From: Catalin Marinas <catalin.marinas@arm.com>
To: Vinayak Menon <vinmenon@codeaurora.org>
Cc: Andrew Morton <akpm@linux-foundation.org>, linux-mm@kvack.org
Subject: Re: [PATCH] mm: kmemleak: wait for scan completion before disabling free
Date: Tue, 27 Mar 2018 18:49:27 +0100 [thread overview]
Message-ID: <20180327174927.o5lhb7yyl4gjkkxl@armageddon.cambridge.arm.com> (raw)
In-Reply-To: <b3fa4377-edf8-10c4-c40a-45bb53096145@codeaurora.org>
On Tue, Mar 27, 2018 at 10:59:31AM +0530, Vinayak Menon wrote:
> On 3/27/2018 12:56 AM, Andrew Morton wrote:
> > On Mon, 26 Mar 2018 16:44:21 +0100 Catalin Marinas <catalin.marinas@arm.com> wrote:
> >> On Mon, Mar 26, 2018 at 04:53:49PM +0530, Vinayak Menon wrote:
> >>> A crash is observed when kmemleak_scan accesses the
> >>> object->pointer, likely due to the following race.
> >>>
> >>> TASK A TASK B TASK C
> >>> kmemleak_write
> >>> (with "scan" and
> >>> NOT "scan=on")
> >>> kmemleak_scan()
> >>> create_object
> >>> kmem_cache_alloc fails
> >>> kmemleak_disable
> >>> kmemleak_do_cleanup
> >>> kmemleak_free_enabled = 0
> >>> kfree
> >>> kmemleak_free bails out
> >>> (kmemleak_free_enabled is 0)
> >>> slub frees object->pointer
> >>> update_checksum
> >>> crash - object->pointer
> >>> freed (DEBUG_PAGEALLOC)
> >>>
> >>> kmemleak_do_cleanup waits for the scan thread to complete, but not for
> >>> direct call to kmemleak_scan via kmemleak_write. So add a wait for
> >>> kmemleak_scan completion before disabling kmemleak_free.
> >>>
> >>> Signed-off-by: Vinayak Menon <vinmenon@codeaurora.org>
> >> It looks fine to me. Maybe Andrew can pick it up.
> >>
> >> Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
> > Well, the comment says:
> >
> > /*
> > * Stop the automatic memory scanning thread. This function must be called
> > * with the scan_mutex held.
> > */
> > static void stop_scan_thread(void)
> >
> >
> > So shouldn't we do it this way?
>
> Earlier it was done the way you mentioned. But that was changed to fix
> a deadlock by
>
> commit 5f369f374ba4889fe3c17883402db5ee8d254216
> Author: Catalin Marinas <catalin.marinas@arm.com>
> Date: Wed Jun 24 16:58:31 2015 -0700
>
> mm: kmemleak: do not acquire scan_mutex in kmemleak_do_cleanup()
>
> Not able to see a reason why stop_scan_thread must be called with
> scan_mutex held. The comment needs a fix ?
Indeed, the comment needs fixing as waiting on the mutex here may lead
deadlock. Would you mind sending an updated patch? Feel free to keep my
reviewed-by tag.
Thanks.
--
Catalin
next prev parent reply other threads:[~2018-03-27 17:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-26 11:23 Vinayak Menon
2018-03-26 15:44 ` Catalin Marinas
2018-03-26 19:26 ` Andrew Morton
2018-03-26 19:27 ` Andrew Morton
2018-03-27 5:29 ` Vinayak Menon
2018-03-27 17:49 ` Catalin Marinas [this message]
2018-03-28 6:51 ` Vinayak Menon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180327174927.o5lhb7yyl4gjkkxl@armageddon.cambridge.arm.com \
--to=catalin.marinas@arm.com \
--cc=akpm@linux-foundation.org \
--cc=linux-mm@kvack.org \
--cc=vinmenon@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox