From: James Clark <james.clark@arm.com>
To: Junhao He <hejunhao3@huawei.com>,
suzuki.poulose@arm.com, mike.leach@linaro.org,
leo.yan@linaro.org
Cc: coresight@lists.linaro.org, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linuxarm@huawei.com,
jonathan.cameron@huawei.com, yangyicong@huawei.com,
prime.zeng@hisilicon.com
Subject: Re: [PATCH 2/2] coresight: core: fix memory leak in dict->fwnode_list
Date: Thu, 17 Aug 2023 15:31:40 +0100 [thread overview]
Message-ID: <f397c79f-2b8a-7cbb-262e-e4b13ae57122@arm.com> (raw)
In-Reply-To: <20230817085937.55590-3-hejunhao3@huawei.com>
On 17/08/2023 09:59, Junhao He wrote:
> There are memory leaks reported by kmemleak:
> ...
> unreferenced object 0xffff2020103c3200 (size 256):
> comm "insmod", pid 4476, jiffies 4294978252 (age 50072.536s)
> hex dump (first 32 bytes):
> 10 60 40 06 28 20 ff ff 10 c0 59 06 20 20 ff ff .`@.( ....Y. ..
> 10 e0 47 06 28 20 ff ff 10 00 49 06 28 20 ff ff ..G.( ....I.( ..
> backtrace:
> [<0000000034ec4724>] __kmem_cache_alloc_node+0x2f8/0x348
> [<0000000057fbc15d>] __kmalloc_node_track_caller+0x5c/0x110
> [<00000055d5e34b>] krealloc+0x8c/0x178
> [<00000000a4635beb>] coresight_alloc_device_name+0x128/0x188 [coresight]
> [<00000000a92ddfee>] funnel_cs_ops+0x10/0xfffffffffffedaa0 [coresight_funnel]
> [<00000000449e20f8>] dynamic_funnel_ids+0x80/0xfffffffffffed840 [coresight_funnel]
> ...
>
> when remove driver, the golab variables defined by the macro
> DEFINE_CORESIGHT_DEVLIST will be released, dict->nr_idx and
> dict->fwnode_list are cleared to 0. The lifetime of the golab
> variable has ended. So the buffer pointer is lost.
>
> Use the callback of devm_add_action_or_reset() to free memory.
>
> Fixes: 0f5f9b6ba9e1 ("coresight: Use platform agnostic names")
> Signed-off-by: Junhao He <hejunhao3@huawei.com>
> ---
> drivers/hwtracing/coresight/coresight-core.c | 20 +++++++++++++++++++-
> 1 file changed, 19 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/hwtracing/coresight/coresight-core.c b/drivers/hwtracing/coresight/coresight-core.c
> index 9fabe00a40d6..6849faad697d 100644
> --- a/drivers/hwtracing/coresight/coresight-core.c
> +++ b/drivers/hwtracing/coresight/coresight-core.c
> @@ -1756,6 +1756,20 @@ bool coresight_loses_context_with_cpu(struct device *dev)
> }
> EXPORT_SYMBOL_GPL(coresight_loses_context_with_cpu);
>
> +void coresight_release_dev_list(void *data)
> +{
> + struct coresight_dev_list *dict = data;
> +
> + mutex_lock(&coresight_mutex);
> +
> + if (dict->nr_idx) {
> + kfree(dict->fwnode_list);
> + dict->nr_idx = 0;
> + }
> +
> + mutex_unlock(&coresight_mutex);
> +}
> +
> /*
> * coresight_alloc_device_name - Get an index for a given device in the
> * device index list specific to a driver. An index is allocated for a
> @@ -1766,12 +1780,16 @@ EXPORT_SYMBOL_GPL(coresight_loses_context_with_cpu);
> char *coresight_alloc_device_name(struct coresight_dev_list *dict,
> struct device *dev)
> {
> - int idx;
> + int idx, ret;
> char *name = NULL;
> struct fwnode_handle **list;
>
> mutex_lock(&coresight_mutex);
>
> + ret = devm_add_action_or_reset(dev, coresight_release_dev_list, dict);
> + if (ret)
> + goto done;
> +
Hi Junhao,
Changing the list allocator to a devm one fixes the issue without having
to add the callback:
- list = krealloc_array(dict->fwnode_list,
+ list = devm_krealloc_array(dev, dict->fwnode_list,
The callback stands out a bit and would make someone reading it wonder
why only that one is done that way but all other allocations in
Coresight avoid it.
