[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <112c4552-2c32-1be4-89a9-90ea9b45e988@alu.unizg.hr>
Date: Sat, 1 Apr 2023 13:25:21 +0200
From: Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: LKML <linux-kernel@...r.kernel.org>,
Thorsten Leemhuis <regressions@...mhuis.info>,
Maxim Levitsky <maximlevitsky@...il.com>,
Alex Dubov <oakad@...oo.com>,
Ulf Hansson <ulf.hansson@...aro.org>,
Jens Axboe <axboe@...nel.dk>,
Christophe JAILLET <christophe.jaillet@...adoo.fr>,
Hannes Reinecke <hare@...e.de>,
Jiasheng Jiang <jiasheng@...as.ac.cn>,
ye xingchen <ye.xingchen@....com.cn>, linux-mmc@...r.kernel.org
Subject: Re: BUG FIX: [PATCH RFC v3] [TESTED OK] memstick_check() memleak in
kernel 6.1.0+ introduced pre 4.17
On 01. 04. 2023. 11:23, Greg KH wrote:
> On Sat, Apr 01, 2023 at 11:18:19AM +0200, Greg KH wrote:
>> On Sat, Apr 01, 2023 at 08:33:36AM +0200, Greg KH wrote:
>>> On Sat, Apr 01, 2023 at 08:28:07AM +0200, Greg KH wrote:
>>>> On Sat, Apr 01, 2023 at 08:23:26AM +0200, Mirsad Goran Todorovac wrote:
>>>>>> This patch is implying that anyone who calls "dev_set_name()" also has
>>>>>> to do this hack, which shouldn't be the case at all.
>>>>>>
>>>>>> thanks,
>>>>>>
>>>>>> greg k-h
>>>>>
>>>>> This is my best guess. Unless there is dev_free_name() or kobject_free_name(), I don't
>>>>> see a more sensible way to patch this up.
>>>>
>>>> In sleeping on this, I think this has to move to the driver core. I
>>>> don't understand why we haven't seen this before, except maybe no one
>>>> has really noticed before (i.e. we haven't had good leak detection tools
>>>> that run with removable devices?)
>>>>
>>>> Anyway, let me see if I can come up with something this weekend, give me
>>>> a chance...
>>>
>>> Wait, no, this already should be handled by the kobject core, look at
>>> kobject_cleanup(), at the bottom. So your change should be merely
>>> duplicating the logic there that already runs when the struct device is
>>> freed, right?
>>>
>>> So I don't understand why your change works, odd. I need more coffee...
>>
>> I think you got half of the change correctly. This init code is a maze
>> of twisty passages, let me take your patch and tweak it a bit into
>> something that I think should work. This looks to be only a memstick
>> issue, not a driver core issue (which makes me feel better.)
>
> Oops, forgot the patch. Can you try this change here and let me know if
> that solves the problem or not? I have compile-tested it only, so I
> have no idea if it works.
>
> If this does work, I'll make up a "real" function to replace the
> horrible dev.kobj.name mess that a driver would have to do here as it
> shouldn't be required that a driver author knows the internals of the
> driver core that well...
>
> thanks,
>
> greg k-h
>
> --------------------
>
>
> diff --git a/drivers/memstick/core/memstick.c b/drivers/memstick/core/memstick.c
> index bf7667845459..bbfaf6536903 100644
> --- a/drivers/memstick/core/memstick.c
> +++ b/drivers/memstick/core/memstick.c
> @@ -410,6 +410,7 @@ static struct memstick_dev *memstick_alloc_card(struct memstick_host *host)
> return card;
> err_out:
> host->card = old_card;
> + kfree_const(card->dev.kobj.name);
> kfree(card);
> return NULL;
> }
> @@ -468,8 +469,10 @@ static void memstick_check(struct work_struct *work)
> put_device(&card->dev);
> host->card = NULL;
> }
> - } else
> + } else {
> + kfree_const(card->dev.kobj.name);
> kfree(card);
> + }
> }
>
> out_power_off:
RESULTS:
w/o patch:
[root@...mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak
[root@...mtodorov marvin]# cat !$
cat /sys/kernel/debug/kmemleak
[root@...mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak
[root@...mtodorov marvin]# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffffa09a93249590 (size 16):
comm "kworker/u12:4", pid 371, jiffies 4294896466 (age 52.748s)
hex dump (first 16 bytes):
6d 65 6d 73 74 69 63 6b 30 00 cc cc cc cc cc cc memstick0.......
