From: Arnaldo Carvalho de Melo <acme@kernel.org>
To: Namhyung Kim <namhyung@kernel.org>
Cc: Jiri Olsa <jolsa@redhat.com>, Ingo Molnar <mingo@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Mark Rutland <mark.rutland@arm.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
LKML <linux-kernel@vger.kernel.org>,
Andi Kleen <ak@linux.intel.com>, Ian Rogers <irogers@google.com>
Subject: Re: [PATCH] perf record: Fix memory leak in vDSO
Date: Tue, 16 Mar 2021 09:56:26 -0300 [thread overview]
Message-ID: <YFCq+sIS7M9GAcM2@kernel.org> (raw)
In-Reply-To: <CAM9d7cheph_kjRzfKQSnoowRTQ3p4TF7mHt_3niJWGceSwJPzA@mail.gmail.com>
Em Tue, Mar 16, 2021 at 11:28:12AM +0900, Namhyung Kim escreveu:
> On Mon, Mar 15, 2021 at 10:28 PM Jiri Olsa <jolsa@redhat.com> wrote:
> >
> > On Mon, Mar 15, 2021 at 01:56:41PM +0900, Namhyung Kim wrote:
> > > I got several memory leak reports from Asan with a simple command. It
> > > was because VDSO is not released due to the refcount. Like in
> > > __dsos_addnew_id(), it should put the refcount after adding to the list.
> > >
> > > $ perf record true
> > > [ perf record: Woken up 1 times to write data ]
> > > [ perf record: Captured and wrote 0.030 MB perf.data (10 samples) ]
> > >
> > > =================================================================
> > > ==692599==ERROR: LeakSanitizer: detected memory leaks
> > >
> > > Direct leak of 439 byte(s) in 1 object(s) allocated from:
> > > #0 0x7fea52341037 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
> > > #1 0x559bce4aa8ee in dso__new_id util/dso.c:1256
> > > #2 0x559bce59245a in __machine__addnew_vdso util/vdso.c:132
> > > #3 0x559bce59245a in machine__findnew_vdso util/vdso.c:347
> > > #4 0x559bce50826c in map__new util/map.c:175
> > > #5 0x559bce503c92 in machine__process_mmap2_event util/machine.c:1787
> > > #6 0x559bce512f6b in machines__deliver_event util/session.c:1481
> > > #7 0x559bce515107 in perf_session__deliver_event util/session.c:1551
> > > #8 0x559bce51d4d2 in do_flush util/ordered-events.c:244
> > > #9 0x559bce51d4d2 in __ordered_events__flush util/ordered-events.c:323
> > > #10 0x559bce519bea in __perf_session__process_events util/session.c:2268
> > > #11 0x559bce519bea in perf_session__process_events util/session.c:2297
> > > #12 0x559bce2e7a52 in process_buildids /home/namhyung/project/linux/tools/perf/builtin-record.c:1017
> > > #13 0x559bce2e7a52 in record__finish_output /home/namhyung/project/linux/tools/perf/builtin-record.c:1234
> > > #14 0x559bce2ed4f6 in __cmd_record /home/namhyung/project/linux/tools/perf/builtin-record.c:2026
> > > #15 0x559bce2ed4f6 in cmd_record /home/namhyung/project/linux/tools/perf/builtin-record.c:2858
> > > #16 0x559bce422db4 in run_builtin /home/namhyung/project/linux/tools/perf/perf.c:313
> > > #17 0x559bce2acac8 in handle_internal_command /home/namhyung/project/linux/tools/perf/perf.c:365
> > > #18 0x559bce2acac8 in run_argv /home/namhyung/project/linux/tools/perf/perf.c:409
> > > #19 0x559bce2acac8 in main /home/namhyung/project/linux/tools/perf/perf.c:539
> > > #20 0x7fea51e76d09 in __libc_start_main ../csu/libc-start.c:308
> > >
> > > Indirect leak of 32 byte(s) in 1 object(s) allocated from:
> > > #0 0x7fea52341037 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
> > > #1 0x559bce520907 in nsinfo__copy util/namespaces.c:169
> > > #2 0x559bce50821b in map__new util/map.c:168
> > > #3 0x559bce503c92 in machine__process_mmap2_event util/machine.c:1787
> > > #4 0x559bce512f6b in machines__deliver_event util/session.c:1481
> > > #5 0x559bce515107 in perf_session__deliver_event util/session.c:1551
> > > #6 0x559bce51d4d2 in do_flush util/ordered-events.c:244
