From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8666D1AD5F for ; Wed, 16 Oct 2024 14:09:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 27FE26B0089; Wed, 16 Oct 2024 10:09:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 231B56B008A; Wed, 16 Oct 2024 10:09:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0F77F6B008C; Wed, 16 Oct 2024 10:09:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id E5A606B0089 for ; Wed, 16 Oct 2024 10:09:09 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 437F11C4A9D for ; Wed, 16 Oct 2024 14:08:58 +0000 (UTC) X-FDA: 82679646840.13.0708094 Received: from out-176.mta0.migadu.com (out-176.mta0.migadu.com [91.218.175.176]) by imf14.hostedemail.com (Postfix) with ESMTP id 5F880100026 for ; Wed, 16 Oct 2024 14:08:57 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=No7MyOSG; spf=pass (imf14.hostedemail.com: domain of muchun.song@linux.dev designates 91.218.175.176 as permitted sender) smtp.mailfrom=muchun.song@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1729087673; a=rsa-sha256; cv=none; b=jumCrDZmOFxJw5FlN0Tz5D5xoluHep/7VjHjMVIYR6dlzp9l0KgCxmyMz1NDUCUFlJTFvO jtzy7mkcgS/hTXDxSGNK/UMnGTZO0rBWg3eun0Bnzwlkg1zmakG+Ni0Td9fa7b0pc0E6tV 6bd+6bWbg5W4aZSFIfoBbT2oiazdx4U= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=No7MyOSG; spf=pass (imf14.hostedemail.com: domain of muchun.song@linux.dev designates 91.218.175.176 as permitted sender) smtp.mailfrom=muchun.song@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1729087673; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ojgkOxmba6luUa6VoA9Sj2MjbqaCDVvzM2a89m3TPgU=; b=TkoqrtANMHcoFaiDn1Zz+wEn0O5fkUb5WFo/P65WW3hnc2MLLClTnNL/hvGq/lHGU+x2Vx Ij5LvXOQE+ePUYVBNujHZD5Sek3XtEOkE9PUlanomrKoNS2mZhSK2zjxl2UbfS/zPfof9u Ln5RMEiqfXeA5Z6Ymx9gYkI/o3/RdN8= Content-Type: text/plain; charset=utf-8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1729087744; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ojgkOxmba6luUa6VoA9Sj2MjbqaCDVvzM2a89m3TPgU=; b=No7MyOSGAVb4uVMJj7v9si4kFKurj5C3b8pWkiGtGTw33yoZXH/u4+T4JB0xzxUjUKAMTI aYlKYK1dwtHzdxY+cxuMOaRQ48jb9bAgjZcyKeQ39//KOxVfKW/9kFwOrrmpT67ZIo3J4P YYhwEXYDDl9vpEUTHiL3eUHhKtOHZiI= Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v2] mm: shrinker: avoid memleak in alloc_shrinker_info X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Muchun Song In-Reply-To: Cc: chenridong , Anshuman Khandual , "Kirill A. Shutemov" , akpm@linux-foundation.org, david@fromorbit.com, zhengqi.arch@bytedance.com, roman.gushchin@linux.dev, linux-mm@kvack.org, linux-kernel@vger.kernel.org, wangweiyang2@huawei.com Date: Wed, 16 Oct 2024 22:08:27 +0800 Message-Id: <1BD74B20-879A-4159-B957-1223553217C1@linux.dev> References: To: Vlastimil Babka X-Migadu-Flow: FLOW_OUT X-Stat-Signature: zsr1z1c878fztmagwqxnbdpn5n4d7zpx X-Rspamd-Queue-Id: 5F880100026 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1729087737-591020 X-HE-Meta: U2FsdGVkX196dr9yzeUliev8zmhlwrFQoIqrqnFXigeTIX+J2CbeDkrswMWGocid9dCNP5Dx/bXRvAYeDGaPDKN7sckLRDhtwL1GXNQOsSFnjwCxCaXGQkBy8UxZLU0KGyhLJl7reQKxNhJjOR12YHO1J2WZ86jUgNTOBh9nZ0giBG06hlsMSdSTqnLKx6Hb+J9C1KVOqjoGIx6H4gSOpkdSw70uz+IwgiIr9JZeDBSGXuFfg7iMbLjgBu12bRFuwy69zzjQTaQuxaI/qwFXAYIgVlZYv3pLecmza5yIoqGgzAGrsdAM6/cOzTKHGZbpHZT7/jcRcjJPbEt+gGalqrqQ0eVg26K57zBk2tscLjp9B6/xpMV8E46N1Sb9R4mwlzsCBk6rf1/HzfG2/PpA/y9DGRg3Fwb8m2v7y56J6d+UmkjwL63HAS94I+NDyLiwugcsOM2HnWi8t5kvQrKGsi3VPiQm1P7c+mJ6Xh/tdcw2i41JWZL4/kWpf4PK85qpSmc1/52aHqq5U4mFxResAlzxWUsi5J0pdiN5alEqjaMPngk75Vl4RGPFXx9UM5Y8P40yureLJAc/h+XrEvhoYIluulyShPmNWvBfIzylVgwMbu+IKk/2LfV6TD9C3CL8DXPTRcIuDg27WSbjc8CarO/V+7KMb2w+zOQ3Ytrj0xVzTMZyY/eJbdIYyK0jb4jfW/Na8AAueDY3SVfFBxexf28jATsoKKNzs4p6BXBTZM5VS/ZSwStfnsyPVO0bpPJnkxrAmlB/A4BeLcsYa+iAT4gUiI1w/j5tUn/gOC1KxzCIelGuKs6yiu+VC1zQXHf6YZjfZ9npuTOJozTITXsfWaaDukRGx9Fg0RFSujz8dfiezPMHeMIAXkDSN45DSDMQnlUHhp1kL3jxh6yiGCvAkBWtu/U8ew1iC8DNu70qZM00dj/RAY8s99kdI78XlgRCS4/43crcnLxivCFBLuB 4rpf1USF qQU3EydCGspYitUSFII4LatPSfcGhF2f3ikJNPcr+MhDNeRSVjILdYzfgtXP+r6aq3oUWI2y2V45yxV0imOYR0MzJrfXLMCJEbV7VwfhKKTcYhJMpzxYiXY2ILZMEJ6+QCDRFtEE8Xu2zw+yfS6tJMNaICI+86l2ORon1OoXCPA6pxjsDjNgb5S0iuZrbv7+TkH10kr3tbCCVk2izsF++32E/86wbEkDe4tTWYxHoXul/6DchtFkK+px0eQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: > On Oct 16, 2024, at 19:43, Vlastimil Babka wrote: > =EF=BB=BFOn 10/16/24 04:21, Muchun Song wrote: >>=20 >>=20 >>> On Oct 16, 2024, at 09:25, chenridong wrote: >>> On 2024/10/15 14:55, Anshuman Khandual wrote: >>>> On 10/14/24 16:59, Kirill A. Shutemov wrote: >>>>> On Mon, Oct 14, 2024 at 03:23:36AM +0000, Chen Ridong wrote: >>>>>> From: Chen Ridong >>>>>> A memleak was found as bellow: >>>>>> unreferenced object 0xffff8881010d2a80 (size 32): >>>>>> comm "mkdir", pid 1559, jiffies 4294932666 >>>>>> hex dump (first 32 bytes): >>>>>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ >>>>>> 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 @............... >>>>>> backtrace (crc 2e7ef6fa): >>>>>> [] __kmalloc_node_noprof+0x394/0x470 >>>>>> [] alloc_shrinker_info+0x7b/0x1a0 >>>>>> [] mem_cgroup_css_online+0x11a/0x3b0 >>>>>> [] online_css+0x29/0xa0 >>>>>> [] cgroup_apply_control_enable+0x20d/0x360 >>>>>> [] cgroup_mkdir+0x168/0x5f0 >>>>>> [] kernfs_iop_mkdir+0x5e/0x90 >>>>>> [] vfs_mkdir+0x144/0x220 >>>>>> [] do_mkdirat+0x87/0x130 >>>>>> [] __x64_sys_mkdir+0x49/0x70 >>>>>> [] do_syscall_64+0x68/0x140 >>>>>> [] entry_SYSCALL_64_after_hwframe+0x76/0x7e >>>>>> In the alloc_shrinker_info function, when shrinker_unit_alloc return >>>>>> err, the info won't be freed. Just fix it. >>>>>> Fixes: 307bececcd12 ("mm: shrinker: add a secondary array for shrinke= r_info::{map, nr_deferred}") >>>>>> Signed-off-by: Chen Ridong >>>>>> --- >>>>>> mm/shrinker.c | 1 + >>>>>> 1 file changed, 1 insertion(+) >>>>>> diff --git a/mm/shrinker.c b/mm/shrinker.c >>>>>> index dc5d2a6fcfc4..92270413190d 100644 >>>>>> --- a/mm/shrinker.c >>>>>> +++ b/mm/shrinker.c >>>>>> @@ -97,6 +97,7 @@ int alloc_shrinker_info(struct mem_cgroup *memcg) >>>>>> err: >>>>>> mutex_unlock(&shrinker_mutex); >>>>>> + kvfree(info); >>>>>> free_shrinker_info(memcg); >>>>>> return -ENOMEM; >>>>>> } >>>>> NAK. If in the future there going to one more error case after >>>>> rcu_assign_pointer() we will end up with double free. >>>>> This should be safer: >>>>> diff --git a/mm/shrinker.c b/mm/shrinker.c >>>>> index dc5d2a6fcfc4..763fd556bc7d 100644 >>>>> --- a/mm/shrinker.c >>>>> +++ b/mm/shrinker.c >>>>> @@ -87,8 +87,10 @@ int alloc_shrinker_info(struct mem_cgroup *memcg) >>>>> if (!info) >>>>> goto err; >>>>> info->map_nr_max =3D shrinker_nr_max; >>>>> - if (shrinker_unit_alloc(info, NULL, nid)) >>>>> + if (shrinker_unit_alloc(info, NULL, nid)) { >>>>> + kvfree(info); >>>>> goto err; >>>>> + } >>>>> rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, info); >>>>> } >>>>> mutex_unlock(&shrinker_mutex); >>>> Agreed, this is what I mentioned earlier as well. >>>> ------------------------------------------------------------------ >>>> I guess kvfree() should be called just after shrinker_unit_alloc() >>>> fails but before calling into "goto err" >>>> ------------------------------------------------------------------ >>> After discussion, it seems that v1 is acceptable. >>> Hi, Muchun, do you have any other opinions? >>=20 >> I insist on my opinion, not mixing two different approaches >> to do release resources. >=20 > So instead we mix the cleanup of the whole function with the cleanup of wh= at > is effectively a per-iteration temporary variable? >=20 > The fact there was already a confusion in this thread about whether it's > safe and relies on kvfree(NULL) to be a no-op, should be a hint. Yes. I think someone is confused about my opinion. I don=E2=80=99t care about whether we should apply this hit. If we think the hint is tricky, we could add another label to fix it like I suggested previously. Because we already use goto-based approaches to cleanup the resources, why not keeping consistent? It will be easier for us to add a new "if" statement and handle the failure case in the future. For example, if we use his v1 proposal, we should do the cleanups again for info. But for goto-based version, we just add another label to do the cleanups and go to the new label for failure case. goto-based fix is what I i= nsisted on. I copied my previous suggested fix here to clarify my opinion. --- a/mm/shrinker.c +++ b/mm/shrinker.c @@ -88,13 +88,14 @@ int alloc_shrinker_info(struct mem_cgroup *memcg) goto err; info->map_nr_max =3D shrinker_nr_max; if (shrinker_unit_alloc(info, NULL, nid)) - goto err; + goto free; rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, info);= } mutex_unlock(&shrinker_mutex); return ret; - +free: + kvfree(info); err: mutex_unlock(&shrinker_mutex); free_shrinker_info(memcg); Muchun, Thanks. >=20 > So no, I a gree with Kirill and others. Ideally the fix would also move th= e > declaration of info into the for loop to make its scope more obvious. >=20 >> Thanks. >>=20 >>> Best regards, >>> Ridong