Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp908527ybj; Thu, 7 May 2020 10:16:23 -0700 (PDT) X-Google-Smtp-Source: APiQypK3eApRPfEupxFlKJ9osj6usOIzPu+daSZl0ASUT2gOJ3hNLRDK5GRlRKh2g/NCUfkB6Bue X-Received: by 2002:aa7:d2cd:: with SMTP id k13mr13321888edr.116.1588871783194; Thu, 07 May 2020 10:16:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588871783; cv=none; d=google.com; s=arc-20160816; b=w7xZmBkPxtTKVLvn5AiFt2jU+aAeUp+z9NPxis7OzS6TVeHOcPWx8flcFk1OCQuAF3 teOegQCQKB8i5gF6v1CIXiuIqCx4qxNjTU5AwCX39njxb+Wcsu55wR9aYsJ0fQdxT6IL iQ9Fi0MWknqnV6er/4Cfd2UGxMWOyvzFx/Vlf8VEiOpgl9YaZJCz4wm1QNmfl8bGNLRy HO0EEJdgyhWhbU+pisS4VZhirb04XjumqzXmS+ld7bfPkOX7hYPVT1+ALI7R4ZNiCUq+ raQN8AaExS/aIDuRCwqkye+ORlDdJoBNEpx7ksd8zQF5w3Us/nHhQWle4yApT4W94qvn AKUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=Ku+5ZCzY6S0IipnCTLWTbQWGEa1hW0yoQZkGqBKzqV4=; b=FNzr1TowM81HN/eDwz5XfcQRiEB/OcXDIBjg4ykvd0QBahTq/3r8/MxJyp4I8ojC/M NoLeUKPTKFOI3FD9EzUYCNQTtzAe6llARpb83EwzNDTBiltlJX4XdHuXdh/wESd26Euy 229vvrdtKKn3HUIXSVGe8aNP/Ma9WmmpDO0m3B9abSokYxPvGJd05uyJk84bojKQXn/x cv7yUDjTXOL9V+/2v7Lvf/RLA/G5MxufFx5bgVAKtuNz55dyBH1eijSPZxCQvE8auKWA 0Xfs2gHXYnPDxuQJfcCZEzfywTuhM4F21pbkPZj6SZ6zvpU09TqY5LyzHeI/oj5g+Fau j59Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o59si3290986eda.39.2020.05.07.10.15.57; Thu, 07 May 2020 10:16:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726491AbgEGROW (ORCPT + 99 others); Thu, 7 May 2020 13:14:22 -0400 Received: from foss.arm.com ([217.140.110.172]:35844 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726320AbgEGROW (ORCPT ); Thu, 7 May 2020 13:14:22 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 38B0330E; Thu, 7 May 2020 10:14:22 -0700 (PDT) Received: from gaia (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 7B9683F305; Thu, 7 May 2020 10:14:21 -0700 (PDT) Date: Thu, 7 May 2020 18:14:19 +0100 From: Catalin Marinas To: "Paul E. McKenney" Cc: Qian Cai , Linux-MM , LKML Subject: Re: Kmemleak infrastructure improvement for task_struct leaks and call_rcu() Message-ID: <20200507171418.GC3180@gaia> References: <45D2D811-C3B0-442B-9744-415B4AC5CCDB@lca.pw> <20200506174019.GA2869@paulmck-ThinkPad-P72> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200506174019.GA2869@paulmck-ThinkPad-P72> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 06, 2020 at 10:40:19AM -0700, Paul E. McKenney wrote: > On Wed, May 06, 2020 at 12:22:37PM -0400, Qian Cai wrote: > > == call_rcu() leaks == > > Another issue that might be relevant is that it seems sometimes, > > kmemleak will give a lot of false positives (hundreds) because the > > memory was supposed to be freed by call_rcu() (for example, in > > dst_release()) but for some reasons, it takes a long time probably > > waiting for grace periods or some kind of RCU self-stall, but the > > memory had already became an orphan. I am not sure how we are going > > to resolve this properly until we have to figure out why call_rcu() > > is taking so long to finish? > > I know nothing about kmemleak, but I won't let that stop me from making > random suggestions... > > One approach is to do an rcu_barrier() inside kmemleak just before > printing leaked blocks, and check to see if any are still leaked after > the rcu_barrier(). The main issue is that kmemleak doesn't stop the world when scanning (which can take over a minute, depending on your hardware), so we get lots of transient pointer misses. There are some heuristics but obviously they don't always work. With RCU, objects are queued for RCU freeing later and chained via rcu_head.next (IIUC). Under load, this list can be pretty volatile and if this happen during kmemleak scanning, it's sufficient to lose track of a next pointer and the rest of the list would be reported as a leak. I think rcu_barrier() just before the starting the kmemleak scanning may help if it reduces the number of objects queued. Now, I wonder whether kmemleak itself can break this RCU chain. The kmemleak metadata is allocated on a slab alloc callback. The freeing, however, is done using call_rcu() because originally calling back into the slab freeing from kmemleak_free() didn't go well. Since the kmemleak_object structure is not tracked by kmemleak, I wonder whether its rcu_head would break this directed pointer reference graph. Let's try the rcu_barrier() first and I'll think about the metadata case over the weekend. Thanks. -- Catalin