Received: by 10.223.176.46 with SMTP id f43csp1644160wra; Sun, 21 Jan 2018 01:12:59 -0800 (PST) X-Google-Smtp-Source: AH8x226R7uUTplAjFjSR00SCbI37qxKRRVSem1NTgZuZiQO0a87JcwDSHbvO4z52H4tGpAGNGHU8 X-Received: by 10.99.170.73 with SMTP id x9mr4081874pgo.393.1516525979576; Sun, 21 Jan 2018 01:12:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516525979; cv=none; d=google.com; s=arc-20160816; b=tOdKGrzEJ7iD5f4+QoQ8FhiudIcNfhT05qUey9ihnVCFNQLHAkiGXfI4DWjIJxF5KQ lqVO3NZ2Ypp9G05xOW7quSJdyR64MmbOMtgHiBcI20bRg/VykM1Jld0Ky69EXiV0nkb/ l6UZhDgKQevB5OXDVCXIN9WGEgEB9o1hISMyNojAjSGOvjhVK9Mev60lkgbMlymGvszE wDafCx+5ZlpDAOpf0mJHfol7d7xfm9/t7D/wlZ8j3SUkDiW3YdLlhRbUTJki17m5oD3Z WKfJouT12xDLez9XA0Fm/HR93uuK6jXKcP53bvcuRZIGr1eX0MPKlDo278UJTl6TQMvE NbMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:arc-authentication-results; bh=N9Mvj/r9uGznV3F2XuZbmv6r4C9h1NUhXojeFhxsrKo=; b=r+iSm9IYkuz4UP4bORMCDYwTsElCQnNvO5EhCJ5RrrTA2G2xLosSBIyuNpIbVHml80 snGo7TJ4F4AflUN2u7x9oHADn25Ieqs92LjJ1qSl3FSCMh/5PWJN2ch/bg0bfXvCzqce ymhPBo1gudb4qdJYpHf3KlD+VaAdPl2hhFI3UCwqmAMx25tMf2wbbbPqDMrBk13y2K3U DyB6FAq9sYRYBzVqUqsYbs27maHrLB+cWw7JG08Pw0F/hQfd7Yld1jQ/vDaVncbEESwV wD1dtElTvTQAj9GBfV20wbiup7KoBJUefdKzskzlbUp6R1KLfNOcACB5DjI61S3FV1SL UQCQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 3si13282337pfi.416.2018.01.21.01.12.18; Sun, 21 Jan 2018 01:12:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751031AbeAUJL2 (ORCPT + 99 others); Sun, 21 Jan 2018 04:11:28 -0500 Received: from outprodmail02.cc.columbia.edu ([128.59.72.51]:40263 "EHLO outprodmail02.cc.columbia.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750876AbeAUJL0 (ORCPT ); Sun, 21 Jan 2018 04:11:26 -0500 Received: from hazelnut (hazelnut.cc.columbia.edu [128.59.213.250]) by outprodmail02.cc.columbia.edu (8.14.4/8.14.4) with ESMTP id w0L9B50B002943 for ; Sun, 21 Jan 2018 04:11:25 -0500 Received: from hazelnut (localhost.localdomain [127.0.0.1]) by hazelnut (Postfix) with ESMTP id 770A57E for ; Sun, 21 Jan 2018 04:11:26 -0500 (EST) Received: from sendprodmail03.cc.columbia.edu (sendprodmail03.cc.columbia.edu [128.59.72.15]) by hazelnut (Postfix) with ESMTP id 625E07E for ; Sun, 21 Jan 2018 04:11:26 -0500 (EST) Received: from mail-wr0-f197.google.com (mail-wr0-f197.google.com [209.85.128.197]) by sendprodmail03.cc.columbia.edu (8.14.4/8.14.4) with ESMTP id w0L9BOXY034098 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for ; Sun, 21 Jan 2018 04:11:25 -0500 Received: by mail-wr0-f197.google.com with SMTP id 31so4570889wru.0 for ; Sun, 21 Jan 2018 01:11:25 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=N9Mvj/r9uGznV3F2XuZbmv6r4C9h1NUhXojeFhxsrKo=; b=djOk4NTLQkVQwohCpWZI02iUw4eSzOx1A2idzKm3TdGYjc6NlWoEBb0sRNFmyeoWU3 VBWAcAK+LIac/v6RoHsTYwHjWCFK5puQb0OIfliuTzEw+EeCpfnZqMZtf00O8lUlRYqi XUzbozGfQsWXdQSChZkCc+7JK9x7B3urj0Nwrj03BH85Cc5c7nGJ18u/9BTiPpHNR5pQ Q1K5YZVJbawCaZgMkIQWK5j6fUr9Ut6xV8lZY/U+2zsijCQ0HF15Z5hTpSKNqOBbYLne Qp+j+LxdzeM/kCbrXpHWVrqidfRpIKIG+8Y/EzAHQh37aYboismgw1yQWVxrvOfPcrs3 9xJQ== X-Gm-Message-State: AKwxytec0bydMn8tv6KWAzOCgePFq3aEYAOue3s+5vuWPw+AJm+hAtS4 puIf6a7wfSMxcmFrNg5cOw6s9mlFxF3xtf2pVLoXhFOznXzidivKc10NYTxr/Vuv5f+ft8upmdF qTVqvFmGKzbadm1JC63fObHXqlDULvFlIk+7KP9fKjBbDMKZI X-Received: by 10.80.213.82 with SMTP id f18mr7682919edj.255.1516525884540; Sun, 