From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C2ADCFC26E for ; Tue, 15 Oct 2024 06:55:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id ABE686B0089; Tue, 15 Oct 2024 02:55:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A6DFD6B008A; Tue, 15 Oct 2024 02:55:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 95C2B6B008C; Tue, 15 Oct 2024 02:55:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 776E46B0089 for ; Tue, 15 Oct 2024 02:55:47 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 9A48480D18 for ; Tue, 15 Oct 2024 06:55:39 +0000 (UTC) X-FDA: 82674926166.11.29BD894 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by imf14.hostedemail.com (Postfix) with ESMTP id BF1A2100004 for ; Tue, 15 Oct 2024 06:55:36 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=none; spf=pass (imf14.hostedemail.com: domain of anshuman.khandual@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=anshuman.khandual@arm.com; dmarc=pass (policy=none) header.from=arm.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728975298; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ETXugGWYHfpiXD7VSh+RQF2jOt9B6fIsovPFjaEQTvw=; b=dspx36QLs4CxiVte2xxjdtnM/RefSKddcOf4aBuWmIaIsn9BEuUyrov6YD6XoFgXDa2zmc LYucbMy/G+2NMDCA3r3Ufot4A1QlkDCOS2K07qsdJxLAl3uLdZDufwe4qM/p7KkvO2l4bM 6wWz2hxSTgY1FXbobRfn6yKh8EX0+Dk= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=none; spf=pass (imf14.hostedemail.com: domain of anshuman.khandual@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=anshuman.khandual@arm.com; dmarc=pass (policy=none) header.from=arm.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728975298; a=rsa-sha256; cv=none; b=mVacAT/vMbwYo+OfLMSWfpxSFkI/SliCQqjYF3yTNK5P3ez/CCwf/O4hEcyy0n7cSBwj9r 7FY3f9LGpPNZRTgixTPGMED9aEC5BxyKHZ43KMmn8GC7EEyGwNtAFvtGa1f9eV15synLCv aR5iCey3HWqT9KDJaYfTmHmCBKjUKsI= Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 761811063; Mon, 14 Oct 2024 23:56:13 -0700 (PDT) Received: from [10.162.16.109] (a077893.blr.arm.com [10.162.16.109]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id F0CB23F51B; Mon, 14 Oct 2024 23:55:40 -0700 (PDT) Message-ID: Date: Tue, 15 Oct 2024 12:25:38 +0530 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2] mm: shrinker: avoid memleak in alloc_shrinker_info To: "Kirill A. Shutemov" , Chen Ridong Cc: akpm@linux-foundation.org, david@fromorbit.com, zhengqi.arch@bytedance.com, roman.gushchin@linux.dev, muchun.song@linux.dev, linux-mm@kvack.org, linux-kernel@vger.kernel.org, chenridong@huawei.com, wangweiyang2@huawei.com References: <20241014032336.482088-1-chenridong@huaweicloud.com> Content-Language: en-US From: Anshuman Khandual In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspam-User: X-Stat-Signature: 5bs7ybfw4ak9gj5jrbpu483c3jq4kow4 X-Rspamd-Queue-Id: BF1A2100004 X-Rspamd-Server: rspam11 X-HE-Tag: 1728975336-469763 X-HE-Meta: U2FsdGVkX1/4DSdec6Pv2Ihat0JMDQO5wy3GfOUkO0vVixW986W3Pu5CTAqgZ+92Ipua8ldn9KGMt4Ge5672Vr8q3XHghZTY6rlmViu5AidfQKkNOLVDS6YRup2jp8JZwR/sOdxKDIuI+lrgqTpqutj/tPB8Yxmqq4RWTAqrPB5+L9KnX+eDDw5K0DG1izaWuz4gc3EUMiE0sG1mEyeFg/U8IT56oVUnviD02Lp3VdxSLk/UL24Y/W+609XTf045thqmTDq/KIu7GZsNTFNaj1kQKBQqSUdOSl89yvWiBeNcrfjH18ZzzBROWvBYkuyFsUcRQ5PyqmeCQxdNTDDeXmITwTSa0YnbIBU/xWj30MKj9aMbqJQPTI7x2EgWcVv1chSmq7zrpC0G4NRdm+OjPBDU/BGxINgXKDrqChq1ll2sYYyN71mOquh0utijmFq7IKk+oxejTYcv61ErBF5NOgcLvkt/382NnXtBO64Pna7NtdpX/6f7pkGd1yzxTK7g6Wxr8nPheC7ibWMg3HeLdhr84w8Jls0yTcEkNFT5pSjQgrCp0RqzeBhIUwmKQwSxo41RJfAi8pPxA23NgHPx624SVDC64x61qr2BOTIbvpAD6xhFNGh5XMEmM7xVlAm89vKoCMMzLudFukPirQGWq7Zu1Ka4tFtcowoyCuB/twH/JhT5gOUrqrUsd34fJtkp4tISF0yM6Zuyv9MndDlf/Vnl6VTIRqaAIcsVDY25LTh1a+uPWqq51N85GlYRbSF4qPRatxPENXLDpNZzkh8yhytUTrx3bT6+BODmXNFcY7px1FC/YDZAsX814JtsRVhdIf9K6iiRO5YPj8n7joTqc4HsPtMY/UT+38bKDrQL/ZkFHV40uPRnBhRI7ixp6cnK1kSHNFKd5WZO8wu6+u/dAOf6KGEPm36L8aJCrulXgOj6ZM+C5+DPL9bY8N0No6DolZoBk3ITkwjvEtaa632 P7usJUZB +8Js6sBWBmzEBuO9GGY2mOKa8uyxqaDR01Py4kAYoX/7oD4F2InqadDKoREHUJRZUWbFkanACFTwGMR0L22QW9Dsn1jg0pQN98d9LwEz5BHG451OcYk39TZ2J9IJiZj5xjs6t9J3IhmfYEYSW2w9Dkto+rgYba/pZ/zjrU1Rx4fevmnhxtQbFdDQq20hfVfLNupq7WgIyXxzbW46BPlXIqCGW9Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 10/14/24 16:59, Kirill A. Shutemov wrote: > On Mon, Oct 14, 2024 at 03:23:36AM +0000, Chen Ridong wrote: >> From: Chen Ridong >> >> A memleak was found as bellow: >> >> unreferenced object 0xffff8881010d2a80 (size 32): >> comm "mkdir", pid 1559, jiffies 4294932666 >> hex dump (first 32 bytes): >> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ >> 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 @............... >> backtrace (crc 2e7ef6fa): >> [] __kmalloc_node_noprof+0x394/0x470 >> [] alloc_shrinker_info+0x7b/0x1a0 >> [] mem_cgroup_css_online+0x11a/0x3b0 >> [] online_css+0x29/0xa0 >> [] cgroup_apply_control_enable+0x20d/0x360 >> [] cgroup_mkdir+0x168/0x5f0 >> [] kernfs_iop_mkdir+0x5e/0x90 >> [] vfs_mkdir+0x144/0x220 >> [] do_mkdirat+0x87/0x130 >> [] __x64_sys_mkdir+0x49/0x70 >> [] do_syscall_64+0x68/0x140 >> [] entry_SYSCALL_64_after_hwframe+0x76/0x7e >> >> In the alloc_shrinker_info function, when shrinker_unit_alloc return >> err, the info won't be freed. Just fix it. >> >> Fixes: 307bececcd12 ("mm: shrinker: add a secondary array for shrinker_info::{map, nr_deferred}") >> Signed-off-by: Chen Ridong >> --- >> mm/shrinker.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/mm/shrinker.c b/mm/shrinker.c >> index dc5d2a6fcfc4..92270413190d 100644 >> --- a/mm/shrinker.c >> +++ b/mm/shrinker.c >> @@ -97,6 +97,7 @@ int alloc_shrinker_info(struct mem_cgroup *memcg) >> >> err: >> mutex_unlock(&shrinker_mutex); >> + kvfree(info); >> free_shrinker_info(memcg); >> return -ENOMEM; >> } > > NAK. If in the future there going to one more error case after > rcu_assign_pointer() we will end up with double free. > > This should be safer: > > diff --git a/mm/shrinker.c b/mm/shrinker.c > index dc5d2a6fcfc4..763fd556bc7d 100644 > --- a/mm/shrinker.c > +++ b/mm/shrinker.c > @@ -87,8 +87,10 @@ int alloc_shrinker_info(struct mem_cgroup *memcg) > if (!info) > goto err; > info->map_nr_max = shrinker_nr_max; > - if (shrinker_unit_alloc(info, NULL, nid)) > + if (shrinker_unit_alloc(info, NULL, nid)) { > + kvfree(info); > goto err; > + } > rcu_assign_pointer(memcg->nodeinfo[nid]->shrinker_info, info); > } > mutex_unlock(&shrinker_mutex); Agreed, this is what I mentioned earlier as well. ------------------------------------------------------------------ I guess kvfree() should be called just after shrinker_unit_alloc() fails but before calling into "goto err" ------------------------------------------------------------------