Re: [srcu] a365bb5f6e: leaking_addresses.proc.___srcu_struct_ptrs.

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Joel Fernandes <joel@joelfernandes.org>
To: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: paulmck <paulmck@linux.ibm.com>,
	Rong Chen <rong.a.chen@intel.com>,
	linux-kernel <linux-kernel@vger.kernel.org>, LKP <lkp@01.org>
Subject: Re: [srcu] a365bb5f6e: leaking_addresses.proc.___srcu_struct_ptrs.
Date: Mon, 8 Apr 2019 15:35:14 -0400	[thread overview]
Message-ID: <20190408193514.GD133872@google.com> (raw)
In-Reply-To: <1930819602.1467.1554744349263.JavaMail.zimbra@efficios.com>

On Mon, Apr 08, 2019 at 01:25:49PM -0400, Mathieu Desnoyers wrote:
> ----- On Apr 8, 2019, at 1:10 PM, paulmck paulmck@linux.ibm.com wrote:
> 
> > On Mon, Apr 08, 2019 at 01:06:56PM -0400, Mathieu Desnoyers wrote:
> >> ----- On Apr 8, 2019, at 11:21 AM, paulmck paulmck@linux.ibm.com wrote:
> >> 
> >> > On Mon, Apr 08, 2019 at 10:57:50PM +0800, Rong Chen wrote:
> >> >> On Mon, Apr 08, 2019 at 07:30:37AM -0700, Paul E. McKenney wrote:
> >> >> > On Mon, Apr 08, 2019 at 09:56:10PM +0800, kernel test robot wrote:
> >> >> > > FYI, we noticed the following commit (built with gcc-7):
> >> >> > > 
> >> >> > > commit: a365bb5f6eafb220a1448674054b05c250829313 ("srcu: Allocate per-CPU data
> >> >> > > for DEFINE_SRCU() in modules")
> >> >> > > https://git.kernel.org/cgit/linux/kernel/git/paulmck/linux-rcu.git
> >> >> > > tmp.2019.04.07a
> >> >> > > 
> >> >> > > in testcase: leaking_addresses
> >> >> > > with following parameters:
> >> >> > > 
> >> >> > > 
> >> >> > > 
> >> >> > > 
> >> >> > > on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G
> >> >> > > 
> >> >> > > caused below changes (please refer to attached dmesg/kmsg for entire
> >> >> > > log/backtrace):
> >> >> > > 
> >> >> > > 
> >> >> > > +-------------------------------------------------+------------+------------+
> >> >> > > |                                                 | a44a55abae | a365bb5f6e |
> >> >> > > +-------------------------------------------------+------------+------------+
> >> >> > > | boot_successes                                  | 0          | 3          |
> >> >> > > | boot_failures                                   | 4          | 6          |
> >> >> > > | BUG:kernel_reboot-without-warning_in_test_stage | 4          | 6          |
> >> >> > > | leaking_addresses.proc.___srcu_struct_ptrs.     | 0          | 6          |
> >> >> > > +-------------------------------------------------+------------+------------+
> >> >> > 
> >> >> > Please help me out here.  Without this commit, the kernel never succeeds
> >> >> > in booting, but with it the kernel sometimes succeeds in booting?  Or am
> >> >> > I misinterpreting the above table?
> >> >> > 
> >> >> > 							Thanx, Paul
> >> >> 
> >> >> Hi Paul,
> >> >> 
> >> >> The message "kernel_reboot-without-warning_in_test_stage" is from 0day,
> >> >> leaking addresses generated many dmesgs, so 0day thought some bootings may
> >> >> failed.
> >> > 
> >> [...]
> >> >> > 
> >> >> > > [1 .rodata.cst16.POLY] 0xffffffffc0498360
> >> >> > > [1 .rodata.cst32.byteshift_table] 0xffffffffc03f50f0
> >> >> > > [19 __bug_table] 0xffffffffc02be184
> >> >> > > [2 __tracepoints_ptrs] 0xffffffffc02f1cd0
> >> >> > > [15 .smp_locks] 0xffffffffc042b2cc
> >> >> > > [1 .rodata.cst16.enc] 0xffffffffc0498420
> >> >> > > [11 __ksymtab_gpl] 0xffffffffc042b028
> >> >> > > [8 __ex_table] 0xffffffffc04f13f4
> >> >> > > [1 .init.rodata] 0xffffffffc0316000
> >> >> > > [36 .note.gnu.build-id] 0xffffffffc03ed000
> >> >> > > [1 .rodata.cst16.dec] 0xffffffffc0498410
> >> >> > > [16 .parainstructions] 0xffffffffc03ed940
> >> >> > > [8 .text..refcount] 0xffffffffc04e2aaa
> >> >> > > [36 .gnu.linkonce.this_module] 0xffffffffc03f12c0
> >> >> > > [2 __bpf_raw_tp_map] 0xffffffffc03054a0
> >> >> > > [30 .orc_unwind_ip] 0xffffffffc03ee9f9
> >> >> > > [8 .altinstr_replacement] 0xffffffffc0497372
> >> >> > > [26 .rodata.str1.8] 0xffffffffc03ed1f0
> >> >> > > [11 __verbose] 0xffffffffc05c9398
> >> >> > > [1 .rodata.cst16.TWOONE] 0xffffffffc0498380
> >> >> > > [1 uevent] KEY=402000000 3803078f800d001 feffffdfffefffff fffffffffffffffe
> >> >> > > [1 .rodata.cst16.ONE] 0xffffffffc04983e0
> >> >> > > [8 .altinstructions] 0xffffffffc0498430
> >> >> > > [36 modules] crct10dif_pclmul 16384 1 - Live 0xffffffffc03f4000
> >> >> > > [1 ___srcu_struct_ptrs] 0xffffffffc03840d0
> >> >> > > 
> >> 
> >> This list of "leaked" memory seems to include the __tracepoint_ptrs
> >> as well. So at least you seem to have the same behavior as the tracepoint
> >> code, which was your source of inspiration for this implementation,
> >> which is a good start.
> >> 
> >> So the remaining question is: is this memory allocated for module sections
> >> really leaked for each module, or is it an issue with memory allocation
> >> tracking ?
> > 

