[PATCH] kmemleak: do not leak object after tree insertion error (v2, fixed)

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] kmemleak: do not leak object after tree insertion error (v2, fixed)
@ 2012-04-02 23:06 Sergey Senozhatsky
  2012-04-18 14:40 ` Catalin Marinas
  0 siblings, 1 reply; 3+ messages in thread
From: Sergey Senozhatsky @ 2012-04-02 23:06 UTC (permalink / raw)
  To: Catalin Marinas; +Cc: linux-mm, linux-kernel

 [PATCH] kmemleak: do not leak object after tree insertion error
 
 In case when tree insertion fails due to already existing object
 error, pointer to allocated object gets lost due to lookup_object()
 overwrite. Free allocated object and return the existing one, 
 obtained from lookup_object().
 
 Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
 
---

 mm/kmemleak.c |   19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index 45eb621..4177d83 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -516,7 +516,7 @@ static struct kmemleak_object *create_object(unsigned long ptr, size_t size,
 					     int min_count, gfp_t gfp)
 {
 	unsigned long flags;
-	struct kmemleak_object *object;
+	struct kmemleak_object *object, *ex_object;
 	struct prio_tree_node *node;
 
 	object = kmem_cache_alloc(object_cache, gfp_kmemleak_mask(gfp));
@@ -578,17 +578,22 @@ static struct kmemleak_object *create_object(unsigned long ptr, size_t size,
 	if (node != &object->tree_node) {
 		kmemleak_stop("Cannot insert 0x%lx into the object search tree "
 			      "(already existing)\n", ptr);
-		object = lookup_object(ptr, 1);
-		spin_lock(&object->lock);
-		dump_object_info(object);
-		spin_unlock(&object->lock);
+		ex_object = lookup_object(ptr, 1);
+		spin_lock(&ex_object->lock);
+		dump_object_info(ex_object);
+		spin_unlock(&ex_object->lock);
 
-		goto out;
+		goto out_error;
 	}
 	list_add_tail_rcu(&object->object_list, &object_list);
-out:
+
 	write_unlock_irqrestore(&kmemleak_lock, flags);
 	return object;
+out_error:
+	write_unlock_irqrestore(&kmemleak_lock, flags);
+	object->flags &= ~OBJECT_ALLOCATED;
+	put_object(object);
+	return ex_object;
 }
 
 /*

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] kmemleak: do not leak object after tree insertion error (v2, fixed)
  2012-04-02 23:06 [PATCH] kmemleak: do not leak object after tree insertion error (v2, fixed) Sergey Senozhatsky
@ 2012-04-18 14:40 ` Catalin Marinas
  2012-04-18 15:29   ` Sergey Senozhatsky
  0 siblings, 1 reply; 3+ messages in thread
From: Catalin Marinas @ 2012-04-18 14:40 UTC (permalink / raw)
  To: Sergey Senozhatsky; +Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org

On Tue, Apr 03, 2012 at 12:06:56AM +0100, Sergey Senozhatsky wrote:
> [PATCH] kmemleak: do not leak object after tree insertion error
> 
> In case when tree insertion fails due to already existing object
> error, pointer to allocated object gets lost due to lookup_object()
> overwrite. Free allocated object and return the existing one, 
> obtained from lookup_object().

We really need to return NULL if the tree insertion fails as kmemleak is
disabled in this case (fatal condition for kmemleak). So we could just
call kmem_cache_free(object_cache, object) in the 'if' block.

-- 
Catalin

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] kmemleak: do not leak object after tree insertion error (v2, fixed)
  2012-04-18 14:40 ` Catalin Marinas
@ 2012-04-18 15:29   ` Sergey Senozhatsky
  0 siblings, 0 replies; 3+ messages in thread
From: Sergey Senozhatsky @ 2012-04-18 15:29 UTC (permalink / raw)
  To: Catalin Marinas; +Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org

On (04/18/12 15:40), Catalin Marinas wrote:
> On Tue, Apr 03, 2012 at 12:06:56AM +0100, Sergey Senozhatsky wrote:
> > [PATCH] kmemleak: do not leak object after tree insertion error
> > 
> > In case when tree insertion fails due to already existing object
> > error, pointer to allocated object gets lost due to lookup_object()
> > overwrite. Free allocated object and return the existing one, 
> > obtained from lookup_object().
> 
> We really need to return NULL if the tree insertion fails as kmemleak is
> disabled in this case (fatal condition for kmemleak). So we could just
> call kmem_cache_free(object_cache, object) in the 'if' block.
> 

Good point. Thanks a lot for your review!
I was chasing two bugs and sort of messed things up. I'll send v3 shortly.


	Sergey

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2012-04-18 15:30 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-04-02 23:06 [PATCH] kmemleak: do not leak object after tree insertion error (v2, fixed) Sergey Senozhatsky
2012-04-18 14:40 ` Catalin Marinas
2012-04-18 15:29   ` Sergey Senozhatsky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).