This commit contains 3 modifies:
1.Convert the type of jiffies_scan_wait to "unsigned long".
2.Use READ/WRITE_ONCE() for accessing "jiffies_scan_wait".
3.Fix the possible wrong memory scanning period. If you set a large
memory scanning period like blow, then the "secs" variable will be
non-zero, however the value of "jiffies_scan_wait" will be zero.
echo "scan=0x10000000" > /sys/kernel/debug/kmemleak
It is because the type of the msecs_to_jiffies()'s parameter is
"unsigned int", and the "secs * 1000" is larger than its max value.
This in turn leads a unexpected jiffies_scan_wait, maybe zero. We
corret it by replacing kstrtoul() with kstrtouint(), and check the
msecs to prevent it larger than UINT_MAX.
Signed-off-by: Yanfei Xu <[email protected]>
---
mm/kmemleak.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index 92a2d4885808..228a2fbe0657 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -219,7 +219,7 @@ static struct task_struct *scan_thread;
static unsigned long jiffies_min_age;
static unsigned long jiffies_last_scan;
/* delay between automatic memory scannings */
-static signed long jiffies_scan_wait;
+static unsigned long jiffies_scan_wait;
/* enables or disables the task stacks scanning */
static int kmemleak_stack_scan = 1;
/* protects the memory scanning, parameters and debug/kmemleak file access */
@@ -1567,7 +1567,7 @@ static int kmemleak_scan_thread(void *arg)
}
while (!kthread_should_stop()) {
- signed long timeout = jiffies_scan_wait;
+ signed long timeout = READ_ONCE(jiffies_scan_wait);
mutex_lock(&scan_mutex);
kmemleak_scan();
@@ -1807,14 +1807,20 @@ static ssize_t kmemleak_write(struct file *file, const char __user *user_buf,
else if (strncmp(buf, "scan=off", 8) == 0)
stop_scan_thread();
else if (strncmp(buf, "scan=", 5) == 0) {
- unsigned long secs;
+ unsigned secs;
+ unsigned long msecs;
- ret = kstrtoul(buf + 5, 0, &secs);
+ ret = kstrtouint(buf + 5, 0, &secs);
if (ret < 0)
goto out;
+
+ msecs = secs * MSEC_PER_SEC;
+ if (msecs > UINT_MAX)
+ msecs = UINT_MAX;
+
stop_scan_thread();
- if (secs) {
- jiffies_scan_wait = msecs_to_jiffies(secs * 1000);
+ if (msecs) {
+ WRITE_ONCE(jiffies_scan_wait, msecs_to_jiffies(msecs));
start_scan_thread();
}
} else if (strncmp(buf, "scan", 4) == 0)
--
2.27.0
On Mon, Jun 14, 2021 at 01:40:22AM +0800, Yanfei Xu wrote:
> This commit contains 3 modifies:
>
> 1.Convert the type of jiffies_scan_wait to "unsigned long".
>
> 2.Use READ/WRITE_ONCE() for accessing "jiffies_scan_wait".
>
> 3.Fix the possible wrong memory scanning period. If you set a large
> memory scanning period like blow, then the "secs" variable will be
> non-zero, however the value of "jiffies_scan_wait" will be zero.
>
> echo "scan=0x10000000" > /sys/kernel/debug/kmemleak
>
> It is because the type of the msecs_to_jiffies()'s parameter is
> "unsigned int", and the "secs * 1000" is larger than its max value.
> This in turn leads a unexpected jiffies_scan_wait, maybe zero. We
> corret it by replacing kstrtoul() with kstrtouint(), and check the
> msecs to prevent it larger than UINT_MAX.
>
> Signed-off-by: Yanfei Xu <[email protected]>
Acked-by: Catalin Marinas <[email protected]>