From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752601AbdIAWdP (ORCPT <rfc822;w@1wt.eu>);
        Fri, 1 Sep 2017 18:33:15 -0400
Received: from mail.kernel.org ([198.145.29.99]:41936 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752515AbdIAWdO (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 1 Sep 2017 18:33:14 -0400
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 305B42199E
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=goodmis.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=rostedt@goodmis.org
Date: Fri, 1 Sep 2017 18:33:11 -0400
From: Steven Rostedt <rostedt@goodmis.org>
To: LKML <linux-kernel@vger.kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
        Andrey Ryabinin <aryabinin@virtuozzo.com>, kasan-dev@googlegroups.com
Subject: kmemleak not always catching stuff
Message-ID: <20170901183311.3bf3348a@gandalf.local.home>
X-Mailer: Claws Mail 3.14.0 (GTK+ 2.24.31; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

Recently kmemleak discovered a bug in my code where an allocated
trampoline for a ftrace function tracer wasn't freed due to an exit
path. The thing is, kmemleak was able to catch this 100% when it was
triggered by one of my ftrace selftests that happen at bootup. But when
I trigger the issue from user space after bootup finished, it would not
catch it.

Now I was thinking that it may be due to the fact that the trampoline
is allocated with module_alloc(), and that has some magic kasan goo in
it. But when forcing the issue with adding the following code:

	void **pblah;
	void *blah;

	pblah = kmalloc(sizeof(*pblah), GFP_KERNEL);	
	blah = module_alloc(PAGE_SIZE);
	*pblah = blah;
	printk("allocated blah %p\n", blah);
	kfree(pblah);

in a path that I could control, it would catch it only after doing it
several times. I was never able to have kmemleak catch the actual bug
from user space no matter how many times I triggered it.

 # dmesg |grep kmemleak 
[   16.746832] kmemleak: Kernel memory leak detector initialized
[   16.746888] kmemleak: Automatic memory scanning thread started

And then I would do:

 # echo scan=on > /sys/kernel/debug/kmemleak

 [do the test]

 # echo scan > /sys/kernel/debug/kmemleak

Most of the times it found nothing. Even when I switched the above from
module_alloc() to kmalloc().

Is this normal?

-- Steve