When running locktorture module with the below commands with kmemleak enabled:
$ modprobe locktorture torture_type=rw_lock_irq
$ rmmod locktorture
The below kmemleak got caught:
root@10:~# echo scan > /sys/kernel/debug/kmemleak
[ 323.197029] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
root@10:~# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffffffc07592d500 (size 128):
comm "modprobe", pid 368, jiffies 4294924118 (age 205.824s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 c3 7b 02 00 00 00 00 00 .........{......
00 00 00 00 00 00 00 00 d7 9b 02 00 00 00 00 00 ................
backtrace:
[<ffffff80081e5a88>] create_object+0x110/0x288
[<ffffff80086c6078>] kmemleak_alloc+0x58/0xa0
[<ffffff80081d5acc>] __kmalloc+0x234/0x318
[<ffffff80006fa130>] 0xffffff80006fa130
[<ffffff8008083ae4>] do_one_initcall+0x44/0x138
[<ffffff800817e28c>] do_init_module+0x68/0x1cc
[<ffffff800811c848>] load_module+0x1a68/0x22e0
[<ffffff800811d340>] SyS_finit_module+0xe0/0xf0
[<ffffff80080836f0>] el0_svc_naked+0x24/0x28
[<ffffffffffffffff>] 0xffffffffffffffff
unreferenced object 0xffffffc07592d480 (size 128):
comm "modprobe", pid 368, jiffies 4294924118 (age 205.824s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 3b 6f 01 00 00 00 00 00 ........;o......
00 00 00 00 00 00 00 00 23 6a 01 00 00 00 00 00 ........#j......
backtrace:
[<ffffff80081e5a88>] create_object+0x110/0x288
[<ffffff80086c6078>] kmemleak_alloc+0x58/0xa0
[<ffffff80081d5acc>] __kmalloc+0x234/0x318
[<ffffff80006fa22c>] 0xffffff80006fa22c
[<ffffff8008083ae4>] do_one_initcall+0x44/0x138
[<ffffff800817e28c>] do_init_module+0x68/0x1cc
[<ffffff800811c848>] load_module+0x1a68/0x22e0
[<ffffff800811d340>] SyS_finit_module+0xe0/0xf0
[<ffffff80080836f0>] el0_svc_naked+0x24/0x28
[<ffffffffffffffff>] 0xffffffffffffffff
It is because cxt.lwsa and cxt.lrsa don't get freed in module_exit, so free
them in lock_torture_cleanup() and free writer_tasks if reader_tasks is
failed at memory allocation.
Signed-off-by: Yang Shi <[email protected]>
---
kernel/locking/locktorture.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/kernel/locking/locktorture.c b/kernel/locking/locktorture.c
index f8c5af5..d3de04b 100644
--- a/kernel/locking/locktorture.c
+++ b/kernel/locking/locktorture.c
@@ -780,6 +780,10 @@ static void lock_torture_cleanup(void)
else
lock_torture_print_module_parms(cxt.cur_ops,
"End of test: SUCCESS");
+
+ kfree(cxt.lwsa);
+ kfree(cxt.lrsa);
+
end:
torture_cleanup_end();
}
@@ -924,6 +928,8 @@ static int __init lock_torture_init(void)
GFP_KERNEL);
if (reader_tasks == NULL) {
VERBOSE_TOROUT_ERRSTRING("reader_tasks: Out of memory");
+ kfree(writer_tasks);
+ writer_tasks = NULL;
firsterr = -ENOMEM;
goto unwind;
}
--
2.0.2
On Thu, Nov 10, 2016 at 01:06:39PM -0800, Yang Shi wrote:
> When running locktorture module with the below commands with kmemleak enabled:
>
> $ modprobe locktorture torture_type=rw_lock_irq
> $ rmmod locktorture
>
> The below kmemleak got caught:
>
> root@10:~# echo scan > /sys/kernel/debug/kmemleak
> [ 323.197029] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
> root@10:~# cat /sys/kernel/debug/kmemleak
> unreferenced object 0xffffffc07592d500 (size 128):
> comm "modprobe", pid 368, jiffies 4294924118 (age 205.824s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 c3 7b 02 00 00 00 00 00 .........{......
> 00 00 00 00 00 00 00 00 d7 9b 02 00 00 00 00 00 ................
> backtrace:
> [<ffffff80081e5a88>] create_object+0x110/0x288
> [<ffffff80086c6078>] kmemleak_alloc+0x58/0xa0
> [<ffffff80081d5acc>] __kmalloc+0x234/0x318
> [<ffffff80006fa130>] 0xffffff80006fa130
> [<ffffff8008083ae4>] do_one_initcall+0x44/0x138
> [<ffffff800817e28c>] do_init_module+0x68/0x1cc
> [<ffffff800811c848>] load_module+0x1a68/0x22e0
> [<ffffff800811d340>] SyS_finit_module+0xe0/0xf0
> [<ffffff80080836f0>] el0_svc_naked+0x24/0x28
> [<ffffffffffffffff>] 0xffffffffffffffff
> unreferenced object 0xffffffc07592d480 (size 128):
> comm "modprobe", pid 368, jiffies 4294924118 (age 205.824s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 3b 6f 01 00 00 00 00 00 ........;o......
> 00 00 00 00 00 00 00 00 23 6a 01 00 00 00 00 00 ........#j......
> backtrace:
> [<ffffff80081e5a88>] create_object+0x110/0x288
> [<ffffff80086c6078>] kmemleak_alloc+0x58/0xa0
> [<ffffff80081d5acc>] __kmalloc+0x234/0x318
> [<ffffff80006fa22c>] 0xffffff80006fa22c
> [<ffffff8008083ae4>] do_one_initcall+0x44/0x138
> [<ffffff800817e28c>] do_init_module+0x68/0x1cc
> [<ffffff800811c848>] load_module+0x1a68/0x22e0
> [<ffffff800811d340>] SyS_finit_module+0xe0/0xf0
> [<ffffff80080836f0>] el0_svc_naked+0x24/0x28
> [<ffffffffffffffff>] 0xffffffffffffffff
>
> It is because cxt.lwsa and cxt.lrsa don't get freed in module_exit, so free
> them in lock_torture_cleanup() and free writer_tasks if reader_tasks is
> failed at memory allocation.
>
> Signed-off-by: Yang Shi <[email protected]>
Good catch! Queued for review and testing.
Thanx, Paul
> ---
> kernel/locking/locktorture.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/kernel/locking/locktorture.c b/kernel/locking/locktorture.c
> index f8c5af5..d3de04b 100644
> --- a/kernel/locking/locktorture.c
> +++ b/kernel/locking/locktorture.c
> @@ -780,6 +780,10 @@ static void lock_torture_cleanup(void)
> else
> lock_torture_print_module_parms(cxt.cur_ops,
> "End of test: SUCCESS");
> +
> + kfree(cxt.lwsa);
> + kfree(cxt.lrsa);
> +
> end:
> torture_cleanup_end();
> }
> @@ -924,6 +928,8 @@ static int __init lock_torture_init(void)
> GFP_KERNEL);
> if (reader_tasks == NULL) {
> VERBOSE_TOROUT_ERRSTRING("reader_tasks: Out of memory");
> + kfree(writer_tasks);
> + writer_tasks = NULL;
> firsterr = -ENOMEM;
> goto unwind;
> }
> --
> 2.0.2
>