| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 04 Sep 2009 09:25:57 +0100
From: Catalin Marinas <catalin.marinas@....com>
To: Johannes Berg <johannes@...solutions.net>
Cc: "Luis R. Rodriguez" <lrodriguez@...eros.com>,
Luis Rodriguez <Luis.Rodriguez@...eros.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linville@...driver.com" <linville@...driver.com>,
"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>
Subject: Re: [PATCH] cfg80211: clear cfg80211_inform_bss() from kmemleak
reports
On Fri, 2009-09-04 at 07:04 +0200, Johannes Berg wrote:
> On Thu, 2009-09-03 at 13:43 -0700, Luis R. Rodriguez wrote:
> > On Thu, Sep 03, 2009 at 11:17:17AM -0700, Johannes Berg wrote:
> > > On Thu, 2009-09-03 at 11:13 -0700, Luis R. Rodriguez wrote:
> > >
> > > > What I meant is it gobbles it up and spits another thing out. When it
> > > > gobbles it up the routine then uses kref_put().
> > > >
> > > > > Why can it not track this?
> > > >
> > > > It probably can, just not sure if it follows kref_put(), I was under
> > > > the impression here it doesn't and because of it we were getting false
> > > > positives. Catalin, can you confirm?
> > >
> > > Ah I'd think that if it can't track it then that's because we use a
> > > pointer to the middle of the struct to keep track of it much of the
> > > time.
> >
> > So you agree with the patch but not the commit log entry?
>
> I'm not sure -- I think kmemleak should be able to figure it out, and if
> you were using IBSS then we actually have a leak that we need to plug,
> but otherwise I'd prefer to get some more input from Catalin first.
First of all, kmemleak_ignore() is not the right function to mark a
false positive as it completely ignores an object even though it may
have pointers to others. The kmemleak_not_leak() function should be
used. However, there are only two places in the kernel where this was
actually needed (one of them is a real leak but we ignore it as it makes
the code more complicated).
So, I think we should try to figure out why kmemleak reports it. There
are a few common cases:
1. transient false positive - this should disappear after a few
scans
2. a pointer leading to the reported object is stored in an area of
memory not scanned by kmemleak - most commonly pages allocated
explicitly (alloc_pages etc.) as kmemleak doesn't track these.
The preferred solution is to inform kmemleak about such page
(kmemleak_alloc/kmemleak_free) rather than marking the false
positive
3. a pointer leading to the reported object isn't actually pointing
to anywhere inside the structure (i.e. using the physical
address). Here we would use kmemleak_not_leak()
> Catalin, is it conceivable that kmemleak reports false positives if we
> use a struct like
>
> struct pubbss {
> ...
> };
>
> struct bss {
> ...
> struct pubbss pub;
> };
>
> and then keep track of &bss->pub; pointers instead of bss directly?
It should not report false positive here. That's a pretty common case
with struct list_head, struct device etc. and kmemleak handles them
properly - if there is a memory location pointing to *anywhere* inside a
structure, the object is considered referenced and not reported.
--
Catalin
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists