stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Chen Jun <chenjun102@huawei.com>,
	"Steven Rostedt (VMware)" <rostedt@goodmis.org>,
	Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 09/18] tracing: Fix a kmemleak false positive in tracing_map
Date: Wed, 15 Dec 2021 18:21:30 +0100	[thread overview]
Message-ID: <20211215172023.127635880@linuxfoundation.org> (raw)
In-Reply-To: <20211215172022.795825673@linuxfoundation.org>

From: Chen Jun <chenjun102@huawei.com>

[ Upstream commit f25667e5980a4333729cac3101e5de1bb851f71a ]

Doing the command:
  echo 'hist:key=common_pid.execname,common_timestamp' > /sys/kernel/debug/tracing/events/xxx/trigger

Triggers many kmemleak reports:

unreferenced object 0xffff0000c7ea4980 (size 128):
  comm "bash", pid 338, jiffies 4294912626 (age 9339.324s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000f3469921>] kmem_cache_alloc_trace+0x4c0/0x6f0
    [<0000000054ca40c3>] hist_trigger_elt_data_alloc+0x140/0x178
    [<00000000633bd154>] tracing_map_init+0x1f8/0x268
    [<000000007e814ab9>] event_hist_trigger_func+0xca0/0x1ad0
    [<00000000bf8520ed>] trigger_process_regex+0xd4/0x128
    [<00000000f549355a>] event_trigger_write+0x7c/0x120
    [<00000000b80f898d>] vfs_write+0xc4/0x380
    [<00000000823e1055>] ksys_write+0x74/0xf8
    [<000000008a9374aa>] __arm64_sys_write+0x24/0x30
    [<0000000087124017>] do_el0_svc+0x88/0x1c0
    [<00000000efd0dcd1>] el0_svc+0x1c/0x28
    [<00000000dbfba9b3>] el0_sync_handler+0x88/0xc0
    [<00000000e7399680>] el0_sync+0x148/0x180
unreferenced object 0xffff0000c7ea4980 (size 128):
  comm "bash", pid 338, jiffies 4294912626 (age 9339.324s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000f3469921>] kmem_cache_alloc_trace+0x4c0/0x6f0
    [<0000000054ca40c3>] hist_trigger_elt_data_alloc+0x140/0x178
    [<00000000633bd154>] tracing_map_init+0x1f8/0x268
    [<000000007e814ab9>] event_hist_trigger_func+0xca0/0x1ad0
    [<00000000bf8520ed>] trigger_process_regex+0xd4/0x128
    [<00000000f549355a>] event_trigger_write+0x7c/0x120
    [<00000000b80f898d>] vfs_write+0xc4/0x380
    [<00000000823e1055>] ksys_write+0x74/0xf8
    [<000000008a9374aa>] __arm64_sys_write+0x24/0x30
    [<0000000087124017>] do_el0_svc+0x88/0x1c0
    [<00000000efd0dcd1>] el0_svc+0x1c/0x28
    [<00000000dbfba9b3>] el0_sync_handler+0x88/0xc0
    [<00000000e7399680>] el0_sync+0x148/0x180

The reason is elts->pages[i] is alloced by get_zeroed_page.
and kmemleak will not scan the area alloced by get_zeroed_page.
The address stored in elts->pages will be regarded as leaked.

That is, the elts->pages[i] will have pointers loaded onto it as well, and
without telling kmemleak about it, those pointers will look like memory
without a reference.

To fix this, call kmemleak_alloc to tell kmemleak to scan elts->pages[i]

Link: https://lkml.kernel.org/r/20211124140801.87121-1-chenjun102@huawei.com

Signed-off-by: Chen Jun <chenjun102@huawei.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/trace/tracing_map.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/trace/tracing_map.c b/kernel/trace/tracing_map.c
index 10657b8dc2c2d..83c2a0598c648 100644
--- a/kernel/trace/tracing_map.c
+++ b/kernel/trace/tracing_map.c
@@ -15,6 +15,7 @@
 #include <linux/jhash.h>
 #include <linux/slab.h>
 #include <linux/sort.h>
+#include <linux/kmemleak.h>
 
 #include "tracing_map.h"
 #include "trace.h"
@@ -307,6 +308,7 @@ void tracing_map_array_free(struct tracing_map_array *a)
 	for (i = 0; i < a->n_pages; i++) {
 		if (!a->pages[i])
 			break;
+		kmemleak_free(a->pages[i]);
 		free_page((unsigned long)a->pages[i]);
 	}
 
@@ -342,6 +344,7 @@ struct tracing_map_array *tracing_map_array_alloc(unsigned int n_elts,
 		a->pages[i] = (void *)get_zeroed_page(GFP_KERNEL);
 		if (!a->pages[i])
 			goto free;
+		kmemleak_alloc(a->pages[i], PAGE_SIZE, 1, GFP_KERNEL);
 	}
  out:
 	return a;
-- 
2.33.0




  parent reply	other threads:[~2021-12-15 17:28 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-15 17:21 [PATCH 5.4 00/18] 5.4.166-rc1 review Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 01/18] nfc: fix segfault in nfc_genl_dump_devices_done Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 02/18] drm/msm/dsi: set default num_data_lanes Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 03/18] net/mlx4_en: Update reported link modes for 1/10G Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 04/18] parisc/agp: Annotate parisc agp init functions with __init Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 05/18] i2c: rk3x: Handle a spurious start completion interrupt flag Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 06/18] net: netlink: af_netlink: Prevent empty skb by adding a check on len Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 07/18] drm/amd/display: Fix for the no Audio bug with Tiled Displays Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 08/18] drm/amd/display: add connector type check for CRC source set Greg Kroah-Hartman
2021-12-15 17:21 ` Greg Kroah-Hartman [this message]
2021-12-15 17:21 ` [PATCH 5.4 10/18] KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 11/18] selinux: fix race condition when computing ocontext SIDs Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 12/18] bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 13/18] hwmon: (dell-smm) Fix warning on /proc/i8k creation error Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 14/18] memblock: free_unused_memmap: use pageblock units instead of MAX_ORDER Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 15/18] memblock: align freed memory map on pageblock boundaries with SPARSEMEM Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 16/18] memblock: ensure there is no overflow in memblock_overlaps_region() Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 17/18] arm: extend pfn_valid to take into account freed memory map alignment Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 18/18] arm: ioremap: dont abuse pfn_valid() to check if pfn is in RAM Greg Kroah-Hartman
2021-12-15 20:00 ` [PATCH 5.4 00/18] 5.4.166-rc1 review Jon Hunter
2021-12-15 21:52 ` Shuah Khan
2021-12-15 22:47 ` Florian Fainelli
2021-12-16 11:47 ` Naresh Kamboju
2021-12-16 18:07 ` Guenter Roeck
2021-12-17  0:53 ` Samuel Zou

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211215172023.127635880@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=chenjun102@huawei.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rostedt@goodmis.org \
    --cc=sashal@kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).