Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2498233imu; Thu, 24 Jan 2019 13:57:49 -0800 (PST) X-Google-Smtp-Source: ALg8bN4T4GFmv5Qiyeqryuzh8O7qzSyX7o7mJi2VPMffkzOC6Iyr+XEp2h6h7QXklaFLZHQdlNib X-Received: by 2002:a62:b24a:: with SMTP id x71mr8455565pfe.148.1548367069608; Thu, 24 Jan 2019 13:57:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548367069; cv=none; d=google.com; s=arc-20160816; b=ue6jeHeJ+4SJB7A+x5kHX7JHC4fODBCkCK1XYUdrwvhJ1APVUalxTR0SOezGENhVSU +L72qj+Yk79YsJ7hoY5hr+nQsvGhLKU8oGdeDdnKbg9ypkTpyrI9T7xXQq/IsNJneWKv ZoeubqdxYqCXak5ByVFYPqxXhjwZl6Uk5Fy6CphzRtiIg8JiM3WnZvN6Cy2/ZF3I8roL 5JWFsCH+NTkSLKJNWJRvnwu9geOIrjxKuGHybAyA2HOiGf6wezDWEvmhp0AjRAANY7+/ 0sGZG9t+8Cqe18Q/zf9o8SIDcY7O75rrlN8Gb5J7VIxfXUrjq1cZefyOnfuRniC++9H0 g59A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:dkim-signature:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=naFzZHExRS53DU+o6GCwc37LudjoqgRPZlmh7umATB0=; b=yfTHb+/36A+nNIj1fGIr4MjDmXrSzTyCWwQ5sgEUFt7DNN3YsAa9aI0nki2mPW1rM0 hHeCnFqGDGw3lsgKOeKCr3HcsxL2kKA6JeAslUVQJBLgEJ0s7MsmNEkOD1JzxXK2Akj0 PLd3QlbA077vH6ScSpCAIbaUYZv5FO9iswEk2hRCj3KTMLmz44AupeB7M1w7FvnI3Pw/ FGitOZaxTByDbZRLbbVi4wH1R92mMtDJV00ZqHBusgyS0xAwjyXeZKwH3jxR1wwl/3hI u7Pr3V6aLO4xHRWGIWQYzd/mLbXkyALxvY1vGwSUelM1JnAjHZt9CrPMVff9GTUhidp4 VKrA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nvidia.com header.s=n1 header.b="R4gv/Kq8"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nvidia.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 144si24322408pga.322.2019.01.24.13.57.34; Thu, 24 Jan 2019 13:57:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nvidia.com header.s=n1 header.b="R4gv/Kq8"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nvidia.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728209AbfAXV5L (ORCPT + 99 others); Thu, 24 Jan 2019 16:57:11 -0500 Received: from hqemgate14.nvidia.com ([216.228.121.143]:5586 "EHLO hqemgate14.nvidia.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727488AbfAXV5K (ORCPT ); Thu, 24 Jan 2019 16:57:10 -0500 Received: from hqpgpgate101.nvidia.com (Not Verified[216.228.121.13]) by hqemgate14.nvidia.com (using TLS: TLSv1.2, DES-CBC3-SHA) id ; Thu, 24 Jan 2019 13:56:51 -0800 Received: from hqmail.nvidia.com ([172.20.161.6]) by hqpgpgate101.nvidia.com (PGP Universal service); Thu, 24 Jan 2019 13:57:09 -0800 X-PGP-Universal: processed; by hqpgpgate101.nvidia.com on Thu, 24 Jan 2019 13:57:09 -0800 Received: from [10.24.242.22] (172.20.13.39) by HQMAIL101.nvidia.com (172.20.187.10) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 24 Jan 2019 21:57:05 +0000 Subject: Re: [PATCH] selinux: avc: mark avc node as not a leak To: Catalin Marinas CC: , , , , , , , , , , References: <1547023162-6381-1-git-send-email-prpatel@nvidia.com> <20190109113126.nzpmb7xx4xqtn37w@mbp> From: Prateek Patel Message-ID: <75b75170-9316-9f7a-13a6-5f2b92b35bb2@nvidia.com> Date: Fri, 25 Jan 2019 03:26:54 +0530 