lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 28 Apr 2022 11:01:39 -0700
From:   "Paul E. McKenney" <paulmck@...nel.org>
To:     Zqiang <qiang1.zhang@...el.com>
Cc:     frederic@...nel.org, rcu@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] rcutorture: Fix kmemleak in rcu_test_debug_objects()

On Wed, Apr 27, 2022 at 03:15:20PM +0800, Zqiang wrote:
> The kmemleak kthread scan to the following:
> 
> unreferenced object 0xffff95d941135b50 (size 16):
>   comm "swapper/0", pid 1, jiffies 4294667610 (age 1367.451s)
>   hex dump (first 16 bytes):
>     f0 c6 c2 bd d9 95 ff ff 00 00 00 00 00 00 00 00  ................
>   backtrace:
>     [<00000000bc81d9b1>] kmem_cache_alloc_trace+0x2f6/0x500
>     [<00000000d28be229>] rcu_torture_init+0x1235/0x1354
>     [<0000000032c3acd9>] do_one_initcall+0x51/0x210
>     [<000000003c117727>] kernel_init_freeable+0x205/0x259
>     [<000000003961f965>] kernel_init+0x1a/0x120
>     [<000000001998f890>] ret_from_fork+0x22/0x30
> 
> the rhp object is not released after use, so call kfree() to
> release it.
> 
> Signed-off-by: Zqiang <qiang1.zhang@...el.com>

Good catch, thank you!

I queued this for v5.20 with the wordsmithed commit log shown below.

							Thanx, Paul

------------------------------------------------------------------------

commit 1a2df31f4026dbc8dc4db17a4c2ed01e67f45c92
Author: Zqiang <qiang1.zhang@...el.com>
Date:   Wed Apr 27 15:15:20 2022 +0800

    rcutorture: Fix memory leak in rcu_test_debug_objects()
    
    The kernel memory leak detector located the following:
    
    unreferenced object 0xffff95d941135b50 (size 16):
      comm "swapper/0", pid 1, jiffies 4294667610 (age 1367.451s)
      hex dump (first 16 bytes):
        f0 c6 c2 bd d9 95 ff ff 00 00 00 00 00 00 00 00  ................
      backtrace:
        [<00000000bc81d9b1>] kmem_cache_alloc_trace+0x2f6/0x500
        [<00000000d28be229>] rcu_torture_init+0x1235/0x1354
        [<0000000032c3acd9>] do_one_initcall+0x51/0x210
        [<000000003c117727>] kernel_init_freeable+0x205/0x259
        [<000000003961f965>] kernel_init+0x1a/0x120
        [<000000001998f890>] ret_from_fork+0x22/0x30
    
    This is caused by the rcu_test_debug_objects() function allocating an
    rcu_head structure, then failing to free it.  This commit therefore adds
    the needed kfree() after the last use of this structure.
    
    Signed-off-by: Zqiang <qiang1.zhang@...el.com>
    Signed-off-by: Paul E. McKenney <paulmck@...nel.org>

diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c
index bb2e1610d0add..faf6b4c7a7572 100644
--- a/kernel/rcu/rcutorture.c
+++ b/kernel/rcu/rcutorture.c
@@ -3176,6 +3176,7 @@ static void rcu_test_debug_objects(void)
 	pr_alert("%s: WARN: Duplicate call_rcu() test complete.\n", KBUILD_MODNAME);
 	destroy_rcu_head_on_stack(&rh1);
 	destroy_rcu_head_on_stack(&rh2);
+	kfree(rhp);
 #else /* #ifdef CONFIG_DEBUG_OBJECTS_RCU_HEAD */
 	pr_alert("%s: !CONFIG_DEBUG_OBJECTS_RCU_HEAD, not testing duplicate call_rcu()\n", KBUILD_MODNAME);
 #endif /* #else #ifdef CONFIG_DEBUG_OBJECTS_RCU_HEAD */

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