELc7VV0ZR7b3of4BNpwJNWwASpsrWP1bwWMQFqmyXbr5oWubR3HHYsP03VR8EGir5+ewEbbvAraf4eyWtOaYCRdsvhKlEXHyUIsqEadeGZUgGG1EIrs8TWtPeGsIGq5MQXJHO18pY0Iz3bG2CyQH+tvkfZ6aTiuLqB6YQhVd+NNIPJBB9RJ6rkYDgxIj5/pUFY0TUJQ0tqV/0WkSrF6tDxxWPxyUVPc4YGzYD5EIW2l52mB2dxBYEwW5ibSaOshNltH0wGnGxemferh6nTV+5q8jEiRxjw4FUXQsXsCVTizmaOA1Fc21f4l5KtpgSqJM3AdDDTJ9w+K8eJPBL776nMATYbsZve2lkRglSiT2+iONz1WFcqWVANOYo6EMQaoAMdpu7AEMGblGU4Jndknc147tjfUq6SfuO4kEinYtanRfR3lN1YlzLgvwgi1Q4E9nPoJh1q5hRT7kPPldcl9oXgyepJmnA+GTq1GDB0VpRsa30gVdGPMPJjAuz0fn8DVSQD8O+cd4OKuJ3DF+QiNq7kBlIYpPLVn7NRX3t66Fvxn5L/FzVRgY7UUpr1jjp1DrhivmsnU3jMemqWOD5SJ9kfVKEcM+jqYQVsnOWqxuEXGyTd/VcRwEGozS3RkqQQOJCC1vOiGzGcqy8et/YcKGAAWF+HsG8CeIpNvDkmqAZXjqar3E9Aja9Yid5pmsfoYzsFpjnES73wjXZT4qdiTrs+OFR0LMOyq8yrrkHQ4ip1X/ALjLm0bGTEteKYvZN fvhuCHi6 /QjW3RDA+j0W0Leo+cBbT6Ag8AlNjwN+pp69WSnYGOmXeawp67n0IhUH/sKYyrfuZ5HWHpavevCx9fbU5lYcUdQBVIlpA2F4Q9YxX8+qOuUnJUHBcfrqxlZQrRcWxUZ1GX1Zl96VEIKqKhyTQRr8cRLDvHmbb9lE6u9mydA+jeAjr+x6jn1336SMVaWAEK7e/qCRTqL2fZ+9uvlhFj8AR38CKnhXaFnqFIIftabGmx2JEk7FktQ0OJZTpi8i6KC4kT7rENfSEHmxu2IAke1P+SoyfutJ9NAino57nnwYLvsPoBstQQdGHmUhiQ5tdnrG/0qYrDuhrRhUn3WCM9W16666HPNqjwkv88ZzSL/3J3UmkqtknDUWc+JGLW4mtKHCCNfJqaHEGlJvSvRjBkHQQCbYJkZnybIEhFH72F68gKEiGvp1S+Lm1QqMP2/ijSgWZ9Cmc2eftgOqMPxE/hM9n13NKdtUdKermewlcCoIrin3fFCCWCnKNm2POYdsy73Pnl3xCVViDccy9LJw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: slab_destroy frees the allocated memory pointed by page->freelist. It should also erase the reference to it. Otherwise, when the memory is reused for another object, kmemleak will find the stale pointer and erroneously increase the reference count of the new object. That will lead to undetected memory leaks. Signed-off-by: George Prekas --- mm/slab.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/mm/slab.c b/mm/slab.c index aa5eb725ee9c..12acce274502 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -1625,8 +1625,10 @@ static void slab_destroy(struct kmem_cache *cachep, struct slab *slab) * From now on, we don't use freelist * although actual page can be freed in rcu context */ - if (OFF_SLAB(cachep)) + if (OFF_SLAB(cachep)) { kfree(freelist); + kmemleak_erase(&slab->freelist); + } } /*