From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4FD9FCFC52F for ; Mon, 14 Oct 2024 09:38:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CE4176B0083; Mon, 14 Oct 2024 05:38:18 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C93556B0088; Mon, 14 Oct 2024 05:38:18 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B5A4C6B008A; Mon, 14 Oct 2024 05:38:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 96D086B0083 for ; Mon, 14 Oct 2024 05:38:18 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id A2AD540CF4 for ; Mon, 14 Oct 2024 09:38:13 +0000 (UTC) X-FDA: 82671706908.10.6DAA688 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by imf11.hostedemail.com (Postfix) with ESMTP id CDCB540003 for ; Mon, 14 Oct 2024 09:38:07 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=none; spf=pass (imf11.hostedemail.com: domain of chenridong@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=chenridong@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728898649; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=R2tIYOb2D87KpLfTmyNHqiG9qzrcpapIVjnH3fZ9PsI=; b=g37uVesvwAKlMi9nUxzV9Pbz4D6WDlcoXsZtqOPA6s8Mwu+qJvFTe0zs9UpT7o/DXXTqp6 WQOa2vqg75Y1FLy7uYt8q+VkzxQwSatfmAn9+AYclfvTVpSdUYhi87OxQxfAu0N+E2NowF dnod1kM9IhW94p1LVDacCk+PY1DDkQI= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=none; spf=pass (imf11.hostedemail.com: domain of chenridong@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=chenridong@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728898649; a=rsa-sha256; cv=none; b=NuscCS4u6DVtxdb59uTK23x//OQKhFy1RzzYI48DlGqDy8eQvSRHbaXsCQlBWisyUF/46L 8yoEQazRf4oa4cEGbbzHnOdgdoxU8fbdnQlQsF57aPmccAqYZUHKCA8t3jNkQtJhkj8i/o yI+6hiFuq2+2YfGrKZyHFRL1vwXYOAY= Received: from mail.maildlp.com (unknown [172.19.88.105]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4XRsXv1qFzzkWnm; Mon, 14 Oct 2024 17:35:43 +0800 (CST) Received: from kwepemd100013.china.huawei.com (unknown [7.221.188.163]) by mail.maildlp.com (Postfix) with ESMTPS id 53C23140137; Mon, 14 Oct 2024 17:38:09 +0800 (CST) Received: from [10.67.109.79] (10.67.109.79) by kwepemd100013.china.huawei.com (7.221.188.163) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.34; Mon, 14 Oct 2024 17:38:08 +0800 Message-ID: <95d5b806-d912-4a63-add6-ac115e8f181d@huawei.com> Date: Mon, 14 Oct 2024 17:38:07 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2] mm: shrinker: avoid memleak in alloc_shrinker_info To: Muchun Song CC: Anshuman Khandual , Chen Ridong , , , , , , , References: <20241014032336.482088-1-chenridong@huaweicloud.com> <178A7AC8-0BDA-42CA-86B2-E1C13F3E1E8B@linux.dev> <1dc9acbd-351f-4755-8c56-d3d77aaccfb2@huawei.com> Content-Language: en-US From: chenridong In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.67.109.79] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To