Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1757882AbcLUTPl (ORCPT <rfc822;w@1wt.eu>);
        Wed, 21 Dec 2016 14:15:41 -0500
Received: from mail-db5eur01on0091.outbound.protection.outlook.com ([104.47.2.91]:62288
        "EHLO EUR01-DB5-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1757749AbcLUTPe (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 21 Dec 2016 14:15:34 -0500
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=aryabinin@virtuozzo.com; 
Subject: Re: [PATCH 1/2] kasan: drain quarantine of memcg slab objects
To: Greg Thelen <gthelen@google.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Alexander Potapenko <glider@google.com>,
        "Dmitry Vyukov" <dvyukov@google.com>,
        Vladimir Davydov <vdavydov.dev@gmail.com>
References: <1482257462-36948-1-git-send-email-gthelen@google.com>
CC: Christoph Lameter <cl@linux.com>, Pekka Enberg <penberg@kernel.org>,
        "David Rientjes" <rientjes@google.com>,
        Joonsoo Kim <iamjoonsoo.kim@lge.com>, <kasan-dev@googlegroups.com>,
        <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>
From: Andrey Ryabinin <aryabinin@virtuozzo.com>
Message-ID: <7a7bdc20-121e-07d7-cb02-bb44902cd797@virtuozzo.com>
Date: Wed, 21 Dec 2016 19:42:22 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <1482257462-36948-1-git-send-email-gthelen@google.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [195.214.232.10]
X-ClientProxiedBy: HE1PR0101CA0024.eurprd01.prod.exchangelabs.com
 (10.168.141.162) To DB6PR0801MB2054.eurprd08.prod.outlook.com (10.168.86.135)
X-MS-Office365-Filtering-Correlation-Id: 3552cbb1-172e-4f65-c4e2-08d429c04500
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:DB6PR0801MB2054;
X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB2054;3:Kr6sjCT9AURjnwcKynFTWmN/Qodfn7723cyzsRjzPFJbKVpLuEq740kWleax8YgYxjavdseiHXw0h1J7YLYLAjBF2+U+y+9YDIcTsgYl/W/D7MeTGrOu+nofl+XPHF5LzH28z7aKYKvBp0UMVvYD7vqjrP/vDk/XNnrtTTRiatZKvaNoYtQLbxf4LK8i+StRbpptslh0Eunr8rHRITSwzSDf9G4JsFmAc+zwDP6IKR9t8yrFZYYb1CNw2PEuJcNMv5rfzeN2X0QSzC+WsU0d2w==;25:9m3164KxPNC3Cku1ClsXkKdIy/UnSdERolakw+aFsXbVAP162g3AZEepuz7k52MQvzSfZSUPyLCLGA97/h08wloAURf9Eatwi279AxqdqR1p5pHXj7ZROCIWEfK4ajP1Tsk3HKZ8q5uw5pAuCVub81DReB/DJil8G5bEwSkVYj0v88llVhWXSs0R2JxP8HMFZ7q5u3G4zLg8Pvx5TPm3GUTJ3LeoiEHK2ZOG9QKkbBjPOTHOST9W4THgjIkncUInaeeKyle1wZt90Z96j8h1JkdIJOE+vMaIv/1+px/2Qk7ILOgIV3yuungROPU4BLuxQElKbulyxIbc90uYIjhKvgZSRExSo7L2ol42a25KKyaw+CzOGeq2f/Wo3GdMUgYDuZwenfCbWtrdZ2ma86+NycUKIinR+udMuHGxlq1W0XTuczZ3zj79pQznIK4q/wuD3h2AIeJHv4YgRaIYVFIqpg==