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <20190109113126.nzpmb7xx4xqtn37w@mbp> X-Originating-IP: [172.20.13.39] X-ClientProxiedBy: HQMAIL103.nvidia.com (172.20.187.11) To HQMAIL101.nvidia.com (172.20.187.10) Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: quoted-printable Content-Language: en-GB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1; t=1548367011; bh=naFzZHExRS53DU+o6GCwc37LudjoqgRPZlmh7umATB0=; h=X-PGP-Universal:Subject:To:CC:References:From:Message-ID:Date: User-Agent:MIME-Version:In-Reply-To:X-Originating-IP: X-ClientProxiedBy:Content-Type:Content-Transfer-Encoding: Content-Language; b=R4gv/Kq8AThjTn+PBmNgX+U8dQa8APWv0UvDO+vJtLVyTmMMq0E+LVHFgeFlAXamb zkcgxBEAdBNj9mns/tooYz6dUpNdyQuzB6tS2MGbgE5TBZlzjTtrpNCGvpfsAo0oRb +HBcLRpCVdy7cdO+sTM6uFygZXAT/yUgbWFFKEBBDdAoLHyJ1c6zZeAWFnByooTXLd QigZNy9igY9oZ1USBWq6Xpvv/jY7O49rLkQWN8V1t1n6vqUMxr89Jjk8PIaEtoopof EmVKwuY9VfomNsHqIL4gVSHgkoZHLKM07hDJYyM1hEwDxE8W962yAedyx/7seLlnHM uBeyNfdm9e3xg== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1/9/2019 5:01 PM, Catalin Marinas wrote: > Hi Prateek, > > On Wed, Jan 09, 2019 at 02:09:22PM +0530, Prateek Patel wrote: >> From: Sri Krishna chowdary >> >> kmemleak detects allocated objects as leaks if not accessed for >> default scan time. The memory allocated using avc_alloc_node >> is freed using rcu mechanism when nodes are reclaimed or on >> avc_flush. So, there is no real leak here and kmemleak_scan >> detects it as a leak which is false positive. Hence, mark it as >> kmemleak_not_leak. > In theory, kmemleak should detect the node->rhead in the lists used by > call_rcu() and not report it as a leak. Which RCU options do you have > enabled (just to check whether kmemleak tracks the RCU internal lists)? > > Also, does this leak eventually disappear without your patch? Does > > echo dump=3D0xffffffc0dd1a0e60 > /sys/kernel/debug/kmemleak > > still display this object? > > Thanks. Hi Catalin, It was intermittently showing leak and didn't repro on multiple runs. To=20 repo, I decreased the minimum object age for reporting, I found triggering the second scan=20 just after first is not showing any leak. Also, without my patch, on echo dump, obj is not displaying. Is increasing minimum object age for reporting a good idea to handle=20 such type of issues to avoid false-positives? Following is the log: t186_int:/ # echo scan > /sys/kernel/debug/kmemleak t186_int:/ # cat /sys/kernel/debug/kmemleak unreferenced object 0xffffffc1e06424c8 (size 72): =C2=A0 comm "netd", pid 4891, jiffies 4294906431 (age 23.120s) =C2=A0 hex dump (first 32 bytes): =C2=A0=C2=A0=C2=A0 97 01 00 00 1b 00 00 00 0b 00 00 00 57 06 04 00 .......= .....W... =C2=A0=C2=A0=C2=A0 00 00 00 00 ff ff ff ff 01 00 00 00 00 00 00 00 .......