| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jun 2009 15:49:21 -0400 From: Stephen Smalley <sds@...ho.nsa.gov> To: Dave Jones <davej@...hat.com> Cc: Catalin Marinas <catalin.marinas@....com>, Linux Kernel <linux-kernel@...r.kernel.org>, Eric Paris <eparis@...isplace.org>, Kaigai Kohei <kaigai@...jp.nec.com>, James Morris <jmorris@...ei.org> Subject: Re: kmemleak false positive? On Thu, 2009-06-25 at 11:40 -0400, Dave Jones wrote: > On Thu, Jun 25, 2009 at 04:25:39PM +0100, Catalin Marinas wrote: > > > Hmm, it's pretty noisy, and everything it's found so far looks to be > > > a false positive. > > > > In this case, it would make sense to enable task stacks scanning by > > default: > > > > diff --git a/mm/kmemleak.c b/mm/kmemleak.c > > index 17096d1..a38418a 100644 > > --- a/mm/kmemleak.c > > +++ b/mm/kmemleak.c > > @@ -194,7 +194,7 @@ static unsigned long jiffies_min_age; > > /* delay between automatic memory scannings */ > > static signed long jiffies_scan_wait; > > /* enables or disables the task stacks scanning */ > > -static int kmemleak_stack_scan; > > +static int kmemleak_stack_scan = 1; > > heh, I just did the same patch for the rawhide kernel builds. > > > > > You can mount debugfs on /sys/kerne/debug and read the kmemleak file in > > > > there (it triggers a new scan as well). > > > > > > Currently prints the acpi traces I already posted. > > > > If they are still consistently shown with stack=on, it could be a leak. > > Could be, though as you mentioned, with ACPI it's really hard to tell. > > Here's another case (with stack scanning on btw) which looks odd.. > > kmemleak: unreferenced object 0xd86ba000 (size 16): > kmemleak: comm "init", pid 1, jiffies 4294683556 > kmemleak: backtrace: > kmemleak: [<c04fd8b3>] kmemleak_alloc+0x193/0x2b8 > kmemleak: [<c04f5e73>] kmem_cache_alloc+0x11e/0x174 > kmemleak: [<c05cdfdc>] avtab_insertf+0xd6/0x140 > kmemleak: [<c05ce3d7>] avtab_read_item+0x26a/0x284 > kmemleak: [<c05ce5a5>] avtab_read+0x82/0xe5 > kmemleak: [<c05d0618>] policydb_read+0x40c/0x1028 > kmemleak: [<c05d459d>] security_load_policy+0x57/0x37c > kmemleak: [<c05c9995>] sel_write_load+0xb2/0x54a > kmemleak: [<c0500186>] vfs_write+0x9f/0x10f > kmemleak: [<c05002e1>] sys_write+0x58/0x8d > kmemleak: [<c040a8eb>] sysenter_do_call+0x12/0x38 > kmemleak: [<ffffffff>] 0xffffffff > > I looked over the SELinux code, and couldn't see an obvious leak. > Eric Paris came to the same conclusion. I suspect it is a false positive caused by the current odd way in which we update the policydb. So I would expect it to go away when we get around to rewriting that code, already on our todo list. However, KaiGai Kohei noticed that /sys/kernel/slab/avtab_node/objects seems to grow upon repeated load_policy invocations (of the same policy) for some kernels (e.g. F11 kernel) while remaining constant for the rawhide kernel. # for i in `seq 1 100` > do > load_policy > cat /sys/kernel/slab/avtab_node/objects > done -- Stephen Smalley National Security Agency -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists