From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 775D6CFC50A
	for <linux-mm@archiver.kernel.org>; Mon, 14 Oct 2024 09:21:26 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 907C66B0082; Mon, 14 Oct 2024 05:21:25 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 8B7486B0083; Mon, 14 Oct 2024 05:21:25 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 77FA86B0085; Mon, 14 Oct 2024 05:21:25 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id 57AB16B0082
	for <linux-mm@kvack.org>; Mon, 14 Oct 2024 05:21:25 -0400 (EDT)
Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay01.hostedemail.com (Postfix) with ESMTP id 925481C5FF9
	for <linux-mm@kvack.org>; Mon, 14 Oct 2024 09:21:16 +0000 (UTC)
X-FDA: 82671664278.19.3F600E6
Received: from out-179.mta0.migadu.com (out-179.mta0.migadu.com [91.218.175.179])
	by imf16.hostedemail.com (Postfix) with ESMTP id 242FF180008
	for <linux-mm@kvack.org>; Mon, 14 Oct 2024 09:21:16 +0000 (UTC)
Authentication-Results: imf16.hostedemail.com;
	dkim=pass header.d=linux.dev header.s=key1 header.b=RnPu2CZJ;
	spf=pass (imf16.hostedemail.com: domain of muchun.song@linux.dev designates 91.218.175.179 as permitted sender) smtp.mailfrom=muchun.song@linux.dev;
	dmarc=pass (policy=none) header.from=linux.dev
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1728897611;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=rDLvmbpwBfA3AyjgpvHbE9AIuFgUDlphGRxMHgOTuB0=;
	b=6kLildQOnWKXZqa4l8M5eXlGPpkuzUALiOwTuHEiCDIkMwzdp7ph7xu2rXV7dznFXiy128
	hq2o8BW0LPMgI6r0ItzgePrnJMemTq68T03hO/8A7UdBW6V65OmwkUCqEADU/c7Yls6Yfm
	X7/LQlfwga0WLp2C8eKIiCAwX1WFxzk=
ARC-Authentication-Results: i=1;
	imf16.hostedemail.com;
	dkim=pass header.d=linux.dev header.s=key1 header.b=RnPu2CZJ;
	spf=pass (imf16.hostedemail.com: domain of muchun.song@linux.dev designates 91.218.175.179 as permitted sender) smtp.mailfrom=muchun.song@linux.dev;
	dmarc=pass (policy=none) header.from=linux.dev
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728897611; a=rsa-sha256;
	cv=none;
	b=2K/zyWECiRjZrxsLHGD75c+mxvaOHS25UO2v39MSwlOflNOPERrhDOVdpuNvf0p+TqLVvn
	X/pCI8SU0f+WAMgiE5C/fFfGFYRNY4MnQJcKFZ5oa/FPanoRGpH52zqfk2WCC0e0twR0hu
	9yTXGeONOdl0solkdPG7yO9JyeHrFJg=
Content-Type: text/plain;
	charset=us-ascii
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1;
	t=1728897680;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=rDLvmbpwBfA3AyjgpvHbE9AIuFgUDlphGRxMHgOTuB0=;
	b=RnPu2CZJK1y9rgidOoDUE41DYexoIQHwu1m4rL2edEVGUlvaLF1jS/vVvSgnzkRjd/LFNo
	F/C2rCh6h5bp8no4vRbgzRcgm9cKqyXcUXyxuEpl+g7TxlL8zRDPaXKXwCNM1MTrWC+DIz
	nqsaas5VhiDqO3d/X19wvqSlTaaejck=
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3818.100.11.1.3\))
Subject: Re: [PATCH v2] mm: shrinker: avoid memleak in alloc_shrinker_info
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
From: Muchun Song <muchun.song@linux.dev>
In-Reply-To: <1dc9acbd-351f-4755-8c56-d3d77aaccfb2@huawei.com>
