lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170901183311.3bf3348a@gandalf.local.home>
Date:   Fri, 1 Sep 2017 18:33:11 -0400
From:   Steven Rostedt <rostedt@...dmis.org>
To:     LKML <linux-kernel@...r.kernel.org>
Cc:     Catalin Marinas <catalin.marinas@....com>,
        Andrey Ryabinin <aryabinin@...tuozzo.com>,
        kasan-dev@...glegroups.com
Subject: kmemleak not always catching stuff

Hi,

Recently kmemleak discovered a bug in my code where an allocated
trampoline for a ftrace function tracer wasn't freed due to an exit
path. The thing is, kmemleak was able to catch this 100% when it was
triggered by one of my ftrace selftests that happen at bootup. But when
I trigger the issue from user space after bootup finished, it would not
catch it.

Now I was thinking that it may be due to the fact that the trampoline
is allocated with module_alloc(), and that has some magic kasan goo in
it. But when forcing the issue with adding the following code:

	void **pblah;
	void *blah;

	pblah = kmalloc(sizeof(*pblah), GFP_KERNEL);	
	blah = module_alloc(PAGE_SIZE);
	*pblah = blah;
	printk("allocated blah %p\n", blah);
	kfree(pblah);

in a path that I could control, it would catch it only after doing it
several times. I was never able to have kmemleak catch the actual bug
from user space no matter how many times I triggered it.

 # dmesg |grep kmemleak 
[   16.746832] kmemleak: Kernel memory leak detector initialized
[   16.746888] kmemleak: Automatic memory scanning thread started

And then I would do:

 # echo scan=on > /sys/kernel/debug/kmemleak

 [do the test]

 # echo scan > /sys/kernel/debug/kmemleak

Most of the times it found nothing. Even when I switched the above from
module_alloc() to kmalloc().

Is this normal?

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