From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DEA37CFC503 for ; Mon, 14 Oct 2024 08:44:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 570FB6B0099; Mon, 14 Oct 2024 04:44:56 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5209C6B009A; Mon, 14 Oct 2024 04:44:56 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 411BA6B009B; Mon, 14 Oct 2024 04:44:56 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 216296B0099 for ; Mon, 14 Oct 2024 04:44:56 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 1B8C0402B9 for ; Mon, 14 Oct 2024 08:44:51 +0000 (UTC) X-FDA: 82671572298.07.5AD026F Received: from out-189.mta0.migadu.com (out-189.mta0.migadu.com [91.218.175.189]) by imf30.hostedemail.com (Postfix) with ESMTP id DB57B80008 for ; Mon, 14 Oct 2024 08:44:42 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=eUXjikBZ; spf=pass (imf30.hostedemail.com: domain of muchun.song@linux.dev designates 91.218.175.189 as permitted sender) smtp.mailfrom=muchun.song@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728895353; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=8HymtqTchiQpzME33HIhPmrfIpt1fflEw+LjEVZN4OU=; b=vd62w+PdT4snw2MXM76LbXdvNjH0Qx/852xSNxlb9ptEb3tyfuJR6htLotvF/9YIYkEqdN 2eAO4kpi/p/3FWcrXfz8n5jKAewG2YkTNjdLSiAtiJsQqDB1ZKfZ/ASEtSCA1RNv5kjBo6 WuUzkkEezcHjVw/uGTxd+XjrtM1YIL4= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728895353; a=rsa-sha256; cv=none; b=tExN6KATsI27bQ1tTaalQ6J0M2Ao1Vn95lkpG8ny3z7MSDb0aAz8+6Cdzy3d4hxJcxRy3W +avnnoLDwQtNQAkU3z8LJ87fS4Al1mm7ZIiuu8y/2REx2T7NLO8cmc+LVAsIsPuKPDWn28 uS2ZWHqUdSeAZduaZvWVH/Ifeg7qTUY= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=eUXjikBZ; spf=pass (imf30.hostedemail.com: domain of muchun.song@linux.dev designates 91.218.175.189 as permitted sender) smtp.mailfrom=muchun.song@linux.dev; dmarc=pass (policy=none) header.from=linux.dev Content-Type: text/plain; charset=us-ascii DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1728895491; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8HymtqTchiQpzME33HIhPmrfIpt1fflEw+LjEVZN4OU=; b=eUXjikBZo/wbyW+I2zALGFaqZCtk+WaTncA+wFsPHiACMY1PAFz8oeEkbOiudDy+S3gSZd m4LICcK5Ao/JkSsyS3x/srpyIwHPxY1kPbbh7cuml4zAv2K45bv0FC0mbNtvK+SUTHyTwC gQC1cwKcVsCO8hCuchpY2rCXiVwSrUo= Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3818.100.11.1.3\)) Subject: Re: [PATCH v2] mm: shrinker: avoid memleak in alloc_shrinker_info X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Muchun Song In-Reply-To: Date: Mon, 14 Oct 2024 16:43:59 +0800 Cc: akpm@linux-foundation.org, david@fromorbit.com, zhengqi.arch@bytedance.com, roman.gushchin@linux.dev, linux-mm@kvack.org, linux-kernel@vger.kernel.org, chenridong@huawei.com, wangweiyang2@huawei.com Content-Transfer-Encoding: quoted-printable Message-Id: <178A7AC8-0BDA-42CA-86B2-E1C13F3E1E8B@linux.dev> References: <20241014032336.482088-1-chenridong@huaweicloud.com> To: Anshuman Khandual , Chen Ridong X-Migadu-Flow: FLOW_OUT X-Rspamd-Queue-Id: DB57B80008 X-Stat-Signature: omjd6akfmj1mu9j9h47xkpzhop9xoguf X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1728895482-500184 X-HE-Meta: U2FsdGVkX1+/6hNVqwVJuWvomYXDD3UGJrbK3/XTyTyT/txfbke3R+R5ip+KCZf4VFUUEuYGcAs0dCuI6eIb4LqUF0r2I6dKV7j3tfGHtRP0lSh8p9MWrKjhQwcyTKrxsqxOqnQqvQ6AYWXheEsBVjLXa4s6oRvkYtoDOfX4pdbcEi1koHEJAKo9hQUBQ38RV/sA+kTVd6H6HprFXu15F6ow1g7puL3cQ4i0Ezm0aBMS/KBFn7UelGQ8ZvstD+GZ75AGr3ZP7ZOoSg8/TqovyedNn/J4PfG2EhV1tvBJxtzXBQI4yDch1u7FfwVArqGJ3sWKWINw55suIVygyONxWke3GEsAfGuW9NK+7irRQ75P4WMGK8NWxR2Ucv2dh1qT+rqFs/XD20HTx8e8m+lzbe/FaAEjYNRmWKL4z3m+WQUBcFAskUs8wePWUR5SKS1LIFt0/cO1XirO0DrFij1WRqgAEXoWswrnbu9erx0/g91j5DjABTME9yFaCevZC0TWIn/gS7EJodjTijVapwAkfu+1oD/dautSAHBqBa6p9cvNxsAsGWFlKe/jHSev4+1za3WNtmsEE+avVP2AKB2OQN2E04XooVmekZfUW8r8LidyN9ZC7hjZF5QUt1gq4kjsYWVmZ8Li2se+T91GgaUnh2qyCllbi5xeJClS017cQpEVwSJCFCtwJI408cRBv1LjHzMJiO+rRhV1kxtsSg1RaadlZmyq0dgFeOyjMRg3nT/44QZCFQbASgKG8fY4ZfzgYvbEpFi+2FYtTSTadq2gVN4LyM3qFFZAe8u5sJlEA0GvSIpxMq9ybnlzL0iB8uvYStOpMYpa7oyv8wUy2vtaDHZJ3oDvgSEyjL7MDoY3BDE4Os2lBPPx6bbVX+RoE2PxIQ1k25LlVAeHt7g5cyjwZtJVcNO9JShXHWbZ7jH1srYb7WsgmHzjBLWh5VdTMFtCkaSmAkpm+yDBz3uCb3y