Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754105AbYKSQv0 (ORCPT ); Wed, 19 Nov 2008 11:51:26 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751944AbYKSQvS (ORCPT ); Wed, 19 Nov 2008 11:51:18 -0500 Received: from cam-admin0.cambridge.arm.com ([193.131.176.58]:64865 "EHLO cam-admin0.cambridge.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751373AbYKSQvR (ORCPT ); Wed, 19 Nov 2008 11:51:17 -0500 X-Greylist: delayed 1511 seconds by postgrey-1.27 at vger.kernel.org; Wed, 19 Nov 2008 11:51:17 EST Subject: Possible memory leak via slub kmem_cache_create From: Catalin Marinas To: Christoph Lameter Cc: linux-kernel Content-Type: text/plain Organization: ARM Ltd Date: Wed, 19 Nov 2008 16:25:54 +0000 Message-Id: <1227111954.27162.28.camel@pc1117.cambridge.arm.com> Mime-Version: 1.0 X-Mailer: Evolution 2.22.3.1 Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 19 Nov 2008 16:25:55.0175 (UTC) FILETIME=[7F1F5F70:01C94A63] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3187 Lines: 60 Hi Cristoph, I've recently worked on reviving kmemleak (to be posted on LKML this week) and tried the slub allocator. I got the following report of orphan objects: unreferenced object 0xdf80f180 (size 32): comm "swapper", pid 1, jiffies 4294937343 backtrace: [] memleak_alloc [] __kmalloc [] proto_register [] inet_init [] do_one_initcall [] kernel_init [] do_exit [] unreferenced object 0xdf800840 (size 16): comm "swapper", pid 1, jiffies 4294937343 backtrace: [] memleak_alloc [] __kmalloc [] proto_register [] inet_init [] do_one_initcall [] kernel_init [] do_exit [] The proto_register() function in net/core/sock.c allocates request_sock_slab_name and timewait_sock_slab_name to generate the cache names passed to kmem_cache_create(). However, this function in mm/slub.c goes on the find_mergeable() route and doesn't update s->name to the previously allocated pointers. Therefore, kmemleak reports them as orphan. It could be worse since proto_unregister() tries to free these pointers but they don't actually point to the allocated blocks because of the merging. A solution could be to pass one of the SLUB_NEVER_MERGE bits to kmem_cache_create in proto_register(), though none of them has any meaning for this situation. Otherwise, maybe defining another bit like SLAB_ALLOCATED_NAME to ensure that kmem_cache_name() returns the same value. Or just simplify proto_register() to no longer allocate memory for these names and it should be stated somewhere that kmem_cache_create() doesn't necessarily saves the pointer to the name. Thanks. -- Catalin -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/