lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <YeFiI1xhiZK7uU+Z@arm.com>
Date:   Fri, 14 Jan 2022 11:44:35 +0000
From:   Catalin Marinas <catalin.marinas@....com>
To:     Paul Menzel <pmenzel@...gen.mpg.de>
Cc:     Dave Hansen <dave.hansen@...el.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org
Subject: Re: kmemleak detects leak in msr_build_context

On Tue, Jan 11, 2022 at 10:05:43PM +0100, Paul Menzel wrote:
> Am 11.01.22 um 16:26 schrieb Dave Hansen:
> > On 1/10/22 23:49, Paul Menzel wrote:
> > > Running Linux from commit bf4eebf8cfa2 (Merge tag
> > > 'linux-kselftest-kunit-5.17-rc1' of
> > > git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest),
> > > kmemleak reported the leak below:
> > > 
> > > ```
> > > unreferenced object 0xffff8914823de500 (size 64):
> > >    comm "swapper/0", pid 1, jiffies 4294667581 (age 1253.406s)
> > >    hex dump (first 32 bytes):
> > >      00 00 00 00 00 00 00 00 04 10 01 c0 00 00 00 00  ................
> > >      00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
> > >    backtrace:
> > >      [<000000007f3b05e9>] __kmalloc+0x177/0x330
> > >      [<0000000008104cca>] msr_build_context.constprop.0+0x32/0xbe
> > >      [<00000000012bab4e>] msr_save_cpuid_features+0x28/0x2f
> > >      [<00000000b7a2262e>] pm_check_save_msr+0x2e/0x40
> > >      [<00000000cbe9d92d>] do_one_initcall+0x44/0x200
> > >      [<0000000094deab7b>] kernel_init_freeable+0x1fc/0x273
> > >      [<00000000d3dbaa56>] kernel_init+0x16/0x160
> > >      [<0000000058c4a8b3>] ret_from_fork+0x22/0x30
[...]
> > I've taken a look through arch/x86/power/cpu.c, and nothing obvious
> > jumped out at me.  msr_build_context() could probably be cleaned up by
> > using kvrealloc(), but it hasn't been touched recently in a way that I
> > would expect things to leak.
[...]
> > I suspect this is a false positive from kmemleak.
> 
> Maybe Catalin can check.

I can't see anything obviously wrong with msr_build_context(), unless it
can somehow be called concurrently, the saved_msrs.array update wouldn't
be safe. Another place to look at is whether saved_context.saved_msrs is
getting corrupt somehow.

If you force another kmemleak scan (through echo scan > /sys/...), does
the leak report disappear? This would be a good indication of a false
positive, though this normally happens with structures that are changed
frequently.

A way to confirm (or rule out) a kmemleak false positive would be to
check that saved_context.saved_msrs.array still points to the
unreferenced object listed above (you may need some kernel
instrumentation). If it doesn't, we'd need to figure out what happened
with the previous array.

-- 
Catalin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