[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <YeFiI1xhiZK7uU+Z@arm.com>
Date: Fri, 14 Jan 2022 11:44:35 +0000
From: Catalin Marinas <catalin.marinas@....com>
To: Paul Menzel <pmenzel@...gen.mpg.de>
Cc: Dave Hansen <dave.hansen@...el.com>,
LKML <linux-kernel@...r.kernel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org
Subject: Re: kmemleak detects leak in msr_build_context
On Tue, Jan 11, 2022 at 10:05:43PM +0100, Paul Menzel wrote:
> Am 11.01.22 um 16:26 schrieb Dave Hansen:
> > On 1/10/22 23:49, Paul Menzel wrote:
> > > Running Linux from commit bf4eebf8cfa2 (Merge tag
> > > 'linux-kselftest-kunit-5.17-rc1' of
> > > git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest),
> > > kmemleak reported the leak below:
> > >
> > > ```
> > > unreferenced object 0xffff8914823de500 (size 64):
> > > comm "swapper/0", pid 1, jiffies 4294667581 (age 1253.406s)
> > > hex dump (first 32 bytes):
> > > 00 00 00 00 00 00 00 00 04 10 01 c0 00 00 00 00 ................
> > > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> > > backtrace:
> > > [<000000007f3b05e9>] __kmalloc+0x177/0x330
> > > [<0000000008104cca>] msr_build_context.constprop.0+0x32/0xbe
> > > [<00000000012bab4e>] msr_save_cpuid_features+0x28/0x2f
> > > [<00000000b7a2262e>] pm_check_save_msr+0x2e/0x40
> > > [<00000000cbe9d92d>] do_one_initcall+0x44/0x200
> > > [<0000000094deab7b>] kernel_init_freeable+0x1fc/0x273
> > > [<00000000d3dbaa56>] kernel_init+0x16/0x160
> > > [<0000000058c4a8b3>] ret_from_fork+0x22/0x30
[...]
> > I've taken a look through arch/x86/power/cpu.c, and nothing obvious
> > jumped out at me. msr_build_context() could probably be cleaned up by
> > using kvrealloc(), but it hasn't been touched recently in a way that I
> > would expect things to leak.
[...]
> > I suspect this is a false positive from kmemleak.
>
> Maybe Catalin can check.
I can't see anything obviously wrong with msr_build_context(), unless it
can somehow be called concurrently, the saved_msrs.array update wouldn't
be safe. Another place to look at is whether saved_context.saved_msrs is
getting corrupt somehow.
If you force another kmemleak scan (through echo scan > /sys/...), does
the leak report disappear? This would be a good indication of a false
positive, though this normally happens with structures that are changed
frequently.
A way to confirm (or rule out) a kmemleak false positive would be to
check that saved_context.saved_msrs.array still points to the
unreferenced object listed above (you may need some kernel
instrumentation). If it doesn't, we'd need to figure out what happened
with the previous array.
--
Catalin
Powered by blists - more mailing lists