| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1234190649.16083.44.camel@pc1117.cambridge.arm.com> Date: Mon, 09 Feb 2009 14:44:09 +0000 From: Catalin Marinas <catalin.marinas@....com> To: linux-kernel <linux-kernel@...r.kernel.org> Cc: Andrew Morton <akpm@...ux-foundation.org>, Peter Zijlstra <a.p.zijlstra@...llo.nl> Subject: Re: mm_alloc()'ed structure leak On Mon, 2009-02-09 at 12:18 +0000, Catalin Marinas wrote: > Basically bash forks and executes a command like "host kernel.org" which > finishes normally but the corresponding mm_struct isn't freed (I get > this consistently every time I run the above command): > > unreferenced object 0xcfed4070 (size 368): > comm "bash", pid 1674, jiffies 421592 > backtrace: > [<c0082bd4>] kmemleak_alloc+0x140/0x2b0 > [<c007ff2c>] kmem_cache_alloc+0xd0/0x100 > [<c0036980>] mm_alloc+0x14/0x44 > [<c008a99c>] bprm_mm_init+0xc/0x13c > [<c008ab70>] do_execve+0xa4/0x218 > [<c002718c>] sys_execve+0x34/0x54 > [<c0023e80>] ret_fast_syscall+0x0/0x28 Dumping the object in question: mm_struct.mm_users = 0 mm_struct.mm_count = 1 It looks like the mm_count didn't get to 0 hence no structure freeing via mmdrop(). The leak disappears if I revert commit 38d47c1b7075 - "futex: rely on get_user_pages() for shared futexes". Peter, any idea? -- Catalin -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists