Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2826942pxb; Mon, 1 Nov 2021 02:38:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwvTMkDyvPa5cVfo3SAx7HjXAcc0fxaVwvfzAYnvaKaDEUSiPLriBjnHfOhhR0AflhhpLye X-Received: by 2002:a17:906:c283:: with SMTP id r3mr14355425ejz.138.1635759509360; Mon, 01 Nov 2021 02:38:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635759509; cv=none; d=google.com; s=arc-20160816; b=MzgvjWG0ZseXWc2X0KzUOxI0Xpt43ZTnZynlsFLtpKMPJbkCbv1UFbpsXAeDbBxYHU xb9I70JDHnvWzJxvCqaAinLq6n38t23Y8Pxh5+ZS+3V1UiHQWKopcI2LumyJlgKwvoIJ 1Uby89lXwpAIrs+wab4qgFaG3dGpEDE79GSYGq4D2jzzyyOsCtgFf0sW6xKtWbg/c9RX H3w2r7LlL+ZDdTemhFuxLobTWQuM6PHVnYVrFfBtF1lDFaj0fUlHSa3+LJ9y+uEs7NHr LeHKs11LSZLQQLNjfs7bxyHxK7x+DTXxf+lBRba7W4dk9gySDiekRCDGd6jqkXvmJ1o8 DZlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=bx1krCCTEx/oADavnAYfOck3oMh3dBFKusIQRYD/nF4=; b=GgyV89PI9ZjoYHvkuKDvjIZLLPIbp8fODZ4QUTPIfM/fQTLHVKC7NSZmCf2Ty0judU SnYdr3XbQmRlIGUhrMyuTreUEbjP8kjBT/QtaWrLFPSQqhKw74TcwZCb22BvxNBpv0KY +HAI0/UiThdD1mEtqtJWRE7xSD6r8TLOVg6a4ENrNv0cId/K41cLcl+48C6oKolIIEVk I6qSlaDtrHnbFzMs6iqSmh7SxfdCxeAzMF5uTmCajj7UcrAnSbABN3eGoLkWewUJw4Os 1b4C4eJBgHK1N82/VpIyvqspKu4K+eNRP6FtdGuEalgQ4FHdt8XhjUbWFul/adTu3jDT z46g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=wFccwaTO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q15si17661174ejr.743.2021.11.01.02.38.04; Mon, 01 Nov 2021 02:38:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=wFccwaTO; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233913AbhKAJi0 (ORCPT + 99 others); Mon, 1 Nov 2021 05:38:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:43648 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233247AbhKAJfx (ORCPT ); Mon, 1 Nov 2021 05:35:53 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id A3592611C1; Mon, 1 Nov 2021 09:26:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1635758770; bh=Wgx6c5gxkazsw3Ke5GOdyoRZli/JiREwlHKRxCfRe94=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wFccwaTOoIMo44FcWkJDsc0jMF8u21BrG+b2O5Ch8tEC2fUfEtTWiDqaw0D604GLl dJKpaKnNOhhn6CyyKro/CAuKXG5XJMnTIwqY1+CgEkWecZBumZGGqZz3Xrhcthpz2W QHN2XOgSFCumUa5CHirhkOwX6gNiaT1TrWM0c44k= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Quanyang Wang , Alexei Starovoitov , Roman Gushchin , John Fastabend Subject: [PATCH 5.10 34/77] cgroup: Fix memory leak caused by missing cgroup_bpf_offline Date: Mon, 1 Nov 2021 10:17:22 +0100 Message-Id: <20211101082519.077356429@linuxfoundation.org> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211101082511.254155853@linuxfoundation.org> References: <20211101082511.254155853@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Quanyang Wang commit 04f8ef5643bcd8bcde25dfdebef998aea480b2ba upstream. When enabling CONFIG_CGROUP_BPF, kmemleak can be observed by running the command as below: $mount -t cgroup -o none,name=foo cgroup cgroup/ $umount cgroup/ unreferenced object 0xc3585c40 (size 64): comm "mount", pid 425, jiffies 4294959825 (age 31.990s) hex dump (first 32 bytes): 01 00 00 80 84 8c 28 c0 00 00 00 00 00 00 00 00 ......(......... 00 00 00 00 00 00 00 00 6c 43 a0 c3 00 00 00 00 ........lC...... backtrace: [] cgroup_bpf_inherit+0x44/0x24c [<1f03679c>] cgroup_setup_root+0x174/0x37c [] cgroup1_get_tree+0x2c0/0x4a0 [] vfs_get_tree+0x24/0x108 [] path_mount+0x384/0x988 [] do_mount+0x64/0x9c [<208c9cfe>] sys_mount+0xfc/0x1f4 [<06dd06e0>] ret_fast_syscall+0x0/0x48 [] 0xbeb4daa8 This is because that since the commit 2b0d3d3e4fcf ("percpu_ref: reduce memory footprint of percpu_ref in fast path") root_cgrp->bpf.refcnt.data is allocated by the function percpu_ref_init in cgroup_bpf_inherit which is called by cgroup_setup_root when mounting, but not freed along with root_cgrp when umounting. Adding cgroup_bpf_offline which calls percpu_ref_kill to cgroup_kill_sb can free root_cgrp->bpf.refcnt.data in umount path. This patch also fixes the commit 4bfc0bb2c60e ("bpf: decouple the lifetime of cgroup_bpf from cgroup itself"). A cgroup_bpf_offline is needed to do a cleanup that frees the resources which are allocated by cgroup_bpf_inherit in cgroup_setup_root. And inside cgroup_bpf_offline, cgroup_get() is at the beginning and cgroup_put is at the end of cgroup_bpf_release which is called by cgroup_bpf_offline. So cgroup_bpf_offline can keep the balance of cgroup's refcount. Fixes: 2b0d3d3e4fcf ("percpu_ref: reduce memory footprint of percpu_ref in fast path") Fixes: 4bfc0bb2c60e ("bpf: decouple the lifetime of cgroup_bpf from cgroup itself") Signed-off-by: Quanyang Wang Signed-off-by: Alexei Starovoitov Acked-by: Roman Gushchin Acked-by: John Fastabend Link: https://lore.kernel.org/bpf/20211018075623.26884-1-quanyang.wang@windriver.com Signed-off-by: Greg Kroah-Hartman --- kernel/cgroup/cgroup.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/kernel/cgroup/cgroup.c +++ b/kernel/cgroup/cgroup.c @@ -2147,8 +2147,10 @@ static void cgroup_kill_sb(struct super_ * And don't kill the default root. */ if (list_empty(&root->cgrp.self.children) && root != &cgrp_dfl_root && - !percpu_ref_is_dying(&root->cgrp.self.refcnt)) + !percpu_ref_is_dying(&root->cgrp.self.refcnt)) { + cgroup_bpf_offline(&root->cgrp); percpu_ref_kill(&root->cgrp.self.refcnt); + } cgroup_put(&root->cgrp); kernfs_kill_sb(sb); }