From patchwork Tue Aug 22 02:38:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steven Rostedt X-Patchwork-Id: 136450 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b82d:0:b0:3f2:4152:657d with SMTP id z13csp3394926vqi; Mon, 21 Aug 2023 21:04:44 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGp0iMY3zm50qxb4n3UvD4qihbxlfzIpPEFUX5iwEwdQ0gLr12Tw5dpiHKEPBvvQx8fGfEF X-Received: by 2002:a05:6a20:9148:b0:133:71e4:c172 with SMTP id x8-20020a056a20914800b0013371e4c172mr10155880pzc.15.1692677083301; Mon, 21 Aug 2023 21:04:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692677083; cv=none; d=google.com; s=arc-20160816; b=uycbIveDzldccS7woRcY5lYVdPQpdQb8tEZjLCvHfu+pogNiP3/3SB/Qp8zX3JzD2T SE+QCypLkuujsLuKalaZW7ikzIqXHTI5SjMPW1GIivK2qGOoi/N3Q7Ipf2FhM+AF/Pbu fOTftGHTZzGxskD5nT+Lzb1N11zo7g7opTwA0qB1SDWHGKzUqjmp7iLWnS63C5BHk3Xs 4cJ1YUzPrq9mEcxS+pU3myOfk6Lu6s7mPeIoPtB4O4Ao8aW1KZ1aeFUhMD2DA7WDbj2i m4YDhFIwY9cf1gihg8U6lovwBQLJO+MqhMV4J8LJpu1X7MAzeW+JupCEZdg0faEoqGFI +fBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:subject:cc:to:from:date :user-agent:message-id; bh=y2OQa0eoonsi6Ll53Cwaz6LWu9p3iqbvGmgT6qFmaig=; fh=7thvPshOcIsAIQaDnmYsf8hk3pomkQCyuLhDsBEzWIw=; b=uX3ILQXYpyN6/Epv/9dst5+rY7gBBz+DTTyKKrCTgdgoFQ7r/7MyVC3Hz6E5Llto+5 vCfSlXnjB5XOcTsW2kGUZoZd7ES/PTzOucCICrg30UAdt1LmRhhvunK8SX8PdPRtrqsX OcPTVQCrYSs9zmBofXJbQH0vZj29NstdT/hHT2+Cx+KAZ5OAkRCZ7qnPCsTQQYpBQNCG OpLPwMizmJ6k7quebG+y/V4118D+7zLdWq4mFqOsis4Y5cOl5ce1LLDaxFOyDEQMObtV Vo5sNGV9ayI3L2WGJkxPTPcZj9Nrt7jxD8UgENQGw6qWVa88hGwSyyCcQY3Mb1BjYEbm Dx3g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e2-20020a170902f10200b001b9ea0f0e25si7942036plb.607.2023.08.21.21.04.29; Mon, 21 Aug 2023 21:04:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232316AbjHVCiv (ORCPT + 99 others); Mon, 21 Aug 2023 22:38:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44918 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232273AbjHVCia (ORCPT ); Mon, 21 Aug 2023 22:38:30 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1561DB for ; Mon, 21 Aug 2023 19:38:28 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id E797363431 for ; Tue, 22 Aug 2023 02:38:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6445BC433C9; Tue, 22 Aug 2023 02:38:27 +0000 (UTC) Received: from rostedt by gandalf with local (Exim 4.96) (envelope-from ) id 1qYHI2-001bc0-1g; Mon, 21 Aug 2023 22:38:42 -0400 Message-ID: <20230822023842.330358290@goodmis.org> User-Agent: quilt/0.66 Date: Mon, 21 Aug 2023 22:38:09 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org Cc: Masami Hiramatsu , Mark Rutland , Andrew Morton , Zheng Yejian Subject: [for-linus][PATCH 6/8] tracing: Fix memleak due to race between current_tracer and trace References: <20230822023803.605698724@goodmis.org> MIME-Version: 1.0 X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1774900565542401710 X-GMAIL-MSGID: 1774900565542401710 From: Zheng Yejian Kmemleak report a leak in graph_trace_open(): unreferenced object 0xffff0040b95f4a00 (size 128): comm "cat", pid 204981, jiffies 4301155872 (age 99771.964s) hex dump (first 32 bytes): e0 05 e7 b4 ab 7d 00 00 0b 00 01 00 00 00 00 00 .....