From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Chen Jun <chenjun102@huawei.com>,
"Steven Rostedt (VMware)" <rostedt@goodmis.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 09/18] tracing: Fix a kmemleak false positive in tracing_map
Date: Wed, 15 Dec 2021 18:21:30 +0100 [thread overview]
Message-ID: <20211215172023.127635880@linuxfoundation.org> (raw)
In-Reply-To: <20211215172022.795825673@linuxfoundation.org>
From: Chen Jun <chenjun102@huawei.com>
[ Upstream commit f25667e5980a4333729cac3101e5de1bb851f71a ]
Doing the command:
echo 'hist:key=common_pid.execname,common_timestamp' > /sys/kernel/debug/tracing/events/xxx/trigger
Triggers many kmemleak reports:
unreferenced object 0xffff0000c7ea4980 (size 128):
comm "bash", pid 338, jiffies 4294912626 (age 9339.324s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000f3469921>] kmem_cache_alloc_trace+0x4c0/0x6f0
[<0000000054ca40c3>] hist_trigger_elt_data_alloc+0x140/0x178
[<00000000633bd154>] tracing_map_init+0x1f8/0x268
[<000000007e814ab9>] event_hist_trigger_func+0xca0/0x1ad0
[<00000000bf8520ed>] trigger_process_regex+0xd4/0x128
[<00000000f549355a>] event_trigger_write+0x7c/0x120
[<00000000b80f898d>] vfs_write+0xc4/0x380
[<00000000823e1055>] ksys_write+0x74/0xf8
[<000000008a9374aa>] __arm64_sys_write+0x24/0x30
[<0000000087124017>] do_el0_svc+0x88/0x1c0
[<00000000efd0dcd1>] el0_svc+0x1c/0x28
[<00000000dbfba9b3>] el0_sync_handler+0x88/0xc0
[<00000000e7399680>] el0_sync+0x148/0x180
unreferenced object 0xffff0000c7ea4980 (size 128):
comm "bash", pid 338, jiffies 4294912626 (age 9339.324s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000f3469921>] kmem_cache_alloc_trace+0x4c0/0x6f0
[<0000000054ca40c3>] hist_trigger_elt_data_alloc+0x140/0x178
[<00000000633bd154>] tracing_map_init+0x1f8/0x268
[<000000007e814ab9>] event_hist_trigger_func+0xca0/0x1ad0
[<00000000bf8520ed>] trigger_process_regex+0xd4/0x128
[<00000000f549355a>] event_trigger_write+0x7c/0x120
[<00000000b80f898d>] vfs_write+0xc4/0x380
[<00000000823e1055>] ksys_write+0x74/0xf8
[<000000008a9374aa>] __arm64_sys_write+0x24/0x30
[<0000000087124017>] do_el0_svc+0x88/0x1c0
[<00000000efd0dcd1>] el0_svc+0x1c/0x28
[<00000000dbfba9b3>] el0_sync_handler+0x88/0xc0
[<00000000e7399680>] el0_sync+0x148/0x180
The reason is elts->pages[i] is alloced by get_zeroed_page.
and kmemleak will not scan the area alloced by get_zeroed_page.
The address stored in elts->pages will be regarded as leaked.
That is, the elts->pages[i] will have pointers loaded onto it as well, and
without telling kmemleak about it, those pointers will look like memory
without a reference.
To fix this, call kmemleak_alloc to tell kmemleak to scan elts->pages[i]
Link: https://lkml.kernel.org/r/20211124140801.87121-1-chenjun102@huawei.com
Signed-off-by: Chen Jun <chenjun102@huawei.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/tracing_map.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/trace/tracing_map.c b/kernel/trace/tracing_map.c
index 10657b8dc2c2d..83c2a0598c648 100644
--- a/kernel/trace/tracing_map.c
+++ b/kernel/trace/tracing_map.c
@@ -15,6 +15,7 @@
#include <linux/jhash.h>
#include <linux/slab.h>
#include <linux/sort.h>
+#include <linux/kmemleak.h>
#include "tracing_map.h"
#include "trace.h"
@@ -307,6 +308,7 @@ void tracing_map_array_free(struct tracing_map_array *a)
for (i = 0; i < a->n_pages; i++) {
if (!a->pages[i])
break;
+ kmemleak_free(a->pages[i]);
free_page((unsigned long)a->pages[i]);
}
@@ -342,6 +344,7 @@ struct tracing_map_array *tracing_map_array_alloc(unsigned int n_elts,
a->pages[i] = (void *)get_zeroed_page(GFP_KERNEL);
if (!a->pages[i])
goto free;
+ kmemleak_alloc(a->pages[i], PAGE_SIZE, 1, GFP_KERNEL);
}
out:
return a;
--
2.33.0
next prev parent reply other threads:[~2021-12-15 17:28 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-15 17:21 [PATCH 5.4 00/18] 5.4.166-rc1 review Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 01/18] nfc: fix segfault in nfc_genl_dump_devices_done Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 02/18] drm/msm/dsi: set default num_data_lanes Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 03/18] net/mlx4_en: Update reported link modes for 1/10G Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 04/18] parisc/agp: Annotate parisc agp init functions with __init Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 05/18] i2c: rk3x: Handle a spurious start completion interrupt flag Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 06/18] net: netlink: af_netlink: Prevent empty skb by adding a check on len Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 07/18] drm/amd/display: Fix for the no Audio bug with Tiled Displays Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 08/18] drm/amd/display: add connector type check for CRC source set Greg Kroah-Hartman
2021-12-15 17:21 ` Greg Kroah-Hartman [this message]
2021-12-15 17:21 ` [PATCH 5.4 10/18] KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 11/18] selinux: fix race condition when computing ocontext SIDs Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 12/18] bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 13/18] hwmon: (dell-smm) Fix warning on /proc/i8k creation error Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 14/18] memblock: free_unused_memmap: use pageblock units instead of MAX_ORDER Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 15/18] memblock: align freed memory map on pageblock boundaries with SPARSEMEM Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 16/18] memblock: ensure there is no overflow in memblock_overlaps_region() Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 17/18] arm: extend pfn_valid to take into account freed memory map alignment Greg Kroah-Hartman
2021-12-15 17:21 ` [PATCH 5.4 18/18] arm: ioremap: dont abuse pfn_valid() to check if pfn is in RAM Greg Kroah-Hartman
2021-12-15 20:00 ` [PATCH 5.4 00/18] 5.4.166-rc1 review Jon Hunter
2021-12-15 21:52 ` Shuah Khan
2021-12-15 22:47 ` Florian Fainelli
2021-12-16 11:47 ` Naresh Kamboju
2021-12-16 18:07 ` Guenter Roeck
2021-12-17 0:53 ` Samuel Zou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211215172023.127635880@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=chenjun102@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).