Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1331601pxj; Fri, 4 Jun 2021 11:31:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyg+Es53bEY+4IhHuCPZ0pUro4M2Lhg/4O0CH70HFsYhCLM77YIWu+ZLR+LBrfiOMKYcXM3 X-Received: by 2002:a17:906:33c8:: with SMTP id w8mr5655484eja.46.1622831496725; Fri, 04 Jun 2021 11:31:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622831496; cv=none; d=google.com; s=arc-20160816; b=btSdrpLcjJjAZJolOwhgaihZw/W2QAj06n/38tJ6uLkuE3pzRRKxLsKViKFQCoHeGj +BFJHQI9HtabF1n2apdNmV2LrbMZArGeLKxhNia57bUGNaxCQgLApxM1zE1Jc7wtgC9G Y+EqI6MaTfo5Us0LYEXWzbTDGyuJhuxJk/Oi83YGsm3iCIlipRV67ES7UTLKC0ZIMkcG bhGVjrSIzJm9+cy8YU5b9QACXzvlhrMrefeCg2yAQ4KM+iupix1hYMxXj6iu2CQ1h4Yj vTtoogA98quMbxgp0A3YLyP8L2vnJ3dE54KcEPY6HtXjHcyI8dsesyQ2sdOisPv6NoPD m1CA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=14ELC1nhwCiKWYqHqEz4iobAHaArrFu2g4JGjDb/tnw=; b=0KoaGnRV3gYIBBc+D+fD/V027QVR6ky91PzP+vRA4+EVyP23JfR3zPCmXyeGW3jbOS MhfbtiEZO+Cmxc+j4y9G3VMdh4Y7z7ebyiEpjs+SrAPCguOgTleEVSdAD6cfMS4UACAf F9tOFvXLqtATejcpOU6NmW0/R1YOPl9VBGbPWGx3omRqltPTYIyByN1/rGx/r5KhQcna pW1lbtWzdv5x4UmmJ/NqRp2uWR4TUyvNW4i0V9UzweomybyUVIe9een0HBv/0/P95jVO UQFbepstM8gkv0rbOAVq29BnIIVnXiSaBRoHUEWynw11igugi/FUwni30vMiTDDONpOj zx7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="Dro/RhMQ"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 16si2462455ejd.349.2021.06.04.11.31.13; Fri, 04 Jun 2021 11:31:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="Dro/RhMQ"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229823AbhFDSbX (ORCPT + 99 others); Fri, 4 Jun 2021 14:31:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:57764 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229769AbhFDSbW (ORCPT ); Fri, 4 Jun 2021 14:31:22 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id F2062613FA; Fri, 4 Jun 2021 18:29:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1622831376; bh=we8fWgEe67FojIj+5WfjBTSZXani/RwjERkgUbkEnUc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Dro/RhMQZfJqTIL+HEOt8f6OiP0EXrDy8ltcTxAjjF/O9Zyb2o2vTH6McAuSC9ElA XGWyoIvQ/88CFlGSSlN7ru8xplzmCxTTbJe7WVAPoJlsZY+hX0/ov7Y/LrgaE2AJYl qCmwsS6nIKSrbQnwkf/ajYRbZEFX1vdAHaDmTBw57FljfjHxHoHxtVyiQFQbHXEnjh 8StwHHdizgNCjmqi+SIPu7c4rWWLzhZz8COrRVMjo6UeAUfJYRwBS/lDvqlwCF/IJi 3mcCh6PkmzAam5rdHandzD5eaBIN5sJkExhukIMNGeLcomY5sObe8kTZG9xq2Clybi e4x7maplQy0Sg== Received: by quaco.ghostprotocols.net (Postfix, from userid 1000) id 0F1F540EFC; Fri, 4 Jun 2021 15:29:33 -0300 (-03) Date: Fri, 4 Jun 2021 15:29:33 -0300 From: Arnaldo Carvalho de Melo To: Riccardo Mancini Cc: Arnaldo Carvalho de Melo , Ian Rogers , Namhyung Kim , Peter Zijlstra , Ingo Molnar , Mark Rutland , Alexander Shishkin , Jiri Olsa , Adrian Hunter , Andi Kleen , Tommi Rantala , linux-perf-users , LKML Subject: Re: [PATCH] perf ksymbol: fix memory leak: decrease refcount of map and dso Message-ID: References: <20210602231052.317048-1-rickyman7@gmail.com> <3b8c7c2c5de492c7fbf86df73c43cdb0fbb453df.camel@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <3b8c7c2c5de492c7fbf86df73c43cdb0fbb453df.camel@gmail.com> X-Url: http://acmel.wordpress.com Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Em Fri, Jun 04, 2021 at 05:16:39PM +0200, Riccardo Mancini escreveu: > Hi, > > On Fri, 2021-06-04 at 10:22 -0300, Arnaldo Carvalho de Melo wrote: > > Em Thu, Jun 03, 2021 at 09:26:40PM -0700, Ian Rogers escreveu: > > > On Wed, Jun 2, 2021 