Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp4091181rwl; Tue, 28 Mar 2023 02:25:44 -0700 (PDT) X-Google-Smtp-Source: AKy350btuawRI6uvtjVBaW+Vkd7W9jkhqUMYqMl/zHoMd7SYKYQjl1JA5MBkvDV8Ot2zST+8Ver/ X-Received: by 2002:aa7:9ad5:0:b0:5a8:8535:18b with SMTP id x21-20020aa79ad5000000b005a88535018bmr11262975pfp.11.1679995544589; Tue, 28 Mar 2023 02:25:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679995544; cv=none; d=google.com; s=arc-20160816; b=jTvVv3B+i8Y5pgB/Z8npPUem+jy81kwNpY/4sR3GVgXel0MYwXIV59Qzfb/PqRYG1I e2yt7OJVA1fyONRKVL3Z2v9hI0WFGKlIz3Z0+gAsSaFAfSkg9syEWRz+Dbphn02P4sCs kxuwYgJqHPdA0LAGf1y5s2TieAcn/JV7rcOm8DRHBu7GHDNVHwhOos5v36e9sOY4Mqez jGlXDp4uxQZ1WgTFhSkiyeS5s0bxQnwTxZd6tZ0b4VB+cY7lZVmdQHEwNn+lKzsBoC7W HU6lU+smo2/MisizH7R9cjDYFC9naMCpWqG70uxfzNid4pCVu3tSKz57VvQ90ryMwMyM HoIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:subject:from:to :content-language:user-agent:mime-version:date:message-id :dkim-signature:dkim-signature; bh=VIoDvuWDztrPIYHcxPJ2j4FmCSNL77KAbH+ygAiG9rY=; b=HeXjG2j6X1bsGk8yc/+0HjlpYFCyTLDgtsjlPOGTZ7H3E7eb9B+E5nrkRubYtxR0ks 2GRDmJo3EKh+2P/i0zJgALXHCEHEyQiQl0yQez8D2yrOpTAWRCm9Emfz5McKb6KMX4YS lzxAs+Ezx4W9h31B27fCkZq6MEQVaIISmeC6gO4cHs8iJpqoQYuZZQHcQeWoWsa5tmBt /wUydO1qO59seeKKu/e6YttRtpCPq0XNSsy9FLThzkUsjPbjtgcFsXczBtrgeXXnLFU7 ontNxz4TT11veubbQDH56zb44WkWcw0m6DOWJDddFtwtKWuLjtNv3GvzQLknhVoCsSYo d+ew== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b=t4hv8wsK; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b="O4eC5/D+"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alu.unizg.hr Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f20-20020a63f114000000b00502d85bfb5fsi14154555pgi.451.2023.03.28.02.25.33; Tue, 28 Mar 2023 02:25:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b=t4hv8wsK; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b="O4eC5/D+"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alu.unizg.hr Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231970AbjC1JXL (ORCPT + 99 others); Tue, 28 Mar 2023 05:23:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50272 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230425AbjC1JXK (ORCPT ); Tue, 28 Mar 2023 05:23:10 -0400 Received: from domac.alu.hr (domac.alu.unizg.hr [161.53.235.3]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3660C3C11; Tue, 28 Mar 2023 02:23:08 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by domac.alu.hr (Postfix) with ESMTP id B1876604FC; Tue, 28 Mar 2023 11:23:05 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=alu.unizg.hr; s=mail; t=1679995385; bh=+4Uv1oeXch0E8QEw2r4NGzYsJRfZ0wnJQWh8JRcI2ZQ=; h=Date:To:From:Subject:Cc:From; b=t4hv8wsK9Ha+Yb4rAI4xaJSbQNNURyJcKgD85vHGwNmKi38vfBniwFhSLuon5B44r qySnV3qwvf5rahwXOBA+Pogw3BmOMEpT7e5yoKTzIV9TjXS7qfmVrhotTMf4KrE8Yp XKkPxyilfC0/TUJlIVRbSbRH+BB+FksXUlyhfPkUygDIkRQbal6NeJQVuitrX283dY cmAC5J05J1VxHQvKz0Sa76RLWr7QeNH+AQISIhUYjj2NMxYGlOMvTSiYN5KYxR5uXV ODxlTtXTeNHhAYRq4j+jHvGBxD8lry+5sUyZPLTUB8IapTuKiSIvwtq+ys0+WAt7Ti /6tSL3GI9yuHg== X-Virus-Scanned: Debian amavisd-new at domac.alu.hr Received: from domac.alu.hr ([127.0.0.1]) by localhost (domac.alu.hr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gGNKuCLOuQQi; Tue, 28 Mar 2023 11:23:02 +0200 (CEST) Received: from [193.198.186.200] (pc-mtodorov.slava.alu.hr [193.198.186.200]) by domac.alu.hr (Postfix) with ESMTPSA id D5557604F9; Tue, 28 Mar 2023 11:23:00 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=alu.unizg.hr; s=mail; t=1679995382; bh=+4Uv1oeXch0E8QEw2r4NGzYsJRfZ0wnJQWh8JRcI2ZQ=; h=Date:To:From:Subject:Cc:From; b=O4eC5/D+8E+IZ7vgeH4tmRyjF5+6efj9baJ4vVydspX08tvFRPCHPApRF91xrYlJ0 bAAoCtpUBJiCDH0zYw+erL33Eg7+CkiQ2ePEdqMN/HeYYATtrxtADml3ITiQgjjhTN TbWiTVutaaXPsKTgx/jIolHSualWQVImGoX1TZCHKmStOCv8XCIvCn6A80wBtwEiU3 uSYhwM5nzEfk5hhld5FLRBsYpM9VrqJTHbgUDrSmGDMhS9m+6S/vGITwhEieDFQudM QtQxWfPqhGzsRTJCjphTCJ8JZiTPTu6WEDGCx1QZM5pTC5AoLkIUtpivKQ1EoYqiTj p0CryaOYS9A/A== Message-ID: <97e284be-5018-9d18-feb2-7ec4b08c06fd@alu.unizg.hr> Date: Tue, 28 Mar 2023 11:23:00 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Content-Language: en-US, hr To: linux-kselftest@vger.kernel.org From: Mirsad Todorovac Subject: [BUG] selftests/firmware: copious kernel memory leaks in test_fw_run_batch_request() Cc: LKML , Greg Kroah-Hartman , Russ Weight , Takashi Iwai , Tianfei zhang , Luis Chamberlain , Shuah Khan , Colin Ian King , Dan Carpenter , Randy Dunlap Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi all, Platform is AlmaLinux 8.7 (CentOS fork), Lenovo desktop LENOVO_MT_10TX_BU_Lenovo_FM_V530S-07ICB with the BIOS M22KT49A dated 11/10/2022. Running Torvalds vanilla kernel 6.3-rc3 commit 6981739a967c with CONFIG_DEBUG_KMEMLEAK and CONFIG_DEBUG_{KOBJECT,KOBJECT_RELEASE} enabled. The leak is cummulative, it can be reproduced with tools/testing/selftests/firmware/*.sh scripts. The leaks are in chunks of 1024 bytes (+ overhead), but so far I could not reproduce w/o root privileges, as tests refuse to run as unprivileged user. (This is not the proof of non-existence of an unprivileged automated exploit that would exhaust the kernel memory at approx. rate 4 MB/hour on our setup. This would mean about 96 MB / day or 3 GB / month (of kernel memory). TEST RESULTS (showing the number of kmemleaks per test): root@pc-mtodorov marvin]# grep -c 'comm "test_' linux/kernel_bugs/memleaks-6.3-rc3/kmemleak-fw*.log linux/kernel_bugs/memleaks-6.3-rc3/kmemleak-fw_fallback.sh.log:0 linux/kernel_bugs/memleaks-6.3-rc3/kmemleak-fw_filesystem.sh.log:60 linux/kernel_bugs/memleaks-6.3-rc3/kmemleak-fw_lib.sh.log:9 linux/kernel_bugs/memleaks-6.3-rc3/kmemleak-fw_run_tests.sh.log:196 linux/kernel_bugs/memleaks-6.3-rc3/kmemleak-fw_upload.sh.log:0 [root@pc-mtodorov marvin]# Leaks look like this: unreferenced object 0xffff943c390f8400 (size 1024): comm "test_firmware-0", pid 449178, jiffies 4381453603 (age 824.844s) hex dump (first 32 bytes): 45 46 47 48 34 35 36 37 0a 00 00 00 00 00 00 00 EFGH4567........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] slab_post_alloc_hook+0x8c/0x3e0 [] __kmem_cache_alloc_node+0x1d9/0x2a0 [] kmalloc_trace+0x2e/0xc0 [] test_fw_run_batch_request+0x90/0x170 [] kthread+0x10f/0x140 [] ret_from_fork+0x29/0x50 unreferenced object 0xffff943a902f6400 (size 1024): comm "test_firmware-1", pid 449179, jiffies 4381453603 (age 824.844s) hex dump (first 32 bytes): 45 46 47 48 34 35 36 37 0a 00 00 00 00 00 00 00 EFGH4567........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] slab_post_alloc_hook+0x8c/0x3e0 [] __kmem_cache_alloc_node+0x1d9/0x2a0 [] kmalloc_trace+0x2e/0xc0 [] test_fw_run_batch_request+0x90/0x170 [] kthread+0x10f/0x140 [] ret_from_fork+0x29/0x50 unreferenced object 0xffff943a902f0400 (size 1024): comm "test_firmware-2", pid 449180, jiffies 4381453603 (age 824.844s) hex dump (first 32 bytes): 45 46 47 48 34 35 36 37 0a 00 00 00 00 00 00 00 EFGH4567........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] slab_post_alloc_hook+0x8c/0x3e0 [] __kmem_cache_alloc_node+0x1d9/0x2a0 [] kmalloc_trace+0x2e/0xc0 [] test_fw_run_batch_request+0x90/0x170 [] kthread+0x10f/0x140 [] ret_from_fork+0x29/0x50 unreferenced object 0xffff943a902f4000 (size 1024): comm "test_firmware-3", pid 449181, jiffies 4381453603 (age 824.844s) hex dump (first 32 bytes): 45 46 47 48 34 35 36 37 0a 00 00 00 00 00 00 00 EFGH4567........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] slab_post_alloc_hook+0x8c/0x3e0 [] __kmem_cache_alloc_node+0x1d9/0x2a0 [] kmalloc_trace+0x2e/0xc0 [] test_fw_run_batch_request+0x90/0x170 [] kthread+0x10f/0x140 [] ret_from_fork+0x29/0x50 Please find the build config, lshw output and the output of /sys/kernel/debug/kmemleak in the following directory: https://domac.alu.hr/~mtodorov/linux/bugreports/kmemleak-firmware/ NOTE: sent to the maintainers listed for selftest/firmware and those listed for lib/test_firmware.c . Best regards, Mirsad -- Mirsad Goran Todorovac Sistem inženjer Grafički fakultet | Akademija likovnih umjetnosti Sveučilište u Zagrebu System engineer Faculty of Graphic Arts | Academy of Fine Arts University of Zagreb, Republic of Croatia