Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp2448749rwl; Sat, 1 Apr 2023 08:00:25 -0700 (PDT) X-Google-Smtp-Source: AKy350YAJCPWY+Kpm9zrIbNbhRsCEZ7yZGXsMpWEOL0mnvEqxXHA+rOgZi2dklt5V050/TJYJSR6 X-Received: by 2002:a17:902:d4c3:b0:19f:36ae:c29f with SMTP id o3-20020a170902d4c300b0019f36aec29fmr41335409plg.46.1680361224958; Sat, 01 Apr 2023 08:00:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680361224; cv=none; d=google.com; s=arc-20160816; b=cQzbPV1nkgWpJC9d4D4LssqdlGmSc5TRK/3peFVp7T/WROjM/gVWGO2Efic54NPAa0 AXeaR2MsQCB9PoSg5qaYwSjrHZNhQu+n2Yl8rSz68xeAIE1AGRZzqnTd/9tkCtmwHAFS ruUfw11oHY3UvDm+2hsXSAJKyFxIr7zmMuXL7iEKZGVA+9PPuXBOQ11nSRJkb5uUob6h nyhyG5oHZDjZnzIjP5NeOVwA4aMOWMZUCd/T8xeuAz9Slghb//D8EPHnc3rdFuz92XlZ SqUHiU569XEf0WBRmcaOw+uzoq5sYQUCvX61vaPs++ze84nP8IBS7fckUz9xOAN4B4fH drqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=xLE6fMIGvbK0bBFgjOqRkzthwIWQNdpP0032/lZMuRc=; b=cj7vplGOm3HxbvQYDthPRCSprh0BtDmql3DCCUeMSaVfJDhYgIQeocMSsqo+3Sv5OE gFDngIUD1LhNmntigmXBICgTZgt3EMn/8IjklVQOgmUtMpFWbhmxyoFfrl26HrSpXzMN Annj9O7FU3b7+Z/UJa/PVXCtbt5//iMvIuYNnhfEAzVzmeZ1omF/zornYIaOXbKD77tk UzgezYhu0trCtJoDw62o4xVJu0mvUaA/hwPZtOZhY1XKjQIZdhgFNu+WuEaL1ScyUlv7 53ikVdnjgYewvGpjw5P9+IsJwZK2beF6m9PjAGHR/I7yErTBauhSSlNX/NccG3RN7hmp vKpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=j75idZMQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c8-20020a170902d48800b0019edb3d20f1si4824407plg.154.2023.04.01.08.00.13; Sat, 01 Apr 2023 08:00:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=j75idZMQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229942AbjDAO4b (ORCPT + 99 others); Sat, 1 Apr 2023 10:56:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35182 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229913AbjDAO4a (ORCPT ); Sat, 1 Apr 2023 10:56:30 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A49C1DFA3; Sat, 1 Apr 2023 07:56:28 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id C1A6FB80B84; Sat, 1 Apr 2023 14:56:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D15CAC433EF; Sat, 1 Apr 2023 14:56:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1680360985; bh=U/D11rdbjd1z2d2bXqVG1pghrbpU9nx+yPmLBmO9W3Y=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=j75idZMQW1j3EFoD78LotF+AGbwDP2bd2lvj4hTauwJezzvZe0dVHmrC6pcd3FWvt 9ZcXPK0SyY6C8yxGTnEJttu7w7cJqn0cmwxnY0rdquSMad1URT3U82+JAPn+QueLuF cGj2DVjf1Hn8JS6z0LNi0PnBmk4v2aMP5rntTwgU= Date: Sat, 1 Apr 2023 16:56:22 +0200 From: Greg KH To: Mirsad Goran Todorovac Cc: LKML , Thorsten Leemhuis , Maxim Levitsky , Alex Dubov , Ulf Hansson , Jens Axboe , Christophe JAILLET , Hannes Reinecke , Jiasheng Jiang , ye xingchen , linux-mmc@vger.kernel.org Subject: Re: BUG FIX: [PATCH RFC v3] [TESTED OK] memstick_check() memleak in kernel 6.1.0+ introduced pre 4.17 Message-ID: <2023040123-undress-playpen-edee@gregkh> References: <7d873dd3-9bab-175b-8158-c458b61a7122@alu.unizg.hr> <2023033124-causing-cassette-4d96@gregkh> <4d80549f-e59d-6319-07fd-1fbed75d7a1c@alu.unizg.hr> <2023040127-untrue-obtrusive-1ea4@gregkh> <2023040112-immovably-cytoplasm-44ee@gregkh> <112c4552-2c32-1be4-89a9-90ea9b45e988@alu.unizg.hr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <112c4552-2c32-1be4-89a9-90ea9b45e988@alu.unizg.hr> X-Spam-Status: No, score=-5.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Apr 01, 2023 at 01:25:21PM +0200, Mirsad Goran Todorovac wrote: > On 01. 04. 2023. 11:23, Greg KH wrote: > > On Sat, Apr 01, 2023 at 11:18:19AM +0200, Greg KH wrote: > >> On Sat, Apr 01, 2023 at 08:33:36AM +0200, Greg KH wrote: > >>> On Sat, Apr 01, 2023 at 08:28:07AM +0200, Greg KH wrote: > >>>> On Sat, Apr 01, 2023 at 08:23:26AM +0200, Mirsad Goran Todorovac wrote: > >>>>>> This patch is implying that anyone who calls "dev_set_name()" also has > >>>>>> to do this hack, which shouldn't be the case at all. > >>>>>> > >>>>>> thanks, > >>>>>> > >>>>>> greg k-h > >>>>> > >>>>> This is my best guess. Unless there is dev_free_name() or kobject_free_name(), I don't > >>>>> see a more sensible way to patch this up. > >>>> > >>>> In sleeping on this, I think this has to move to the driver core. I > >>>> don't understand why we haven't seen this before, except maybe no one > >>>> has really noticed before (i.e. we haven't had good leak detection tools > >>>> that run with removable devices?) > >>>> > >>>> Anyway, let me see if I can come up with something this weekend, give me > >>>> a chance... > >>> > >>> Wait, no, this already should be handled by the kobject core, look at > >>> kobject_cleanup(), at the bottom. So your change should be merely > >>> duplicating the logic there that already runs when the struct device is > >>> freed, right? > >>> > >>> So I don't understand why your change works, odd. I need more coffee... > >> > >> I think you got half of the change correctly. This init code is a maze > >> of twisty passages, let me take your patch and tweak it a bit into > >> something that I think should work. This looks to be only a memstick > >> issue, not a driver core issue (which makes me feel better.) > > > > Oops, forgot the patch. Can you try this change here and let me know if > > that solves the problem or not? I have compile-tested it only, so I > > have no idea if it works. > > > > If this does work, I'll make up a "real" function to replace the > > horrible dev.kobj.name mess that a driver would have to do here as it > > shouldn't be required that a driver author knows the internals of the > > driver core that well... > > > > thanks, > > > > greg k-h > > > > -------------------- > > > > > > diff --git a/drivers/memstick/core/memstick.c b/drivers/memstick/core/memstick.c > > index bf7667845459..bbfaf6536903 100644 > > --- a/drivers/memstick/core/memstick.c > > +++ b/drivers/memstick/core/memstick.c > > @@ -410,6 +410,7 @@ static struct memstick_dev *memstick_alloc_card(struct memstick_host *host) > > return card; > > err_out: > > host->card = old_card; > > + kfree_const(card->dev.kobj.name); > > kfree(card); > > return NULL; > > } > > @@ -468,8 +469,10 @@ static void memstick_check(struct work_struct *work) > > put_device(&card->dev); > > host->card = NULL; > > } > > - } else > > + } else { > > + kfree_const(card->dev.kobj.name); > > kfree(card); > > + } > > } > > > > out_power_off: > > RESULTS: > > w/o patch: > > [root@pc-mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak > [root@pc-mtodorov marvin]# cat !$ > cat /sys/kernel/debug/kmemleak > [root@pc-mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak > [root@pc-mtodorov marvin]# cat /sys/kernel/debug/kmemleak > unreferenced object 0xffffa09a93249590 (size 16): > comm "kworker/u12:4", pid 371, jiffies 4294896466 (age 52.748s) > hex dump (first 16 bytes): > 6d 65 6d 73 74 69 63 6b 30 00 cc cc cc cc cc cc memstick0....... > backtrace: > [] slab_post_alloc_hook+0x8c/0x3e0 > [] __kmem_cache_alloc_node+0x1d9/0x2a0 > [] __kmalloc_node_track_caller+0x59/0x180 > [] kstrdup+0x3a/0x70 > [] kstrdup_const+0x2c/0x40 > [] kvasprintf_const+0x7c/0xb0 > [] kobject_set_name_vargs+0x27/0xa0 > [] dev_set_name+0x57/0x80 > [] memstick_check+0x10f/0x3b0 [memstick] > [] process_one_work+0x250/0x530 > [] worker_thread+0x48/0x3a0 > [] kthread+0x10f/0x140 > [] ret_from_fork+0x29/0x50 > unreferenced object 0xffffa09a97205990 (size 16): > comm "kworker/u12:4", pid 371, jiffies 4294896471 (age 52.728s) > hex dump (first 16 bytes): > 6d 65 6d 73 74 69 63 6b 30 00 cc cc cc cc cc cc memstick0....... > backtrace: > [] slab_post_alloc_hook+0x8c/0x3e0 > [] __kmem_cache_alloc_node+0x1d9/0x2a0 > [] __kmalloc_node_track_caller+0x59/0x180 > [] kstrdup+0x3a/0x70 > [] kstrdup_const+0x2c/0x40 > [] kvasprintf_const+0x7c/0xb0 > [] kobject_set_name_vargs+0x27/0xa0 > [] dev_set_name+0x57/0x80 > [] memstick_check+0x10f/0x3b0 [memstick] > [] process_one_work+0x250/0x530 > [] worker_thread+0x48/0x3a0 > [] kthread+0x10f/0x140 > [] ret_from_fork+0x29/0x50 > [root@pc-mtodorov marvin]# uname -rms > Linux 6.3.0-rc4-mt-20230401-00199-g7b50567bdcad-dirty x86_64 > [root@pc-mtodorov marvin]# > > After the patch: > > [root@pc-mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak > [root@pc-mtodorov marvin]# cat /sys/kernel/debug/kmemleak > [root@pc-mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak > [root@pc-mtodorov marvin]# cat /sys/kernel/debug/kmemleak > [root@pc-mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak > [root@pc-mtodorov marvin]# cat /sys/kernel/debug/kmemleak > > So, congratulations, this did it! Great, thanks for testing! And for working to narrow this down, that's the hard part here. > This bug I detected on 2022-11-04, but it took me four months to find the leak, > before I was "blessed by the Source". You have asked me whether I would > help the memstick developers find a solution, and I like to keep promises. :-) > > At your convenience, you might add in the patch: > > Tested-by: Mirsad Goran Todorovac > > It's been an honour serving with the memstick community with you and it was a real > brainstorming session for me. Thanks, as you did way over half the work here, I think a co-developed tag would be better. I'll send it out with that and you can provide a signed-off-by on it that would be great. thanks, greg k-h