* debugfs_create_u32_array() memory leaks
@ 2020-06-19 23:17 Jakub Kicinski
2020-06-20 7:45 ` Greg Kroah-Hartman
0 siblings, 1 reply; 5+ messages in thread
From: Jakub Kicinski @ 2020-06-19 23:17 UTC (permalink / raw)
To: Greg Kroah-Hartman, Rafael J. Wysocki, Ronald Tschalär,
Nicolai Stange, David Rientjes, Srivatsa Vaddagiri
Cc: linux-kernel
Hi!
I'm trying to use debugfs_create_u32_array() in drivers/net/netdevsim
and it causes memory leaks:
unreferenced object 0xffff8880546642a0 (size 16):
comm "test_udp_tuns.s", pid 2146, jiffies 4294928368 (age 3772.435s)
hex dump (first 16 bytes):
84 52 6a 4d 80 88 ff ff 04 00 00 00 f3 78 7e 89 .RjM.........x~.
backtrace:
[<000000006962a447>] debugfs_create_u32_array+0x3f/0x90
I can see that debugfs_create_u32_array() allocates a structure at
create time that ends up assigned to inode->i_private, but I don't
see it freed anywhere.
Am I missing something? I'm pretty sure files get removed, cause the
driver calls debugfs_remove_recursive() and no other file types leaks.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: debugfs_create_u32_array() memory leaks
2020-06-19 23:17 debugfs_create_u32_array() memory leaks Jakub Kicinski
@ 2020-06-20 7:45 ` Greg Kroah-Hartman
2020-06-22 19:23 ` Jakub Kicinski
0 siblings, 1 reply; 5+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-20 7:45 UTC (permalink / raw)
To: Jakub Kicinski
Cc: Rafael J. Wysocki, Ronald Tschalär, Nicolai Stange,
David Rientjes, Srivatsa Vaddagiri, linux-kernel
On Fri, Jun 19, 2020 at 04:17:34PM -0700, Jakub Kicinski wrote:
> Hi!
>
> I'm trying to use debugfs_create_u32_array() in drivers/net/netdevsim
> and it causes memory leaks:
>
> unreferenced object 0xffff8880546642a0 (size 16):
> comm "test_udp_tuns.s", pid 2146, jiffies 4294928368 (age 3772.435s)
> hex dump (first 16 bytes):
> 84 52 6a 4d 80 88 ff ff 04 00 00 00 f3 78 7e 89 .RjM.........x~.
> backtrace:
> [<000000006962a447>] debugfs_create_u32_array+0x3f/0x90
>
> I can see that debugfs_create_u32_array() allocates a structure at
> create time that ends up assigned to inode->i_private, but I don't
> see it freed anywhere.
>
> Am I missing something? I'm pretty sure files get removed, cause the
> driver calls debugfs_remove_recursive() and no other file types leaks.
Yeah, that's a bug, nice catch. The debugfs_create*() functions should
not allocate local memory as we can't know to free that memory when the
file is removed.
Can you fix this up, or do you want me to? I only see one in-kernel
user of this, so it shouldn't be that tough to do so. The one user
never removes that file so that's why no one noticed this before.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: debugfs_create_u32_array() memory leaks
2020-06-20 7:45 ` Greg Kroah-Hartman
@ 2020-06-22 19:23 ` Jakub Kicinski
2020-06-22 19:31 ` Greg Kroah-Hartman
0 siblings, 1 reply; 5+ messages in thread
From: Jakub Kicinski @ 2020-06-22 19:23 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Rafael J. Wysocki, Ronald Tschalär, Nicolai Stange,
David Rientjes, Srivatsa Vaddagiri, linux-kernel
On Sat, 20 Jun 2020 09:45:42 +0200 Greg Kroah-Hartman wrote:
> On Fri, Jun 19, 2020 at 04:17:34PM -0700, Jakub Kicinski wrote:
> > Hi!
> >
> > I'm trying to use debugfs_create_u32_array() in drivers/net/netdevsim
> > and it causes memory leaks:
> >
> > unreferenced object 0xffff8880546642a0 (size 16):
> > comm "test_udp_tuns.s", pid 2146, jiffies 4294928368 (age 3772.435s)
> > hex dump (first 16 bytes):
> > 84 52 6a 4d 80 88 ff ff 04 00 00 00 f3 78 7e 89 .RjM.........x~.
> > backtrace:
> > [<000000006962a447>] debugfs_create_u32_array+0x3f/0x90
> >
> > I can see that debugfs_create_u32_array() allocates a structure at
> > create time that ends up assigned to inode->i_private, but I don't
> > see it freed anywhere.
> >
> > Am I missing something? I'm pretty sure files get removed, cause the
> > driver calls debugfs_remove_recursive() and no other file types leaks.
>
> Yeah, that's a bug, nice catch. The debugfs_create*() functions should
> not allocate local memory as we can't know to free that memory when the
> file is removed.
>
> Can you fix this up, or do you want me to? I only see one in-kernel
> user of this, so it shouldn't be that tough to do so. The one user
> never removes that file so that's why no one noticed this before.
Ah, I wasn't sure how to fix but since you say that create functions
shouldn't allocate memory seems like the fix will be to make callers
pass an equivalent of struct debugfs_blob_wrapper for u32.
I'm happy to send a patch to that effect - I have a process question
tho - I need this change in net-next, should I sent the patch to you?
Can it still make it into 5.8 (debugfs -> Linus -> net -> net-next) or
perhaps can it go via net-next since there is no de facto bug in 5.8?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: debugfs_create_u32_array() memory leaks
2020-06-22 19:23 ` Jakub Kicinski
@ 2020-06-22 19:31 ` Greg Kroah-Hartman
2020-06-23 20:21 ` Jakub Kicinski
0 siblings, 1 reply; 5+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-22 19:31 UTC (permalink / raw)
To: Jakub Kicinski
Cc: Rafael J. Wysocki, Ronald Tschalär, Nicolai Stange,
David Rientjes, Srivatsa Vaddagiri, linux-kernel
On Mon, Jun 22, 2020 at 12:23:32PM -0700, Jakub Kicinski wrote:
> On Sat, 20 Jun 2020 09:45:42 +0200 Greg Kroah-Hartman wrote:
> > On Fri, Jun 19, 2020 at 04:17:34PM -0700, Jakub Kicinski wrote:
> > > Hi!
> > >
> > > I'm trying to use debugfs_create_u32_array() in drivers/net/netdevsim
> > > and it causes memory leaks:
> > >
> > > unreferenced object 0xffff8880546642a0 (size 16):
> > > comm "test_udp_tuns.s", pid 2146, jiffies 4294928368 (age 3772.435s)
> > > hex dump (first 16 bytes):
> > > 84 52 6a 4d 80 88 ff ff 04 00 00 00 f3 78 7e 89 .RjM.........x~.
> > > backtrace:
> > > [<000000006962a447>] debugfs_create_u32_array+0x3f/0x90
> > >
> > > I can see that debugfs_create_u32_array() allocates a structure at
> > > create time that ends up assigned to inode->i_private, but I don't
> > > see it freed anywhere.
> > >
> > > Am I missing something? I'm pretty sure files get removed, cause the
> > > driver calls debugfs_remove_recursive() and no other file types leaks.
> >
> > Yeah, that's a bug, nice catch. The debugfs_create*() functions should
> > not allocate local memory as we can't know to free that memory when the
> > file is removed.
> >
> > Can you fix this up, or do you want me to? I only see one in-kernel
> > user of this, so it shouldn't be that tough to do so. The one user
> > never removes that file so that's why no one noticed this before.
>
> Ah, I wasn't sure how to fix but since you say that create functions
> shouldn't allocate memory seems like the fix will be to make callers
> pass an equivalent of struct debugfs_blob_wrapper for u32.
Sounds good.
> I'm happy to send a patch to that effect - I have a process question
> tho - I need this change in net-next, should I sent the patch to you?
> Can it still make it into 5.8 (debugfs -> Linus -> net -> net-next) or
> perhaps can it go via net-next since there is no de facto bug in 5.8?
I can take a fix now, and get it into 5.8 if that makes things easier
for you.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: debugfs_create_u32_array() memory leaks
2020-06-22 19:31 ` Greg Kroah-Hartman
@ 2020-06-23 20:21 ` Jakub Kicinski
0 siblings, 0 replies; 5+ messages in thread
From: Jakub Kicinski @ 2020-06-23 20:21 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Rafael J. Wysocki, Ronald Tschalär, Nicolai Stange,
David Rientjes, Srivatsa Vaddagiri, linux-kernel
On Mon, 22 Jun 2020 21:31:09 +0200 Greg Kroah-Hartman wrote:
> > Ah, I wasn't sure how to fix but since you say that create functions
> > shouldn't allocate memory seems like the fix will be to make callers
> > pass an equivalent of struct debugfs_blob_wrapper for u32.
>
> Sounds good.
>
> > I'm happy to send a patch to that effect - I have a process question
> > tho - I need this change in net-next, should I sent the patch to you?
> > Can it still make it into 5.8 (debugfs -> Linus -> net -> net-next) or
> > perhaps can it go via net-next since there is no de facto bug in 5.8?
>
> I can take a fix now, and get it into 5.8 if that makes things easier
> for you.
Having thought about it - since I'm changing the prototype I'd have to
wait with my networking changes for the patch to land in net-next.
So I'll just send the debugfs fix with my other code to DaveM and CC
appropriately..
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-06-23 20:21 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-19 23:17 debugfs_create_u32_array() memory leaks Jakub Kicinski
2020-06-20 7:45 ` Greg Kroah-Hartman
2020-06-22 19:23 ` Jakub Kicinski
2020-06-22 19:31 ` Greg Kroah-Hartman
2020-06-23 20:21 ` Jakub Kicinski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).