kwepemd100013.china.huawei.com (7.221.188.163) X-Rspam-User: X-Stat-Signature: 14yhwc94cojihoto5cekmu77xurpfktz X-Rspamd-Queue-Id: CDCB540003 X-Rspamd-Server: rspam11 X-HE-Tag: 1728898687-681733 X-HE-Meta: U2FsdGVkX19jLhmtLCEEGsoHHTkoDBB7MEeEum3yW0P50DzrqQ/oeKgYGQ7unqEL3HQnw4/ZNlWu3wlPVu7pzkHfIK6Z76o7BoVFKXEoxMNZSWUG3bytOk16RrSfwUcgG6jLQd0dpKxUnKm64YmA5gOWVEerwlAx5ojvA1lJCUsOHpzJi2DDXo54DYASGGi2UYg6G8raGwgEMfJte6LUUYQpPjyzG6WxrBH0eVqyXPvJ14bDo+ODGlrSPgFdSoh5VrCX6DVVxcHDNkbG2GdQA4pP63ujk59WF7gOff6/YRzSmY00RSTXD4rgqxBpSdNej9gckwPnX5cIE9Xgqqtyb2l+ULenSJxZ3xFQTaGGY8DBiHiKr1KW8y0qGPDygjWaZHG6Hu5exl6bj+M+8XKgQhGkjAfWhRlrSvZrRLo3KvEbbSsqUIcfnGx+XBg1WQzeNyO4A/J2egAR5qeHBIL0rL8dWSZWpwvthlCUW29/YxPhdcA1+/u1Zsp7C8JDZImtDPCPzhoZ3X9kN7j++HvN1ORbBotfucBHF4INVVUJmNgwiEffdL1mx8qPIKiRytZkSS/F8545PYhDDt2JvGgI01y9twhacWpd5ff+WV5dk3ca8c3+swTbqJDGImYGfwmiTBQoKbH/uqC2X0Mc/hiU9cL5E/NNLfwmOHvvC48oDqkFW4L0lP0SnV8RSDROwylOqC5P6gtDf86ea4TkaTIls+IRj9kZ1yY03/4+X6KDdPL30NSO6xKl7Q4i+oWNuRaaRjXum1fwBBWvq4P8UN2y0H88H7HvmIV5s1sxvGVpgBBS4SP4wfEhsy7XcNPyHWAAb8sCt0rUnXWk3Nz3lSrclWdlnFd7RKkmSF317I2/3bzFZB6WkJUkaW3eyzV6Cl0AJtBmUba9W955ChZM8nrqoO+Y0tC6rQjhUJsemm+UJ61R4DR1ukPPBibwJAE+R68ZWNUHNOyyiK/3BuDgdpz kqnLsG2C 61P2+QkuMLGZ7C7Ucg9/2Hrc/ra0vbkANhYQmtn1Y+LZhc1MddXawroIgxjipGEUupAWlPiVG7nBZ5TE0DW8ZGzqwHL03xpYpgYxFYV6WWRQXa4tuXcLZWHrCqVmaJ5nEI7i8/yjSEXl2HzUAJvJL0hQPGLtMsce+faOfRIl5xbSMDDSlOAoaw1uITVtWAgco0jUmcdkv2AEn/xp7uMovIdoyyC3jlOe0X21+ESFVrclWU+Cs9Y/wPlcMe2uqSlRrXSs789yUpuW2hRtI53Q2M0MWG+eKgmgjj04FErREDOhdF+fM2mYIS+BdhA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 2024/10/14 17:20, Muchun Song wrote: > > >> On Oct 14, 2024, at 17:04, chenridong wrote: >> >> >> >> On 2024/10/14 16:43, Muchun Song wrote: >>>> On Oct 14, 2024, at 16:13, Anshuman Khandual wrote: >>>> >>>> >>>> >>>> On 10/14/24 08:53, Chen Ridong wrote: >>>>> From: Chen Ridong >>>>> >>>>> A memleak was found as bellow: >>>>> >>>>> unreferenced object 0xffff8881010d2a80 (size 32): >>>>> comm "mkdir", pid 1559, jiffies 4294932666 >>>>> hex dump (first 32 bytes): >>>>> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ >>>>> 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 @............... >>>>> backtrace (crc 2e7ef6fa): >>>>> [] __kmalloc_node_noprof+0x394/0x470 >>>>> [] alloc_shrinker_info+0x7b/0x1a0 >>>>> [] mem_cgroup_css_online+0x11a/0x3b0 >>>>> [] online_css+0x29/0xa0 >>>>> [] cgroup_apply_control_enable+0x20d/0x360 >>>>> [] cgroup_mkdir+0x168/0x5f0 >>>>> [] kernfs_iop_mkdir+0x5e/0x90 >>>>> [] vfs_mkdir+0x144/0x220 >>>>> [] do_mkdirat+0x87/0x130 >>>>> [] __x64_sys_mkdir+0x49/0x70 >>>>> [] do_syscall_64+0x68/0x140 >>>>> [] entry_SYSCALL_64_after_hwframe+0x76/0x7e >>>>> >>>>> In the alloc_shrinker_info function, when shrinker_unit_alloc return >>>>> err, the