| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Feb 2017 02:37:02 +0100
From: "Luis R. Rodriguez" <mcgrof@...nel.org>
To: Michal Hocko <mhocko@...nel.org>
Cc: "Luis R. Rodriguez" <mcgrof@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Ingo Molnar <mingo@...nel.org>,
Andy Lutomirski <luto@...nel.org>,
Kees Cook <keescook@...omium.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Mateusz Guzik <mguzik@...hat.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: kmemleak splat on copy_process()
On Mon, Feb 06, 2017 at 10:47:41AM +0100, Michal Hocko wrote:
> On Fri 03-02-17 13:06:04, Luis R. Rodriguez wrote:
> > On next-20170125 running some kselftest not yet upstream I eventually
> > get a kmemleak splat:
> >
> > unreferenced object 0xffffa7b1034b4000 (size 16384):
> > comm "driver_data.sh", pid 6506, jiffies 4295068366 (age 1697.272s)
> > hex dump (first 32 bytes):
> > 9d 6e ac 57 00 00 00 00 74 2d 64 72 69 76 65 72 .n.W....t-driver
> > 5f 64 61 74 61 2e 62 69 6e 0a 00 00 00 00 00 00 _data.bin.......
> > backtrace:
> > [<ffffffff9005f7fa>] kmemleak_alloc+0x4a/0xa0
> > [<ffffffff8fbe7006>] __vmalloc_node_range+0x206/0x2a0
> > [<ffffffff8fa7f3e9>] copy_process.part.36+0x609/0x1cc0
> > [<ffffffff8fa80c77>] _do_fork+0xd7/0x390
> > [<ffffffff8fa80fd9>] SyS_clone+0x19/0x20
> > [<ffffffff8fa03b4b>] do_syscall_64+0x5b/0xc0
> > [<ffffffff9006b3af>] return_from_SYSCALL_64+0x0/0x6a
> > [<ffffffffffffffff>] 0xffffffffffffffff
> >
> > As per gdb:
> >
> > (gdb) l *(copy_process+0x609)
> > 0xffffffff8107f3e9 is in copy_process (kernel/fork.c:204).
> > warning: Source file is more recent than executable.
> > 199 /*
> > 200 * We can't call find_vm_area() in interrupt context, and
> > 201 * free_thread_stack() can be called in interrupt context,
> > 202 * so cache the vm_struct.
> > 203 */
> > 204 if (stack) {
> > 205 tsk->stack_vm_area = find_vm_area(stack);
> > 206 }
> > 207 return stack;
> > 208 #else
>
> Could you check the state of the above process (pid 6506)? Does it still
> own its stack?
Although I can reproduce the splat on kmemleak, getting it to trigger
at a point I can stop the kernel and inspect the process seems rather hard.
> From a quick check I do not see any leak there either.
Then in that case what about:
diff --git a/kernel/fork.c b/kernel/fork.c
index 937ba59709c9..3c96aafa1f82 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -196,6 +196,7 @@ static unsigned long *alloc_thread_stack_node(struct task_struct *tsk, int node)
PAGE_KERNEL,
0, node, __builtin_return_address(0));
+ kmemleak_ignore(stack);
/*
* We can't call find_vm_area() in interrupt context, and
* free_thread_stack() can be called in interrupt context,
I no longer get the spurious splats from kmemleak after this.
Luis
Powered by blists - more mailing lists