Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1612414pxb; Mon, 11 Oct 2021 09:28:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxmtWzKNxFfiT+SfFEK5haCaHXg0DJSMDOKeRo8JZQEwGFefnv+wr5neGatosiNioItx1Bx X-Received: by 2002:a17:90a:5d01:: with SMTP id s1mr31440947pji.16.1633969723964; Mon, 11 Oct 2021 09:28:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633969723; cv=none; d=google.com; s=arc-20160816; b=tmYFZocT22ZEYOUHylUv3SxlESQv5uYQpFhcJKlJqCAO76RReh19Sle4lqOe8ZlWeh GC09QnqAX5/yqxvidhTScuyDq2Bji41n7+9DEQqI5eyMigp74QeawVMivDo1v0xSn+PA yZ/6nLo3lH3SGwWumIqugxMq7Zn2UyNt4K4YNKu0Os/BxN3LYH1vMtxEsIkjxox2vdx/ LLiJ70i4bdGEsLgPKcTFj23p+F8rJzIUMB6RfC3Or01DUG9BfevpOyuADdksi3EZX7iJ SJvRPNyJ6zSI6gCFTq+LlRNfRSqmXttPe+eY5X1XCjzqkDLZXjKFgYKo8f56MOUfxntQ DGdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=nLgTgDjEfjt3ELlKO+rLvu4/CsmqqX+JT4gbs67SMM0=; b=E7VK5uLjVdqBdFpMENVgXXB0tsE7t2mHZT6+Xbnlt8ju8IGthxeX+XHR/LHQN4JsK2 kFSrTxMTrOuvIQYVSun59wHSij8B2pYIJIpBowyuzECaoUzCk+ZohRxg99tYFhrtaYTZ hsKQZcqp1ypWHwTCxv3SsrYZGV9rkF7yYdNM6a6mBQaVYtlz8wLd6Akyt8LpGwZ3vd8i R+k8GWTdf++VpYyXeOW07tVsVLowOD3/ddMOpHPW+M1IQf+ciQbRD7liKBL19/txZfHv h82m6nRLTUHfDKDiI7mIScDOGjF+Phjq2Q2WLUXvlDjKrybDIWD6ZUMx5Ch/yB1wyAQr nUbw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 68si10072089pfe.367.2021.10.11.09.28.31; Mon, 11 Oct 2021 09:28:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234100AbhJKNqT (ORCPT + 99 others); Mon, 11 Oct 2021 09:46:19 -0400 Received: from www62.your-server.de ([213.133.104.62]:53128 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231690AbhJKNqS (ORCPT ); Mon, 11 Oct 2021 09:46:18 -0400 Received: from sslproxy02.your-server.de ([78.47.166.47]) by www62.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1mZvb8-0007Db-DT; Mon, 11 Oct 2021 15:44:10 +0200 Received: from [85.1.206.226] (helo=linux.home) by sslproxy02.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mZvb8-000VoI-41; Mon, 11 Oct 2021 15:44:10 +0200 Subject: Re: [RESEND][PATCH] cgroup: fix memory leak caused by missing cgroup_bpf_offline To: quanyang.wang@windriver.com, Tejun Heo , Zefan Li , Johannes Weiner , Alexei Starovoitov , Andrii Nakryiko , Ming Lei , Jens Axboe Cc: cgroups@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, Roman Gushchin References: <20211008004600.1717681-1-quanyang.wang@windriver.com> From: Daniel Borkmann Message-ID: Date: Mon, 11 Oct 2021 15:44:09 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: <20211008004600.1717681-1-quanyang.wang@windriver.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.3/26319/Mon Oct 11 10:18:47 2021) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ +Roman ] On 10/8/21 2:46 AM, quanyang.wang@windriver.com wrote: > From: Quanyang Wang > > When enabling CONFIG_CGROUP_BPF, kmemleak can be observed by running > the command as below: > > $mount -t cgroup -o none,name=foo cgroup cgroup/ > $umount cgroup/ > > unreferenced object 0xc3585c40 (size 64): > comm "mount", pid 425, jiffies 4294959825 (age 31.990s) > hex dump (first 32 bytes): > 01 00 00 80 84 8c 28 c0 00 00 00 00 00 00 00 00 ......(......... > 00 00 00 00 00 00 00 00 6c 43 a0 c3 00 00 00 00 ........lC...... > backtrace: > [] cgroup_bpf_inherit+0x44/0x24c > [<1f03679c>] cgroup_setup_root+0x174/0x37c > [] cgroup1_get_tree+0x2c0/0x4a0 > [] vfs_get_tree+0x24/0x108 > [] path_mount+0x384/0x988 > [] do_mount+0x64/0x9c > [<208c9cfe>] sys_mount+0xfc/0x1f4 > [<06dd06e0>] ret_fast_syscall+0x0/0x48 > [] 0xbeb4daa8 > > This is because that root_cgrp->bpf.refcnt.data is allocated by the > function percpu_ref_init in cgroup_bpf_inherit which is called by > cgroup_setup_root when mounting, but not freed along with root_cgrp > when umounting. Adding cgroup_bpf_offline which calls percpu_ref_kill > to cgroup_kill_sb can free root_cgrp->bpf.refcnt.data in umount path. > > Fixes: 2b0d3d3e4fcfb ("percpu_ref: reduce memory footprint of percpu_ref in fast path") > Signed-off-by: Quanyang Wang > --- > One of the recipients' email is wrong, so I resend this patch. > Sorry for any confusion caused. > --- > kernel/cgroup/cgroup.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c > index 570b0c97392a9..183736ad72f2b 100644 > --- a/kernel/cgroup/cgroup.c > +++ b/kernel/cgroup/cgroup.c > @@ -2187,8 +2187,10 @@ static void cgroup_kill_sb(struct super_block *sb) > * And don't kill the default root. > */ > if (list_empty(&root->cgrp.self.children) && root != &cgrp_dfl_root && > - !percpu_ref_is_dying(&root->cgrp.self.refcnt)) > + !percpu_ref_is_dying(&root->cgrp.self.refcnt)) { > + cgroup_bpf_offline(&root->cgrp); > percpu_ref_kill(&root->cgrp.self.refcnt); > + } > cgroup_put(&root->cgrp); Doesn't cgroup_bpf_offline() internally bump the root cgroup's refcount via cgroup_get()? How does this relate to the single cgroup_put() in the above line? Would have been nice to see the commit msg elaborate more on this. > kernfs_kill_sb(sb); > } >