Received: by 10.223.185.116 with SMTP id b49csp1909396wrg; Mon, 12 Feb 2018 00:31:45 -0800 (PST) X-Google-Smtp-Source: AH8x227Wno0UgXWM9S9C8XRfIDJ1DFV7n5cs/GQRnJEqWzYlxWAxmKtn0oooFW9EQPTLq5elLWV2 X-Received: by 2002:a17:902:6b49:: with SMTP id g9-v6mr10158250plt.9.1518424305093; Mon, 12 Feb 2018 00:31:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518424305; cv=none; d=google.com; s=arc-20160816; b=DV2eVJym0JWhNeE0RygSfaWeK3l9sjbKnzFJqOB2wnnAG8YH5KQsvjsqUNcwZZHRWp g+l5cY4bE6yBh6Tp3TRtQR4kUdoxj+hZbVn0L2GcZU1XMMASHEI7JZG03TIEl35MedB5 KUsXOMAhc04up+LatUwoqUTiDJ/vQkoqh4DN2XnZ7cV+mfdSS7fThuNKuoNBqGOunKuJ 4MDjXQe5G4Gw+mCwj7KLeicv14jjl3rkLMA07Ta8jNpt6PWGs0bxMXR05HGxEpL71Tkk nmRSUFwY45kODklOM1tzKw6NooIwpP50w7qY9ESSpM1AC4j4eug7+PnZLPgh3hfm9rwE CgxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=chaK/ujRTwmCZP5k0cWGjc8o7jBuTsspOGqZ0iKW8E4=; b=gs3PxkL6I08pHJFEOeUNI50IESAbY2dzEZCutzph4UQgfMp2B+bS/tyDXT+cI0pB4u jJpYW3IxfucSdPPpDnaHBuxritaa4ajWg9AVMB7eCwfJm9jrnDgsHHWHlVXpSy45/lM+ V/X4SrsFSSGmSORhMcQVBL8fkKqMQVsrcjRGvzDr3fN4VozzDxjB/oNG7HvLvZ2ikNkH VVuhjn+2Pt3vYQTijnKPrNjiece3UY0H5kQ8b3VM1kVy272o5/FVvlqcCMjNbjYvRBau bIYynPwpe96AQyrJvoAAS8FMZtlXCpcvOydlBdGSbI8TKrVtqwQIjXf5HEEeMM22wZv9 YRBA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c1-v6si3721059pld.427.2018.02.12.00.31.31; Mon, 12 Feb 2018 00:31:45 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932944AbeBLI2m (ORCPT + 99 others); Mon, 12 Feb 2018 03:28:42 -0500 Received: from www62.your-server.de ([213.133.104.62]:47322 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932785AbeBLI2l (ORCPT ); Mon, 12 Feb 2018 03:28:41 -0500 Received: from [62.202.221.8] (helo=linux.home) by www62.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-SHA:256) (Exim 4.85_2) (envelope-from ) id 1el9TY-00015I-Od; Mon, 12 Feb 2018 09:28:36 +0100 Subject: Re: [kmemleak] unreferenced object 0xcd9c1a80 (size 192): To: Yonghong Song , Mathieu Malaterre , Alexei Starovoitov Cc: Alexei Starovoitov , LKML References: <3fa5958d-c14e-56bd-de49-84fc43db4b32@fb.com> From: Daniel Borkmann Message-ID: <609d04c4-f947-ede5-3c4f-28eaf0b14745@iogearbox.net> Date: Mon, 12 Feb 2018 09:28:33 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <3fa5958d-c14e-56bd-de49-84fc43db4b32@fb.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.99.3/24307/Mon Feb 12 02:21:46 2018) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 02/12/2018 06:47 AM, Yonghong Song wrote: > On 2/11/18 11:18 AM, Mathieu Malaterre wrote: >> On Sun, Feb 11, 2018 at 5:54 PM, Alexei Starovoitov >> wrote: >>> On Sun, Feb 11, 2018 at 7:24 AM, Mathieu Malaterre wrote: >>>> Alexei, >>>> >>>> Could you please comment on why I am seeing those memleaks being >>>> reported on my ppc32 system ? Should they be marked as false positive >>>> ? >>>> >>>> System is Mac Mini G4, git/master (4.15.0+), ppc. >>>> >>>> Thanks for your time >>>> >>>> $ dmesg >>>> ... >>>> [ 1281.504173] kmemleak: 36 new suspected memory leaks (see >>>> /sys/kernel/debug/kmemleak) >>>> >>>> Where: >>>> >>>> # cat /sys/kernel/debug/kmemleak >>>> unreferenced object 0xdee25000 (size 192): >>>>    comm "systemd", pid 1, jiffies 4294894348 (age 1438.580s) >>>>    hex dump (first 32 bytes): >>>>      c0 56 2f 88 00 00 00 00 00 00 00 0b 00 00 00 0c  .V/............. >>>>      00 00 00 08 00 00 00 01 00 00 00 01 00 00 00 01  ................ >>>>    backtrace: >>>>      [<6c69baf5>] trie_alloc+0xb0/0x150 >>>>      [] SyS_bpf+0x288/0x1458 >>>>      [<82182f53>] ret_from_syscall+0x0/0x38 >>>> unreferenced object 0xdee25900 (size 192): >>>>    comm "systemd", pid 1, jiffies 4294894540 (age 1437.812s) >>>>    hex dump (first 32 bytes): >>>>      c0 56 2f 88 00 00 00 00 00 00 00 0b 00 00 00 08  .V/............. >>>>      00 00 00 08 00 00 00 01 00 00 00 01 00 00 00 01  ................ >>>>    backtrace: >>>>      [<6c69baf5>] trie_alloc+0xb0/0x150 >>>>      [] SyS_bpf+0x288/0x1458 >>>>      [<82182f53>] ret_from_syscall+0x0/0x38 >>> >>> hmm. looks real. Is there a reproducer? >>> Yonghong, lpm map not cleaning after itself? >> >> Not really. I simply boot up my machine and wait for the first kmemleak scan. > > I am not able to reproduce the issue. Tried with latest net-next on FC26 with kmemleak on. I only got this one after bootup, > 'cat /sys/kernel/debug/kmemleak' or > 'echo scan > /sys/kernel/debug/kmemleak >  cat /sys/kernel/debug/kmemleak': > > unreferenced object 0xffff99701a7386e0 (size 32): >   comm "mount", pid 1856, jiffies 4294669263 (age 98.440s) >   hex dump (first 32 bytes): >     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ >     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ >   backtrace: >     [<000000004668ec00>] security_sb_parse_opts_str+0x36/0x50 >     [<00000000a9807d2b>] parse_security_options+0x3d/0x60 >     [<00000000cc1e1d58>] btrfs_mount_root+0x139/0x720 >     [<00000000bdc4f1a3>] mount_fs+0x30/0x150 >     [<00000000f189f1bd>] vfs_kern_mount.part.26+0x54/0x100 >     [<0000000093ae5db7>] btrfs_mount+0x184/0x914 >     [<00000000bdc4f1a3>] mount_fs+0x30/0x150 >     [<00000000f189f1bd>] vfs_kern_mount.part.26+0x54/0x100 >     [<000000003b67b9fc>] do_mount+0x5b9/0xc70 >     [<00000000de4073a0>] SyS_mount+0x80/0xd0 >     [<00000000fc5a968a>] do_syscall_64+0x5d/0x110 >     [<000000003d61f5fc>] entry_SYSCALL_64_after_hwframe+0x21/0x86 >     [<00000000458a6ffa>] 0xffffffffffffffff > > Not sure whether the above is a true issue or not. > > However, by inspecting the code, I do find the trie_free in lpm_trie.c > may have missed freeing the trie memory. > > The change likes below should work: > -bash-4.2$ git diff > diff --git a/kernel/bpf/lpm_trie.c b/kernel/bpf/lpm_trie.c > index 7b469d1..cecb259 100644 > --- a/kernel/bpf/lpm_trie.c > +++ b/kernel/bpf/lpm_trie.c > @@ -589,6 +589,7 @@ static void trie_free(struct bpf_map *map) > >  unlock: >         raw_spin_unlock(&trie->lock); > +       kfree(trie); >  } > >  static int trie_get_next_key(struct bpf_map *map, void *_key, void *_next_key) > -bash-4.2$ > > Will propose a formal patch for this soon. Agree, good catch, and I also think that this is the issue, since this is what kmemleak reports in terms of size (192): struct lpm_trie { struct bpf_map map; /* 0 128 */ /* --- cacheline 2 boundary (128 bytes) --- */ struct lpm_trie_node * root; /* 128 8 */ size_t n_entries; /* 136 8 */ size_t max_prefixlen; /* 144 8 */ size_t data_size; /* 152 8 */ raw_spinlock_t lock; /* 160 4 */ /* size: 192, cachelines: 3, members: 6 */ /* padding: 28 */ };