info won't be freed. Just fix it. >>>>> >>>>> Fixes: 307bececcd12 ("mm: shrinker: add a secondary array for shrinker_info::{map, nr_deferred}") >>>>> Signed-off-by: Chen Ridong >>>>> --- >>>>> mm/shrinker.c | 1 + >>>>> 1 file changed, 1 insertion(+) >>>>> >>>>> diff --git a/mm/shrinker.c b/mm/shrinker.c >>>>> index dc5d2a6fcfc4..92270413190d 100644 >>>>> --- a/mm/shrinker.c >>>>> +++ b/mm/shrinker.c >>>>> @@ -97,6 +97,7 @@ int alloc_shrinker_info(struct mem_cgroup *memcg) >>>>> >>>>> err: >>>>> mutex_unlock(&shrinker_mutex); >>>>> + kvfree(info); >>>>> free_shrinker_info(memcg); >>>>> return -ENOMEM; >>>>> } >>>> >>>> There are two scenarios when "goto err:" gets called >>>> >>>> - When shrinker_info allocations fails, no kvfree() is required >>>> - but after this change kvfree() would be called even >>>> when the allocation had failed originally, which does >>>> not sound right >>> Yes. In this case, @info is NULL and kvfree could handle NULL. >>> It seems strange but the final behaviour correct. >>>> >>>> - shrinker_unit_alloc() fails, kvfree() is actually required >>>> >>>> I guess kvfree() should be called just after shrinker_unit_alloc() >>>> fails but before calling into "goto err". >>> We could do it like this, which avoids ambiguity (if someone ignores >>> that kvfree could handle NULL). Something like: >>> --- a/mm/shrinker.c >>> +++ b/mm/shrinker.c >>> @@ -88,13 +88,14 @@ int alloc_shrinker_info(struct mem_cgroup *memcg) >>> goto err; >>> info->map_nr_max = shrinker_nr_max; >>> if (shrinker_unit_alloc(info, NULL, nid)) >>> - goto err; >>> + goto free; >>> rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, info); >>> } >>> mutex_unlock(&shrinker_mutex); >>> return ret; >>> - >>> +free: >>> + kvfree(info); >>> err: >>> mutex_unlock(&shrinker_mutex); >>> free_shrinker_info(memcg); >>> Thanks. >>>> >>>> But curious, should not both kvzalloc_node()/kvfree() be avoided >>>> while inside mutex lock to avoid possible lockdep issues ? >> How about: >> >> diff --git a/mm/shrinker.c b/mm/shrinker.c >> index dc5d2a6fcfc4..7baee7f00497 100644 >> --- a/mm/shrinker.c >> +++ b/mm/shrinker.c >> @@ -87,9 +87,9 @@ int alloc_shrinker_info(struct mem_cgroup *memcg) >> if (!info) >> goto err; >> info->map_nr_max = shrinker_nr_max; >> + rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, info); >> if (shrinker_unit_alloc(info, NULL, nid)) >> goto err; >> - rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, info); >> } >> mutex_unlock(&shrinker_mutex); > > No. We should make sure the @info is fully initialized before others > could see it. That's why rcu_assign_pointer is used here. > Thank you, it seems that 'goto free' is a better choice. Will update. Thanks, Ridong >> >> I think this is concise. >> >> Best regards, >> Ridong >