Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp4587032pxv; Tue, 20 Jul 2021 07:12:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz35TNplxiLsbil9T3cpxGiyFIflzrYLyLAhJwIUtig3U+RBPZrxggOuzX4P19EjVdNmjfg X-Received: by 2002:a92:c7d0:: with SMTP id g16mr20428542ilk.278.1626790346920; Tue, 20 Jul 2021 07:12:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626790346; cv=none; d=google.com; s=arc-20160816; b=Ae/+TiWJs4X8NzRv2ckrLnzV/NBOa+E1gJfGI093oNWxl0/IzzAJLq/bBNj7EfYvnx e5R5dIaauu0X39F06RMb5YIKiuNcK/LccV4Yr1uOh3iNsfG1hnAxPzqr4yCs/6McF55L Y3oBZYbu83wJ4gFS4l5tEHtHu3N/xhlfSyfMHnZ/zyp34/1KqvjrDblIixCD4OPrZftS qVXnqtBFRX4G3x97c50hiNxp4N5HV1UWfuyonaWjT6qKW1gzh1CeQyOhxWVuDTsBPeGh dpU4HCDYfb0zej3WGHvMouUsi2uRLESNO+/fdJOx906GDhAnGAU5h8gDJ0YMAqFWuUBa MPWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=mg96Ac5h0FwYX7AHJlirtckZlaLSWupGqp2mVuP86C0=; b=w/Hr6UGkXQRH4oQKKBfx/OUDccc6Ol5t3hHXyYFIOFDxzv7P9sMhmhqvMkjtXEXh8A 5ccb6aeDnlmiYAe039802Azjz2EdcL+3mkCZvYn0TxkCW/Gw8A4ZTEoIoKBcw02Uz2Tk eX+ngpkqqrT3LLDyyF9eTkyy/BzS85w+CPXlE6X0aBrRfsRRoC+OpwIpwrX3ioUp23cJ Xh7lhd6mEPBr46XPU56h0Y/mbueNaATFVJFfm8ZZiXKqBDFhq6hM6znCoYjbmEs1+HMN Igz4mC0ZmcBFCa6ceFTuD7YxkIzvfNaadZ8d4Kmi0EVgN+TR2F8wO37uU1y0hwq9kbTZ DgsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel-dk.20150623.gappssmtp.com header.s=20150623 header.b=cHDkGdim; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f6si23435498jas.104.2021.07.20.07.12.15; Tue, 20 Jul 2021 07:12:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel-dk.20150623.gappssmtp.com header.s=20150623 header.b=cHDkGdim; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239411AbhGTN2Q (ORCPT + 99 others); Tue, 20 Jul 2021 09:28:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34126 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239104AbhGTNLg (ORCPT ); Tue, 20 Jul 2021 09:11:36 -0400 Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 414F5C061762 for ; Tue, 20 Jul 2021 06:52:11 -0700 (PDT) Received: by mail-pg1-x52d.google.com with SMTP id 70so19185712pgh.2 for ; Tue, 20 Jul 2021 06:52:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel-dk.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=mg96Ac5h0FwYX7AHJlirtckZlaLSWupGqp2mVuP86C0=; b=cHDkGdim5v/AoF0Ty4L+Z9X+fUgfhOIu3n+Eps0zUe/Wsmro3Bdh5S8IQFemUeyfwb 9bhKF/Xl+kCaIQTQ4LS9+XbkbALVxb4AcAC8bnxyysQsUgOMQKDmxyuQewJqLpcLH7cB DAo2aSJjNPy4waQZNW4b2m0N2H15CUPqP5T3iT8kRhyJW0JUuG/1aQTQeF7lWwHWY0ar c3+eYT9sUUnQcLEw7vRjflG1avQpPrz5lovoLi19QSTZgpqXJP2zieqe5paTmhOPCDPD i+sgaj1U/+jDuAujkqpgqCQYekLn9rncMx1Xi6njlrqJPa0/87OCAysjBPWXTln8bbhM jg/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=mg96Ac5h0FwYX7AHJlirtckZlaLSWupGqp2mVuP86C0=; b=IklYyfCRHvLdzJOcTspqPpV3JYZuA/9+fRjbNDGWUVRoWJYbwGzbFa347aYYSyFC+2 BZqMQZaScMF3WDOcBU9N2xLwSIZqR0SagmFbp+dlug12GeO7+GW2KeIzUh9fiknn99fe