Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp2234500rwl; Sat, 1 Apr 2023 04:27:57 -0700 (PDT) X-Google-Smtp-Source: AKy350bdcSzlt/0RWXW2XMCznnPP4PD/2o5wz6X0fFcqZkvK/BFy8oZqu8z/bNHkm734QPIMYzZh X-Received: by 2002:a17:90b:1104:b0:240:9b09:e9ce with SMTP id gi4-20020a17090b110400b002409b09e9cemr13341919pjb.16.1680348476821; Sat, 01 Apr 2023 04:27:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680348476; cv=none; d=google.com; s=arc-20160816; b=0pbUKn9bGbp/R0oz8yBX1nqGwTENZmdN9AHd62xwtJYTLboG97ucE5ELiHHP0TccSS 3tk5rVRqg67uAuRkqe7EoU+P2NILjRKpxQtfnvo6e/G88SAp/4dtnuXMRNWyQjCcC1Ag AqXL12FZkonZESitEOim6chUNoVBlHmN8rX5eDmvIFxaf07UpXttSGyu2NUeZGMSLQDm Mg4ICMMJ7pkyHn0EAxG0JnqB+M7ixnXpnDLDity6RSSBBlwUBNAaY26E661+Ir6g5d+7 91YJITINe4uvmk8nbqAA6jIi+/s4vNe/bJu78zW5DHTs692s74zZe22OeWc9hxeFzGPa 7sGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature:dkim-signature; bh=FWnnxMzAqNVV8UlpFG8aKewpkgahOaOkIonr5BUGByA=; b=pJAb0dxbyjOKiy3HvuxWaZ28vlfJYq6+xfiSW8ItJkOsglukPfCmKpaEM8CITy70Ti uCchBEUHhAzwnAgOj7LKSC81rALHnRhQZUAlqb9GlTnhK2FozAW7e3J7fXJ1SZ13v2V0 mDwATNWXSGdIiUcBjT/BF+rf7BPinvrU/N+3vJtuR5MtL6LaA/6buhP7/hF7kh2DkrDk zDK1AxgpkaoRNof4ukCTL6lO4BWexobThjcxPEVTANnwpwZm2zy35+BSt7U6I47lIDpw ZT7Sh5Vn8XFcKHjNTKe388S3nJBa7vG62MY0stdgiMeI5POJaAoSL0XNI4IUNM/DOZxb CtSg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b=xxTaUUnT; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b=mmTdfISq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alu.unizg.hr Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w24-20020a170902d71800b0019f336180d8si4446152ply.180.2023.04.01.04.27.44; Sat, 01 Apr 2023 04:27:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b=xxTaUUnT; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b=mmTdfISq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alu.unizg.hr Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229635AbjDAL0S (ORCPT + 99 others); Sat, 1 Apr 2023 07:26:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35526 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229562AbjDAL0R (ORCPT ); Sat, 1 Apr 2023 07:26:17 -0400 Received: from domac.alu.hr (domac.alu.unizg.hr [161.53.235.3]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1CAB926247; Sat, 1 Apr 2023 04:25:45 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by domac.alu.hr (Postfix) with ESMTP id A5AA3604FD; Sat, 1 Apr 2023 13:25:25 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=alu.unizg.hr; s=mail; t=1680348325; bh=UZm5uKtMx1HNZ4BPYNaPacR8YvooJaw+d3LERu3YTp0=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=xxTaUUnTq4utbRzKP20rICHNG4e9c763VNyOGH5PIDLmnWw8wndQOoJ2LODEU9dvP y5mSgi/M9736LpJNV1TzR547ASPtx7N7Adoz28hBVfP9YVuldmwxzyvOb9czYP96fc U9ObGHhyA73YU1Zu03UIWkGp9KIlwjStOEz5k4RXHVwvIryOInS/Wca/zWqdZpR665 jmXYl8S9xRPfhVtDhl4VtfrJ6AoN3ws6EXPgsVACE98sHHKf7t2xBjVuE+HAZFo32Z ZMadR+SROHTATUsZBBb6dtjoab33hJ2Z8xxp+SRyChSk9B7+NP/ImqAaczkt/H8TSB sYal3CDgasYeA== X-Virus-Scanned: Debian amavisd-new at domac.alu.hr Received: from domac.alu.hr ([127.0.0.1]) by localhost (domac.alu.hr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9zk0hpqHjIrh; Sat, 1 Apr 2023 13:25:23 +0200 (CEST) Received: from [192.168.1.3] (unknown [77.237.101.225]) by domac.alu.hr (Postfix) with ESMTPSA id 523AF604F0; Sat, 1 Apr 2023 13:25:22 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=alu.unizg.hr; s=mail; t=1680348323; bh=UZm5uKtMx1HNZ4BPYNaPacR8YvooJaw+d3LERu3YTp0=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=mmTdfISqjZICivuAZLMwSzAIMqHZwCfjQ4lJ/IAUcDiL1rYQ67sV4XRxF72+TkKP8 