The nr_idx variable doesn't need to be zeroed because its backed by a
static variable and is zeroed when the module is reloaded as far as I
can see.
Thanks
James
> idx = coresight_search_device_idx(dict, dev_fwnode(dev));
> if (idx < 0) {
> /* Make space for the new entry */
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: James Clark <james.clark@arm.com>
To: Junhao He <hejunhao3@huawei.com>,
suzuki.poulose@arm.com, mike.leach@linaro.org,
leo.yan@linaro.org
Cc: coresight@lists.linaro.org, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linuxarm@huawei.com,
jonathan.cameron@huawei.com, yangyicong@huawei.com,
prime.zeng@hisilicon.com
Subject: Re: [PATCH 2/2] coresight: core: fix memory leak in dict->fwnode_list
Date: Thu, 17 Aug 2023 15:31:40 +0100 [thread overview]
Message-ID: <f397c79f-2b8a-7cbb-262e-e4b13ae57122@arm.com> (raw)
In-Reply-To: <20230817085937.55590-3-hejunhao3@huawei.com>
On 17/08/2023 09:59, Junhao He wrote:
> There are memory leaks reported by kmemleak:
> ...
> unreferenced object 0xffff2020103c3200 (size 256):
> comm "insmod", pid 4476, jiffies 4294978252 (age 50072.536s)
> hex dump (first 32 bytes):
> 10 60 40 06 28 20 ff ff 10 c0 59 06 20 20 ff ff .`@.( ....Y. ..
> 10 e0 47 06 28 20 ff ff 10 00 49 06 28 20 ff ff ..G.( ....I.( ..
> backtrace:
> [<0000000034ec4724>] __kmem_cache_alloc_node+0x2f8/0x348
> [<0000000057fbc15d>] __kmalloc_node_track_caller+0x5c/0x110
> [<00000055d5e34b>] krealloc+0x8c/0x178
> [<00000000a4635beb>] coresight_alloc_device_name+0x128/0x188 [coresight]
> [<00000000a92ddfee>] funnel_cs_ops+0x10/0xfffffffffffedaa0 [coresight_funnel]
> [<00000000449e20f8>] dynamic_funnel_ids+0x80/0xfffffffffffed840 [coresight_funnel]
> ...
>
> when remove driver, the golab variables defined by the macro
> DEFINE_CORESIGHT_DEVLIST will be released, dict->nr_idx and
> dict->fwnode_list are cleared to 0. The lifetime of the golab
> variable has ended. So the buffer pointer is lost.
>
> Use the callback of devm_add_action_or_reset() to free memory.
>
> Fixes: 0f5f9b6ba9e1 ("coresight: Use platform agnostic names")
> Signed-off-by: Junhao He <hejunhao3@huawei.com>
> ---
> drivers/hwtracing/coresight/coresight-core.c | 20 +++++++++++++++++++-
> 1 file changed, 19 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/hwtracing/coresight/coresight-core.c b/drivers/hwtracing/coresight/coresight-core.c
> index 9fabe00a40d6..6849faad697d 100644
> --- a/drivers/hwtracing/coresight/coresight-core.c
> +++ b/drivers/hwtracing/coresight/coresight-core.c
> @@ -1756,6 +1756,20 @@ bool coresight_loses_context_with_cpu(struct device *dev)
> }
> EXPORT_SYMBOL_GPL(coresight_loses_context_with_cpu);
>
> +void coresight_release_dev_list(void *data)
> +{
> + struct coresight_dev_list *dict = data;
> +
> + mutex_lock(&coresight_mutex);
> +
> + if (dict->nr_idx) {
> + kfree(dict->fwnode_list);
> + dict->nr_idx = 0;
> + }
> +
> + mutex_unlock(&coresight_mutex);
> +}
> +
> /*
> * coresight_alloc_device_name - Get an index for a given device in the
> * device index list specific to a driver. An index is allocated for a
> @@ -1766,12 +1780,16 @@ EXPORT_SYMBOL_GPL(coresight_loses_context_with_cpu);
> char *coresight_alloc_device_name(struct coresight_dev_list *dict,
> struct device *dev)
> {
> - int idx;
> + int idx, ret;
> char *name = NULL;
> struct fwnode_handle **list;
>
> mutex_lock(&coresight_mutex);
>
> + ret = devm_add_action_or_reset(dev, coresight_release_dev_list, dict);
> + if (ret)
> + goto done;
> +
Hi Junhao,
Changing the list allocator to a devm one fixes the issue without having
to add the callback:
- list = krealloc_array(dict->fwnode_list,
+ list = devm_krealloc_array(dev, dict->fwnode_list,
The callback stands out a bit and would make someone reading it wonder
why only that one is done that way but all other allocations in
Coresight avoid it.
The nr_idx variable doesn't need to be zeroed because its backed by a
static variable and is zeroed when the module is reloaded as far as I
can see.
Thanks
James
> idx = coresight_search_device_idx(dict, dev_fwnode(dev));
> if (idx < 0) {
> /* Make space for the new entry */
next prev parent reply other threads:[~2023-08-17 14:32 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-17 8:59 [PATCH 0/2] Fix memory leak in coresight drivers Junhao He
2023-08-17 8:59 ` Junhao He
2023-08-17 8:59 ` [PATCH 1/2] coresight: Fix memory leak in acpi_buffer->pointer Junhao He
2023-08-17 8:59 ` Junhao He
2023-08-17 14:03 ` James Clark
2023-08-17 14:03 ` James Clark
2023-08-18 11:42 ` Suzuki K Poulose
2023-08-18 11:42 ` Suzuki K Poulose
2023-08-17 8:59 ` [PATCH 2/2] coresight: core: fix memory leak in dict->fwnode_list Junhao He
2023-08-17 8:59 ` Junhao He
2023-08-17 14:31 ` James Clark [this message]
2023-08-17 14:31 ` James Clark
2023-08-17 14:46 ` Suzuki K Poulose
2023-08-17 14:46 ` Suzuki K Poulose
2023-08-17 14:39 ` Suzuki K Poulose
2023-08-17 14:39 ` Suzuki K Poulose
2023-08-17 14:46 ` James Clark
2023-08-17 14:46 ` James Clark
2023-08-17 14:49 ` Suzuki K Poulose
2023-08-17 14:49 ` Suzuki K Poulose
2023-08-17 14:47 ` Suzuki K Poulose
2023-08-17 14:47 ` Suzuki K Poulose
2023-08-17 15:01 ` James Clark
2023-08-17 15:01 ` James Clark
2023-08-18 9:15 ` Suzuki K Poulose
2023-08-18 9:15 ` Suzuki K Poulose
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f397c79f-2b8a-7cbb-262e-e4b13ae57122@arm.com \
--to=james.clark@arm.com \
--cc=coresight@lists.linaro.org \
--cc=hejunhao3@huawei.com \
--cc=jonathan.cameron@huawei.com \
--cc=leo.yan@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxarm@huawei.com \
--cc=mike.leach@linaro.org \
--cc=prime.zeng@hisilicon.com \
--cc=suzuki.poulose@arm.com \
--cc=yangyicong@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.