From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S966778AbcKLSCY (ORCPT <rfc822;w@1wt.eu>);
        Sat, 12 Nov 2016 13:02:24 -0500
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:34512 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S966525AbcKLSCW (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 12 Nov 2016 13:02:22 -0500
Date: Sat, 12 Nov 2016 10:02:18 -0800
From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Yang Shi <yang.shi@linaro.org>
Cc: josh@joshtriplett.org, linux-kernel@vger.kernel.org,
        linaro-kernel@lists.linaro.org
Subject: Re: [PATCH] locktorture: Fix potential memory leak with rw lock test
Reply-To: paulmck@linux.vnet.ibm.com
References: <1478811999-12696-1-git-send-email-yang.shi@linaro.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1478811999-12696-1-git-send-email-yang.shi@linaro.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-TM-AS-GCONF: 00
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 16111218-8235-0000-0000-0000099A8170
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00006065; HX=3.00000240; KW=3.00000007;
 PH=3.00000004; SC=3.00000189; SDB=6.00779911; UDB=6.00375910; IPR=6.00557297;
 BA=6.00004873; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000;
 ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00013305; XFM=3.00000011;
 UTC=2016-11-12 18:02:20
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 16111218-8236-0000-0000-0000366ABC98
Message-Id: <20161112180218.GW4127@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-11-12_05:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=2
 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
 adjust=0 reason=mlx scancount=1 engine=8.0.1-1609300000
 definitions=main-1611120327
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Nov 10, 2016 at 01:06:39PM -0800, Yang Shi wrote:
> When running locktorture module with the below commands with kmemleak enabled:
> 
> $ modprobe locktorture torture_type=rw_lock_irq
> $ rmmod locktorture
> 
> The below kmemleak got caught:
> 
> root@10:~# echo scan > /sys/kernel/debug/kmemleak
> [  323.197029] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
> root@10:~# cat /sys/kernel/debug/kmemleak
> unreferenced object 0xffffffc07592d500 (size 128):
>   comm "modprobe", pid 368, jiffies 4294924118 (age 205.824s)
>   hex dump (first 32 bytes):
>     00 00 00 00 00 00 00 00 c3 7b 02 00 00 00 00 00  .........{......
>     00 00 00 00 00 00 00 00 d7 9b 02 00 00 00 00 00  ................
>   backtrace:
>     [<ffffff80081e5a88>] create_object+0x110/0x288
>     [<ffffff80086c6078>] kmemleak_alloc+0x58/0xa0
>     [<ffffff80081d5acc>] __kmalloc+0x234/0x318
>     [<ffffff80006fa130>] 0xffffff80006fa130
>     [<ffffff8008083ae4>] do_one_initcall+0x44/0x138
>     [<ffffff800817e28c>] do_init_module+0x68/0x1cc
>     [<ffffff800811c848>] load_module+0x1a68/0x22e0
>     [<ffffff800811d340>] SyS_finit_module+0xe0/0xf0
>     [<ffffff80080836f0>] el0_svc_naked+0x24/0x28
>     [<ffffffffffffffff>] 0xffffffffffffffff
> unreferenced object 0xffffffc07592d480 (size 128):
>   comm "modprobe", pid 368, jiffies 4294924118 (age 205.824s)
>   hex dump (first 32 bytes):
>     00 00 00 00 00 00 00 00 3b 6f 01 00 00 00 00 00  ........;o......
>     00 00 00 00 00 00 00 00 23 6a 01 00 00 00 00 00  ........#j......
>   backtrace:
>     [<ffffff80081e5a88>] create_object+0x110/0x288
>     [<ffffff80086c6078>] kmemleak_alloc+0x58/0xa0
>     [<ffffff80081d5acc>] __kmalloc+0x234/0x318
>     [<ffffff80006fa22c>] 0xffffff80006fa22c
>     [<ffffff8008083ae4>] do_one_initcall+0x44/0x138
>     [<ffffff800817e28c>] do_init_module+0x68/0x1cc
>     [<ffffff800811c848>] load_module+0x1a68/0x22e0
>     [<ffffff800811d340>] SyS_finit_module+0xe0/0xf0
>     [<ffffff80080836f0>] el0_svc_naked+0x24/0x28
>     [<ffffffffffffffff>] 0xffffffffffffffff
> 
> It is because cxt.lwsa and cxt.lrsa don't get freed in module_exit, so free
> them in lock_torture_cleanup() and free writer_tasks if reader_tasks is
> failed at memory allocation.
> 
> Signed-off-by: Yang Shi <yang.shi@linaro.org>

Good catch!  Queued for review and testing.

							Thanx, Paul

> ---
>  kernel/locking/locktorture.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/kernel/locking/locktorture.c b/kernel/locking/locktorture.c
> index f8c5af5..d3de04b 100644
> --- a/kernel/locking/locktorture.c
> +++ b/kernel/locking/locktorture.c
> @@ -780,6 +780,10 @@ static void lock_torture_cleanup(void)
>  	else
>  		lock_torture_print_module_parms(cxt.cur_ops,
>  						"End of test: SUCCESS");
> +
> +	kfree(cxt.lwsa);
> +	kfree(cxt.lrsa);
> +
>  end:
>  	torture_cleanup_end();
>  }
> @@ -924,6 +928,8 @@ static int __init lock_torture_init(void)
>  				       GFP_KERNEL);
>  		if (reader_tasks == NULL) {
>  			VERBOSE_TOROUT_ERRSTRING("reader_tasks: Out of memory");
> +			kfree(writer_tasks);
> +			writer_tasks = NULL;
>  			firsterr = -ENOMEM;
>  			goto unwind;
>  		}
> -- 
> 2.0.2
>