= ......... =C2=A0 backtrace: =C2=A0=C2=A0=C2=A0 [] kmem_cache_alloc+0x1ac/0x2c0 =C2=A0=C2=A0=C2=A0 [] avc_alloc_node+0x28/0x240 =C2=A0=C2=A0=C2=A0 [] avc_compute_av+0xa4/0x1d0 =C2=A0=C2=A0=C2=A0 [] avc_has_perm+0xf8/0x1b8 =C2=A0=C2=A0=C2=A0 [] file_has_perm+0xb8/0xe8 =C2=A0=C2=A0=C2=A0 [] match_file+0x44/0x98 =C2=A0=C2=A0=C2=A0 [] iterate_fd+0x84/0xd0 =C2=A0=C2=A0=C2=A0 [] selinux_bprm_committing_creds+0xec= /0x230 =C2=A0=C2=A0=C2=A0 [] security_bprm_committing_creds+0x4= 4/0x60 =C2=A0=C2=A0=C2=A0 [] install_exec_creds+0x20/0x70 =C2=A0=C2=A0=C2=A0 [] load_elf_binary+0x31c/0xd10 =C2=A0=C2=A0=C2=A0 [] search_binary_handler+0x98/0x288 =C2=A0=C2=A0=C2=A0 [] do_execveat_common.isra.14+0x550/0= x6d0 =C2=A0=C2=A0=C2=A0 [] SyS_execve+0x4c/0x60 =C2=A0=C2=A0=C2=A0 [] el0_svc_naked+0x34/0x38 =C2=A0=C2=A0=C2=A0 [] 0xffffffffffffffff unreferenced object 0xffffffc1ab3c61b0 (size 72): =C2=A0 comm "crash_dump64", pid 5058, jiffies 4294907834 (age 17.508s) =C2=A0 hex dump (first 32 bytes): =C2=A0=C2=A0=C2=A0 2f 02 00 00 6b 00 00 00 07 00 00 00 53 04 04 00 /...k..= .....S... =C2=A0=C2=A0=C2=A0 00 00 00 00 ff ff fd ff 01 00 00 00 00 00 00 00 .......= ......... =C2=A0 backtrace: =C2=A0=C2=A0=C2=A0 [] kmem_cache_alloc+0x1ac/0x2c0 =C2=A0=C2=A0=C2=A0 [] avc_alloc_node+0x28/0x240 =C2=A0=C2=A0=C2=A0 [] avc_compute_av+0xa4/0x1d0 =C2=A0=C2=A0=C2=A0 [] avc_has_perm_noaudit+0xe4/0x120 =C2=A0=C2=A0=C2=A0 [] selinux_inode_permission+0xc4/0x1c= 8 =C2=A0=C2=A0=C2=A0 [] security_inode_permission+0x60/0x8= 8 =C2=A0=C2=A0=C2=A0 [] __inode_permission2+0x54/0x120 =C2=A0=C2=A0=C2=A0 [] inode_permission2+0x38/0x80 =C2=A0=C2=A0=C2=A0 [] may_open+0x70/0x128 =C2=A0=C2=A0=C2=A0 [] do_last+0x234/0xee8 =C2=A0=C2=A0=C2=A0 [] path_openat+0xa8/0x310 =C2=A0=C2=A0=C2=A0 [] do_filp_open+0x88/0x108 =C2=A0=C2=A0=C2=A0 [] do_sys_open+0x1a4/0x290 =C2=A0=C2=A0=C2=A0 [] SyS_openat+0x3c/0x50 =C2=A0=C2=A0=C2=A0 [] el0_svc_naked+0x34/0x38 =C2=A0=C2=A0=C2=A0 [] 0xffffffffffffffff unreferenced object 0xffffffc1d3bcf678 (size 72): =C2=A0 comm "mediaserver", pid 5156, jiffies 4294909577 (age 10.536s) =C2=A0 hex dump (first 32 bytes): =C2=A0=C2=A0=C2=A0 0b 02 00 00 e2 01 00 00 07 00 00 00 53 04 04 00 .......= .....S... =C2=A0=C2=A0=C2=A0 00 00 00 00 f7 ff ff ff 01 00 00 00 00 00 00 00 .......= ......... =C2=A0 backtrace: =C2=A0=C2=A0=C2=A0 [] kmem_cache_alloc+0x1ac/0x2c0 =C2=A0=C2=A0=C2=A0 [] avc_alloc_node+0x28/0x240 =C2=A0=C2=A0=C2=A0 [] avc_compute_av+0xa4/0x1d0 =C2=A0=C2=A0=C2=A0 [] avc_has_perm_noaudit+0xe4/0x120 =C2=A0=C2=A0=C2=A0 [] selinux_inode_permission+0xc4/0x1c= 8 =C2=A0=C2=A0=C2=A0 [] security_inode_permission+0x60/0x8= 8 =C2=A0=C2=A0=C2=A0 [] __inode_permission2+0x54/0x120 =C2=A0=C2=A0=C2=A0 [] inode_permission2+0x38/0x80 =C2=A0=C2=A0=C2=A0 [] may_open+0x70/0x128 =C2=A0=C2=A0=C2=A0 [] do_last+0x234/0xee8 =C2=A0=C2=A0=C2=A0 [] path_openat+0xa8/0x310 =C2=A0=C2=A0=C2=A0 [] do_filp_open+0x88/0x108 =C2=A0=C2=A0=C2=A0 [] do_sys_open+0x1a4/0x290 =C2=A0=C2=A0=C2=A0 [] compat_SyS_openat+0x3c/0x50 =C2=A0=C2=A0=C2=A0 [] el0_svc_naked+0x34/0x38 =C2=A0=C2=A0=C2=A0 [] 0xffffffffffffffff t186_int:/ # echo dump=3D0xffffffc1d3bcf678 > /sys/kernel/debug/kmemleak kmemleak: Unknown object at 0xffffffc1d3bcf678 Thanks,