debugfs_create_u32_array() memory leaks

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* debugfs_create_u32_array() memory leaks
@ 2020-06-19 23:17 Jakub Kicinski
  2020-06-20  7:45 ` Greg Kroah-Hartman
  0 siblings, 1 reply; 5+ messages in thread
From: Jakub Kicinski @ 2020-06-19 23:17 UTC (permalink / raw)
  To: Greg Kroah-Hartman, Rafael J. Wysocki, Ronald Tschalär,
	Nicolai Stange, David Rientjes, Srivatsa Vaddagiri
  Cc: linux-kernel

Hi!

I'm trying to use debugfs_create_u32_array() in drivers/net/netdevsim
and it causes memory leaks:

unreferenced object 0xffff8880546642a0 (size 16):
  comm "test_udp_tuns.s", pid 2146, jiffies 4294928368 (age 3772.435s)
  hex dump (first 16 bytes):
    84 52 6a 4d 80 88 ff ff 04 00 00 00 f3 78 7e 89  .RjM.........x~.
  backtrace:
    [<000000006962a447>] debugfs_create_u32_array+0x3f/0x90

I can see that debugfs_create_u32_array() allocates a structure at
create time that ends up assigned to inode->i_private, but I don't 
see it freed anywhere.

Am I missing something? I'm pretty sure files get removed, cause the
driver calls debugfs_remove_recursive() and no other file types leaks.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: debugfs_create_u32_array() memory leaks
  2020-06-19 23:17 debugfs_create_u32_array() memory leaks Jakub Kicinski
@ 2020-06-20  7:45 ` Greg Kroah-Hartman
  2020-06-22 19:23   ` Jakub Kicinski
  0 siblings, 1 reply; 5+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-20  7:45 UTC (permalink / raw)
  To: Jakub Kicinski
  Cc: Rafael J. Wysocki, Ronald Tschalär, Nicolai Stange,
	David Rientjes, Srivatsa Vaddagiri, linux-kernel

On Fri, Jun 19, 2020 at 04:17:34PM -0700, Jakub Kicinski wrote:
> Hi!
> 
> I'm trying to use debugfs_create_u32_array() in drivers/net/netdevsim
> and it causes memory leaks:
> 
> unreferenced object 0xffff8880546642a0 (size 16):
>   comm "test_udp_tuns.s", pid 2146, jiffies 4294928368 (age 3772.435s)
>   hex dump (first 16 bytes):
>     84 52 6a 4d 80 88 ff ff 04 00 00 00 f3 78 7e 89  .RjM.........x~.
>   backtrace:
>     [<000000006962a447>] debugfs_create_u32_array+0x3f/0x90
> 
> I can see that debugfs_create_u32_array() allocates a structure at
> create time that ends up assigned to inode->i_private, but I don't 
> see it freed anywhere.
> 
> Am I missing something? I'm pretty sure files get removed, cause the
> driver calls debugfs_remove_recursive() and no other file types leaks.

Yeah, that's a bug, nice catch.  The debugfs_create*() functions should
not allocate local memory as we can't know to free that memory when the
file is removed.

Can you fix this up, or do you want me to?  I only see one in-kernel
user of this, so it shouldn't be that tough to do so.  The one user
never removes that file so that's why no one noticed this before.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: debugfs_create_u32_array() memory leaks
  2020-06-20  7:45 ` Greg Kroah-Hartman
@ 2020-06-22 19:23   ` Jakub Kicinski
  2020-06-22 19:31     ` Greg Kroah-Hartman
  0 siblings, 1 reply; 5+ messages in thread
From: Jakub Kicinski @ 2020-06-22 19:23 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: Rafael J. Wysocki, Ronald Tschalär, Nicolai Stange,
	David Rientjes, Srivatsa Vaddagiri, linux-kernel

On Sat, 20 Jun 2020 09:45:42 +0200 Greg Kroah-Hartman wrote:
> On Fri, Jun 19, 2020 at 04:17:34PM -0700, Jakub Kicinski wrote:
> > Hi!
> > 
> > I'm trying to use debugfs_create_u32_array() in drivers/net/netdevsim
> > and it causes memory leaks:
> > 
> > unreferenced object 0xffff8880546642a0 (size 16):
> >   comm "test_udp_tuns.s", pid 2146, jiffies 4294928368 (age 3772.435s)
> >   hex dump (first 16 bytes):
> >     84 52 6a 4d 80 88 ff ff 04 00 00 00 f3 78 7e 89  .RjM.........x~.
> >   backtrace:
> >     [<000000006962a447>] debugfs_create_u32_array+0x3f/0x90
> > 
> > I can see that debugfs_create_u32_array() allocates a structure at
> > create time that ends up assigned to inode->i_private, but I don't 
> > see it freed anywhere.
> > 
> > Am I missing something? I'm pretty sure files get removed, cause the
> > driver calls debugfs_remove_recursive() and no other file types leaks.  
> 
> Yeah, that's a bug, nice catch.  The debugfs_create*() functions should
> not allocate local memory as we can't know to free that memory when the
> file is removed.
> 
> Can you fix this up, or do you want me to?  I only see one in-kernel
> user of this, so it shouldn't be that tough to do so.  The one user
> never removes that file so that's why no one noticed this before.

