Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp814384ybp; Fri, 4 Oct 2019 05:29:04 -0700 (PDT) X-Google-Smtp-Source: APXvYqyYZNds1MyPnawCvyLu/8P1Rh8vxzlCD6q2+Or1r/53B0oQRKwC97GFmQ080oW1BROOAkPV X-Received: by 2002:a50:ed17:: with SMTP id j23mr14787267eds.248.1570192144169; Fri, 04 Oct 2019 05:29:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570192144; cv=none; d=google.com; s=arc-20160816; b=mI8Ki8Kvj7+95WmZaS7C25+jr7bHPPVConReNVYezI7scRCqIggMfItRclERz5OsoW nFQZ+1W8R0l/3d4BRM7HVUy9sFe0hq94qqOOEFIS9uT9Yj5lNl0Z9n6JZ5s8ri1RTksf 5oYWZgyl4LF5UTXw9gUNLUZNVDK3cj/RkbqriKdRyV8yGtKvxiyq97OuYd0g/2LqzOV+ b/X/wyqinTTnW38WbpBPJn216S8094FQQLUaj+kZ26Sw9G/a7bNIALJuO4yH1+WLwtFP lvNBLqoQug7VFB2Fk3UgIWbdYx6rgs2vKlqfZTb7G8kTlz5FAp4CR3SW73/yn3GqLTfB NtPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=eMNb1lv+SnuqbAc/+nZd76BnPbZvjFihbpF1fp1r0jY=; b=pq0X/ZSvGL4qj7WNBt4D+rzgXOG4Urw+Jb1HTSAGh/z2faNe9XQd2YK/nrx0Bl9LDk yb31bSCNYaFKcmB6wU0sjFG8lLryY68l1qkczJb6QDf8PcI+nznqt/v3MMg/5cuUwcRX q6lIy3mCHQnJxS0UC+97l7XUgLbHRryCtNk9ge303PAss0pP7jrFWsSLzCyfejOoE8/a W0PzW5UEObdksJcFSV9ad6DiOvQsQgiHdDL6jTEDOidQfYIuoa4CV5S6NNCl6dNJMi5t ji0tMe7860HqrUBAyFX7Lsj0BYrbKSDHQZBfqXcP7PQlD6mc/nODaGeAvpEdu7xywQB9 SFaQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b47si3512892edc.45.2019.10.04.05.28.39; Fri, 04 Oct 2019 05:29:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730378AbfJDM1a (ORCPT + 99 others); Fri, 4 Oct 2019 08:27:30 -0400 Received: from charlotte.tuxdriver.com ([70.61.120.58]:46962 "EHLO smtp.tuxdriver.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729950AbfJDM13 (ORCPT ); Fri, 4 Oct 2019 08:27:29 -0400 Received: from cpe-2606-a000-111b-43ee-0-0-0-115f.dyn6.twc.com ([2606:a000:111b:43ee::115f] helo=localhost) by smtp.tuxdriver.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1iGMg0-0001aX-1z; Fri, 04 Oct 2019 08:27:22 -0400 Date: Fri, 4 Oct 2019 08:27:11 -0400 From: Neil Horman To: Eric Biggers Cc: Andrew Morton , linux-mm@kvack.org, linux-sctp@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, Catalin Marinas , Kent Overstreet , Vlad Yasevich , Xin Long , Marcelo Ricardo Leitner Subject: Re: [PATCH] lib/generic-radix-tree.c: add kmemleak annotations Message-ID: <20191004122711.GA14248@hmswarspite.think-freely.org> References: <20191004065039.727564-1-ebiggers@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20191004065039.727564-1-ebiggers@kernel.org> User-Agent: Mutt/1.12.1 (2019-06-15) X-Spam-Score: -2.9 (--) X-Spam-Status: No Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 03, 2019 at 11:50:39PM -0700, Eric Biggers wrote: > From: Eric Biggers > > Kmemleak is falsely reporting a leak of the slab allocation in > sctp_stream_init_ext(): > > BUG: memory leak > unreferenced object 0xffff8881114f5d80 (size 96): > comm "syz-executor934", pid 7160, jiffies 4294993058 (age 31.950s) > hex dump (first 32 bytes): > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > backtrace: > [<00000000ce7a1326>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline] > [<00000000ce7a1326>] slab_post_alloc_hook mm/slab.h:439 [inline] > [<00000000ce7a1326>] slab_alloc mm/slab.c:3326 [inline] > [<00000000ce7a1326>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553 > [<000000007abb7ac9>] kmalloc include/linux/slab.h:547 [inline] > [<000000007abb7ac9>] kzalloc include/linux/slab.h:742 [inline] > [<000000007abb7ac9>] sctp_stream_init_ext+0x2b/0xa0 net/sctp/stream.c:157 > [<0000000048ecb9c1>] sctp_sendmsg_to_asoc+0x946/0xa00 net/sctp/socket.c:1882 > [<000000004483ca2b>] sctp_sendmsg+0x2a8/0x990 net/sctp/socket.c:2102 > [...] > > But it's freed later. Kmemleak misses the allocation because its > pointer is stored in the generic radix tree sctp_stream::out, and the > generic radix tree uses raw pages which aren't tracked by kmemleak. > > Fix this by adding the kmemleak hooks to the generic radix tree code. > > Reported-by: syzbot+7f3b6b106be8dcdcdeec@syzkaller.appspotmail.com > Signed-off-by: Eric Biggers > --- > lib/generic-radix-tree.c | 32 ++++++++++++++++++++++++++------ > 1 file changed, 26 insertions(+), 6 deletions(-) > > diff --git a/lib/generic-radix-tree.c b/lib/generic-radix-tree.c > index ae25e2fa2187..f25eb111c051 100644 > --- a/lib/generic-radix-tree.c > +++ b/lib/generic-radix-tree.c > @@ -2,6 +2,7 @@ > #include > #include > #include > +#include > > #define GENRADIX_ARY (PAGE_SIZE / sizeof(struct genradix_node *)) > #define GENRADIX_ARY_SHIFT ilog2(GENRADIX_ARY) > @@ -75,6 +76,27 @@ void *__genradix_ptr(struct __genradix *radix, size_t offset) > } > EXPORT_SYMBOL(__genradix_ptr); > > +static inline struct genradix_node *genradix_alloc_node(gfp_t gfp_mask) > +{ > + struct genradix_node *node; > + > + node = (struct genradix_node *)__get_free_page(gfp_mask|__GFP_ZERO); > + > + /* > + * We're using pages (not slab allocations) directly for kernel data > + * structures, so we need to explicitly inform kmemleak of them in order > + * to avoid false positive memory leak reports. > + */ > + kmemleak_alloc(node, PAGE_SIZE, 1, gfp_mask); > + return node; > +} > + > +static inline void genradix_free_node(struct genradix_node *node) > +{ > + kmemleak_free(node); > + free_page((unsigned long)node); > +} > + > /* > * Returns pointer to the specified byte @offset within @radix, allocating it if > * necessary - newly allocated slots are always zeroed out: > @@ -97,8 +119,7 @@ void *__genradix_ptr_alloc(struct __genradix *radix, size_t offset, > break; > > if (!new_node) { > - new_node = (void *) > - __get_free_page(gfp_mask|__GFP_ZERO); > + new_node = genradix_alloc_node(gfp_mask); > if (!new_node) > return NULL; > } > @@ -121,8 +142,7 @@ void *__genradix_ptr_alloc(struct __genradix *radix, size_t offset, > n = READ_ONCE(*p); > if (!n) { > if (!new_node) { > - new_node = (void *) > - __get_free_page(gfp_mask|__GFP_ZERO); > + new_node = genradix_alloc_node(gfp_mask); > if (!new_node) > return NULL; > } > @@ -133,7 +153,7 @@ void *__genradix_ptr_alloc(struct __genradix *radix, size_t offset, > } > > if (new_node) > - free_page((unsigned long) new_node); > + genradix_free_node(new_node); > > return &n->data[offset]; > } > @@ -191,7 +211,7 @@ static void genradix_free_recurse(struct genradix_node *n, unsigned level) > genradix_free_recurse(n->children[i], level - 1); > } > > - free_page((unsigned long) n); > + genradix_free_node(n); > } > > int __genradix_prealloc(struct __genradix *radix, size_t size, > -- > 2.23.0 > > Acked-by: Neil Horman