From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1B745CFC50A
	for <linux-mm@archiver.kernel.org>; Mon, 14 Oct 2024 09:04:35 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 9EE746B0082; Mon, 14 Oct 2024 05:04:34 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 99E066B0083; Mon, 14 Oct 2024 05:04:34 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 864866B0085; Mon, 14 Oct 2024 05:04:34 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 6A10B6B0082
	for <linux-mm@kvack.org>; Mon, 14 Oct 2024 05:04:34 -0400 (EDT)
Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay03.hostedemail.com (Postfix) with ESMTP id 2807AA0C80
	for <linux-mm@kvack.org>; Mon, 14 Oct 2024 09:04:20 +0000 (UTC)
X-FDA: 82671621900.22.C2415DB
Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190])
	by imf01.hostedemail.com (Postfix) with ESMTP id B68DD4000C
	for <linux-mm@kvack.org>; Mon, 14 Oct 2024 09:04:25 +0000 (UTC)
Authentication-Results: imf01.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf01.hostedemail.com: domain of chenridong@huawei.com designates 45.249.212.190 as permitted sender) smtp.mailfrom=chenridong@huawei.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728896567; a=rsa-sha256;
	cv=none;
	b=q0dn+sTJ//GLHf5bXKoa0woawD1iXa+AS36D/4jCKISegGoqnnuf6xMtwPkZLfil7FsKj1
	jhF6f+QjC1KTt8NFQ/Yp5xCsJFgkK848V4yhkQ8Rs2AdxDk5UvtApJXvwHnwu35JQ6aZ9i
	W85FRAgYmCfzCX35GX6c5i7AdbmCFfU=
ARC-Authentication-Results: i=1;
	imf01.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf01.hostedemail.com: domain of chenridong@huawei.com designates 45.249.212.190 as permitted sender) smtp.mailfrom=chenridong@huawei.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1728896567;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=rQF4n492Dwy5KTBpQOlyRLUZqD9iqzMTbacnm+O/TWQ=;
	b=ukNbvYrFAB+Yfni2T70CX1n5JeKSnv7dr2e3gbjuWMzqsI88qcNCVptd9rlEm5WQUVhNo6
	WxAO9kM5WGOS2UeGyqQEQ8qLLgYzSORmRzEAAy1L0fNoY0ePTSakmBV6cyP9D83esAQ3C4
	QQe75i3E9aIeGiWDvL3tP8pmlGwx2mM=
Received: from mail.maildlp.com (unknown [172.19.163.44])
	by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4XRrr10rnzz20qLD;
	Mon, 14 Oct 2024 17:03:45 +0800 (CST)
Received: from kwepemd100013.china.huawei.com (unknown [7.221.188.163])
	by mail.maildlp.com (Postfix) with ESMTPS id 02FFD140158;
	Mon, 14 Oct 2024 17:04:27 +0800 (CST)
Received: from [10.67.109.79] (10.67.109.79) by kwepemd100013.china.huawei.com
 (7.221.188.163) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Mon, 14 Oct
 2024 17:04:26 +0800
Message-ID: <1dc9acbd-351f-4755-8c56-d3d77aaccfb2@huawei.com>
Date: Mon, 14 Oct 2024 17:04:24 +0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v2] mm: shrinker: avoid memleak in alloc_shrinker_info
To: Muchun Song <muchun.song@linux.dev>, Anshuman Khandual
