From: Vegard Nossum <vegard.nossum@gmail.com>
To: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Ingo Molnar <mingo@elte.hu>,
Catalin Marinas <catalin.marinas@arm.com>,
linux-kernel@vger.kernel.org
Subject: Re: WARNING: kmemcheck: Caught 32-bit read from uninitialized memory (f6f6e1a4), by kmemleak's scan_block()
Date: Tue, 25 Aug 2009 11:03:35 +0200 [thread overview]
Message-ID: <19f34abd0908250203h52257f52v306545a3d8890577@mail.gmail.com> (raw)
In-Reply-To: <1251190466.7261.12.camel@penberg-laptop>
2009/8/25 Pekka Enberg <penberg@cs.helsinki.fi>:
> I thik this should be fine for -tip.
>
> Pekka
>
> diff --git a/arch/x86/mm/kmemcheck/kmemcheck.c b/arch/x86/mm/kmemcheck/kmemcheck.c
> index 2c55ed0..528bf95 100644
> --- a/arch/x86/mm/kmemcheck/kmemcheck.c
> +++ b/arch/x86/mm/kmemcheck/kmemcheck.c
> @@ -331,6 +331,20 @@ static void kmemcheck_read_strict(struct pt_regs *regs,
> kmemcheck_shadow_set(shadow, size);
> }
>
> +bool kmemcheck_is_obj_initialized(unsigned long addr, size_t size)
> +{
> + enum kmemcheck_shadow status;
> + void *shadow;
> +
> + shadow = kmemcheck_shadow_lookup(addr);
> + if (!shadow)
> + return true;
> +
> + status = kmemcheck_shadow_test(shadow, size);
> +
> + return status == KMEMCHECK_SHADOW_INITIALIZED;
> +}
> +
> /* Access may cross page boundary */
> static void kmemcheck_read(struct pt_regs *regs,
> unsigned long addr, unsigned int size)
> diff --git a/include/linux/kmemcheck.h b/include/linux/kmemcheck.h
> index 47b39b7..dc2fd54 100644
> --- a/include/linux/kmemcheck.h
> +++ b/include/linux/kmemcheck.h
> @@ -34,6 +34,8 @@ void kmemcheck_mark_initialized_pages(struct page *p, unsigned int n);
> int kmemcheck_show_addr(unsigned long address);
> int kmemcheck_hide_addr(unsigned long address);
>
> +bool kmemcheck_is_obj_initialized(unsigned long addr, size_t size);
> +
> #else
> #define kmemcheck_enabled 0
>
> @@ -99,6 +101,11 @@ static inline void kmemcheck_mark_initialized_pages(struct page *p,
> {
> }
>
> +static inline bool kmemcheck_is_obj_initialized(unsigned long addr, size_t size)
> +{
> + return true;
> +}
> +
> #endif /* CONFIG_KMEMCHECK */
>
> /*
> diff --git a/mm/kmemleak.c b/mm/kmemleak.c
> index 6debe0d..73947e4 100644
> --- a/mm/kmemleak.c
> +++ b/mm/kmemleak.c
> @@ -97,6 +97,7 @@
> #include <asm/processor.h>
> #include <asm/atomic.h>
>
> +#include <linux/kmemcheck.h>
> #include <linux/kmemleak.h>
>
> /*
> @@ -951,6 +952,8 @@ static void scan_object(struct kmemleak_object *object)
> if (!(object->flags & OBJECT_ALLOCATED))
> /* already freed object */
> goto out;
> + if (!kmemcheck_is_obj_initialized(object->pointer, object->size))
> + goto out;
> if (hlist_empty(&object->area_list)) {
> void *start = (void *)object->pointer;
> void *end = (void *)(object->pointer + object->size);
>
>
>
I don't know so much about the kmemleak internals, but this I can say
about the kmemcheck part: According to your definition, an object is
initialized if all the bytes of an object are initialized.
Is it possible that because of this, if we have a partially
uninitialized object, kmemleak will not record the pointers found in
that object? If so, it might skip valid pointers, and deem an object
unreferenced. Which could make kmemleak give false-positives.
I think it would be better to ask kmemcheck on a per-pointer basis
(i.e. for each pointer-sized word in the object), whether it is
initialized or not.
Vegard
next prev parent reply other threads:[~2009-08-25 9:03 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-25 7:19 WARNING: kmemcheck: Caught 32-bit read from uninitialized memory (f6f6e1a4), by kmemleak's scan_block() Ingo Molnar
2009-08-25 8:04 ` Vegard Nossum
2009-08-25 8:08 ` Pekka Enberg
2009-08-25 8:27 ` Catalin Marinas
2009-08-25 8:31 ` Pekka Enberg
2009-08-25 8:40 ` Ingo Molnar
2009-08-25 8:48 ` Pekka Enberg
2009-08-25 8:32 ` Ingo Molnar
2009-08-25 8:45 ` Pekka Enberg
2009-08-25 8:48 ` Ingo Molnar
2009-08-25 8:54 ` Pekka Enberg
2009-08-25 9:03 ` Vegard Nossum [this message]
2009-08-25 9:11 ` Catalin Marinas
2009-08-25 9:15 ` Pekka Enberg
2009-08-25 9:25 ` Catalin Marinas
2009-08-25 9:11 ` Pekka Enberg
2009-08-25 9:21 ` Catalin Marinas
2009-08-25 9:26 ` Pekka Enberg
2009-08-25 9:28 ` Catalin Marinas
2009-08-25 9:31 ` Pekka Enberg
2009-08-25 9:34 ` Catalin Marinas
2009-08-25 9:34 ` Ingo Molnar
2009-08-25 10:43 ` Ingo Molnar
2009-08-25 13:57 ` Catalin Marinas
2009-08-26 10:48 ` Pekka Enberg
2009-08-26 11:17 ` Ingo Molnar
2009-08-25 9:25 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=19f34abd0908250203h52257f52v306545a3d8890577@mail.gmail.com \
--to=vegard.nossum@gmail.com \
--cc=catalin.marinas@arm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=penberg@cs.helsinki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox