[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4dcf783e-c79b-486a-b4a5-e35681cb8306@oracle.com>
Date: Thu, 15 May 2025 11:06:21 -0400
From: Sidhartha Kumar <sidhartha.kumar@...cle.com>
To: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>,
Jared Kangas <jkangas@...hat.com>
Cc: willy@...radead.org, akpm@...ux-foundation.org,
linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, Liam Howlett <liam.howlett@...cle.com>
Subject: Re: [PATCH] XArray: fix kmemleak false positive in xas_shrink()
On 5/15/25 10:01 AM, Lorenzo Stoakes wrote:
> +cc Liam, Sid.
>
> Andrew - please drop this patch until this is fixed.
>
> Hi Jared,
>
> This breaks the xarray and vma userland testing. Please ensure that any
> required stub are set up there to allow for your fix to work correctly.
>
> Once moved to mm-unstable, or at least -next this would get caught by bots
> (hopefully :) so this is a mandatory pre-requisite to this being merged.
>
> Cheers, Lorenzo
>
> P.S. Liam, Sid - do you think it might be useful to add us 3 as reviewers
> to the xarray entry in MAINTAINERS so we pick up on this sooner?
I would be fine being a reviewer to catch any breakage to the usersland
test suite.
Thanks,
Sid
>
> $ cd tools/testing/radix-tree
> $ make
> cp ../shared/autoconf.h generated/autoconf.h
> cc -I../shared -I. -I../../include -I../../../lib -g -Og -Wall -D_LGPL_SOURCE -fsanitize=address -fsanitize=undefined -c -o main.o main.c
> cc -c -I../shared -I. -I../../include -I../../../lib -g -Og -Wall -D_LGPL_SOURCE -fsanitize=address -fsanitize=undefined ../shared/xarray-shared.c -o xarray-shared.o
> In file included from ../shared/xarray-shared.c:5:
> ../shared/../../../lib/xarray.c: In function ‘xas_shrink’:
> ../shared/../../../lib/xarray.c:480:17: error: implicit declaration of function ‘kmemleak_transient_leak’ [-Wimplicit-function-declaration]
> 480 | kmemleak_transient_leak(node);
> | ^~~~~~~~~~~~~~~~~~~~~~~
> make: *** [../shared/shared.mk:37: xarray-shared.o] Error 1
> $ cd ../vma
> $ make
> cc -c -I../shared -I. -I../../include -I../../../lib -g -Og -Wall -D_LGPL_SOURCE -fsanitize=address -fsanitize=undefined ../shared/xarray-shared.c -o xarray-shared.o
> In file included from ../shared/xarray-shared.c:5:
> ../shared/../../../lib/xarray.c: In function ‘xas_shrink’:
> ../shared/../../../lib/xarray.c:480:17: error: implicit declaration of function ‘kmemleak_transient_leak’ [-Wimplicit-function-declaration]
> 480 | kmemleak_transient_leak(node);
> | ^~~~~~~~~~~~~~~~~~~~~~~
> make: *** [../shared/shared.mk:37: xarray-shared.o] Error 1
>
> On Mon, May 12, 2025 at 12:17:07PM -0700, Jared Kangas wrote:
>> Kmemleak periodically produces a false positive report that resembles
>> the following:
>>
>> unreferenced object 0xffff0000c105ed08 (size 576):
>> comm "swapper/0", pid 1, jiffies 4294937478
>> hex dump (first 32 bytes):
>> 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>> d8 e7 0a 8b 00 80 ff ff 20 ed 05 c1 00 00 ff ff ........ .......
>> backtrace (crc 69e99671):
>> kmemleak_alloc+0xb4/0xc4
>> kmem_cache_alloc_lru+0x1f0/0x244
>> xas_alloc+0x2a0/0x3a0
>> xas_expand.constprop.0+0x144/0x4dc
>> xas_create+0x2b0/0x484
>> xas_store+0x60/0xa00
>> __xa_alloc+0x194/0x280
>> __xa_alloc_cyclic+0x104/0x2e0
>> dev_index_reserve+0xd8/0x18c
>> register_netdevice+0x5e8/0xf90
>> register_netdev+0x28/0x50
>> loopback_net_init+0x68/0x114
>> ops_init+0x90/0x2c0
>> register_pernet_operations+0x20c/0x554
>> register_pernet_device+0x3c/0x8c
>> net_dev_init+0x5cc/0x7d8
>>
>> This transient leak can be traced to xas_shrink(): when the xarray's
>> head is reassigned, kmemleak may have already started scanning the
>> xarray. When this happens, if kmemleak fails to scan the new xa_head
>> before it moves, kmemleak will see it as a leak until the xarray is
>> scanned again.
>>
>> The report can be reproduced by running the xdp_bonding BPF selftest,
>> although it doesn't appear consistently due to the bug's transience.
>> In my testing, the following script has reliably triggered the report in
>> under an hour on a debug kernel with kmemleak enabled, where KSELFTESTS
>> is set to the install path for the kernel selftests:
>>
>> #!/bin/sh
>> set -eu
>>
>> echo 1 >/sys/module/kmemleak/parameters/verbose
>> echo scan=1 >/sys/kernel/debug/kmemleak
>>
>> while :; do
>> $KSELFTESTS/bpf/test_progs -t xdp_bonding
>> done
>>
>> To prevent this false positive report, mark the new xa_head in
>> xas_shrink() as a transient leak.
>>
>> Signed-off-by: Jared Kangas <jkangas@...hat.com>
>> ---
>> lib/xarray.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/lib/xarray.c b/lib/xarray.c
>> index 9644b18af18d1..51314fa157b31 100644
>> --- a/lib/xarray.c
>> +++ b/lib/xarray.c
>> @@ -8,6 +8,7 @@
>>
>> #include <linux/bitmap.h>
>> #include <linux/export.h>
>> +#include <linux/kmemleak.h>
>> #include <linux/list.h>
>> #include <linux/slab.h>
>> #include <linux/xarray.h>
>> @@ -476,6 +477,7 @@ static void xas_shrink(struct xa_state *xas)
>> break;
>> node = xa_to_node(entry);
>> node->parent = NULL;
>> + kmemleak_transient_leak(node);
>> }
>> }
>>
>> --
>> 2.49.0
>>
>>
>>
Powered by blists - more mailing lists