[PATCH AUTOSEL 5.15 23/24] tracing: Fix a kmemleak false positive in tracing_map

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Chen Jun <chenjun102@huawei.com>,
	Steven Rostedt <rostedt@goodmis.org>,
	Sasha Levin <sashal@kernel.org>,
	mingo@redhat.com
Subject: [PATCH AUTOSEL 5.15 23/24] tracing: Fix a kmemleak false positive in tracing_map
Date: Mon,  6 Dec 2021 16:12:28 -0500	[thread overview]
Message-ID: <20211206211230.1660072-23-sashal@kernel.org> (raw)
In-Reply-To: <20211206211230.1660072-1-sashal@kernel.org>

From: Chen Jun <chenjun102@huawei.com>

[ Upstream commit f25667e5980a4333729cac3101e5de1bb851f71a ]

Doing the command:
  echo 'hist:key=common_pid.execname,common_timestamp' > /sys/kernel/debug/tracing/events/xxx/trigger

Triggers many kmemleak reports:

unreferenced object 0xffff0000c7ea4980 (size 128):
  comm "bash", pid 338, jiffies 4294912626 (age 9339.324s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000f3469921>] kmem_cache_alloc_trace+0x4c0/0x6f0
    [<0000000054ca40c3>] hist_trigger_elt_data_alloc+0x140/0x178
    [<00000000633bd154>] tracing_map_init+0x1f8/0x268
    [<000000007e814ab9>] event_hist_trigger_func+0xca0/0x1ad0
    [<00000000bf8520ed>] trigger_process_regex+0xd4/0x128
    [<00000000f549355a>] event_trigger_write+0x7c/0x120
    [<00000000b80f898d>] vfs_write+0xc4/0x380
    [<00000000823e1055>] ksys_write+0x74/0xf8
    [<000000008a9374aa>] __arm64_sys_write+0x24/0x30
    [<0000000087124017>] do_el0_svc+0x88/0x1c0
    [<00000000efd0dcd1>] el0_svc+0x1c/0x28
    [<00000000dbfba9b3>] el0_sync_handler+0x88/0xc0
    [<00000000e7399680>] el0_sync+0x148/0x180
unreferenced object 0xffff0000c7ea4980 (size 128):
  comm "bash", pid 338, jiffies 4294912626 (age 9339.324s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [<00000000f3469921>] kmem_cache_alloc_trace+0x4c0/0x6f0
    [<0000000054ca40c3>] hist_trigger_elt_data_alloc+0x140/0x178
    [<00000000633bd154>] tracing_map_init+0x1f8/0x268
    [<000000007e814ab9>] event_hist_trigger_func+0xca0/0x1ad0
    [<00000000bf8520ed>] trigger_process_regex+0xd4/0x128
    [<00000000f549355a>] event_trigger_write+0x7c/0x120
    [<00000000b80f898d>] vfs_write+0xc4/0x380
    [<00000000823e1055>] ksys_write+0x74/0xf8
    [<000000008a9374aa>] __arm64_sys_write+0x24/0x30
    [<0000000087124017>] do_el0_svc+0x88/0x1c0
    [<00000000efd0dcd1>] el0_svc+0x1c/0x28
    [<00000000dbfba9b3>] el0_sync_handler+0x88/0xc0
    [<00000000e7399680>] el0_sync+0x148/0x180

The reason is elts->pages[i] is alloced by get_zeroed_page.
and kmemleak will not scan the area alloced by get_zeroed_page.
The address stored in elts->pages will be regarded as leaked.

That is, the elts->pages[i] will have pointers loaded onto it as well, and
without telling kmemleak about it, those pointers will look like memory
without a reference.

To fix this, call kmemleak_alloc to tell kmemleak to scan elts->pages[i]

Link: https://lkml.kernel.org/r/20211124140801.87121-1-chenjun102@huawei.com

Signed-off-by: Chen Jun <chenjun102@huawei.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/trace/tracing_map.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/trace/tracing_map.c b/kernel/trace/tracing_map.c
index 39bb56d2dcbef..9628b55718468 100644
--- a/kernel/trace/tracing_map.c
+++ b/kernel/trace/tracing_map.c
@@ -15,6 +15,7 @@
 #include <linux/jhash.h>
 #include <linux/slab.h>
 #include <linux/sort.h>
+#include <linux/kmemleak.h>
 
 #include "tracing_map.h"
 #include "trace.h"
@@ -307,6 +308,7 @@ static void tracing_map_array_free(struct tracing_map_array *a)
 	for (i = 0; i < a->n_pages; i++) {
 		if (!a->pages[i])
 			break;
+		kmemleak_free(a->pages[i]);
 		free_page((unsigned long)a->pages[i]);
 	}
 
@@ -342,6 +344,7 @@ static struct tracing_map_array *tracing_map_array_alloc(unsigned int n_elts,
 		a->pages[i] = (void *)get_zeroed_page(GFP_KERNEL);
 		if (!a->pages[i])
 			goto free;
+		kmemleak_alloc(a->pages[i], PAGE_SIZE, 1, GFP_KERNEL);
 	}
  out:
 	return a;
-- 
2.33.0

next prev parent reply	other threads:[~2021-12-06 21:15 UTC|newest]

Thread overview: 48+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-06 21:12 [PATCH AUTOSEL 5.15 01/24] drm/msm: Fix null ptr access msm_ioctl_gem_submit() Sasha Levin
2021-12-06 21:12 ` Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 02/24] drm/msm/a6xx: Fix uinitialized use of gpu_scid Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 03/24] drm/msm/dsi: set default num_data_lanes Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 04/24] drm/msm/dp: Avoid unpowered AUX xfers that caused crashes Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 05/24] KVM: arm64: Save PSTATE early on exit Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 06/24] s390/test_unwind: use raw opcode instead of invalid instruction Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 07/24] Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP" Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 08/24] USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 09/24] net/mlx4_en: Update reported link modes for 1/10G Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 10/24] loop: Use pr_warn_once() for loop_control_remove() warning Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 11/24] ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 12/24] ALSA: hda/hdmi: fix HDA codec entry table order for ADL-P Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 13/24] tools: Fix math.h breakage Sasha Levin
2021-12-06 21:19   ` Matthew Wilcox
2021-12-13 17:10     ` Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 14/24] parisc/agp: Annotate parisc agp init functions with __init Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 15/24] i2c: rk3x: Handle a spurious start completion interrupt flag Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 16/24] net: netlink: af_netlink: Prevent empty skb by adding a check on len Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 17/24] drm/amdgpu: cancel the correct hrtimer on exit Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 18/24] drm/amdgpu: check atomic flag to differeniate with legacy path Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 19/24] drm/amd/display: Fix for the no Audio bug with Tiled Displays Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 20/24] drm/amdkfd: fix double free mem structure Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 21/24] drm/amd/display: add connector type check for CRC source set Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 22/24] drm/amdkfd: process_info lock not needed for svm Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12   ` Sasha Levin
2021-12-06 21:12 ` Sasha Levin [this message]
2021-12-06 21:12 ` [PATCH AUTOSEL 5.15 24/24] fget: check that the fd still exists after getting a ref to it Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:39bb56d2dcbe dfblob:9628b5571846 )
 OR (
bs:"[PATCH AUTOSEL 5.15 23/24] tracing: Fix a kmemleak false positive in tracing_map" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211206211230.1660072-23-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=chenjun102@huawei.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=rostedt@goodmis.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.