From: Alexey Kardashevskiy <aik@ozlabs.ru>
To: Catalin Marinas <catalin.marinas@arm.com>, linux-mm@kvack.org
Cc: linux-kernel@vger.kernel.org,
Marc Dionne <marc.c.dionne@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] kmemleak: Do not corrupt the object_list during clean-up
Date: Sat, 5 Oct 2019 13:11:10 +1000 [thread overview]
Message-ID: <5a75249e-47ee-bb7c-d281-31b385d8bb86@ozlabs.ru> (raw)
In-Reply-To: <20191004134624.46216-1-catalin.marinas@arm.com>
On 04/10/2019 23:46, Catalin Marinas wrote:
> In case of an error (e.g. memory pool too small), kmemleak disables
> itself and cleans up the already allocated metadata objects. However, if
> this happens early before the RCU callback mechanism is available,
> put_object() skips call_rcu() and frees the object directly. This is not
> safe with the RCU list traversal in __kmemleak_do_cleanup().
>
> Change the list traversal in __kmemleak_do_cleanup() to
> list_for_each_entry_safe() and remove the rcu_read_{lock,unlock} since
> the kmemleak is already disabled at this point. In addition, avoid an
> unnecessary metadata object rb-tree look-up since it already has the
> struct kmemleak_object pointer.
>
> Fixes: c5665868183f ("mm: kmemleak: use the memory pool for early allocations")
> Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru>
> Reported-by: Marc Dionne <marc.c.dionne@gmail.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
It not just fixed lockups but brought network speed back to normal but I guess it is because kmemleak disables itself
when CONFIG_DEBUG_KMEMLEAK_MEM_POOL_SIZE=400.
dmesg:
[ 0.000000] kmemleak: Memory pool empty, consider increasing CONFIG_DEBUG_KMEMLEAK_MEM_POOL_SIZE
[ 0.000000] kmemleak: Cannot allocate a kmemleak_object structure
[ 0.000000] kmemleak: Kernel memory leak detector disabled
> ---
> mm/kmemleak.c | 30 +++++++++++++++++++++---------
> 1 file changed, 21 insertions(+), 9 deletions(-)
>
> diff --git a/mm/kmemleak.c b/mm/kmemleak.c
> index 03a8d84badad..244607663363 100644
> --- a/mm/kmemleak.c
> +++ b/mm/kmemleak.c
> @@ -526,6 +526,16 @@ static struct kmemleak_object *find_and_get_object(unsigned long ptr, int alias)
> return object;
> }
>
> +/*
> + * Remove an object from the object_tree_root and object_list. Must be called
> + * with the kmemleak_lock held _if_ kmemleak is still enabled.
> + */
> +static void __remove_object(struct kmemleak_object *object)
> +{
> + rb_erase(&object->rb_node, &object_tree_root);
> + list_del_rcu(&object->object_list);
> +}
> +
> /*
> * Look up an object in the object search tree and remove it from both
> * object_tree_root and object_list. The returned object's use_count should be
> @@ -538,10 +548,8 @@ static struct kmemleak_object *find_and_remove_object(unsigned long ptr, int ali
>
> write_lock_irqsave(&kmemleak_lock, flags);
> object = lookup_object(ptr, alias);
> - if (object) {
> - rb_erase(&object->rb_node, &object_tree_root);
> - list_del_rcu(&object->object_list);
> - }
> + if (object)
> + __remove_object(object);
> write_unlock_irqrestore(&kmemleak_lock, flags);
>
> return object;
> @@ -1834,12 +1842,16 @@ static const struct file_operations kmemleak_fops = {
>
> static void __kmemleak_do_cleanup(void)
> {
> - struct kmemleak_object *object;
> + struct kmemleak_object *object, *tmp;
>
> - rcu_read_lock();
> - list_for_each_entry_rcu(object, &object_list, object_list)
> - delete_object_full(object->pointer);
> - rcu_read_unlock();
> + /*
> + * Kmemleak has already been disabled, no need for RCU list traversal
> + * or kmemleak_lock held.
> + */
> + list_for_each_entry_safe(object, tmp, &object_list, object_list) {
> + __remove_object(object);
> + __delete_object(object);
> + }
> }
>
> /*
>
--
Alexey
next prev parent reply other threads:[~2019-10-05 3:11 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-04 13:46 [PATCH] kmemleak: Do not corrupt the object_list during clean-up Catalin Marinas
2019-10-05 3:11 ` Alexey Kardashevskiy [this message]
2019-10-09 16:37 ` Song Liu
2019-10-09 16:37 ` Song Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5a75249e-47ee-bb7c-d281-31b385d8bb86@ozlabs.ru \
--to=aik@ozlabs.ru \
--cc=akpm@linux-foundation.org \
--cc=catalin.marinas@arm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=marc.c.dionne@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).