lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Tue, 17 Feb 2015 14:17:22 +0900
From:	Joonsoo Kim <js1304@...il.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Maxime Coquelin <mcoquelin.stm32@...il.com>, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org, Joonsoo Kim <iamjoonsoo.kim@....com>
Subject: [PATCH] mm/nommu: fix memory leak

Maxime reported following memory leak regression due to commit dbc8358c7237
("mm/nommu: use alloc_pages_exact() rather than its own implementation").

On v3.19, I am facing a memory leak.
Each time I run a command one page is lost. Here an example with
busybox's free command:

/ # free
             total       used       free     shared    buffers     cached
Mem:          7928       1972       5956          0          0        492
-/+ buffers/cache:       1480       6448
/ # free
             total       used       free     shared    buffers     cached
Mem:          7928       1976       5952          0          0        492
-/+ buffers/cache:       1484       6444
/ # free
             total       used       free     shared    buffers     cached
Mem:          7928       1980       5948          0          0        492
-/+ buffers/cache:       1488       6440
/ # free
             total       used       free     shared    buffers     cached
Mem:          7928       1984       5944          0          0        492
-/+ buffers/cache:       1492       6436
/ # free
             total       used       free     shared    buffers     cached
Mem:          7928       1988       5940          0          0        492
-/+ buffers/cache:       1496       6432

At some point, the system fails to sastisfy 256KB allocations:

[   38.720000] free: page allocation failure: order:6, mode:0xd0
[   38.730000] CPU: 0 PID: 67 Comm: free Not tainted
3.19.0-05389-gacf2cf1-dirty #64
[   38.740000] Hardware name: STM32 (Device Tree Support)
[   38.740000] [<08022e25>] (unwind_backtrace) from [<080221e7>]
(show_stack+0xb/0xc)
[   38.750000] [<080221e7>] (show_stack) from [<0804fd3b>]
(warn_alloc_failed+0x97/0xbc)
[   38.760000] [<0804fd3b>] (warn_alloc_failed) from [<08051171>]
(__alloc_pages_nodemask+0x295/0x35c)
[   38.770000] [<08051171>] (__alloc_pages_nodemask) from [<08051243>]
(__get_free_pages+0xb/0x24)
[   38.780000] [<08051243>] (__get_free_pages) from [<0805127f>]
(alloc_pages_exact+0x19/0x24)
[   38.790000] [<0805127f>] (alloc_pages_exact) from [<0805bdbf>]
(do_mmap_pgoff+0x423/0x658)
[   38.800000] [<0805bdbf>] (do_mmap_pgoff) from [<08056e73>]
(vm_mmap_pgoff+0x3f/0x4e)
[   38.810000] [<08056e73>] (vm_mmap_pgoff) from [<08080949>]
(load_flat_file+0x20d/0x4f8)
[   38.820000] [<08080949>] (load_flat_file) from [<08080dfb>]
(load_flat_binary+0x3f/0x26c)
[   38.830000] [<08080dfb>] (load_flat_binary) from [<08063741>]
(search_binary_handler+0x51/0xe4)
[   38.840000] [<08063741>] (search_binary_handler) from [<08063a45>]
(do_execveat_common+0x271/0x35c)
[   38.850000] [<08063a45>] (do_execveat_common) from [<08063b49>]
(do_execve+0x19/0x1c)
[   38.860000] [<08063b49>] (do_execve) from [<08020a01>]
(ret_fast_syscall+0x1/0x4a)
[   38.870000] Mem-info:
[   38.870000] Normal per-cpu:
[   38.870000] CPU    0: hi:    0, btch:   1 usd:   0
[   38.880000] active_anon:0 inactive_anon:0 isolated_anon:0
[   38.880000]  active_file:0 inactive_file:0 isolated_file:0
[   38.880000]  unevictable:123 dirty:0 writeback:0 unstable:0
[   38.880000]  free:1515 slab_reclaimable:17 slab_unreclaimable:139
[   38.880000]  mapped:0 shmem:0 pagetables:0 bounce:0
[   38.880000]  free_cma:0
[   38.910000] Normal free:6060kB min:352kB low:440kB high:528kB
active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB
unevictable:492kB isolated(anon):0ks
[   38.950000] lowmem_reserve[]: 0 0
[   38.950000] Normal: 23*4kB (U) 22*8kB (U) 24*16kB (U) 23*32kB (U)
23*64kB (U) 23*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB
0*4096kB = 6060kB
[   38.970000] 123 total pagecache pages
[   38.970000] 2048 pages of RAM
[   38.980000] 1538 free pages
[   38.980000] 66 reserved pages
[   38.990000] 109 slab pages
[   38.990000] -46 pages shared
[   38.990000] 0 pages swap cached
[   38.990000] nommu: Allocation of length 221184 from process 67 (free) failed
[   39.000000] Normal per-cpu:
[   39.010000] CPU    0: hi:    0, btch:   1 usd:   0
[   39.010000] active_anon:0 inactive_anon:0 isolated_anon:0
[   39.010000]  active_file:0 inactive_file:0 isolated_file:0
[   39.010000]  unevictable:123 dirty:0 writeback:0 unstable:0
[   39.010000]  free:1515 slab_reclaimable:17 slab_unreclaimable:139
[   39.010000]  mapped:0 shmem:0 pagetables:0 bounce:0
[   39.010000]  free_cma:0
[   39.050000] Normal free:6060kB min:352kB low:440kB high:528kB
active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB
unevictable:492kB isolated(anon):0ks
[   39.090000] lowmem_reserve[]: 0 0
[   39.090000] Normal: 23*4kB (U) 22*8kB (U) 24*16kB (U) 23*32kB (U)
23*64kB (U) 23*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB
0*4096kB = 6060kB
[   39.100000] 123 total pagecache pages
[   39.110000] Unable to allocate RAM for process text/data, errno 12
SEGV

This problem happens because we allocate ordered page through
__get_free_pages() in do_mmap_private() in some cases and we
try to free individual pages rather than ordered page in
free_page_series(). In this case, freeing pages whose refcount is not 0
won't be freed to the page allocator so memory leak happens.

To fix the problem, this patch changes __get_free_pages() to
alloc_pages_exact() since alloc_pages_exact() returns
physically-contiguous pages but each pages are refcounted.

Fixes: dbc8358c7237 ("mm/nommu: use alloc_pages_exact() rather than
its own implementation").
Reported-by: Maxime Coquelin <mcoquelin.stm32@...il.com>
Tested-by: Maxime Coquelin <mcoquelin.stm32@...il.com>
Signed-off-by: Joonsoo Kim <iamjoonsoo.kim@....com>
---
 mm/nommu.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/mm/nommu.c b/mm/nommu.c
index 7296360..3e67e75 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -1213,11 +1213,9 @@ static int do_mmap_private(struct vm_area_struct *vma,
 	if (sysctl_nr_trim_pages && total - point >= sysctl_nr_trim_pages) {
 		total = point;
 		kdebug("try to alloc exact %lu pages", total);
-		base = alloc_pages_exact(len, GFP_KERNEL);
-	} else {
-		base = (void *)__get_free_pages(GFP_KERNEL, order);
 	}
 
+	base = alloc_pages_exact(total << PAGE_SHIFT, GFP_KERNEL);
 	if (!base)
 		goto enomem;
 
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