backtrace:
[<ffffffff936fb25c>] slab_post_alloc_hook+0x8c/0x3e0
[<ffffffff93702b39>] __kmem_cache_alloc_node+0x1d9/0x2a0
[<ffffffff936773b9>] __kmalloc_node_track_caller+0x59/0x180
[<ffffffff93666a0a>] kstrdup+0x3a/0x70
[<ffffffff93666a7c>] kstrdup_const+0x2c/0x40
[<ffffffff93aa99dc>] kvasprintf_const+0x7c/0xb0
[<ffffffff9443b427>] kobject_set_name_vargs+0x27/0xa0
[<ffffffff93d8ee37>] dev_set_name+0x57/0x80
[<ffffffffc0aeff0f>] memstick_check+0x10f/0x3b0 [memstick]
[<ffffffff933cb4c0>] process_one_work+0x250/0x530
[<ffffffff933cb7f8>] worker_thread+0x48/0x3a0
[<ffffffff933d6dff>] kthread+0x10f/0x140
[<ffffffff93202fa9>] ret_from_fork+0x29/0x50
unreferenced object 0xffffa09a97205990 (size 16):
comm "kworker/u12:4", pid 371, jiffies 4294896471 (age 52.728s)
hex dump (first 16 bytes):
6d 65 6d 73 74 69 63 6b 30 00 cc cc cc cc cc cc memstick0.......
backtrace:
[<ffffffff936fb25c>] slab_post_alloc_hook+0x8c/0x3e0
[<ffffffff93702b39>] __kmem_cache_alloc_node+0x1d9/0x2a0
[<ffffffff936773b9>] __kmalloc_node_track_caller+0x59/0x180
[<ffffffff93666a0a>] kstrdup+0x3a/0x70
[<ffffffff93666a7c>] kstrdup_const+0x2c/0x40
[<ffffffff93aa99dc>] kvasprintf_const+0x7c/0xb0
[<ffffffff9443b427>] kobject_set_name_vargs+0x27/0xa0
[<ffffffff93d8ee37>] dev_set_name+0x57/0x80
[<ffffffffc0aeff0f>] memstick_check+0x10f/0x3b0 [memstick]
[<ffffffff933cb4c0>] process_one_work+0x250/0x530
[<ffffffff933cb7f8>] worker_thread+0x48/0x3a0
[<ffffffff933d6dff>] kthread+0x10f/0x140
[<ffffffff93202fa9>] ret_from_fork+0x29/0x50
[root@...mtodorov marvin]# uname -rms
Linux 6.3.0-rc4-mt-20230401-00199-g7b50567bdcad-dirty x86_64
[root@...mtodorov marvin]#
After the patch:
[root@...mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak
[root@...mtodorov marvin]# cat /sys/kernel/debug/kmemleak
[root@...mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak
[root@...mtodorov marvin]# cat /sys/kernel/debug/kmemleak
[root@...mtodorov marvin]# echo scan > /sys/kernel/debug/kmemleak
[root@...mtodorov marvin]# cat /sys/kernel/debug/kmemleak
So, congratulations, this did it!
This bug I detected on 2022-11-04, but it took me four months to find the leak,
before I was "blessed by the Source". You have asked me whether I would
help the memstick developers find a solution, and I like to keep promises. :-)
At your convenience, you might add in the patch:
Tested-by: Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>
It's been an honour serving with the memstick community with you and it was a real
brainstorming session for me.
Kind regards,
Mirsad
--
Mirsad Goran Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
The European Union
"I see something approaching fast ... Will it be friends with me?"
Powered by blists - more mailing lists