	<anshuman.khandual@arm.com>, Chen Ridong <chenridong@huaweicloud.com>
CC: <akpm@linux-foundation.org>, <david@fromorbit.com>,
	<zhengqi.arch@bytedance.com>, <roman.gushchin@linux.dev>,
	<linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>,
	<wangweiyang2@huawei.com>
References: <20241014032336.482088-1-chenridong@huaweicloud.com>
 <c34b962b-8b9a-41e5-a54e-364b826c5e2a@arm.com>
 <178A7AC8-0BDA-42CA-86B2-E1C13F3E1E8B@linux.dev>
Content-Language: en-US
From: chenridong <chenridong@huawei.com>
In-Reply-To: <178A7AC8-0BDA-42CA-86B2-E1C13F3E1E8B@linux.dev>
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.67.109.79]
X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To
 kwepemd100013.china.huawei.com (7.221.188.163)
X-Rspamd-Queue-Id: B68DD4000C
X-Rspam-User: 
X-Rspamd-Server: rspam05
X-Stat-Signature: ogdm5tn8gjxfwttja6k5f1ac9c1of5kd
X-HE-Tag: 1728896665-580082
X-HE-Meta: U2FsdGVkX18xm8KcdWcTYXvWsN8KNfAtnYoNgbvNvCLvJSi2ncnU2BLvLz33iD7w9ZYlV/+CgiliYUXQAwaeaic3ipX3shWp83RrPRQ9mVhtX8m8G9m0+VUUiaPvEaKd8wtH5fwIxaTWxhtU7RG/ofQ0fkuKyKQpiwKs/RHBM6O13USt6UTvXmXi7UQlB5shvbtQ15HR6A01D/5wMVzlrCsg/q4l3VJIYHZw7J3Upuy4TRxWLcO4Hyts2E82yg+p6ilk0ISnlF072vz0108J4PIVVcgKKa7sXOoNFR9Tbl0EM2D/cYdIDgBP9IOlj1Huub95BsQ0W+buYhVhwnNKaGYeMFgyMBPNw1lMg7xmxztZEo8Gg3wW9AjDYcREnIZ1Fgktt0H79Vt/C0A5VdKFOdVI5tlVixrBwjCycXZdk/0rKetdkLHxKCcoUi6CiYn1s7zKINz6T2akbDspkhaplusRkf4/z91iTn9j8Nx87GAv3a47X4wgktOoXc0vopC92c4nFEWoHXfzn3cBP0N42j1PqzHj4A5KxfW2pDKG+xsKeslzXbqDl+6Pz7APqpuppDMGt3dZOCzv+EOJDQR1tUY3SY4gcmBRkTwYQ59Hq11Ye+ixA2WAigzBhZio45tb7RWt8uQilQ+aQqglG6586ICat1GvJzkD2+KZLVoE00B1jIwVijuh8Zrj1KWoUhADms9sbegnyMtpEuP6sTgaGhev7TXjtmPIdrrcGmufp9NQjNGgNLLMdzNNwzmLMqx6WDud+r6lPN+fjES7P0WX8baWBuxCKGID9hom3If4IJpKSTmOcqkzJfu65SxvMAGef5Q2DuoDF9W6maLYKoclZIdBfihmWP1WaawcowFFICZotjD03Ksm1Wo2vfWUl/11kpnQ3Ykiaeh1ONtG9JSGnKGih+1whFLzfHSOgd7DE2uo80JRBiUnfEFPe0wkIG/1Bc4vYcih/PQoTzJydX6
 rcQZijCo
 GlnhMhGXcHtlwDcZhA89ivSf6k0D3udQTGuI8GJsqhgxeaDhgBaknWm/NbBxOc0b20Q55Srhm0dGVwTAwBu97peb04fJH0hTxp4TtRvrCxLxHhRPihxAtNFASxoyeegkv4c8nP8jClDBSJ5UnjJCfLSV+3jP1EIs7gL5BVeQ3G/KRhPR9xPvHgKFO7oFqAZ/G/YmDvfTfkJbZ5pf5PezYvVx8H0QZ63Jka/8YvUUBAIvR3Fv5KWwLflNx5ClH8cAj8s9RZ1w3npG+aGxjnb90EYB2DtvgR4+ZHMn7YM3xIiBc8QQ=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>



On 2024/10/14 16:43, Muchun Song wrote:
> 
> 
>> On Oct 14, 2024, at 16:13, Anshuman Khandual <anshuman.khandual@arm.com> wrote:
>>
>>
>>
>> On 10/14/24 08:53, Chen Ridong wrote:
>>> From: Chen Ridong <chenridong@huawei.com>
>>>
>>> A memleak was found as bellow:
>>>
>>> unreferenced object 0xffff8881010d2a80 (size 32):
>>>   comm "mkdir", pid 1559, jiffies 4294932666
>>>   hex dump (first 32 bytes):
>>>     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>>>     40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  @...............