}.......... f4 00 01 10 00 a0 ff ff 00 00 00 00 65 00 10 00 ............e... backtrace: [<000000005db27c8b>] kmem_cache_alloc_trace+0x348/0x5f0 [<000000007df90faa>] graph_trace_open+0xb0/0x344 [<00000000737524cd>] __tracing_open+0x450/0xb10 [<0000000098043327>] tracing_open+0x1a0/0x2a0 [<00000000291c3876>] do_dentry_open+0x3c0/0xdc0 [<000000004015bcd6>] vfs_open+0x98/0xd0 [<000000002b5f60c9>] do_open+0x520/0x8d0 [<00000000376c7820>] path_openat+0x1c0/0x3e0 [<00000000336a54b5>] do_filp_open+0x14c/0x324 [<000000002802df13>] do_sys_openat2+0x2c4/0x530 [<0000000094eea458>] __arm64_sys_openat+0x130/0x1c4 [<00000000a71d7881>] el0_svc_common.constprop.0+0xfc/0x394 [<00000000313647bf>] do_el0_svc+0xac/0xec [<000000002ef1c651>] el0_svc+0x20/0x30 [<000000002fd4692a>] el0_sync_handler+0xb0/0xb4 [<000000000c309c35>] el0_sync+0x160/0x180 The root cause is descripted as follows: __tracing_open() { // 1. File 'trace' is being opened; ... *iter->trace = *tr->current_trace; // 2. Tracer 'function_graph' is // currently set; ... iter->trace->open(iter); // 3. Call graph_trace_open() here, // and memory are allocated in it; ... } s_start() { // 4. The opened file is being read; ... *iter->trace = *tr->current_trace; // 5. If tracer is switched to // 'nop' or others, then memory // in step 3 are leaked!!! ... } To fix it, in s_start(), close tracer before switching then reopen the new tracer after switching. And some tracers like 'wakeup' may not update 'iter->private' in some cases when reopen, then it should be cleared to avoid being mistakenly closed again. Link: https://lore.kernel.org/linux-trace-kernel/20230817125539.1646321-1-zhengyejian1@huawei.com Fixes: d7350c3f4569 ("tracing/core: make the read callbacks reentrants") Signed-off-by: Zheng Yejian Signed-off-by: Steven Rostedt (Google) --- kernel/trace/trace.c | 9 ++++++++- kernel/trace/trace_irqsoff.c | 3 ++- kernel/trace/trace_sched_wakeup.c | 2 ++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index b0e8eb6ea8ac..29a2e4d7886d 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -4213,8 +4213,15 @@ static void *s_start(struct seq_file *m, loff_t *pos) * will point to the same string as current_trace->name. */ mutex_lock(&trace_types_lock); - if (unlikely(tr->current_trace && iter->trace->name != tr->current_trace->name)) + if (unlikely(tr->current_trace && iter->trace->name != tr->current_trace->name)) { + /* Close iter->trace before switching to the new current tracer */ + if (iter->trace->close) + iter->trace->close(iter); *iter->trace = *tr->current_trace; + /* Reopen the new current tracer */ + if (iter->trace->open) + iter->trace->open(iter); + } mutex_unlock(&trace_types_lock); #ifdef CONFIG_TRACER_MAX_TRACE diff --git a/kernel/trace/trace_irqsoff.c b/kernel/trace/trace_irqsoff.c index 590b3d51afae..ba37f768e2f2 100644 --- a/kernel/trace/trace_irqsoff.c +++ b/kernel/trace/trace_irqsoff.c @@ -231,7 +231,8 @@ static void irqsoff_trace_open(struct trace_iterator *iter) { if (is_graph(iter->tr)) graph_trace_open(iter); - + else + iter->private = NULL; } static void irqsoff_trace_close(struct trace_iterator *iter) diff --git a/kernel/trace/trace_sched_wakeup.c b/kernel/trace/trace_sched_wakeup.c index 330aee1c1a49..0469a04a355f 100644 --- a/kernel/trace/trace_sched_wakeup.c +++ b/kernel/trace/trace_sched_wakeup.c @@ -168,6 +168,8 @@ static void wakeup_trace_open(struct trace_iterator *iter) { if (is_graph(iter->tr)) graph_trace_open(iter); + else + iter->private = NULL; } static void wakeup_trace_close(struct trace_iterator *iter)