[PATCH] mm/kmemleak: fix the possible wrong memory scanning period

[PATCH] mm/kmemleak: fix the possible wrong memory scanning period

[Yanfei Xu]

This commit contains 3 modifies:

1.Convert the type of jiffies_scan_wait to "unsigned long".

2.Use READ/WRITE_ONCE() for accessing "jiffies_scan_wait".

3.Fix the possible wrong memory scanning period. If you set a large
memory scanning period like blow, then the "secs" variable will be
non-zero, however the value of "jiffies_scan_wait" will be zero.

    echo "scan=0x10000000" > /sys/kernel/debug/kmemleak

It is because the type of the msecs_to_jiffies()'s parameter is
"unsigned int", and the "secs * 1000" is larger than its max value.
This in turn leads a unexpected jiffies_scan_wait, maybe zero. We
corret it by replacing kstrtoul() with kstrtouint(), and check the
msecs to prevent it larger than UINT_MAX.

Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
---
 mm/kmemleak.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index 92a2d4885808..228a2fbe0657 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -219,7 +219,7 @@ static struct task_struct *scan_thread;
 static unsigned long jiffies_min_age;
 static unsigned long jiffies_last_scan;
 /* delay between automatic memory scannings */
-static signed long jiffies_scan_wait;
+static unsigned long jiffies_scan_wait;
 /* enables or disables the task stacks scanning */
 static int kmemleak_stack_scan = 1;
 /* protects the memory scanning, parameters and debug/kmemleak file access */
@@ -1567,7 +1567,7 @@ static int kmemleak_scan_thread(void *arg)
 	}
 
 	while (!kthread_should_stop()) {
-		signed long timeout = jiffies_scan_wait;
+		signed long timeout = READ_ONCE(jiffies_scan_wait);
 
 		mutex_lock(&scan_mutex);
 		kmemleak_scan();
@@ -1807,14 +1807,20 @@ static ssize_t kmemleak_write(struct file *file, const char __user *user_buf,
 	else if (strncmp(buf, "scan=off", 8) == 0)
 		stop_scan_thread();
 	else if (strncmp(buf, "scan=", 5) == 0) {
-		unsigned long secs;
+		unsigned secs;
+		unsigned long msecs;
 
-		ret = kstrtoul(buf + 5, 0, &secs);
+		ret = kstrtouint(buf + 5, 0, &secs);
 		if (ret < 0)
 			goto out;
+
+		msecs = secs * MSEC_PER_SEC;
+		if (msecs > UINT_MAX)
+			msecs = UINT_MAX;
+
 		stop_scan_thread();
-		if (secs) {
-			jiffies_scan_wait = msecs_to_jiffies(secs * 1000);
+		if (msecs) {
+			WRITE_ONCE(jiffies_scan_wait, msecs_to_jiffies(msecs));
 			start_scan_thread();
 		}
 	} else if (strncmp(buf, "scan", 4) == 0)
-- 
2.27.0

Re: [PATCH] mm/kmemleak: fix the possible wrong memory scanning period

[Catalin Marinas]

On Mon, Jun 14, 2021 at 01:40:22AM +0800, Yanfei Xu wrote:
> This commit contains 3 modifies:
> 
> 1.Convert the type of jiffies_scan_wait to "unsigned long".
> 
> 2.Use READ/WRITE_ONCE() for accessing "jiffies_scan_wait".
> 
> 3.Fix the possible wrong memory scanning period. If you set a large
> memory scanning period like blow, then the "secs" variable will be
> non-zero, however the value of "jiffies_scan_wait" will be zero.
> 
>     echo "scan=0x10000000" > /sys/kernel/debug/kmemleak
> 
> It is because the type of the msecs_to_jiffies()'s parameter is
> "unsigned int", and the "secs * 1000" is larger than its max value.
> This in turn leads a unexpected jiffies_scan_wait, maybe zero. We
> corret it by replacing kstrtoul() with kstrtouint(), and check the
> msecs to prevent it larger than UINT_MAX.
> 
> Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>

Acked-by: Catalin Marinas <catalin.marinas@arm.com>