21 Jan 2018 01:11:24 -0800 (PST) X-Received: by 10.80.213.82 with SMTP id f18mr7682887edj.255.1516525884105; Sun, 21 Jan 2018 01:11:24 -0800 (PST) MIME-Version: 1.0 Received: by 10.80.241.82 with HTTP; Sun, 21 Jan 2018 01:11:23 -0800 (PST) In-Reply-To: References: From: Shankara Pailoor Date: Sun, 21 Jan 2018 01:11:23 -0800 Message-ID: Subject: Re: Possible Memory Leak in KCOV Linux 4.15-rc1 To: Dmitry Vyukov Cc: LKML , syzkaller , Andrew Zhu Aday Content-Type: text/plain; charset="UTF-8" X-No-Spam-Score: Local X-Scanned-By: MIMEDefang 2.78 on 128.59.72.15 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Dmitry, The leaks went away when I disabled and closed the old file descriptors before opening new ones. The patch you sent wouldn't work because t is not initialized at the line. This seems to work for me diff --git a/kernel/kcov.c b/kernel/kcov.c index 7594c03..1397006 100644 --- a/kernel/kcov.c +++ b/kernel/kcov.c @@ -371,6 +371,8 @@ static int kcov_ioctl_locked(struct kcov *kcov, unsigned int cmd, else return -EINVAL; t = current; + if (!t->kcov) + return -EBUSY; /* Cache in task struct for performance. */ t->kcov_size = kcov->size; t->kcov_area = kcov->area; On Sat, Jan 20, 2018 at 7:06 AM, Dmitry Vyukov wrote: > On Sat, Jan 20, 2018 at 4:01 PM, Shankara Pailoor wrote: >> Hi Dmitry, >> >> I will try and get something to you tomorrow. Just wondering, but what >> happens to the old struct kcov if a task opens /sys/kernel/debug/kcov >> twice? I am looking here >> https://elixir.free-electrons.com/linux/v4.15-rc8/source/kernel/kcov.c#L381 >> and I don't see where the previous struct would get freed. > > Good question. Perhaps we need something like: > > diff --git a/kernel/kcov.c b/kernel/kcov.c > index 7594c033d98a..c76498018500 100644 > --- a/kernel/kcov.c > +++ b/kernel/kcov.c > @@ -358,7 +358,7 @@ static int kcov_ioctl_locked(struct kcov *kcov, > unsigned int cmd, > */ > if (kcov->mode != KCOV_MODE_INIT || !kcov->area) > return -EINVAL; > - if (kcov->t != NULL) > + if (kcov->t != NULL || t->kcov != NULL) > return -EBUSY; > if (arg == KCOV_TRACE_PC) > kcov->mode = KCOV_MODE_TRACE_PC; > > > >> On Sat, Jan 20, 2018 at 4:38 AM, Dmitry Vyukov wrote: >>> On Fri, Jan 19, 2018 at 8:29 PM, Shankara Pailoor wrote: >>>> Hi Dmitry, >>>> >>>> I added support for kcov in strace and I have been tracing a fairly >>>> large program but after a little while, I notice that when I mmap a >>>> new cover buffer, the call fails with ENOMEM. After killing the >>>> program, I try and rerun and I notice that there is nearly no memory >>>> on the system. When I do a kmemleak scan I get the following reports: >>>> >>>> I believe the problem occurs when I try and setup the kcov buffer >>>> again after an exec. Instead of reusing the old file descriptor I open >>>> kcov again within that process. In that case, I don't know what >>>> happens to the old kcov struct. >>>> >>>> I don't see a maintainers list for kcov so I decided to email you >>>> directly. Let me know what more information I can provide. >>> >>> >>> Hi Shankara, >>> >>> Looks bad. Can you provide a reproducer? >>> We extensively use kcov with syzkaller, but have not observed such >>> leaks. Also I don't see anything obvious in the code. >>> >>> Thanks >>