Date: Mon, 14 Oct 2024 17:20:34 +0800
Cc: Anshuman Khandual <anshuman.khandual@arm.com>,
 Chen Ridong <chenridong@huaweicloud.com>,
 akpm@linux-foundation.org,
 david@fromorbit.com,
 zhengqi.arch@bytedance.com,
 roman.gushchin@linux.dev,
 linux-mm@kvack.org,
 linux-kernel@vger.kernel.org,
 wangweiyang2@huawei.com
Content-Transfer-Encoding: quoted-printable
Message-Id: <F8EBBED0-6D7D-4A23-AC8C-3E395EA1BF12@linux.dev>
References: <20241014032336.482088-1-chenridong@huaweicloud.com>
 <c34b962b-8b9a-41e5-a54e-364b826c5e2a@arm.com>
 <178A7AC8-0BDA-42CA-86B2-E1C13F3E1E8B@linux.dev>
 <1dc9acbd-351f-4755-8c56-d3d77aaccfb2@huawei.com>
To: chenridong <chenridong@huawei.com>
X-Migadu-Flow: FLOW_OUT
X-Rspamd-Server: rspam03
X-Rspam-User: 
X-Rspamd-Queue-Id: 242FF180008
X-Stat-Signature: kams47i47om5fdz8dds6r3dkzx4wz7a1
X-HE-Tag: 1728897676-357265
X-HE-Meta: U2FsdGVkX19ToKoLuUES4Sb/zOxKYO0JHMNeMAjiKk/oFWUi/8AIW/X3WxW5y4e7RVqvpCah7XYm7dtbqb1dv1vSJZG0W1Per4wQcaHmxi7wO0B3vfsiwtKNHyuKfEqmj78IYieioOCVr0hxX5Rs3zkWHoqepNXKzK4I1n214slkB4JBc/ixauu6Gp1iZ4XUjDEL1auNRW7T7R2NfxI2FL0g0+e8t9+PM+zu8ARzw3+v3vzvu4JpC7L+j+mMROjXgeCDWkS73bFMSR73d6cobfhLqEZUm9fT82CFMO23CVCzkwxwEzGzuCea4/6MLYConNTVpPy3hxFdmtEMWPvfPX8dFy4sD9hHKaovfKQwFYYmN4Vc9cuuu23BcYPcl1m+M8snh4paTjExpUsmAhfjfhZt3W7wmWcU8cepKFp6O3hidGAMjU0+Y49XZNESYF9GEySwVYa4xAMdi6XqqZHiTvlAuXvronQWCX/lDQ6y4Q7RKOybfh/snMb/M/TdMaGY+gc03ccGWVxy0883Gx7KiFmEXUmAjrlOqK5YMsJUz3BI08jo3D0Z7nlr0RFG8wQw3/zAfbvENBjmo/SKdd/ZdPIgW3guKIonexbrKteBjNhqNujLvBg8phqim7LMZ1Oy65+Wc3rw3t2JaMQu5cGU+D6yqxaKxrwor25b6pdG+IOd2z980RCf/piJW+zuYRFtM47Fu23Daj5l+5AWMRqWGYiQQefppCppeBW7zq7XCn5IZ43KTi/V29IKcoT06m5lkh26rj8XZvmFXNqoLvgljfyrdYo//ORp82G8cgLXEOgl6Wt/fxluoy79rjzY0X/fkiq1eOK4yGIRIID3kSpdex3luG5CXUCwU6uqMFJuo+NtnJaD746pa+evxc/PmvXJaSYhanubR6Qp6u3F4qYJZhsddMZkty3LzYZJRevcDi/RQq+yrXFILArLzdf8pL98xAaW0C1E914qw3VQzRH
 QRcJJ8Nf
 rOrxnHKzPKA/u+ETynhhdqKFK4mAcM6wfPgjumGIqFaBw+CVVVTKp+ziQtY6MgfYGGiFqJYD9Xqie7pIrMotZVhRQyh6Upx/9EDzrdpg+xgywCenXmDJ0DDq5PBW5qX2Ig4S0SGXIwW1dCj1F5/usrL0nUwdcoNoD7fqm+6ssDsxYjgs7ztjWdrFK3cfeRCa2gGEaXTM350MRAXaxkC2dy8oZW5CtAnD0nqqK1n8EWu3Ysgs8oQEEUKukty+ytcIQmi4caAsuj7Yt/wRZkT8EDCcTpyc9cGvBfTyBOo4deCWfPzIU9/S1WDjYYg==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>



> On Oct 14, 2024, at 17:04, chenridong <chenridong@huawei.com> wrote:
>=20
>=20
>=20
> On 2024/10/14 16:43, Muchun Song wrote:
>>> On Oct 14, 2024, at 16:13, Anshuman Khandual =
<anshuman.khandual@arm.com> wrote:
>>>=20
>>>=20
>>>=20
>>> On 10/14/24 08:53, Chen Ridong wrote:
>>>> From: Chen Ridong <chenridong@huawei.com>
>>>>=20
>>>> A memleak was found as bellow:
>>>>=20
>>>> unreferenced object 0xffff8881010d2a80 (size 32):
>>>>  comm "mkdir", pid 1559, jiffies 4294932666
>>>>  hex dump (first 32 bytes):
>>>>    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  =
................
>>>>    40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  =
@...............
>>>>  backtrace (crc 2e7ef6fa):
>>>>    [<ffffffff81372754>] __kmalloc_node_noprof+0x394/0x470
>>>>    [<ffffffff813024ab>] alloc_shrinker_info+0x7b/0x1a0
>>>>    [<ffffffff813b526a>] mem_cgroup_css_online+0x11a/0x3b0
>>>>    [<ffffffff81198dd9>] online_css+0x29/0xa0
>>>>    [<ffffffff811a243d>] cgroup_apply_control_enable+0x20d/0x360
>>>>    [<ffffffff811a5728>] cgroup_mkdir+0x168/0x5f0
>>>>    [<ffffffff8148543e>] kernfs_iop_mkdir+0x5e/0x90
>>>>    [<ffffffff813dbb24>] vfs_mkdir+0x144/0x220
>>>>    [<ffffffff813e1c97>] do_mkdirat+0x87/0x130
>>>>    [<ffffffff813e1de9>] __x64_sys_mkdir+0x49/0x70
>>>>    [<ffffffff81f8c928>] do_syscall_64+0x68/0x140
>>>>    [<ffffffff8200012f>] entry_SYSCALL_64_after_hwframe+0x76/0x7e
>>>>=20
>>>> In the alloc_shrinker_info function, when shrinker_unit_alloc =
return
>>>> err, the info won't be freed. Just fix it.
>>>>=20
>>>> Fixes: 307bececcd12 ("mm: shrinker: add a secondary array for =
shrinker_info::{map, nr_deferred}")
>>>> Signed-off-by: Chen Ridong <chenridong@huawei.com>
>>>> ---
>>>> mm/shrinker.c | 1 +
>>>> 1 file changed, 1 insertion(+)
>>>>=20
>>>> diff --git a/mm/shrinker.c b/mm/shrinker.c
>>>> index dc5d2a6fcfc4..92270413190d 100644
>>>> --- a/mm/shrinker.c
>>>> +++ b/mm/shrinker.c
>>>> @@ -97,6 +97,7 @@ int alloc_shrinker_info(struct mem_cgroup *memcg)
>>>>=20
>>>> err:
>>>> mutex_unlock(&shrinker_mutex);
>>>> + kvfree(info);
>>>> free_shrinker_info(memcg);
>>>> return -ENOMEM;
>>>> }
>>>=20
>>> There are two scenarios when "goto err:" gets called
>>>=20
>>> - When shrinker_info allocations fails, no kvfree() is required
>>> - but after this change kvfree() would be called even
>>>  when the allocation had failed originally, which does
>>>    not sound right
>> Yes. In this case, @info is NULL and kvfree could handle NULL.
>> It seems strange but the final behaviour correct.
>>>=20
>>> - shrinker_unit_alloc() fails, kvfree() is actually required
>>>=20
>>> I guess kvfree() should be called just after shrinker_unit_alloc()
>>> fails but before calling into "goto err".
>> We could do it like this, which avoids ambiguity (if someone ignores
>> that kvfree could handle NULL). Something like:
>> --- a/mm/shrinker.c
>> +++ b/mm/shrinker.c
>> @@ -88,13 +88,14 @@ int alloc_shrinker_info(struct mem_cgroup *memcg)
>>                         goto err;
>>                 info->map_nr_max =3D shrinker_nr_max;
>>                 if (shrinker_unit_alloc(info, NULL, nid))
>> -                       goto err;
>> +                       goto free;
>>                 =
rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, info);
>>         }
>>         mutex_unlock(&shrinker_mutex);
>>         return ret;
>> -
>> +free:
>> +       kvfree(info);
>>  err:
>>         mutex_unlock(&shrinker_mutex);
>>         free_shrinker_info(memcg);
>> Thanks.
>>>=20
>>> But curious, should not both kvzalloc_node()/kvfree() be avoided
>>> while inside mutex lock to avoid possible lockdep issues ?
> How about:
>=20
> diff --git a/mm/shrinker.c b/mm/shrinker.c
> index dc5d2a6fcfc4..7baee7f00497 100644
> --- a/mm/shrinker.c
> +++ b/mm/shrinker.c
> @@ -87,9 +87,9 @@ int alloc_shrinker_info(struct mem_cgroup *memcg)
>                 if (!info)
>                         goto err;
>                 info->map_nr_max =3D shrinker_nr_max;
> +               =
rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, info);
>                 if (shrinker_unit_alloc(info, NULL, nid))
>                         goto err;
> -               =
rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, info);
>         }
>         mutex_unlock(&shrinker_mutex);

No. We should make sure the @info is fully initialized before others
could see it. That's why rcu_assign_pointer is used here.

>=20
> I think this is concise.
>=20
> Best regards,
> Ridong