Wvlxi1uuAyLGZMxoN2ii1czz3k6etd8Plsf1xhJ+I/wsJADBGHGwR1nHOuBduI6h/eP9 d8597NbDGJeNo4S8pTU99DdYBiK5dRupcmuZXCq133JwSDkOmDZjiyEC8eGa7i8o1ooL Fi+Zbhd5RRdQrE96nkW2aGIyr0AX9o9C4WgpWu0V2NIPpZrVosqZ2BnHyuwsu75q4k7n UNAw== X-Gm-Message-State: AOAM533lbDxh0AB0vF7pbIXg61KOar6dboTJaQcojcHdp+g/qrdcdk5Q p1UNMr5R9Q1Ve2GGuIOkI+B89w== X-Received: by 2002:a63:4d61:: with SMTP id n33mr14230339pgl.219.1626789130776; Tue, 20 Jul 2021 06:52:10 -0700 (PDT) Received: from [192.168.1.187] ([198.8.77.61]) by smtp.gmail.com with ESMTPSA id x6sm28325022pgq.67.2021.07.20.06.52.09 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 20 Jul 2021 06:52:10 -0700 (PDT) Subject: Re: [PATCH] io_uring: fix memleak in io_init_wq_offload() To: Yang Yingliang , linux-kernel@vger.kernel.org, io-uring@vger.kernel.org Cc: asml.silence@gmail.com References: <20210720083805.3030730-1-yangyingliang@huawei.com> From: Jens Axboe Message-ID: <43a58f84-bd43-a644-bc8c-642147b354aa@kernel.dk> Date: Tue, 20 Jul 2021 07:52:09 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20210720083805.3030730-1-yangyingliang@huawei.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7/20/21 2:38 AM, Yang Yingliang wrote: > I got memory leak report when doing fuzz test: > > BUG: memory leak > unreferenced object 0xffff888107310a80 (size 96): > comm "syz-executor.6", pid 4610, jiffies 4295140240 (age 20.135s) > hex dump (first 32 bytes): > 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... > backtrace: > [<000000001974933b>] kmalloc include/linux/slab.h:591 [inline] > [<000000001974933b>] kzalloc include/linux/slab.h:721 [inline] > [<000000001974933b>] io_init_wq_offload fs/io_uring.c:7920 [inline] > [<000000001974933b>] io_uring_alloc_task_context+0x466/0x640 fs/io_uring.c:7955 > [<0000000039d0800d>] __io_uring_add_tctx_node+0x256/0x360 fs/io_uring.c:9016 > [<000000008482e78c>] io_uring_add_tctx_node fs/io_uring.c:9052 [inline] > [<000000008482e78c>] __do_sys_io_uring_enter fs/io_uring.c:9354 [inline] > [<000000008482e78c>] __se_sys_io_uring_enter fs/io_uring.c:9301 [inline] > [<000000008482e78c>] __x64_sys_io_uring_enter+0xabc/0xc20 fs/io_uring.c:9301 > [<00000000b875f18f>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] > [<00000000b875f18f>] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 > [<000000006b0a8484>] entry_SYSCALL_64_after_hwframe+0x44/0xae > > CPU0 CPU1 > io_uring_enter io_uring_enter > io_uring_add_tctx_node io_uring_add_tctx_node > __io_uring_add_tctx_node __io_uring_add_tctx_node > io_uring_alloc_task_context io_uring_alloc_task_context > io_init_wq_offload io_init_wq_offload > hash = kzalloc hash = kzalloc > ctx->hash_map = hash ctx->hash_map = hash <- one of the hash is leaked > > When calling io_uring_enter() in parallel, the 'hash_map' will be leaked, > add uring_lock to protect 'hash_map'. Good catch! Applied, thanks. -- Jens Axboe