Received: by 2002:ac0:aa62:0:0:0:0:0 with SMTP id w31-v6csp876674ima; Wed, 24 Oct 2018 10:33:33 -0700 (PDT) X-Google-Smtp-Source: AJdET5clpjob/Pyj4Iw3Zic9iBOzqJmFTqGdFrP7m8Gs2M/ruzzfdJ+3v87VpGsx6XrSIsL8c9Ps X-Received: by 2002:a62:e414:: with SMTP id r20-v6mr3527085pfh.25.1540402413385; Wed, 24 Oct 2018 10:33:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540402413; cv=none; d=google.com; s=arc-20160816; b=XkAENenFgnhDTP0DjivMvVyJVS3Ku99ZsYs55K0mmuUFtIOzWzsUTchouZJSuBwNcH 9HlLpEa0rykvX/aAc6i/rlKuRLxw8VBuRJxq5EmfkLPZIJ+Lpjn4KYFLCr2fIUDQYSyw o1L2FZbPzQ0h9uRxWlCO+pTaORDTkmTsDh/hRUIDBSqs8geOlFpW8yyU2e8Xdc2fYqTz BQdSEKzY70nQWfg6cGYscWPIj3DShIi/UtivXI/r4v1a0QhCfQRF5DsDKgkHAOfhuImt Vaeu/jy67EHFn0eDjZj/Bf9WkB2G2mhrI4IPPBSlDiMghc56yT1byu26Kwxp16v7n1Gl Snnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:to :from; bh=5BVPIxQ3CKixdC0pzNg+wqRv35UZpz1PsfCjSL16X8o=; b=0u96cZB+070mt1ZthR3i+NQmwRS8FUIawxgvPcM45V6Ce8Qo6gZ5D4fMuQw9x28ibz 9d+tjXjRG3wNaFdJWg4yEUmDwzyDb4tT2PND/kQIKAmyhYqH40GwKj2PfvaHrDgQ3+0l 9y1LJuZ3aBegYByU9Q+/zRyOgAkHPkZz8+ri7HzlmajEKqTQIMZ7fNII+htLzcOmLlc5 uc3tI4UOQnum3zir+gDoJHa3wpYYlsm+n4Bk7FbkHMLenh6XKkYaBuO0BTZOdTriV4T5 Uso4N4eNbGsqUOLjU8ucWmKhsE8gaPE9L7J6yhQA6CTh/s9EsuuEb5OpCWvQsAius7GD UcTw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j13-v6si5104556pfn.288.2018.10.24.10.33.17; Wed, 24 Oct 2018 10:33:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727147AbeJYCBm (ORCPT + 99 others); Wed, 24 Oct 2018 22:01:42 -0400 Received: from mail5.windriver.com ([192.103.53.11]:51866 "EHLO mail5.wrs.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726497AbeJYCBm (ORCPT ); Wed, 24 Oct 2018 22:01:42 -0400 Received: from ALA-HCA.corp.ad.wrs.com (ala-hca.corp.ad.wrs.com [147.11.189.40]) by mail5.wrs.com (8.15.2/8.15.2) with ESMTPS id w9OHUCJW013430 (version=TLSv1 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 24 Oct 2018 10:30:22 -0700 Received: from pek-lpg-core2.corp.ad.wrs.com (128.224.153.41) by ALA-HCA.corp.ad.wrs.com (147.11.189.40) with Microsoft SMTP Server id 14.3.408.0; Wed, 24 Oct 2018 10:30:00 -0700 From: To: , , , , , , , , , , Subject: [RFC] [PATCH] netfilter: Fix kmemleak false positive reports Date: Thu, 25 Oct 2018 01:29:57 +0800 Message-ID: <1540402197-173015-1-git-send-email-zhe.he@windriver.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: He Zhe unreferenced object 0xffff9643edb89900 (size 256): comm "sd-resolve", pid 220, jiffies 4295016710 (age 208.256s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 03 00 74 f3 ba b1 b6 b5 ..........t..... 65 3e 00 00 00 00 00 00 90 f9 a0 ed 43 96 ff ff e>..........C... backtrace: [<0000000070d5b185>] kmem_cache_alloc+0x146/0x200 [<0000000007a27faa>] __nf_conntrack_alloc.isra.13+0x4d/0x170 [nf_conntrack] [<00000000ecc5b0ec>] init_conntrack+0x6a/0x2f0 [nf_conntrack] [<000000003d38809f>] nf_conntrack_in+0x2c5/0x360 [nf_conntrack] [<000000001fe154e3>] ipv4_conntrack_local+0x5d/0x70 [nf_conntrack_ipv4] [<0000000027adadb2>] nf_hook_slow+0x48/0xd0 [<000000009893511f>] __ip_local_out+0xbd/0xf0 [<00000000d68cbd2f>] ip_local_out+0x1c/0x50 [<00000000995e2f37>] ip_send_skb+0x19/0x40 [<000000003d95f220>] udp_send_skb.isra.5+0x157/0x360 [<00000000ebc25968>] udp_sendmsg+0x9d8/0xc10 [<000000003bef56ec>] inet_sendmsg+0x3e/0xf0 [<000000008d23e405>] sock_sendmsg+0x1d/0x30 [<000000008c297097>] ___sys_sendmsg+0x108/0x2b0 [<00000000f15a806c>] __sys_sendmmsg+0xba/0x1c0 [<00000000e195d2cf>] __x64_sys_sendmmsg+0x24/0x30 In __nf_conntrack_confirm, object ct can be referenced to by the stack variable ct and the members of ct->tuplehash. kmemleak needs at least one of them to find the ct object during scan. When the ct object is moved from the unconfirmed hlist to the confirmed hlist. kmemleak cannot see ct object if things happen in the following order and thus give the above false positive report. 1) The ct object is removed from the unconfirmed hlist. 2) kmemleak scans data/bss sections(heap scan passes without heap reference). 3) The ct object is added to confirmed hlist and the variable ct is destroyed as the function returns. 4) kmemleak scans task stacks(stack scan passes without stack reference). This patch marks ct object as not a leak. Signed-off-by: He Zhe Cc: pablo@netfilter.org Cc: kadlec@blackhole.kfki.hu Cc: fw@strlen.de Cc: davem@davemloft.net Cc: catalin.marinas@arm.com --- So far this is only observed in v4.18, not in v4.19. But the case seems apply to both. net/netfilter/nf_conntrack_core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index a676d5f..067365d 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include @@ -1282,6 +1283,8 @@ __nf_conntrack_alloc(struct net *net, if (ct == NULL) goto out; + kmemleak_not_leak(ct); + spin_lock_init(&ct->lock); ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig; ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode.pprev = NULL; -- 2.7.4