From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0871D2A521 for ; Wed, 16 Oct 2024 14:23:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3E35E6B0092; Wed, 16 Oct 2024 10:23:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 393726B0093; Wed, 16 Oct 2024 10:23:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 25B986B0095; Wed, 16 Oct 2024 10:23:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 024446B0092 for ; Wed, 16 Oct 2024 10:23:37 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 042D0ABB74 for ; Wed, 16 Oct 2024 14:23:17 +0000 (UTC) X-FDA: 82679683506.18.E018B6F Received: from out-183.mta0.migadu.com (out-183.mta0.migadu.com [91.218.175.183]) by imf27.hostedemail.com (Postfix) with ESMTP id 2784A40009 for ; Wed, 16 Oct 2024 14:23:26 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=JGGpC2hI; spf=pass (imf27.hostedemail.com: domain of muchun.song@linux.dev designates 91.218.175.183 as permitted sender) smtp.mailfrom=muchun.song@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1729088471; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=gUNQin4unXu4FSehtkp+8uSnsrOAxdk1VPYuq9Hwy4k=; b=k+AZVARDFWzcu+Z8FGfwLqZpFPZg0bZBq+lgp7lsMOHZ28t1GpxYi+heX3thKXnrsxbRsu eSwYgDXAEyMnD513hckIRlrtjToZmRVSTcyEApqKmVyTR+77m67kb5pF9SIr6hqZLNLla5 EGeBOBYZkqyQj6JhBbvtxVsiTpP/3pM= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1729088471; a=rsa-sha256; cv=none; b=kT001pzid/47b4cIftpyHX1oxEL3Hujf8aTM7IyAO4Ka2R8aastIhAY24jaHJHgMcGMcYY G/NnFOevxQMhC4hGlUr1hyiA8wXiAxJzVqB6Zh9LcDvmQVi42TznGPrrcsj8fLQ7F2T4sG JpSDi+/N8E5Sb9tdMu7GKUWBfejYBSo= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=JGGpC2hI; spf=pass (imf27.hostedemail.com: domain of muchun.song@linux.dev designates 91.218.175.183 as permitted sender) smtp.mailfrom=muchun.song@linux.dev; dmarc=pass (policy=none) header.from=linux.dev Content-Type: text/plain; charset=utf-8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1729088613; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gUNQin4unXu4FSehtkp+8uSnsrOAxdk1VPYuq9Hwy4k=; b=JGGpC2hIyYopRftq394m+BFj5r5QRwjMJd2UZVx1QHb7lY5NOD0yCg79j6zr6QvWbNfU3y AQIX2aT09KwyQwmIXlBGejUs0D8MGF7M+GT3mRvZU/ED4JYqlUKWV/0VgCgp3SWvdgrelU 45rcrigbElxu73HA1WVVwAvhQaWl+XQ= Content-Transfer-Encoding: quoted-printable X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Muchun Song Mime-Version: 1.0 (1.0) Subject: Re: [PATCH v2] mm: shrinker: avoid memleak in alloc_shrinker_info Date: Wed, 16 Oct 2024 22:22:57 +0800 Message-Id: <55B22931-34E1-4DAF-B392-A48EC2A9EE1A@linux.dev> References: <270ca4d5-b35f-4533-87c9-dc15e7b00f6f@suse.cz> Cc: chenridong , Anshuman Khandual , Ridong Chen , akpm@linux-foundation.org, david@fromorbit.com, zhengqi.arch@bytedance.com, roman.gushchin@linux.dev, linux-mm@kvack.org, linux-kernel@vger.kernel.org, wangweiyang2@huawei.com In-Reply-To: <270ca4d5-b35f-4533-87c9-dc15e7b00f6f@suse.cz> To: Vlastimil Babka X-Migadu-Flow: FLOW_OUT X-Stat-Signature: c398bhgbt8y9duj3sskf9yngp3s9rn5z X-Rspamd-Queue-Id: 2784A40009 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1729088606-990305 X-HE-Meta: U2FsdGVkX19M4EMIf0/l5bP8wjgxv1PJ+nRJLdL5Swbh1qQhfdEDSo+67YJ/+VYU7mSDZIF2DMA3WWQEND7xuzOP9A+TvT4r6Xh9B93sCike4jT3GzWcKsk2+W0a3okzmy9tOwKWEd6PQbhf4hI/BfgOYRjF0YM7+keUHStMqLwogDWvOA6NejZ4olm5hJQJO82E60gpq+qdm4qcaCn+HJjfdyCDSQD5INNpVS/+5rWgCJbL72VA5tkHTf5qXIAmdQa+C53ys6GDy8g7n8OKc+FhOo0mGaMgGocWU9ZTQseJo45ZL6MvmirTEqr2D284NK3R3EPG6yPxsxn4nHXU5IlSEYcWHDFuQMRw65vcsyiDDLaDvOXj73sQfPIkn0SUXBTfpKeNmECjutYXtSSCmF4fPR/8zY2Bo/CvmVZYRbFikKB/aXBT9U3NbsOu94yJpPQQq35zKThItLUE/bri3RZ2fDmIMb8I2SUEr3Q4uGBiH8MpkdqUU4Xovw4X4GeYxUj+X/7tdo5cu3ziL3ujzISYY2eXWZgHG0tBXy9u7Zhh+Yx1U2empgRb1SIgHp0DFrkwJqUmLFGp5fyQdLLf5F50LdRyp7yqQQUIVwIfCw2MXCPtebban5u9L/OzhTlefj9L+EfeYKr5uVjet1jbuemqUoKASPXGY3ITpIs92FU7TKr/IT03gkVC5SQVeNQcAWwOuaSs5MmEN9YEOP6xWRpr40Y5U8WA52Xd2gLGNaeDhb/e6kfn5b9CVUqa5prSvVD8cf+AXf02A+AiyABBeukhAQelG9HmL0tgjYxtgkZHj8DzrZ7cHyRopcwHx5G5URuJ2+k5mJRTTQJnk/FqGvM7uc6Zfo8rla1s9rB3vCzYFtzD04dQl1DDU8Tp4+GQJdZl62e5WahmNpxl8rAtJJQ7ZXzHw/Iw8rwvXW2UnM8Hki5EH5IUlLeF4TF/GaNU2f7izea88DmhZ7+YtLP Dph0GhjG YpefDs2r1SKNmWaB3PsT08+QV/vvDfj3FbKs00sBRaKhgC/CL/5i2nVv45hVn1gbmjBZlUzZi0r1RNVQ7z7T7voeyUXY7ITTfE85OZopeKZJBqbYxD2cTjXt14BOzSfkG0YWg/cAX40y0/aVl+hwhi/Sm8xcOLej7lOBxZMkcMe48BWWxYOdhHGQElspm/FrTSrl64S44X4eUBa9CTqSa+lv5nQFbOf4o45Xpg0fKQAhVNijz7Peb3vWYiQE9RwbuCNkogrsZ1tnGeK2Rl1oBhtSwumvXtJz2APsKXGzcQSne9jX/kQz/ZTsXRw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: > On Oct 16, 2024, at 20:13, Vlastimil Babka wrote: >=20 > =EF=BB=BFOn 10/14/24 11:20, Muchun Song wrote: >>=20 >>=20 >>>> On Oct 14, 2024, at 17:04, chenridong wrote: >>>=20 >>>=20 >>>=20 >>> On 2024/10/14 16:43, Muchun Song wrote: >>>>> On Oct 14, 2024, at 16:13, Anshuman Khandual wrote: >>>>>=20 >>>>>=20 >>>>>=20 >>>>> On 10/14/24 08:53, Chen Ridong wrote: >>>>>> From: Chen Ridong >>>>>>=20 >>>>>> A memleak was found as bellow: >>>>>>=20 >>>>>> unreferenced object 0xffff8881010d2a80 (size 32): >>>>>> comm "mkdir", pid 1559, jiffies 4294932666 >>>>>> hex dump (first 32 bytes): >>>>>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ >>>>>> 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 @............... >>>>>> backtrace (crc 2e7ef6fa): >>>>>> [] __kmalloc_node_noprof+0x394/0x470 >>>>>> [] alloc_shrinker_info+0x7b/0x1a0 >>>>>> [] mem_cgroup_css_online+0x11a/0x3b0 >>>>>> [] online_css+0x29/0xa0 >>>>>> [] cgroup_apply_control_enable+0x20d/0x360 >>>>>> [] cgroup_mkdir+0x168/0x5f0 >>>>>> [] kernfs_iop_mkdir+0x5e/0x90 >>>>>> [] vfs_mkdir+0x144/0x220 >>>>>> [] do_mkdirat+0x87/0x130 >>>>>> [] __x64_sys_mkdir+0x49/0x70 >>>>>> [] do_syscall_64+0x68/0x140 >>>>>> [] entry_SYSCALL_64_after_hwframe+0x76/0x7e >>>>>>=20 >>>>>> In the alloc_shrinker_info function, when shrinker_unit_alloc return >>>>>> err, the info won't be freed. Just fix it. >>>>>>=20 >>>>>> Fixes: 307bececcd12 ("mm: shrinker: add a secondary array for shrinke= r_info::{map, nr_deferred}") >>>>>> Signed-off-by: Chen Ridong >>>>>> --- >>>>>> mm/shrinker.c | 1 + >>>>>> 1 file changed, 1 insertion(+) >>>>>>=20 >>>>>> diff --git a/mm/shrinker.c b/mm/shrinker.c >>>>>> index dc5d2a6fcfc4..92270413190d 100644 >>>>>> --- a/mm/shrinker.c >>>>>> +++ b/mm/shrinker.c >>>>>> @@ -97,6 +97,7 @@ int alloc_shrinker_info(struct mem_cgroup *memcg) >>>>>>=20 >>>>>> err: >>>>>> mutex_unlock(&shrinker_mutex); >>>>>> + kvfree(info); >>>>>> free_shrinker_info(memcg); >>>>>> return -ENOMEM; >>>>>> } >>>>>=20 >>>>> There are two scenarios when "goto err:" gets called >>>>>=20 >>>>> - When shrinker_info allocations fails, no kvfree() is required >>>>> - but after this change kvfree() would be called even >>>>> when the allocation had failed originally, which does >>>>> not sound right >>>> Yes. In this case, @info is NULL and kvfree could handle NULL. >>>> It seems strange but the final behaviour correct. >>>>>=20 >>>>> - shrinker_unit_alloc() fails, kvfree() is actually required >>>>>=20 >>>>> I guess kvfree() should be called just after shrinker_unit_alloc() >>>>> fails but before calling into "goto err". >>>> We could do it like this, which avoids ambiguity (if someone ignores >>>> that kvfree could handle NULL). Something like: >>>> --- a/mm/shrinker.c >>>> +++ b/mm/shrinker.c >>>> @@ -88,13 +88,14 @@ int alloc_shrinker_info(struct mem_cgroup *memcg) >>>> goto err; >>>> info->map_nr_max =3D shrinker_nr_max; >>>> if (shrinker_unit_alloc(info, NULL, nid)) >>>> - goto err; >>>> + goto free; >>>> rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, i= nfo); >>>> } >>>> mutex_unlock(&shrinker_mutex); >>>> return ret; >>>> - >>>> +free: >>>> + kvfree(info); >>>> err: >>>> mutex_unlock(&shrinker_mutex); >>>> free_shrinker_info(memcg); >>>> Thanks. >>>>>=20 >>>>> But curious, should not both kvzalloc_node()/kvfree() be avoided >>>>> while inside mutex lock to avoid possible lockdep issues ? >>> How about: >>>=20 >>> diff --git a/mm/shrinker.c b/mm/shrinker.c >>> index dc5d2a6fcfc4..7baee7f00497 100644 >>> --- a/mm/shrinker.c >>> +++ b/mm/shrinker.c >>> @@ -87,9 +87,9 @@ int alloc_shrinker_info(struct mem_cgroup *memcg) >>> if (!info) >>> goto err; >>> info->map_nr_max =3D shrinker_nr_max; >>> + rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, i= nfo); >>> if (shrinker_unit_alloc(info, NULL, nid)) >>> goto err; >>> - rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, i= nfo); >>> } >>> mutex_unlock(&shrinker_mutex); >>=20 >> No. We should make sure the @info is fully initialized before others >> could see it. That's why rcu_assign_pointer is used here. >=20 > If the info is immediately visible, is the failure cleanup > free_shrinker_info() safe? It uses kvfree(info) and not kvfree_rcu(), and > shrinker_unit_free() is also doing kfree(). Qi told me that the @info will not visible immediately yesterday. So non-rcu-based kvfree is safe. Even if this fix could work properly, it=E2=80=99s a bit strange for me to use rcu_assign_pointer to assign the @info without full initialization to it. Muchun, Thanks. >=20 >>>=20 >>> I think this is concise. >>>=20 >>> Best regards, >>> Ridong >>=20 >>=20 >=20