| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YE9g6VIZkEr8Hoyl@krava>
Date: Mon, 15 Mar 2021 14:28:09 +0100
From: Jiri Olsa <jolsa@...hat.com>
To: Namhyung Kim <namhyung@...nel.org>
Cc: Arnaldo Carvalho de Melo <acme@...nel.org>,
Ingo Molnar <mingo@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
LKML <linux-kernel@...r.kernel.org>,
Andi Kleen <ak@...ux.intel.com>,
Ian Rogers <irogers@...gle.com>
Subject: Re: [PATCH] perf record: Fix memory leak in vDSO
On Mon, Mar 15, 2021 at 01:56:41PM +0900, Namhyung Kim wrote:
> I got several memory leak reports from Asan with a simple command. It
> was because VDSO is not released due to the refcount. Like in
> __dsos_addnew_id(), it should put the refcount after adding to the list.
>
> $ perf record true
> [ perf record: Woken up 1 times to write data ]
> [ perf record: Captured and wrote 0.030 MB perf.data (10 samples) ]
>
> =================================================================
> ==692599==ERROR: LeakSanitizer: detected memory leaks
>
> Direct leak of 439 byte(s) in 1 object(s) allocated from:
> #0 0x7fea52341037 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
> #1 0x559bce4aa8ee in dso__new_id util/dso.c:1256
> #2 0x559bce59245a in __machine__addnew_vdso util/vdso.c:132
> #3 0x559bce59245a in machine__findnew_vdso util/vdso.c:347
> #4 0x559bce50826c in map__new util/map.c:175
> #5 0x559bce503c92 in machine__process_mmap2_event util/machine.c:1787
> #6 0x559bce512f6b in machines__deliver_event util/session.c:1481
> #7 0x559bce515107 in perf_session__deliver_event util/session.c:1551
> #8 0x559bce51d4d2 in do_flush util/ordered-events.c:244
> #9 0x559bce51d4d2 in __ordered_events__flush util/ordered-events.c:323
> #10 0x559bce519bea in __perf_session__process_events util/session.c:2268
> #11 0x559bce519bea in perf_session__process_events util/session.c:2297
> #12 0x559bce2e7a52 in process_buildids /home/namhyung/project/linux/tools/perf/builtin-record.c:1017
> #13 0x559bce2e7a52 in record__finish_output /home/namhyung/project/linux/tools/perf/builtin-record.c:1234
> #14 0x559bce2ed4f6 in __cmd_record /home/namhyung/project/linux/tools/perf/builtin-record.c:2026
> #15 0x559bce2ed4f6 in cmd_record /home/namhyung/project/linux/tools/perf/builtin-record.c:2858
> #16 0x559bce422db4 in run_builtin /home/namhyung/project/linux/tools/perf/perf.c:313
> #17 0x559bce2acac8 in handle_internal_command /home/namhyung/project/linux/tools/perf/perf.c:365
> #18 0x559bce2acac8 in run_argv /home/namhyung/project/linux/tools/perf/perf.c:409
> #19 0x559bce2acac8 in main /home/namhyung/project/linux/tools/perf/perf.c:539
> #20 0x7fea51e76d09 in __libc_start_main ../csu/libc-start.c:308
>
> Indirect leak of 32 byte(s) in 1 object(s) allocated from:
> #0 0x7fea52341037 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
> #1 0x559bce520907 in nsinfo__copy util/namespaces.c:169
> #2 0x559bce50821b in map__new util/map.c:168
> #3 0x559bce503c92 in machine__process_mmap2_event util/machine.c:1787
> #4 0x559bce512f6b in machines__deliver_event util/session.c:1481
> #5 0x559bce515107 in perf_session__deliver_event util/session.c:1551
> #6 0x559bce51d4d2 in do_flush util/ordered-events.c:244
> #7 0x559bce51d4d2 in __ordered_events__flush util/ordered-events.c:323
> #8 0x559bce519bea in __perf_session__process_events util/session.c:2268
> #9 0x559bce519bea in perf_session__process_events util/session.c:2297
> #10 0x559bce2e7a52 in process_buildids /home/namhyung/project/linux/tools/perf/builtin-record.c:1017
> #11 0x559bce2e7a52 in record__finish_output /home/namhyung/project/linux/tools/perf/builtin-record.c:1234
> #12 0x559bce2ed4f6 in __cmd_record /home/namhyung/project/linux/tools/perf/builtin-record.c:2026
> #13 0x559bce2ed4f6 in cmd_record /home/namhyung/project/linux/tools/perf/builtin-record.c:2858
> #14 0x559bce422db4 in run_builtin /home/namhyung/project/linux/tools/perf/perf.c:313
> #15 0x559bce2acac8 in handle_internal_command /home/namhyung/project/linux/tools/perf/perf.c:365
> #16 0x559bce2acac8 in run_argv /home/namhyung/project/linux/tools/perf/perf.c:409
> #17 0x559bce2acac8 in main /home/namhyung/project/linux/tools/perf/perf.c:539
> #18 0x7fea51e76d09 in __libc_start_main ../csu/libc-start.c:308
>
> SUMMARY: AddressSanitizer: 471 byte(s) leaked in 2 allocation(s).
>
> Signed-off-by: Namhyung Kim <namhyung@...nel.org>
> ---
> tools/perf/util/vdso.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/tools/perf/util/vdso.c b/tools/perf/util/vdso.c
> index 3cc91ad048ea..43beb169631d 100644
> --- a/tools/perf/util/vdso.c
> +++ b/tools/perf/util/vdso.c
> @@ -133,6 +133,8 @@ static struct dso *__machine__addnew_vdso(struct machine *machine, const char *s
> if (dso != NULL) {
> __dsos__add(&machine->dsos, dso);
> dso__set_long_name(dso, long_name, false);
> + /* Put dso here because __dsos_add already got it */
> + dso__put(dso);
from quick look I don't understand why we take refcnt down
right after adding to the list.. it would make sense to me
if dso is not stored elsewhere so we want dsos__exit to
release it.. but it's still stored in map object
I checked and we do extra dso__get in machine__findnew_vdso
(and also in dsos__findnew_id) ... so that one seems to me
like the one we should remove
but I might be missing something, I'll try to check more
deeply later on
jirka
Powered by blists - more mailing lists