> > > #7 0x559bce51d4d2 in __ordered_events__flush util/ordered-events.c:323
> > > #8 0x559bce519bea in __perf_session__process_events util/session.c:2268
> > > #9 0x559bce519bea in perf_session__process_events util/session.c:2297
> > > #10 0x559bce2e7a52 in process_buildids /home/namhyung/project/linux/tools/perf/builtin-record.c:1017
> > > #11 0x559bce2e7a52 in record__finish_output /home/namhyung/project/linux/tools/perf/builtin-record.c:1234
> > > #12 0x559bce2ed4f6 in __cmd_record /home/namhyung/project/linux/tools/perf/builtin-record.c:2026
> > > #13 0x559bce2ed4f6 in cmd_record /home/namhyung/project/linux/tools/perf/builtin-record.c:2858
> > > #14 0x559bce422db4 in run_builtin /home/namhyung/project/linux/tools/perf/perf.c:313
> > > #15 0x559bce2acac8 in handle_internal_command /home/namhyung/project/linux/tools/perf/perf.c:365
> > > #16 0x559bce2acac8 in run_argv /home/namhyung/project/linux/tools/perf/perf.c:409
> > > #17 0x559bce2acac8 in main /home/namhyung/project/linux/tools/perf/perf.c:539
> > > #18 0x7fea51e76d09 in __libc_start_main ../csu/libc-start.c:308
> > >
> > > SUMMARY: AddressSanitizer: 471 byte(s) leaked in 2 allocation(s).
> > >
> > > Signed-off-by: Namhyung Kim <namhyung@kernel.org>
> > > ---
> > > tools/perf/util/vdso.c | 2 ++
> > > 1 file changed, 2 insertions(+)
> > >
> > > diff --git a/tools/perf/util/vdso.c b/tools/perf/util/vdso.c
> > > index 3cc91ad048ea..43beb169631d 100644
> > > --- a/tools/perf/util/vdso.c
> > > +++ b/tools/perf/util/vdso.c
> > > @@ -133,6 +133,8 @@ static struct dso *__machine__addnew_vdso(struct machine *machine, const char *s
> > > if (dso != NULL) {
> > > __dsos__add(&machine->dsos, dso);
> > > dso__set_long_name(dso, long_name, false);
> > > + /* Put dso here because __dsos_add already got it */
> > > + dso__put(dso);
> >
> > from quick look I don't understand why we take refcnt down
> > right after adding to the list.. it would make sense to me
That is the right pattern, i.e. the list has a reference to it, if it is
removed outside the __dsos__add(), then list traversal may be corrupted.
> > if dso is not stored elsewhere so we want dsos__exit to
> > release it.. but it's still stored in map object
> >
> > I checked and we do extra dso__get in machine__findnew_vdso
> > (and also in dsos__findnew_id) ... so that one seems to me
> > like the one we should remove
findnew _needs_ to grab te refcount while holding the lock, so that what
it returns won't go away in a different thread.
> > but I might be missing something, I'll try to check more
> > deeply later on
> I think we assume the find/findnew APIs include increment of
> the refcount, otherwise all callers should be converted to do it
> explicitly.
The callers can't grab the reference safely, i.e. its outside the lock.
> Then the 'find' part should increase it but the 'new' part is not
> (as it already has 2) and that's why we have that.
>
> Thanks,
> Namhyung
--
- Arnaldo
next prev parent reply other threads:[~2021-03-16 12:57 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-15 4:56 [PATCH] perf record: Fix memory leak in vDSO Namhyung Kim
2021-03-15 13:28 ` Jiri Olsa
2021-03-16 2:28 ` Namhyung Kim
2021-03-16 12:56 ` Arnaldo Carvalho de Melo [this message]
2021-03-16 13:50 ` Jiri Olsa
2021-03-24 13:39 ` Arnaldo Carvalho de Melo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YFCq+sIS7M9GAcM2@kernel.org \
--to=acme@kernel.org \
--cc=ak@linux.intel.com \
--cc=alexander.shishkin@linux.intel.com \
--cc=irogers@google.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@kernel.org \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.