kmemleak reported some memory leak on reading proc files. After adding
some debug lines, find that proc_seq_fops is using seq_release as
release handler, which won't handle the free of 'private' field of
seq_file, while in fact the open handler proc_seq_open could create
the private data with __seq_open_private when state_size is greater
than zero. So after reading files created with proc_create_seq_private,
such as /proc/timer_list and /proc/vmallocinfo, the private mem of a
seq_file is not freed. Fix it by adding the paired proc_seq_release
as the default release handler of proc_seq_ops instead of seq_release.
Fixes: 44414d82cfe0 ("proc: introduce proc_create_seq_private")
CC: Christoph Hellwig <[email protected]>
Signed-off-by: Chunyu Hu <[email protected]>
---
fs/proc/generic.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/fs/proc/generic.c b/fs/proc/generic.c
index 7b4d971..021acc5 100644
--- a/fs/proc/generic.c
+++ b/fs/proc/generic.c
@@ -564,11 +564,20 @@ static int proc_seq_open(struct inode *inode, struct file *file)
return seq_open(file, de->seq_ops);
}
+static int proc_seq_release(struct inode *inode, struct file *file)
+{
+ struct proc_dir_entry *de = PDE(inode);
+
+ if (de->state_size)
+ return seq_release_private(inode, file);
+ return seq_release(inode, file);
+}
+
static const struct file_operations proc_seq_fops = {
.open = proc_seq_open,
.read = seq_read,
.llseek = seq_lseek,
- .release = seq_release,
+ .release = proc_seq_release,
};
struct proc_dir_entry *proc_create_seq_private(const char *name, umode_t mode,
--
1.8.3.1
On Sun, Jun 10, 2018 at 03:51:24AM +0800, Chunyu Hu wrote:
> kmemleak reported some memory leak on reading proc files. After adding
> some debug lines, find that proc_seq_fops is using seq_release as
> release handler, which won't handle the free of 'private' field of
> seq_file, while in fact the open handler proc_seq_open could create
> the private data with __seq_open_private when state_size is greater
> than zero. So after reading files created with proc_create_seq_private,
> such as /proc/timer_list and /proc/vmallocinfo, the private mem of a
> seq_file is not freed. Fix it by adding the paired proc_seq_release
> as the default release handler of proc_seq_ops instead of seq_release.
Indeed, thanks for the patch.
Reviewed-by: Christoph Hellwig <[email protected]>
----- Original Message -----
> From: "Christoph Hellwig" <[email protected]>
> To: "Chunyu Hu" <[email protected]>
> Cc: [email protected], [email protected], [email protected], [email protected]
> Sent: Monday, June 11, 2018 2:23:54 PM
> Subject: Re: [PATCH] proc: add proc_seq_release
>
> On Sun, Jun 10, 2018 at 03:51:24AM +0800, Chunyu Hu wrote:
> > kmemleak reported some memory leak on reading proc files. After adding
> > some debug lines, find that proc_seq_fops is using seq_release as
> > release handler, which won't handle the free of 'private' field of
> > seq_file, while in fact the open handler proc_seq_open could create
> > the private data with __seq_open_private when state_size is greater
> > than zero. So after reading files created with proc_create_seq_private,
> > such as /proc/timer_list and /proc/vmallocinfo, the private mem of a
> > seq_file is not freed. Fix it by adding the paired proc_seq_release
> > as the default release handler of proc_seq_ops instead of seq_release.
>
> Indeed, thanks for the patch.
>
> Reviewed-by: Christoph Hellwig <[email protected]>
>
What's our plan for this issue? We can still see the leaking in 4.18-RC2.
1) Run 'cat /proc/timer_list' then
2) echo scan > /sys/kernel/debug/kmemleak
3) cat /sys/kernel/debug/kmemleak
each time, it leaks 16 bytes.
unreferenced object 0xffff880017525120 (size 16):
comm "cat", pid 4682, jiffies 4294964743 (age 46.880s)
hex dump (first 16 bytes):
04 00 00 00 01 00 00 00 42 00 96 e7 3f 00 00 00 ........B...?...
backtrace:
[<000000006f6b5d90>] seq_open_private+0x25/0x40
[<00000000d94d91aa>] proc_seq_open+0xca/0x120
[<00000000d5609077>] proc_reg_open+0x1d4/0x5b0
[<0000000036a3d49c>] do_dentry_open+0x7d6/0x1010
[<00000000d4fb0a82>] vfs_open+0x170/0x2b0
[<00000000f3bf21b4>] path_openat+0x760/0x3750
[<00000000b0d4e66c>] do_filp_open+0x1bb/0x2c0
[<0000000063b53236>] do_sys_open+0x2b2/0x490
[<00000000a5249c62>] do_syscall_64+0xd3/0x6e0
[<000000006f9f8436>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[<000000001d702cb2>] 0xffffffffffffffff
--
Regards,
Chunyu Hu
Al, can you pick up this fix from Chunyu?
On Tue, Jun 26, 2018 at 08:20:52AM -0400, Chunyu Hu wrote:
>
>
> ----- Original Message -----
> > From: "Christoph Hellwig" <[email protected]>
> > To: "Chunyu Hu" <[email protected]>
> > Cc: [email protected], [email protected], [email protected], [email protected]
> > Sent: Monday, June 11, 2018 2:23:54 PM
> > Subject: Re: [PATCH] proc: add proc_seq_release
> >
> > On Sun, Jun 10, 2018 at 03:51:24AM +0800, Chunyu Hu wrote:
> > > kmemleak reported some memory leak on reading proc files. After adding
> > > some debug lines, find that proc_seq_fops is using seq_release as
> > > release handler, which won't handle the free of 'private' field of
> > > seq_file, while in fact the open handler proc_seq_open could create
> > > the private data with __seq_open_private when state_size is greater
> > > than zero. So after reading files created with proc_create_seq_private,
> > > such as /proc/timer_list and /proc/vmallocinfo, the private mem of a
> > > seq_file is not freed. Fix it by adding the paired proc_seq_release
> > > as the default release handler of proc_seq_ops instead of seq_release.
> >
> > Indeed, thanks for the patch.
> >
> > Reviewed-by: Christoph Hellwig <[email protected]>
> >
>
> What's our plan for this issue? We can still see the leaking in 4.18-RC2.
>
> 1) Run 'cat /proc/timer_list' then
> 2) echo scan > /sys/kernel/debug/kmemleak
> 3) cat /sys/kernel/debug/kmemleak
>
> each time, it leaks 16 bytes.
>
> unreferenced object 0xffff880017525120 (size 16):
> comm "cat", pid 4682, jiffies 4294964743 (age 46.880s)
> hex dump (first 16 bytes):
> 04 00 00 00 01 00 00 00 42 00 96 e7 3f 00 00 00 ........B...?...
> backtrace:
> [<000000006f6b5d90>] seq_open_private+0x25/0x40
> [<00000000d94d91aa>] proc_seq_open+0xca/0x120
> [<00000000d5609077>] proc_reg_open+0x1d4/0x5b0
> [<0000000036a3d49c>] do_dentry_open+0x7d6/0x1010
> [<00000000d4fb0a82>] vfs_open+0x170/0x2b0
> [<00000000f3bf21b4>] path_openat+0x760/0x3750
> [<00000000b0d4e66c>] do_filp_open+0x1bb/0x2c0
> [<0000000063b53236>] do_sys_open+0x2b2/0x490
> [<00000000a5249c62>] do_syscall_64+0xd3/0x6e0
> [<000000006f9f8436>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
> [<000000001d702cb2>] 0xffffffffffffffff
>
>
> --
> Regards,
> Chunyu Hu
---end quoted text---
On Wed, Jun 27, 2018 at 09:09:40AM +0200, Christoph Hellwig wrote:
> Al, can you pick up this fix from Chunyu?
Applied.