X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB2054;31:DRbDiDPu+ImZxME+T1rA9scZ0llNRwqlOHwa65fmRu+ONt1EPnDLJZAcgP8T659DOcueuwPwX43fxEUVuScyZrBor5x+9/phBbJbEUVGlLhVZB/Bq9c3zinFtIp1pBq6i/HC61K8KxjftchVSMPuSNqW3TfScSuL33bOBnEGN6vIQXJ9lEzBs0P25oaaUlFIcevYIKSM4M5qzqUQ0aqZ3M12cmk/0X0kpBUWtsbm3Zps/qaMhSmDTpmzKIyl3oU2WVJSk1MU1Z9TfPjDTp7fIw7+7DkoWSXxSQ4fnEreseg=;20:53XlTWgwW/7uysCF2OEoutSEIisV6wentn6D6lXogb8ZPqAkVkiColCx2WLQaOmDz49lch5NcrHQtjqh4UuM06ijRqDdplTCaHwiV1WSbJH+hPh8fDaGOV83rtOLf8nwz/iB6YBuhpZhlV1H85Z/adGuWQuEUMVhbLtCQOKl6bvw6ZQwWPyXSK6Kre9udxAESJ1pp9aHnVgJA6/PAByPKnitDCZoAFK20+OISHZkPZ9R12fPmy5PHXDARL05i3sH
X-Microsoft-Antispam-PRVS: <DB6PR0801MB2054E11D43BB1112AD54DEB3B0930@DB6PR0801MB2054.eurprd08.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(211936372134217);
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6041248)(20161123562025)(20161123564025)(20161123560025)(20161123555025)(6072148);SRVR:DB6PR0801MB2054;BCL:0;PCL:0;RULEID:;SRVR:DB6PR0801MB2054;
X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB2054;4:mzWaTmy0HVqP230J4UONaITydiTzr8HgPFiBqpF7T1V7o50Fa9HbTqSQ3AdCdOc16/GTypvzZfuEqy4DvXM0krP23ZooQ9CFLeXVbmExZ4euADC+EDBKM8sW5dOTXBw32ySXTak1bre3k8pfZfZrzWbaONTCfcme/xrYJ4ZbG5ipuwsNMNS4RHr0ShJQ1kCBSyfgVnO0kSJK//O93jJ5Q4VJM3mz/BfZyIlc/VgVNJtek6HyN0Q7dL3fhH0pikC6wt7BUoXgCtwB+tZf5/zpgeKvZJaa2i7rLzVszSpW4e5YM3IJwlpAYeUIqTqRkqNf6TuKV79EBmYTVkmJLPH9dDE4aoErGtLcwyuDl1i/uJD+Kgpfm5d1H+x0N9HLmKe9Nv3IS4TySWBOsy46CwIutmxponOBdR2wiUIC5IT2hMgEt5kQIaVh9t7NcgtIRsAFPrFIMlaOAAfAdeodF4vO/m/MR2hccUQTaQ3ic4qVadQrNdV0mAx9aJr+dab5SQCEVUfr9Yg6fOF5lLHG3yd5GM+caHZ3apGL3Mr80TsXUdU0n1Or7J4vFvo7hNiivFknVYr/cfL8pGKNtYAWdN6o0RBOGyqXYKk/eaixwew8TQZYbLs8aeL09n1hUG+gBLri
X-Forefront-PRVS: 01630974C0
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6009001)(6049001)(7916002)(39450400003)(199003)(24454002)(189002)(377454003)(47776003)(81166006)(86362001)(81156014)(229853002)(31696002)(3846002)(105586002)(92566002)(6116002)(65956001)(106356001)(50466002)(66066001)(65806001)(4326007)(101416001)(7416002)(8676002)(68736007)(2906002)(2950100002)(6486002)(23746002)(305945005)(31686004)(6666003)(5001770100001)(97736004)(33646002)(189998001)(90366009)(25786008)(39060400001)(83506001)(36756003)(230700001)(77096006)(4001350100001)(42186005)(5660300001)(76176999)(50986999)(54356999)(7736002)(65826007)(64126003)(38730400001);DIR:OUT;SFP:1102;SCL:1;SRVR:DB6PR0801MB2054;H:[10.30.19.223];FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1;DB6PR0801MB2054;23:ZCLoL/uVdk+WarLhDKVXJqtV8xNzrulw7Fk?=
 =?Windows-1252?Q?FkU9LF6i1pamgZybB4+CCHDHiNmaVeo6X2ENqNXGm+3sWZblQIpoyaB4?=
 =?Windows-1252?Q?SH/TKduf2ow9YoadsuRGlaT1t7kNHETddz2uobMwtzmkAscgv5WxzfxN?=
 =?Windows-1252?Q?vqGhi4S4H+7Z24GZmUqpZArupx7rGibl+2AIlpVCYDTHVfVZ8OdZ0SC+?=
 =?Windows-1252?Q?gVp9EFRQo7Ae3oN51a89y/5dJvXolhyrp35QXeIngQvJy8+qt9ZX/nB2?=
 =?Windows-1252?Q?4xuX/1/nefos4jjmxhdfE5XJzpZ3eczQmrUErXwEK4Ccoycji/gynCTV?=
 =?Windows-1252?Q?/eishcSdjGssY/k0twQ8tt6h+1Eoh0tB+irHW2E0tQlN7fpoafThbqo6?=
 =?Windows-1252?Q?jALa9pmXTJ0MWjSKMz+1W5mt+9HASSwoJVx2Qu4+W9IjXrtl9z61uWax?=
 =?Windows-1252?Q?ckk7b9O8uAZ9wHfBmuMSa/illBvN7fTs8KQnFfgWRGt82FqNUegWa0FZ?=
 =?Windows-1252?Q?wtxiFnpGtUK6eGNI19s4eEcw0bkqGmnIr7H5E4glQHowG7P5WSurhMi/?=
 =?Windows-1252?Q?//nEfH7tdxSeOl0KbFxIcYLJa8zyIVUVLqyARjpg5Uosb1KgB5rCiJNA?=
 =?Windows-1252?Q?TJr6f1xvjCg6ePdCQ1/Q4aSEqOetMGvZ6MtX0Q6xpj9mi35CbxljbnCB?=
 =?Windows-1252?Q?HuuLeESNel88b+gHKo6QkL+/MLEkrUN8wjTrTfC739vwA1swL7RCYpxP?=
 =?Windows-1252?Q?lbpxn7jtpETqD1Pwu49QL8lxzEt3cCgA23DEfuh7uHavDrHTcBpgHirt?=
 =?Windows-1252?Q?88s4+1CPtSBTLGrSowc01qhXnPKEYzhBHaWdlOgNndGydSyBmdvd20AJ?=
 =?Windows-1252?Q?3wLe4UP1L4L2icyaH5Pm7vUbBJc8ngPAVo1ozPW7aT40d5HvPgy+pJaY?=
 =?Windows-1252?Q?Ym1bNqa63xCSIiLHRGR4QA3uvjan3+tvjCtnos8shOJS1cotfoIbi9NE?=
 =?Windows-1252?Q?sJG0Qp3gHE2CRYBo4aUpw7dQ2f16OD2lHAK4maCWh8qeR0iq2LTZfxZI?=
 =?Windows-1252?Q?WQ+8UvSI1bU2LGslTcCjqu19lOa0+fqo1IcWR3UgqwG29CgKgizUFEAP?=
 =?Windows-1252?Q?tKy4RgVfCxISRKaZ8+4ULvCcChn7aQ683KL0rGbu4qP8IOFSrrTbWA3j?=
 =?Windows-1252?Q?/wprQx8l8wHpzIfHn8mvVFXmCirVtDm9+w557+cEYDGbmE2RkHM/fC37?=
 =?Windows-1252?Q?viwp8LijZRJWfObqJQSP31Tu7/DMnxs9fO3q6eBPuZQkgZRiND6lIdrP?=
 =?Windows-1252?Q?ItzCZEXmJ58f61Y6AE9WqaI7EayLvBPmQ8wpFUnDQzaIEJV76sDpMltI?=
 =?Windows-1252?Q?d1rI2Etl1g16lmhgyzT93MNtPW/x5Ig6sP20T67pOpmK/8aB0B3U6lwa?=
 =?Windows-1252?Q?5likEvviD0SGOUNkVloYAAyGA+gmy5UET3dVPLFRvrpx0qPO3SvGKvQ/?=
 =?Windows-1252?Q?staq2Xcc=3D?=
X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB2054;6:GM3hleZnJmzP4WC90AAg8p6ah0wU9Ti7lEzGkOF5VGzf0JWrj4gD72GbuIkmRAVs+WTCTB9KsEUYqB9lAaKfKjOy/1X50/Povf7fI7r93XiXMTm6pmukgDdqqNqVcY1SXLp0icExZn8BLl8GDac6vICw+DOnk1nd8BV8vPj99NRo9Uu2JjtjkOmK9IvImpnlMxC63nonI0HeVHK6glFpurqYaL3VLTsCtjpOElgoFXUcjvxkHhy12AZA2qaA6LUI5jo9yIKlBXmBk/yPqwnIM18Td5DWSeHXc6t1Wr8tvrSiNSgGrpQyaBBk2slZSzAQuWi6besn3W5jN8DCNvMsew+kQGaaSuJuEdWuHlPWAE1z2Q3Q+K0ChSqv0thOZvrTsaaNf2ALyxuF68peLa4YaluUaLhrIIGrS40Y0gWE53E=;5:J3g+75XgA5z/eI7Ihkzx+6FpksMsxxRrWU86pWULj5ff/HMw+7cXvKp8LPXp7f6yqwZmfz0s+iL6wrGEefvqSWwMWa3KVvcT3rvbB0EVidxaKXYfV3YTYeFizyRlKlYpEhoXYRa/u+cHAD3oNXOH2Q==;24:N2gqvAQQ0vPx26Xo3RTByNCGyeYm79vkmYqMIBCr6uJghYyTFHYmVNmxaw+QnaYlsZpCMkl8PdKFjr8KDGGmVfLuu94WIQ05il3mrM5UwtM=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;DB6PR0801MB2054;7:J1F0MtDxsCVWVXz0M1J9sx0gI1HBI8Y9mlTI+7Eel7FKnDFeV06v1vxbM4hlYlka7w0AvuR+GwO5oIWWG/OoP0duohGnOcEU9MV+sjLsgxX3AFAEE9ysMbUSw7KHMDevhUfOgEGAB5LguNs7Zd271ZoZZ8D//HBKH+D8maPdRgFG9++X8VFtavULdV9oVqH1JIcWlO7oHOb0BLBC9Snn6jwGd/MmIu+KwqQF9t1rSHNMn5T/XJkHdr7D1+csHVd3x3KImMD41uO18ubtWEKdJg3Jlej6ewJEOVejFSw1Fs5a0DWMuSrXpp9MUVu+jPPMRjoiJxh8ybVyveto1r9vm922kqbrxU6MgDKTJ/MD4ZPMVt0md/bhXPWG7NLxuj9yJ9TbBAbHJz3OKzNKHQAha9/liFUBsolaiizKoz0LyRuZXGjo7FCozC3Tir6Kr6HDHyyLFzYIaewFQzEBzBtqhw==;20:8q4iNONZRyKUUCDTyXaB+g2EiVmUE2UoBM5c4ESV18ENrgv+tWYb7MagCk0oyVWl23ppfVsSztAgjK0RQb4NtDpPdnkOBPuL3PxKj4umjHr7hMVy1Rj3NEtqMMCrt+IrsQzOi/QJaUb43X6+77uIC/mUwasO5LsuMeh9tYEIook=
X-OriginatorOrg: virtuozzo.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2016 16:41:51.7186 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB2054
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1828
Lines: 37

On 12/20/2016 09:11 PM, Greg Thelen wrote:
> Per memcg slab accounting and kasan have a problem with kmem_cache
> destruction.
> - kmem_cache_create() allocates a kmem_cache, which is used for
>   allocations from processes running in root (top) memcg.
> - Processes running in non root memcg and allocating with either
>   __GFP_ACCOUNT or from a SLAB_ACCOUNT cache use a per memcg kmem_cache.
> - Kasan catches use-after-free by having kfree() and kmem_cache_free()
>   defer freeing of objects.  Objects are placed in a quarantine.
> - kmem_cache_destroy() destroys root and non root kmem_caches.  It takes
>   care to drain the quarantine of objects from the root memcg's
>   kmem_cache, but ignores objects associated with non root memcg.  This
>   causes leaks because quarantined per memcg objects refer to per memcg
>   kmem cache being destroyed.
> 
> To see the problem:
> 1) create a slab cache with kmem_cache_create(,,,SLAB_ACCOUNT,)
> 2) from non root memcg, allocate and free a few objects from cache
> 3) dispose of the cache with kmem_cache_destroy()
> kmem_cache_destroy() will trigger a "Slab cache still has objects"
> warning indicating that the per memcg kmem_cache structure was leaked.
> 
> Fix the leak by draining kasan quarantined objects allocated from non
> root memcg.
> 
> Racing memcg deletion is tricky, but handled.  kmem_cache_destroy() =>
> shutdown_memcg_caches() => __shutdown_memcg_cache() => shutdown_cache()
> flushes per memcg quarantined objects, even if that memcg has been
> rmdir'd and gone through memcg_deactivate_kmem_caches().
> 
> This leak only affects destroyed SLAB_ACCOUNT kmem caches when kasan is
> enabled.  So I don't think it's worth patching stable kernels.
> 
> Signed-off-by: Greg Thelen <gthelen@google.com>
> 

Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>