at 4:15 PM Riccardo Mancini wrote: > > > > +++ b/tools/perf/util/machine.c > > > > @@ -776,6 +776,7 @@ static int machine__process_ksymbol_register(struct > > > > machine *machine, > > > > ??????????????? if (dso) { > > > > ??????????????????????? dso->kernel = DSO_SPACE__KERNEL; > > > > ??????????????????????? map = map__new2(0, dso); > > > > +?????????????????????? dso__put(dso); > > > > > Will this cause 2 puts if the map allocation fails? Perhaps this > > > should be "if (map) dso__put(dso);". > > > > I think its just a matter of removing the put in the error path, i.e. > > the patch becomes what is at the end of this message. > > > > I.e. if map__new2() fails, we want to drop the dso reference, and if it > > works, we already have a reference to it, obtained in map__new2(). > > Agree. > I'm sorry for this stupid oversight. > Should we make it a series including the fix to the issue you pointed out below, > or should I send you a v2 and fix the other issue in a subsequent patch? Please send a v2 patch, and then consider starting a new series with the issues below. > > But looking at this code now I realize that maps__find() should grab a > > refcount for the map it returns, because in this > > machine__process_ksymbol_register() function we use reference that 'map' > > after the if block, i.e. we use it if it came from maps__find() or if we > > created it machine__process_ksymbol_register, so there is a possible > > race where other thread removes it from the list and map__put()s it > > ending up in map__delete() while we still use it in > > machine__process_ksymbol_register(), right? > > Agree. It should be placed before up_read to avoid races, right? Yes, we have to grab a refcount while we are sure its not going away, then return that as the lookup result, whoever receives that refcounted entry should use it and then drop the refcount. > Then we would need to see where it's called and add the appropriate map__put. yes > In addition, having a look at other possible concurrency issues in map.c: Its good to have new eyes looking at this, exactly at a time we're discussing further parallelizing perf :-) > - maps__for_each_entry should always be called with either read or write lock, > am I right? It looks like this is not done in certain parts of the code. If such Right. > lock is taken, then grabbing the refcount on the looping variable is not needed > unless we need to return it, right? Right, returning an entry needs to take a refcount. > - maps__first and map__next do not grab a refcount and neither a lock. If > they're used through a lock-protected loop, it's not a problem, but maybe it's yes > worth making explicit that they are not to be used directly (through either a > comment or adding some underscores in their names). yes, __ in front means, in kernel style, that it does less than the non __ prefixed, same name, function. > - maps__empty: should probably take a reader lock. Indeed. > - maps__find_symbol: the returned symbol is not protected (the caller does not > receive a refcount to neither map or dso, so if dso is deleted, his reference to > the symbol gets invalidated). Depending on how it's being used it might not be a > problem, but in the general scenario I think it's not thread-safe. Yes, that function is also problematic. Thanks for looking into this, please consider sending patches for these issues, - Arnaldo