>>>   backtrace (crc 2e7ef6fa):
>>>     [<ffffffff81372754>] __kmalloc_node_noprof+0x394/0x470
>>>     [<ffffffff813024ab>] alloc_shrinker_info+0x7b/0x1a0
>>>     [<ffffffff813b526a>] mem_cgroup_css_online+0x11a/0x3b0
>>>     [<ffffffff81198dd9>] online_css+0x29/0xa0
>>>     [<ffffffff811a243d>] cgroup_apply_control_enable+0x20d/0x360
>>>     [<ffffffff811a5728>] cgroup_mkdir+0x168/0x5f0
>>>     [<ffffffff8148543e>] kernfs_iop_mkdir+0x5e/0x90
>>>     [<ffffffff813dbb24>] vfs_mkdir+0x144/0x220
>>>     [<ffffffff813e1c97>] do_mkdirat+0x87/0x130
>>>     [<ffffffff813e1de9>] __x64_sys_mkdir+0x49/0x70
>>>     [<ffffffff81f8c928>] do_syscall_64+0x68/0x140
>>>     [<ffffffff8200012f>] entry_SYSCALL_64_after_hwframe+0x76/0x7e
>>>
>>> In the alloc_shrinker_info function, when shrinker_unit_alloc return
>>> err, the info won't be freed. Just fix it.
>>>
>>> Fixes: 307bececcd12 ("mm: shrinker: add a secondary array for shrinker_info::{map, nr_deferred}")
>>> Signed-off-by: Chen Ridong <chenridong@huawei.com>
>>> ---
>>> mm/shrinker.c | 1 +
>>> 1 file changed, 1 insertion(+)
>>>
>>> diff --git a/mm/shrinker.c b/mm/shrinker.c
>>> index dc5d2a6fcfc4..92270413190d 100644
>>> --- a/mm/shrinker.c
>>> +++ b/mm/shrinker.c
>>> @@ -97,6 +97,7 @@ int alloc_shrinker_info(struct mem_cgroup *memcg)
>>>
>>> err:
>>> 	mutex_unlock(&shrinker_mutex);
>>> + 	kvfree(info);
>>> 	free_shrinker_info(memcg);
>>> 	return -ENOMEM;
>>> }
>>
>> There are two scenarios when "goto err:" gets called
>>
>> - When shrinker_info allocations fails, no kvfree() is required
>> 	- but after this change kvfree() would be called even
>> 	  when the allocation had failed originally, which does
>>   	  not sound right
> 
> Yes. In this case, @info is NULL and kvfree could handle NULL.
> It seems strange but the final behaviour correct.
> 
>>
>> - shrinker_unit_alloc() fails, kvfree() is actually required
>>
>> I guess kvfree() should be called just after shrinker_unit_alloc()
>> fails but before calling into "goto err".
> 
> We could do it like this, which avoids ambiguity (if someone ignores
> that kvfree could handle NULL). Something like:
> 
> --- a/mm/shrinker.c
> +++ b/mm/shrinker.c
> @@ -88,13 +88,14 @@ int alloc_shrinker_info(struct mem_cgroup *memcg)
>                          goto err;
>                  info->map_nr_max = shrinker_nr_max;
>                  if (shrinker_unit_alloc(info, NULL, nid))
> -                       goto err;
> +                       goto free;
>                  rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, info);
>          }
>          mutex_unlock(&shrinker_mutex);
> 
>          return ret;
> -
> +free:
> +       kvfree(info);
>   err:
>          mutex_unlock(&shrinker_mutex);
>          free_shrinker_info(memcg);
> 
> Thanks.
> 
>>
>> But curious, should not both kvzalloc_node()/kvfree() be avoided
>> while inside mutex lock to avoid possible lockdep issues ?
> 
How about:

diff --git a/mm/shrinker.c b/mm/shrinker.c
index dc5d2a6fcfc4..7baee7f00497 100644
--- a/mm/shrinker.c
+++ b/mm/shrinker.c
@@ -87,9 +87,9 @@ int alloc_shrinker_info(struct mem_cgroup *memcg)
                  if (!info)
                          goto err;
                  info->map_nr_max = shrinker_nr_max;
+               rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, 
info);
                  if (shrinker_unit_alloc(info, NULL, nid))
                          goto err;
-               rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, 
info);
          }
          mutex_unlock(&shrinker_mutex);

I think this is concise.

Best regards,
Ridong