93huHdrfsNjzyWgfSzcElyEz/owX3mTPMAKxjRfi5HASd1lbTRmeyZMZI2SiwoydGx 8rUkeosQjSOjxeZa91kLA/LtlvZnKgGIIMrj2b6es93bY21LCP76DfXitaMZdAn5Pg 7MbGfKZwFnSvu6iK1HbBb5DWNsOXobVTQP5LVsBnMYJZDt+VjjSaJAPp0fc/uhqF1n PNHnOqtNrSMq+CRyOP+dnxIRYxl/fqBGcT3xqyQy3fZ2qsYHiAAKE6yhTJ6k9U6l8y Wkmgck1kzlBMw== Message-ID: <112c4552-2c32-1be4-89a9-90ea9b45e988@alu.unizg.hr> Date: Sat, 1 Apr 2023 13:25:21 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Subject: Re: BUG FIX: [PATCH RFC v3] [TESTED OK] memstick_check() memleak in kernel 6.1.0+ introduced pre 4.17 Content-Language: en-US, hr To: Greg KH Cc: LKML , Thorsten Leemhuis , Maxim Levitsky , Alex Dubov , Ulf Hansson , Jens Axboe , Christophe JAILLET , Hannes Reinecke , Jiasheng Jiang , ye xingchen , linux-mmc@vger.kernel.org References: <7d873dd3-9bab-175b-8158-c458b61a7122@alu.unizg.hr> <2023033124-causing-cassette-4d96@gregkh> <4d80549f-e59d-6319-07fd-1fbed75d7a1c@alu.unizg.hr> <2023040127-untrue-obtrusive-1ea4@gregkh> <2023040112-immovably-cytoplasm-44ee@gregkh> From: Mirsad Goran Todorovac In-Reply-To: <2023040112-immovably-cytoplasm-44ee@gregkh> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01. 04. 2023. 11:23, Greg KH wrote: > On Sat, Apr 01, 2023 at 11:18:19AM +0200, Greg KH wrote: >> On Sat, Apr 01, 2023 at 08:33:36AM +0200, Greg KH wrote: >>> On Sat, Apr 01, 2023 at 08:28:07AM +0200, Greg KH wrote: >>>> On Sat, Apr 01, 2023 at 08:23:26AM +0200, Mirsad Goran Todorovac wrote: >>>>>> This patch is implying that anyone who calls "dev_set_name()" also has >>>>>> to do this hack, which shouldn't be the case at all. >>>>>> >>>>>> thanks, >>>>>> >>>>>> greg k-h >>>>> >>>>> This is my best guess. Unless there is dev_free_name() or kobject_free_name(), I don't >>>>> see a more sensible way to patch this up. >>>> >>>> In sleeping on this, I think this has to move to the driver core. I >>>> don't understand why we haven't seen this before, except maybe no one >>>> has really noticed before (i.e. we haven't had good leak detection tools >>>> that run with removable devices?) >>>> >>>> Anyway, let me see if I can come up with something this weekend, give me >>>> a chance... >>> >>> Wait, no, this already should be handled by the kobject core, look at >>> kobject_cleanup(), at the bottom. So your change should be merely >>> duplicating the logic there that already runs when the struct device is >>> freed, right? >>> >>> So I don't understand why your change works, odd. I need more coffee... >> >> I think you got half of the change correctly. This init code is a maze >> of twisty passages, let me take your patch and tweak it a bit into >> something that I think should work. This looks to be only a memstick >> issue, not a driver core issue (which makes me feel better.) > > Oops, forgot the patch. Can you try this change here and let me know if > that solves the problem or not? I have compile-tested it only, so I > have no idea if it works. > > If this does work, I'll make up a "real" function to replace the > horrible dev.kobj.name mess that a driver would have to do here as it > shouldn't be required that a driver author knows the internals of the > driver core that well... > > thanks, > > greg k-h > > -------------------- > > > diff --git a/drivers/memstick/core/memstick.c b/drivers/memstick/core/memstick.c > index bf7667845459..bbfaf6536903 100644 > --- a/drivers/memstick/core/memstick.c > +++ b/drivers/memstick/core/memstick.c > @@ -410,6 +410,7 @@ static struct memstick_dev *memstick_alloc_card(struct memstick_host *host) > return card; > err_out: > host->card = old_card; > + kfree_const(card->dev.kobj.name); > kfree(card); > return NULL; > } > @@ -468,8 +469,10 @@ static void memstick_check(struct work_struct *work) > put_device(&card->dev); > host->card = NULL; > } > - } else > + } else { > + kfree_const(card->dev.kobj.name); > kfree(card); > + } > } > > out_power_off: RESULTS: w/o patch: [root@pc-mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak [root@pc-mtodorov marvin]# cat !$ cat /sys/kernel/debug/kmemleak [root@pc-mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak [root@pc-mtodorov marvin]# cat /sys/kernel/debug/kmemleak unreferenced object 0xffffa09a93249590 (size 16): comm "kworker/u12:4", pid 371, jiffies 4294896466 (age 52.748s) hex dump (first 16 bytes): 6d 65 6d 73 74 69 63 6b 30 00 cc cc cc cc cc cc memstick0....... backtrace: [] slab_post_alloc_hook+0x8c/0x3e0 [] __kmem_cache_alloc_node+0x1d9/0x2a0 [] __kmalloc_node_track_caller+0x59/0x180 [] kstrdup+0x3a/0x70 [] kstrdup_const+0x2c/0x40 [] kvasprintf_const+0x7c/0xb0 [] kobject_set_name_vargs+0x27/0xa0 [] dev_set_name+0x57/0x80 [] memstick_check+0x10f/0x3b0 [memstick] [] process_one_work+0x250/0x530 [] worker_thread+0x48/0x3a0 [] kthread+0x10f/0x140 [] ret_from_fork+0x29/0x50 unreferenced object 0xffffa09a97205990 (size 16): comm "kworker/u12:4", pid 371, jiffies 4294896471 (age 52.728s) hex dump (first 16 bytes): 6d 65 6d 73 74 69 63 6b 30 00 cc cc cc cc cc cc memstick0....... backtrace: [] slab_post_alloc_hook+0x8c/0x3e0 [] __kmem_cache_alloc_node+0x1d9/0x2a0 [] __kmalloc_node_track_caller+0x59/0x180 [] kstrdup+0x3a/0x70 [] kstrdup_const+0x2c/0x40 [] kvasprintf_const+0x7c/0xb0 [] kobject_set_name_vargs+0x27/0xa0 [] dev_set_name+0x57/0x80 [] memstick_check+0x10f/0x3b0 [memstick] [] process_one_work+0x250/0x530 [] worker_thread+0x48/0x3a0 [] kthread+0x10f/0x140 [] ret_from_fork+0x29/0x50 [root@pc-mtodorov marvin]# uname -rms Linux 6.3.0-rc4-mt-20230401-00199-g7b50567bdcad-dirty x86_64 [root@pc-mtodorov marvin]# After the patch: [root@pc-mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak [root@pc-mtodorov marvin]# cat /sys/kernel/debug/kmemleak [root@pc-mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak [root@pc-mtodorov marvin]# cat /sys/kernel/debug/kmemleak [root@pc-mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak [root@pc-mtodorov marvin]# cat /sys/kernel/debug/kmemleak So, congratulations, this did it! This bug I detected on 2022-11-04, but it took me four months to find the leak, before I was "blessed by the Source". You have asked me whether I would help the memstick developers find a solution, and I like to keep promises. :-) At your convenience, you might add in the patch: Tested-by: Mirsad Goran Todorovac It's been an honour serving with the memstick community with you and it was a real brainstorming session for me. Kind regards, Mirsad -- Mirsad Goran Todorovac Sistem inženjer Grafički fakultet | Akademija likovnih umjetnosti Sveučilište u Zagrebu System engineer Faculty of Graphic Arts | Academy of Fine Arts University of Zagreb, Republic of Croatia The European Union "I see something approaching fast ... Will it be friends with me?"