Ah, I wasn't sure how to fix but since you say that create functions
shouldn't allocate memory seems like the fix will be to make callers
pass an equivalent of struct debugfs_blob_wrapper for u32.

I'm happy to send a patch to that effect - I have a process question
tho - I need this change in net-next, should I sent the patch to you?
Can it still make it into 5.8 (debugfs -> Linus -> net -> net-next) or
perhaps can it go via net-next since there is no de facto bug in 5.8?

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: debugfs_create_u32_array() memory leaks
  2020-06-22 19:23   ` Jakub Kicinski
@ 2020-06-22 19:31     ` Greg Kroah-Hartman
  2020-06-23 20:21       ` Jakub Kicinski
  0 siblings, 1 reply; 5+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-22 19:31 UTC (permalink / raw)
  To: Jakub Kicinski
  Cc: Rafael J. Wysocki, Ronald Tschalär, Nicolai Stange,
	David Rientjes, Srivatsa Vaddagiri, linux-kernel

On Mon, Jun 22, 2020 at 12:23:32PM -0700, Jakub Kicinski wrote:
> On Sat, 20 Jun 2020 09:45:42 +0200 Greg Kroah-Hartman wrote:
> > On Fri, Jun 19, 2020 at 04:17:34PM -0700, Jakub Kicinski wrote:
> > > Hi!
> > > 
> > > I'm trying to use debugfs_create_u32_array() in drivers/net/netdevsim
> > > and it causes memory leaks:
> > > 
> > > unreferenced object 0xffff8880546642a0 (size 16):
> > >   comm "test_udp_tuns.s", pid 2146, jiffies 4294928368 (age 3772.435s)
> > >   hex dump (first 16 bytes):
> > >     84 52 6a 4d 80 88 ff ff 04 00 00 00 f3 78 7e 89  .RjM.........x~.
> > >   backtrace:
> > >     [<000000006962a447>] debugfs_create_u32_array+0x3f/0x90
> > > 
> > > I can see that debugfs_create_u32_array() allocates a structure at
> > > create time that ends up assigned to inode->i_private, but I don't 
> > > see it freed anywhere.
> > > 
> > > Am I missing something? I'm pretty sure files get removed, cause the
> > > driver calls debugfs_remove_recursive() and no other file types leaks.  
> > 
> > Yeah, that's a bug, nice catch.  The debugfs_create*() functions should
> > not allocate local memory as we can't know to free that memory when the
> > file is removed.
> > 
> > Can you fix this up, or do you want me to?  I only see one in-kernel
> > user of this, so it shouldn't be that tough to do so.  The one user
> > never removes that file so that's why no one noticed this before.
> 
> Ah, I wasn't sure how to fix but since you say that create functions
> shouldn't allocate memory seems like the fix will be to make callers
> pass an equivalent of struct debugfs_blob_wrapper for u32.

Sounds good.

> I'm happy to send a patch to that effect - I have a process question
> tho - I need this change in net-next, should I sent the patch to you?
> Can it still make it into 5.8 (debugfs -> Linus -> net -> net-next) or
> perhaps can it go via net-next since there is no de facto bug in 5.8?

I can take a fix now, and get it into 5.8 if that makes things easier
for you.

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: debugfs_create_u32_array() memory leaks
  2020-06-22 19:31     ` Greg Kroah-Hartman
@ 2020-06-23 20:21       ` Jakub Kicinski
  0 siblings, 0 replies; 5+ messages in thread
From: Jakub Kicinski @ 2020-06-23 20:21 UTC (permalink / raw)
  To: Greg Kroah-Hartman
  Cc: Rafael J. Wysocki, Ronald Tschalär, Nicolai Stange,
	David Rientjes, Srivatsa Vaddagiri, linux-kernel

On Mon, 22 Jun 2020 21:31:09 +0200 Greg Kroah-Hartman wrote:
> > Ah, I wasn't sure how to fix but since you say that create functions
> > shouldn't allocate memory seems like the fix will be to make callers
> > pass an equivalent of struct debugfs_blob_wrapper for u32.  
> 
> Sounds good.
> 
> > I'm happy to send a patch to that effect - I have a process question
> > tho - I need this change in net-next, should I sent the patch to you?
> > Can it still make it into 5.8 (debugfs -> Linus -> net -> net-next) or
> > perhaps can it go via net-next since there is no de facto bug in 5.8?  
> 
> I can take a fix now, and get it into 5.8 if that makes things easier
> for you.

Having thought about it - since I'm changing the prototype I'd have to
wait with my networking changes for the patch to land in net-next.

So I'll just send the debugfs fix with my other code to DaveM and CC
appropriately..

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-06-23 20:21 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-06-19 23:17 debugfs_create_u32_array() memory leaks Jakub Kicinski
2020-06-20  7:45 ` Greg Kroah-Hartman
2020-06-22 19:23   ` Jakub Kicinski
2020-06-22 19:31     ` Greg Kroah-Hartman
2020-06-23 20:21       ` Jakub Kicinski

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox