From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6A409D1AD4F
	for <linux-mm@archiver.kernel.org>; Wed, 16 Oct 2024 12:13:45 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id F1C496B007B; Wed, 16 Oct 2024 08:13:44 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id ECCA56B0082; Wed, 16 Oct 2024 08:13:44 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id D6CB76B0083; Wed, 16 Oct 2024 08:13:44 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id BA9CC6B007B
	for <linux-mm@kvack.org>; Wed, 16 Oct 2024 08:13:44 -0400 (EDT)
Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 511F3140168
	for <linux-mm@kvack.org>; Wed, 16 Oct 2024 12:13:34 +0000 (UTC)
X-FDA: 82679356074.06.249FA8D
Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])
	by imf14.hostedemail.com (Postfix) with ESMTP id 58E3B10000D
	for <linux-mm@kvack.org>; Wed, 16 Oct 2024 12:13:32 +0000 (UTC)
Authentication-Results: imf14.hostedemail.com;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=rlupUrHu;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=rICVpDPP;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=rlupUrHu;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=rICVpDPP;
	spf=pass (imf14.hostedemail.com: domain of vbabka@suse.cz designates 195.135.223.130 as permitted sender) smtp.mailfrom=vbabka@suse.cz;
	dmarc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1729080677;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=Yk42CWZOANsqQxbXzgz8My19rRwDUHEJZtFu8XOqV3g=;
	b=XDTWKqeQNn3u7NyJXs+D0j7Fm07c3t3mK+pIPhuERm0XOoQV8dUcNicdclmrg7UGNEY/V/
	uKH9BBh9hpJM5fsmbrOrtur0ZWT6HlhtQWyrJFZUJZq2/wDcdeeCMctVkoiqXnW+w17XSM
	xqrHkBXdiVGNnjimMxPwZRoVD5DK4sc=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1729080677; a=rsa-sha256;
	cv=none;
	b=Uc9wmgwbmR78zQy5WY/jrQmZyHnLeWkRZCN+wqC8XN9wTQ7aBYHo5KOjCPAg2O6Iqcl/oz
	GmGObljtQzeK2VkMbGLTrXfYj7woFnU05ZHOlHk29waqt+7s1HFRi+GabykJDV27mN7UFQ
	Lmb6iuy+A+no6lNFC3bvP+wb64i+DXk=
ARC-Authentication-Results: i=1;
	imf14.hostedemail.com;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=rlupUrHu;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=rICVpDPP;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=rlupUrHu;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=rICVpDPP;
	spf=pass (imf14.hostedemail.com: domain of vbabka@suse.cz designates 195.135.223.130 as permitted sender) smtp.mailfrom=vbabka@suse.cz;
	dmarc=none
Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp-out1.suse.de (Postfix) with ESMTPS id 60D1521B58;
	Wed, 16 Oct 2024 12:13:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa;
	t=1729080820; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Yk42CWZOANsqQxbXzgz8My19rRwDUHEJZtFu8XOqV3g=;
	b=rlupUrHuRXpN+GSHy77ojANHeFIMf3pdlQk69VCrQSkldUyPKn1nBlhPM1lgPVbA7FmyOa
	j4kCvsJ1JS0hDiqxKhjYHvXGHOnN7JixBnbI/SI6OFB7oUy4gYqSkiC8W+aZWgw/nPo4qi
	4amM/IS3sQxcIN7KXs5kpDfaYuMw+LU=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;
	s=susede2_ed25519; t=1729080820;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Yk42CWZOANsqQxbXzgz8My19rRwDUHEJZtFu8XOqV3g=;
	b=rICVpDPPYjlz9GViKfD06PJsJwqcVNR1wG71TDzu4iExrydDyqwAmZ+nxYlWDb/R2BkenX
	eHvuzwzarVzlQRDg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa;
	t=1729080820; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Yk42CWZOANsqQxbXzgz8My19rRwDUHEJZtFu8XOqV3g=;
	b=rlupUrHuRXpN+GSHy77ojANHeFIMf3pdlQk69VCrQSkldUyPKn1nBlhPM1lgPVbA7FmyOa
	j4kCvsJ1JS0hDiqxKhjYHvXGHOnN7JixBnbI/SI6OFB7oUy4gYqSkiC8W+aZWgw/nPo4qi
	4amM/IS3sQxcIN7KXs5kpDfaYuMw+LU=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;
	s=susede2_ed25519; t=1729080820;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Yk42CWZOANsqQxbXzgz8My19rRwDUHEJZtFu8XOqV3g=;
	b=rICVpDPPYjlz9GViKfD06PJsJwqcVNR1wG71TDzu4iExrydDyqwAmZ+nxYlWDb/R2BkenX
	eHvuzwzarVzlQRDg==
Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 4403E13433;
	Wed, 16 Oct 2024 12:13:40 +0000 (UTC)
Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])
	by imap1.dmz-prg2.suse.org with ESMTPSA
	id R5f5D/StD2ekbwAAD6G6ig
	(envelope-from <vbabka@suse.cz>); Wed, 16 Oct 2024 12:13:40 +0000
Message-ID: <270ca4d5-b35f-4533-87c9-dc15e7b00f6f@suse.cz>
Date: Wed, 16 Oct 2024 14:13:39 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v2] mm: shrinker: avoid memleak in alloc_shrinker_info
Content-Language: en-US
To: Muchun Song <muchun.song@linux.dev>, chenridong <chenridong@huawei.com>
Cc: Anshuman Khandual <anshuman.khandual@arm.com>,
 Chen Ridong <chenridong@huaweicloud.com>, akpm@linux-foundation.org,
 david@fromorbit.com, zhengqi.arch@bytedance.com, roman.gushchin@linux.dev,
 linux-mm@kvack.org, linux-kernel@vger.kernel.org, wangweiyang2@huawei.com
References: <20241014032336.482088-1-chenridong@huaweicloud.com>
 <c34b962b-8b9a-41e5-a54e-364b826c5e2a@arm.com>
 <178A7AC8-0BDA-42CA-86B2-E1C13F3E1E8B@linux.dev>
 <1dc9acbd-351f-4755-8c56-d3d77aaccfb2@huawei.com>
 <F8EBBED0-6D7D-4A23-AC8C-3E395EA1BF12@linux.dev>
From: Vlastimil Babka <vbabka@suse.cz>
In-Reply-To: <F8EBBED0-6D7D-4A23-AC8C-3E395EA1BF12@linux.dev>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Rspamd-Action: no action
X-Stat-Signature: 6mdkbrxsrif6orgo71raebcta6oznumy
X-Rspamd-Queue-Id: 58E3B10000D
X-Rspam-User: 
X-Rspamd-Server: rspam08
X-HE-Tag: 1729080812-405553
X-HE-Meta: U2FsdGVkX19ck6nZa5nnuy4USQn4nFX9CVfn7wBMu1UIux27mkeBcKaRKHod3XSfHn7Ak0M8iTO/+CqxKKu9EaYhhEzw5LUBss3qPH6unoEzO4gdXp2cr86YGE/poyFv1pl2/qdXN9skQOK+bfqoDO2f0Su/n6X4Ol1xzEDFeHZ/h0RrYaMJ1FHE/gv0LBoAgTff0ZE3UuYTejBcc1KND4BwUaZu9jX/cLejRamkoNlMAdfNJ5IlOzB6z/EwQDkb92G1I+bFwsXgHkqcDTvTsOYi831o8n1viEGMqI24eyCbWL+y8C52ZWFrNmfd6Jwa6PM1PWw4ejZJ4ThC50eei2iJq2+pZ6ANi7TvEPWpMky3g2bEyTAPUxGaBAupH14BPl5EGPfSa8QkAE3U3MTX8RhtS/8N+JXDxPSpbALejnlvspfgLI5OuKwdjezRv/7YV5/6KBfuJugRhepTylw39vWuQvbM7n57QgkOIeZxHwGPUFi9czG6baZRQwm8WS2W3fWaCArmrjkYndWNZAybqofTsVR7Ljb0LiM/0o2N5TPCRh1XHiovv9fNoq4GbCrnFNE3KktEviwySU+o0IdxdBd9KF6hAuf7BMAwR1oyzMbbLcIbhRILTsMbXVSavC7JA69kqhsVntTPdz5luoAsYX4FE6hEwuo+orkVZpjWA97f3RQsbt2v729w04cNyBcouq8jFkLHOnr241lWIxCOyoX5jWOJtMM7Qute3jrpjbrgaxb3irmKiZGmzdnf0Lvyi4mWMxkpPbq9KQclOzkXhvyCctoihfa3BhoMyKnXup9v25LEXMEdGYk4LYbQ/a+6fxkljKUsdVt2Mslo7U+Eu966TUsoMUJAdYLk61arRMEd6NsYpOsX3T5aiSIiKbrKA2xoDYYlND3Bu4YYaby4NuAyQesNvZOgq/+8Arilxo5CimT5lXW+7g72HApYf9h7JkmtmGUIWPp90q3ZmhL
 lYPwLf3n
 BeP/PlibjtDcrCzjpHgvpNf/8Ap4LDyh7RwbJj16J09+/bi7O1qrg0JKcopAQS6O3vjnYIREgA+771lAZyRFNyFHCbc73hWJg+P7883/jWYsPgo+NTNbKrL4WyGsYxBP0FSg/R60CCBWGpmP4gWjudegCPp4MCVF2nPSV/Uxhnf5hyjOUmIZdG8nIr2qov+22y93I4mTLWzo5GLJYtLjcDw7FVj6m2OeybPnigEoseH2FxzHJBakcjfn7SiS1bgx1/WZguZSDWNl9/88bURE2aGS+zoBCLHQk5aXOwXyO+Z1zjg5nDToHQbCPP/2v6p2ZfSPam89Ws9heINU5NFLUfZUBDGc3cRLSTx+qSSQ0OhzoiGIHx2uwVKaArQh/OQw0a2l9nqtfEd+egivZs55SN5gzW3qgJd32u5nS
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On 10/14/24 11:20, Muchun Song wrote:
> 
> 
>> On Oct 14, 2024, at 17:04, chenridong <chenridong@huawei.com> wrote:
>> 
>> 
>> 
>> On 2024/10/14 16:43, Muchun Song wrote:
>>>> On Oct 14, 2024, at 16:13, Anshuman Khandual <anshuman.khandual@arm.com> wrote:
>>>> 
>>>> 
>>>> 
>>>> On 10/14/24 08:53, Chen Ridong wrote:
>>>>> From: Chen Ridong <chenridong@huawei.com>
>>>>> 
>>>>> A memleak was found as bellow:
>>>>> 
>>>>> unreferenced object 0xffff8881010d2a80 (size 32):
>>>>>  comm "mkdir", pid 1559, jiffies 4294932666
>>>>>  hex dump (first 32 bytes):
>>>>>    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>>>>>    40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  @...............
>>>>>  backtrace (crc 2e7ef6fa):
>>>>>    [<ffffffff81372754>] __kmalloc_node_noprof+0x394/0x470
>>>>>    [<ffffffff813024ab>] alloc_shrinker_info+0x7b/0x1a0
>>>>>    [<ffffffff813b526a>] mem_cgroup_css_online+0x11a/0x3b0
>>>>>    [<ffffffff81198dd9>] online_css+0x29/0xa0
>>>>>    [<ffffffff811a243d>] cgroup_apply_control_enable+0x20d/0x360
>>>>>    [<ffffffff811a5728>] cgroup_mkdir+0x168/0x5f0
>>>>>    [<ffffffff8148543e>] kernfs_iop_mkdir+0x5e/0x90
>>>>>    [<ffffffff813dbb24>] vfs_mkdir+0x144/0x220
>>>>>    [<ffffffff813e1c97>] do_mkdirat+0x87/0x130
>>>>>    [<ffffffff813e1de9>] __x64_sys_mkdir+0x49/0x70
>>>>>    [<ffffffff81f8c928>] do_syscall_64+0x68/0x140
>>>>>    [<ffffffff8200012f>] entry_SYSCALL_64_after_hwframe+0x76/0x7e
>>>>> 
>>>>> In the alloc_shrinker_info function, when shrinker_unit_alloc return
>>>>> err, the info won't be freed. Just fix it.
>>>>> 
>>>>> Fixes: 307bececcd12 ("mm: shrinker: add a secondary array for shrinker_info::{map, nr_deferred}")
>>>>> Signed-off-by: Chen Ridong <chenridong@huawei.com>
>>>>> ---
>>>>> mm/shrinker.c | 1 +
>>>>> 1 file changed, 1 insertion(+)
>>>>> 
>>>>> diff --git a/mm/shrinker.c b/mm/shrinker.c
>>>>> index dc5d2a6fcfc4..92270413190d 100644
>>>>> --- a/mm/shrinker.c
>>>>> +++ b/mm/shrinker.c
>>>>> @@ -97,6 +97,7 @@ int alloc_shrinker_info(struct mem_cgroup *memcg)
>>>>> 
>>>>> err:
>>>>> mutex_unlock(&shrinker_mutex);
>>>>> + kvfree(info);
>>>>> free_shrinker_info(memcg);
>>>>> return -ENOMEM;
>>>>> }
>>>> 
>>>> There are two scenarios when "goto err:" gets called
>>>> 
>>>> - When shrinker_info allocations fails, no kvfree() is required
>>>> - but after this change kvfree() would be called even
>>>>  when the allocation had failed originally, which does
>>>>    not sound right
>>> Yes. In this case, @info is NULL and kvfree could handle NULL.
>>> It seems strange but the final behaviour correct.
>>>> 
>>>> - shrinker_unit_alloc() fails, kvfree() is actually required
>>>> 
>>>> I guess kvfree() should be called just after shrinker_unit_alloc()
>>>> fails but before calling into "goto err".
>>> We could do it like this, which avoids ambiguity (if someone ignores
>>> that kvfree could handle NULL). Something like:
>>> --- a/mm/shrinker.c
>>> +++ b/mm/shrinker.c
>>> @@ -88,13 +88,14 @@ int alloc_shrinker_info(struct mem_cgroup *memcg)
>>>                         goto err;
>>>                 info->map_nr_max = shrinker_nr_max;
>>>                 if (shrinker_unit_alloc(info, NULL, nid))
>>> -                       goto err;
>>> +                       goto free;
>>>                 rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, info);
>>>         }
>>>         mutex_unlock(&shrinker_mutex);
>>>         return ret;
>>> -
>>> +free:
>>> +       kvfree(info);
>>>  err:
>>>         mutex_unlock(&shrinker_mutex);
>>>         free_shrinker_info(memcg);
>>> Thanks.
>>>> 
>>>> But curious, should not both kvzalloc_node()/kvfree() be avoided
>>>> while inside mutex lock to avoid possible lockdep issues ?
>> How about:
>> 
>> diff --git a/mm/shrinker.c b/mm/shrinker.c
>> index dc5d2a6fcfc4..7baee7f00497 100644
>> --- a/mm/shrinker.c
>> +++ b/mm/shrinker.c
>> @@ -87,9 +87,9 @@ int alloc_shrinker_info(struct mem_cgroup *memcg)
>>                 if (!info)
>>                         goto err;
>>                 info->map_nr_max = shrinker_nr_max;
>> +               rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, info);
>>                 if (shrinker_unit_alloc(info, NULL, nid))
>>                         goto err;
>> -               rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, info);
>>         }
>>         mutex_unlock(&shrinker_mutex);
> 
> No. We should make sure the @info is fully initialized before others
> could see it. That's why rcu_assign_pointer is used here.

If the info is immediately visible, is the failure cleanup
free_shrinker_info() safe? It uses kvfree(info) and not kvfree_rcu(), and
shrinker_unit_free() is also doing kfree().

>> 
>> I think this is concise.
>> 
>> Best regards,
>> Ridong
> 
>