From: Catalin Marinas <catalin.marinas@arm.com>
To: linux-mm@kvack.org
Cc: linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
vigneshr@codeaurora.org
Subject: [PATCH v2 4/4] mm: kmemleak: Avoid deadlock on the kmemleak object insertion error path
Date: Mon, 8 Jun 2015 15:29:18 +0100 [thread overview]
Message-ID: <1433773758-21994-5-git-send-email-catalin.marinas@arm.com> (raw)
In-Reply-To: <1433773758-21994-1-git-send-email-catalin.marinas@arm.com>
While very unlikely (usually kmemleak or sl*b bug), the create_object()
function in mm/kmemleak.c may fail to insert a newly allocated object
into the rb tree. When this happens, kmemleak disables itself and prints
additional information about the object already found in the rb tree.
Such printing is done with the parent->lock acquired, however the
kmemleak_lock is already held. This is a potential race with the
scanning thread which acquires object->lock and kmemleak_lock in a
different order.
This patch removes the locking around the 'parent' object information
printing. Such object cannot be freed or removed from object_tree_root
and object_list since kmemleak_lock is already held. There is a very
small risk that some of the object data is being modified on another CPU
but the only downside is inconsistent information printing.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
---
mm/kmemleak.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index 8a57e34625fa..c0fd7769d227 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -53,6 +53,11 @@
* modifications to the memory scanning parameters including the scan_thread
* pointer
*
+ * Locks and mutexes should only be acquired/nested in the following order:
+ *
+ * scan_mutex -> object->lock -> other_object->lock (SINGLE_DEPTH_NESTING)
+ * -> kmemleak_lock
+ *
* The kmemleak_object structures have a use_count incremented or decremented
* using the get_object()/put_object() functions. When the use_count becomes
* 0, this count can no longer be incremented and put_object() schedules the
@@ -603,11 +608,13 @@ static struct kmemleak_object *create_object(unsigned long ptr, size_t size,
kmemleak_stop("Cannot insert 0x%lx into the object "
"search tree (overlaps existing)\n",
ptr);
+ /*
+ * No need for parent->lock here since "parent" cannot
+ * be freed while the kmemleak_lock is held.
+ */
+ dump_object_info(parent);
kmem_cache_free(object_cache, object);
- object = parent;
- spin_lock(&object->lock);
- dump_object_info(object);
- spin_unlock(&object->lock);
+ object = NULL;
goto out;
}
}
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
prev parent reply other threads:[~2015-06-08 14:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-08 14:29 [PATCH v2 0/4] Fix kmemleak races on the disable/error path Catalin Marinas
2015-06-08 14:29 ` [PATCH v2 1/4] mm: kmemleak: Allow safe memory scanning during kmemleak disabling Catalin Marinas
2015-06-08 14:29 ` [PATCH v2 2/4] mm: kmemleak: Fix delete_object_*() race when called on the same memory block Catalin Marinas
2015-06-08 14:29 ` [PATCH v2 3/4] mm: kmemleak: Do not acquire scan_mutex in kmemleak_do_cleanup() Catalin Marinas
2015-06-08 14:29 ` Catalin Marinas [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1433773758-21994-5-git-send-email-catalin.marinas@arm.com \
--to=catalin.marinas@arm.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=vigneshr@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).