| Message ID | 20230713141435.1133021-1-zhengyejian1@huawei.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:a6b2:0:b0:3e4:2afc:c1 with SMTP id c18csp1864531vqm;
Thu, 13 Jul 2023 07:29:52 -0700 (PDT)
X-Google-Smtp-Source:
APBJJlFRv3VNvh4rWSfpI43+hRl5wGm5dwjr00S8zxbj0TWQ+N1KUoOQqcKyCUQznkxMNWMnwmyA
X-Received: by 2002:a05:6a20:3d2a:b0:131:3598:f4e9 with SMTP id
y42-20020a056a203d2a00b001313598f4e9mr1990241pzi.32.1689258592054;
Thu, 13 Jul 2023 07:29:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1689258592; cv=none;
d=google.com; s=arc-20160816;
b=hjgEPEOCyJ3b+Juj0r+RI5sCXL3K/+zZY8Pzxmfp9zSHfr+1DSU1GuJb0TBT/RaBix
oMUVg4wVeIA1q96OznAejBa5qnJcHwdig6lFea5JBreO0vs70ZyCjt3ASe+GpXFnxygA
+KXR/i75mPJgbIsAB1tFbzIRIjXsW3XA8LlWiyJnYq+TXbu1oIL4KHv8O7IU8YqqzcIL
7yJaakkPIZnuHNqZY/WpdziNJWbCANzrp4C33rd6mOyMPjuNoMF++4XzREd+w0fqmufg
9X67Ken4JYMg+VX2wkPCaPFAUgii8AxHyYJ6gwFLd0htnzdrtGwGRksL5sNiAnbf3WeL
JXXg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from;
bh=7n0NVJHB7Qp/tlqViU6BTAvSVM5wByNOkC/ZYunEHms=;
fh=gI9FEBZwCPkanigZF8HYbw13aijx656e2P76SW8PY5Y=;
b=evCHW1o3XtAMxc0GfbqU1amlBqc+yCO+XVFHqEKsvGg1BWZHEWjvWOo3Q9hLNjo/Pj
k0zK6Eci2APPjFpDuPWA4j2MyALTiMQgh/o6ddGygzuP2Du61n62i/9s0U/RU5nBkUXr
T8PuiUXBSRca5byjDWAjpWBTQ7K1nbbB0kMekvwvxBzefFQfRO2oTe5BS5a1iAjeYdvn
0kSWHLehAYBqpKjfNbpJt0G7Og6V5NCShigGd7VLAm1wSv8i16Wgp9ZMl7MyjbZ/DnJ2
Do1JFei8YjDxlti3u1raY4QVrmewE1n317IhSCU+eWhzK/TP2xbikj5zNXRBju9oanPy
OkdA==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
c13-20020a63ea0d000000b00553b9b1886bsi5249916pgi.621.2023.07.13.07.29.37;
Thu, 13 Jul 2023 07:29:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S234066AbjGMOPe (ORCPT <rfc822;ybw1215001957@gmail.com>
+ 99 others); Thu, 13 Jul 2023 10:15:34 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60822 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S235205AbjGMOOy (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 13 Jul 2023 10:14:54 -0400
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2CAFA30EC;
Thu, 13 Jul 2023 07:14:41 -0700 (PDT)
Received: from dggpeml500012.china.huawei.com (unknown [172.30.72.57])
by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4R1xR76DjmzVhlr;
Thu, 13 Jul 2023 22:13:23 +0800 (CST)
Received: from localhost.localdomain (10.67.175.61) by
dggpeml500012.china.huawei.com (7.185.36.15) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2507.27; Thu, 13 Jul 2023 22:14:38 +0800
From: Zheng Yejian <zhengyejian1@huawei.com>
To: <rostedt@goodmis.org>, <mhiramat@kernel.org>
CC: <linux-kernel@vger.kernel.org>,
<linux-trace-kernel@vger.kernel.org>, <zhengyejian1@huawei.com>
Subject: [PATCH] traing: Fix memory leak of iter->temp when reading trace_pipe
Date: Thu, 13 Jul 2023 22:14:35 +0800
Message-ID: <20230713141435.1133021-1-zhengyejian1@huawei.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
X-Originating-IP: [10.67.175.61]
X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To
dggpeml500012.china.huawei.com (7.185.36.15)
X-CFilter-Loop: Reflected
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1771316017184757998
X-GMAIL-MSGID: 1771316017184757998
|
| Series |
traing: Fix memory leak of iter->temp when reading trace_pipe
|
|
Commit Message
Zheng Yejian
July 13, 2023, 2:14 p.m. UTC
kmemleak reports:
unreferenced object 0xffff88814d14e200 (size 256):
comm "cat", pid 336, jiffies 4294871818 (age 779.490s)
hex dump (first 32 bytes):
04 00 01 03 00 00 00 00 08 00 00 00 00 00 00 00 ................
0c d8 c8 9b ff ff ff ff 04 5a ca 9b ff ff ff ff .........Z......
backtrace:
[<ffffffff9bdff18f>] __kmalloc+0x4f/0x140
[<ffffffff9bc9238b>] trace_find_next_entry+0xbb/0x1d0
[<ffffffff9bc9caef>] trace_print_lat_context+0xaf/0x4e0
[<ffffffff9bc94490>] print_trace_line+0x3e0/0x950
[<ffffffff9bc95499>] tracing_read_pipe+0x2d9/0x5a0
[<ffffffff9bf03a43>] vfs_read+0x143/0x520
[<ffffffff9bf04c2d>] ksys_read+0xbd/0x160
[<ffffffff9d0f0edf>] do_syscall_64+0x3f/0x90
[<ffffffff9d2000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
when reading file 'trace_pipe', 'iter->temp' is allocated or relocated
in trace_find_next_entry() but not freed before 'trace_pipe' is closed.
To fix it, free 'iter->temp' in tracing_release_pipe().
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
---
kernel/trace/trace.c | 1 +
1 file changed, 1 insertion(+)
Comments
On 2023/7/13 22:14, Zheng Yejian wrote: > kmemleak reports: > unreferenced object 0xffff88814d14e200 (size 256): > comm "cat", pid 336, jiffies 4294871818 (age 779.490s) > hex dump (first 32 bytes): > 04 00 01 03 00 00 00 00 08 00 00 00 00 00 00 00 ................ > 0c d8 c8 9b ff ff ff ff 04 5a ca 9b ff ff ff ff .........Z...... > backtrace: > [<ffffffff9bdff18f>] __kmalloc+0x4f/0x140 > [<ffffffff9bc9238b>] trace_find_next_entry+0xbb/0x1d0 > [<ffffffff9bc9caef>] trace_print_lat_context+0xaf/0x4e0 > [<ffffffff9bc94490>] print_trace_line+0x3e0/0x950 > [<ffffffff9bc95499>] tracing_read_pipe+0x2d9/0x5a0 > [<ffffffff9bf03a43>] vfs_read+0x143/0x520 > [<ffffffff9bf04c2d>] ksys_read+0xbd/0x160 > [<ffffffff9d0f0edf>] do_syscall_64+0x3f/0x90 > [<ffffffff9d2000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 > > when reading file 'trace_pipe', 'iter->temp' is allocated or relocated > in trace_find_next_entry() but not freed before 'trace_pipe' is closed. > > To fix it, free 'iter->temp' in tracing_release_pipe(). > Sorry, forget the Fixes tag:( Is following Fixes right? Fixes: ff895103a84a ("tracing: Save off entry when peeking at next entry") > Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com> > --- > kernel/trace/trace.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c > index 4529e264cb86..94cfaa884578 100644 > --- a/kernel/trace/trace.c > +++ b/kernel/trace/trace.c > @@ -6764,6 +6764,7 @@ static int tracing_release_pipe(struct inode *inode, struct file *file) > > free_cpumask_var(iter->started); > kfree(iter->fmt); > + kfree(iter->temp); > mutex_destroy(&iter->mutex); > kfree(iter); >
On Thu, 13 Jul 2023 22:14:35 +0800 Zheng Yejian <zhengyejian1@huawei.com> wrote: > kmemleak reports: > unreferenced object 0xffff88814d14e200 (size 256): > comm "cat", pid 336, jiffies 4294871818 (age 779.490s) > hex dump (first 32 bytes): > 04 00 01 03 00 00 00 00 08 00 00 00 00 00 00 00 ................ > 0c d8 c8 9b ff ff ff ff 04 5a ca 9b ff ff ff ff .........Z...... > backtrace: > [<ffffffff9bdff18f>] __kmalloc+0x4f/0x140 > [<ffffffff9bc9238b>] trace_find_next_entry+0xbb/0x1d0 > [<ffffffff9bc9caef>] trace_print_lat_context+0xaf/0x4e0 > [<ffffffff9bc94490>] print_trace_line+0x3e0/0x950 > [<ffffffff9bc95499>] tracing_read_pipe+0x2d9/0x5a0 > [<ffffffff9bf03a43>] vfs_read+0x143/0x520 > [<ffffffff9bf04c2d>] ksys_read+0xbd/0x160 > [<ffffffff9d0f0edf>] do_syscall_64+0x3f/0x90 > [<ffffffff9d2000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 > > when reading file 'trace_pipe', 'iter->temp' is allocated or relocated > in trace_find_next_entry() but not freed before 'trace_pipe' is closed. > > To fix it, free 'iter->temp' in tracing_release_pipe(). > > Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com> Why is it that every time I send a pull request to Linus, I get another fix??? Anyway, Linus, hold off. I'll send a v3 with this included as well. -- Steve > --- > kernel/trace/trace.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c > index 4529e264cb86..94cfaa884578 100644 > --- a/kernel/trace/trace.c > +++ b/kernel/trace/trace.c > @@ -6764,6 +6764,7 @@ static int tracing_release_pipe(struct inode *inode, struct file *file) > > free_cpumask_var(iter->started); > kfree(iter->fmt); > + kfree(iter->temp); > mutex_destroy(&iter->mutex); > kfree(iter); >
On Thu, 13 Jul 2023 22:23:20 +0800 Zheng Yejian <zhengyejian1@huawei.com> wrote: > On 2023/7/13 22:14, Zheng Yejian wrote: > > kmemleak reports: > > unreferenced object 0xffff88814d14e200 (size 256): > > comm "cat", pid 336, jiffies 4294871818 (age 779.490s) > > hex dump (first 32 bytes): > > 04 00 01 03 00 00 00 00 08 00 00 00 00 00 00 00 ................ > > 0c d8 c8 9b ff ff ff ff 04 5a ca 9b ff ff ff ff .........Z...... > > backtrace: > > [<ffffffff9bdff18f>] __kmalloc+0x4f/0x140 > > [<ffffffff9bc9238b>] trace_find_next_entry+0xbb/0x1d0 > > [<ffffffff9bc9caef>] trace_print_lat_context+0xaf/0x4e0 > > [<ffffffff9bc94490>] print_trace_line+0x3e0/0x950 > > [<ffffffff9bc95499>] tracing_read_pipe+0x2d9/0x5a0 > > [<ffffffff9bf03a43>] vfs_read+0x143/0x520 > > [<ffffffff9bf04c2d>] ksys_read+0xbd/0x160 > > [<ffffffff9d0f0edf>] do_syscall_64+0x3f/0x90 > > [<ffffffff9d2000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 > > > > when reading file 'trace_pipe', 'iter->temp' is allocated or relocated > > in trace_find_next_entry() but not freed before 'trace_pipe' is closed. > > > > To fix it, free 'iter->temp' in tracing_release_pipe(). > > > > Sorry, forget the Fixes tag:( > > Is following Fixes right? > Fixes: ff895103a84a ("tracing: Save off entry when peeking at next entry") That's the one I already added ;-) Don't worry too much about adding fixes, I will always analyze a fix patch to find out what it actually fixes. If you add one, I'll still confirm it. -- Steve > > > Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com> > > --- > > kernel/trace/trace.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c > > index 4529e264cb86..94cfaa884578 100644 > > --- a/kernel/trace/trace.c > > +++ b/kernel/trace/trace.c > > @@ -6764,6 +6764,7 @@ static int tracing_release_pipe(struct inode *inode, struct file *file) > > > > free_cpumask_var(iter->started); > > kfree(iter->fmt); > > + kfree(iter->temp); > > mutex_destroy(&iter->mutex); > > kfree(iter); > >
On Thu, 13 Jul 2023 14:44:04 +0000 "Zhengyejian (Zetta)" <zhengyejian1@huawei.com> wrote: > Hi, Steve, > > Please correct a typo in title: trainy -> tracing traing -> tracing ;-) > > I'm a little hurry home from work :( > I'll pay attention to it next time. No problem. I made the fix. But seriously, thanks for all the fixes you are sending my way! -- Steve
On 2023/7/13 22:51, Steven Rostedt wrote: > On Thu, 13 Jul 2023 14:44:04 +0000 > "Zhengyejian (Zetta)" <zhengyejian1@huawei.com> wrote: > >> Hi, Steve, >> >> Please correct a typo in title: trainy -> tracing > > traing -> tracing ;-) Emm, my anothor typo 'trainy'. Phone's keyboard is hard to use :) > >> >> I'm a little hurry home from work :( >> I'll pay attention to it next time. > > No problem. I made the fix. > > But seriously, thanks for all the fixes you are sending my way! > You're welcome! I am happy to do it and have learned a lot :) > -- Steve > > -- Thanks, Zheng Yejian
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 4529e264cb86..94cfaa884578 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -6764,6 +6764,7 @@ static int tracing_release_pipe(struct inode *inode, struct file *file) free_cpumask_var(iter->started); kfree(iter->fmt); + kfree(iter->temp); mutex_destroy(&iter->mutex); kfree(iter);