RH/4Z4QE FOEWRLeW/1ha94Wm5TMzBhkHkHbLONr4kiQX8UjTxG7KONioC/kVQrY/xdVzxk16wAj5Hhndn/q73LC0AfxXH+3KydwvGErqhEEcWb9esHzuAcNpu3iQ1rNjzBxLJpqXzzqcMZxk7cxfF4S+faibYkDr727wOAbabOye6XRbkt3Uk2beTUqPFYXPfm39yOiBTL117QQ8TXthDM9jsoGeW1InVrPu0DpiKxqVbPUKbST0fO09fTekqsXfqJTNYIgN7HjJmRB1/v/6F0fJioE1obPvfXDWuKx8rWmAgKT/A6U55pc4sYCp+nYvLYg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: > On Oct 14, 2024, at 16:13, Anshuman Khandual = wrote: >=20 >=20 >=20 > On 10/14/24 08:53, Chen Ridong wrote: >> From: Chen Ridong >>=20 >> A memleak was found as bellow: >>=20 >> unreferenced object 0xffff8881010d2a80 (size 32): >> comm "mkdir", pid 1559, jiffies 4294932666 >> hex dump (first 32 bytes): >> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ >> 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 @............... >> backtrace (crc 2e7ef6fa): >> [] __kmalloc_node_noprof+0x394/0x470 >> [] alloc_shrinker_info+0x7b/0x1a0 >> [] mem_cgroup_css_online+0x11a/0x3b0 >> [] online_css+0x29/0xa0 >> [] cgroup_apply_control_enable+0x20d/0x360 >> [] cgroup_mkdir+0x168/0x5f0 >> [] kernfs_iop_mkdir+0x5e/0x90 >> [] vfs_mkdir+0x144/0x220 >> [] do_mkdirat+0x87/0x130 >> [] __x64_sys_mkdir+0x49/0x70 >> [] do_syscall_64+0x68/0x140 >> [] entry_SYSCALL_64_after_hwframe+0x76/0x7e >>=20 >> In the alloc_shrinker_info function, when shrinker_unit_alloc return >> err, the info won't be freed. Just fix it. >>=20 >> Fixes: 307bececcd12 ("mm: shrinker: add a secondary array for = shrinker_info::{map, nr_deferred}") >> Signed-off-by: Chen Ridong >> --- >> mm/shrinker.c | 1 + >> 1 file changed, 1 insertion(+) >>=20 >> diff --git a/mm/shrinker.c b/mm/shrinker.c >> index dc5d2a6fcfc4..92270413190d 100644 >> --- a/mm/shrinker.c >> +++ b/mm/shrinker.c >> @@ -97,6 +97,7 @@ int alloc_shrinker_info(struct mem_cgroup *memcg) >>=20 >> err: >> mutex_unlock(&shrinker_mutex); >> + kvfree(info); >> free_shrinker_info(memcg); >> return -ENOMEM; >> } >=20 > There are two scenarios when "goto err:" gets called >=20 > - When shrinker_info allocations fails, no kvfree() is required > - but after this change kvfree() would be called even > when the allocation had failed originally, which does > not sound right Yes. In this case, @info is NULL and kvfree could handle NULL. It seems strange but the final behaviour correct. >=20 > - shrinker_unit_alloc() fails, kvfree() is actually required >=20 > I guess kvfree() should be called just after shrinker_unit_alloc() > fails but before calling into "goto err". We could do it like this, which avoids ambiguity (if someone ignores that kvfree could handle NULL). Something like: --- a/mm/shrinker.c +++ b/mm/shrinker.c @@ -88,13 +88,14 @@ int alloc_shrinker_info(struct mem_cgroup *memcg) goto err; info->map_nr_max =3D shrinker_nr_max; if (shrinker_unit_alloc(info, NULL, nid)) - goto err; + goto free; rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, = info); } mutex_unlock(&shrinker_mutex); return ret; - +free: + kvfree(info); err: mutex_unlock(&shrinker_mutex); free_shrinker_info(memcg); Thanks. >=20 > But curious, should not both kvzalloc_node()/kvfree() be avoided > while inside mutex lock to avoid possible lockdep issues ?