It looks to me like this has nothing to do with memory allocation. This is
the leaking_addresses.pl script isn't it? It basically finds out if
any /proc filesystem entries or dmesg lines have kernel addresses which could
be "leaking" into userspace. I have no idea which filesystem entries leak
these addresses.

This commit that introduced the script is:

commit 136fc5c41f349296db1910677bb7402b0eeff376
Author: Tobin C. Harding <me@tobin.cc>
Date:   Mon Nov 6 16:19:27 2017 +1100

    scripts: add leaking_addresses.pl

    Currently we are leaking addresses from the kernel to user space. This
    script is an attempt to find some of those leakages. Script parses
    `dmesg` output and /proc and /sys files for hex strings that look like
    kernel addresses.

thanks,

 - Joel

next prev parent reply	other threads:[~2019-04-08 19:35 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-08 13:56 [srcu] a365bb5f6e: leaking_addresses.proc.___srcu_struct_ptrs kernel test robot
2019-04-08 14:30 ` Paul E. McKenney
2019-04-08 14:57   ` Rong Chen
2019-04-08 15:21     ` Paul E. McKenney
2019-04-08 17:06       ` Mathieu Desnoyers
2019-04-08 17:10         ` Paul E. McKenney
2019-04-08 17:25           ` Mathieu Desnoyers
2019-04-08 19:35             ` Joel Fernandes [this message]
2019-04-08 19:47               ` Mathieu Desnoyers
2019-04-08 19:57                 ` Joel Fernandes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190408193514.GD133872@google.com \
    --to=joel@joelfernandes.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lkp@01.org \
    --cc=mathieu.desnoyers@efficios.com \
    --cc=paulmck@linux.ibm.com \
    --cc=rong.a.chen@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).