mm: kmemleak: treat vm_struct as alternative reference to vmalloc'ed objects
Kmemleak requires that vmalloc'ed objects have a minimum reference count of 2: one in the corresponding vm_struct object and the other owned by the vmalloc() caller. There are cases, however, where the original vmalloc() returned pointer is lost and, instead, a pointer to vm_struct is stored (see free_thread_stack()). Kmemleak currently reports such objects as leaks. This patch adds support for treating any surplus references to an object as additional references to a specified object. It introduces the kmemleak_vmalloc() API function which takes a vm_struct pointer and sets its surplus reference passing to the actual vmalloc() returned pointer. The __vmalloc_node_range() calling site has been modified accordingly. Link: http://lkml.kernel.org/r/1495726937-23557-4-git-send-email-catalin.marinas@arm.com Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Reported-by: "Luis R. Rodriguez" <mcgrof@kernel.org> Cc: Michal Hocko <mhocko@kernel.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: "Luis R. Rodriguez" <mcgrof@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
04f70d13ca
commit
94f4a1618b
|
@ -150,6 +150,7 @@ See the include/linux/kmemleak.h header for the functions prototype.
|
||||||
- ``kmemleak_init`` - initialize kmemleak
|
- ``kmemleak_init`` - initialize kmemleak
|
||||||
- ``kmemleak_alloc`` - notify of a memory block allocation
|
- ``kmemleak_alloc`` - notify of a memory block allocation
|
||||||
- ``kmemleak_alloc_percpu`` - notify of a percpu memory block allocation
|
- ``kmemleak_alloc_percpu`` - notify of a percpu memory block allocation
|
||||||
|
- ``kmemleak_vmalloc`` - notify of a vmalloc() memory allocation
|
||||||
- ``kmemleak_free`` - notify of a memory block freeing
|
- ``kmemleak_free`` - notify of a memory block freeing
|
||||||
- ``kmemleak_free_part`` - notify of a partial memory block freeing
|
- ``kmemleak_free_part`` - notify of a partial memory block freeing
|
||||||
- ``kmemleak_free_percpu`` - notify of a percpu memory block freeing
|
- ``kmemleak_free_percpu`` - notify of a percpu memory block freeing
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
#define __KMEMLEAK_H
|
#define __KMEMLEAK_H
|
||||||
|
|
||||||
#include <linux/slab.h>
|
#include <linux/slab.h>
|
||||||
|
#include <linux/vmalloc.h>
|
||||||
|
|
||||||
#ifdef CONFIG_DEBUG_KMEMLEAK
|
#ifdef CONFIG_DEBUG_KMEMLEAK
|
||||||
|
|
||||||
|
@ -30,6 +31,8 @@ extern void kmemleak_alloc(const void *ptr, size_t size, int min_count,
|
||||||
gfp_t gfp) __ref;
|
gfp_t gfp) __ref;
|
||||||
extern void kmemleak_alloc_percpu(const void __percpu *ptr, size_t size,
|
extern void kmemleak_alloc_percpu(const void __percpu *ptr, size_t size,
|
||||||
gfp_t gfp) __ref;
|
gfp_t gfp) __ref;
|
||||||
|
extern void kmemleak_vmalloc(const struct vm_struct *area, size_t size,
|
||||||
|
gfp_t gfp) __ref;
|
||||||
extern void kmemleak_free(const void *ptr) __ref;
|
extern void kmemleak_free(const void *ptr) __ref;
|
||||||
extern void kmemleak_free_part(const void *ptr, size_t size) __ref;
|
extern void kmemleak_free_part(const void *ptr, size_t size) __ref;
|
||||||
extern void kmemleak_free_percpu(const void __percpu *ptr) __ref;
|
extern void kmemleak_free_percpu(const void __percpu *ptr) __ref;
|
||||||
|
@ -81,6 +84,10 @@ static inline void kmemleak_alloc_percpu(const void __percpu *ptr, size_t size,
|
||||||
gfp_t gfp)
|
gfp_t gfp)
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
static inline void kmemleak_vmalloc(const struct vm_struct *area, size_t size,
|
||||||
|
gfp_t gfp)
|
||||||
|
{
|
||||||
|
}
|
||||||
static inline void kmemleak_free(const void *ptr)
|
static inline void kmemleak_free(const void *ptr)
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
|
@ -159,6 +159,8 @@ struct kmemleak_object {
|
||||||
atomic_t use_count;
|
atomic_t use_count;
|
||||||
unsigned long pointer;
|
unsigned long pointer;
|
||||||
size_t size;
|
size_t size;
|
||||||
|
/* pass surplus references to this pointer */
|
||||||
|
unsigned long excess_ref;
|
||||||
/* minimum number of a pointers found before it is considered leak */
|
/* minimum number of a pointers found before it is considered leak */
|
||||||
int min_count;
|
int min_count;
|
||||||
/* the total number of pointers found pointing to this object */
|
/* the total number of pointers found pointing to this object */
|
||||||
|
@ -253,7 +255,8 @@ enum {
|
||||||
KMEMLEAK_NOT_LEAK,
|
KMEMLEAK_NOT_LEAK,
|
||||||
KMEMLEAK_IGNORE,
|
KMEMLEAK_IGNORE,
|
||||||
KMEMLEAK_SCAN_AREA,
|
KMEMLEAK_SCAN_AREA,
|
||||||
KMEMLEAK_NO_SCAN
|
KMEMLEAK_NO_SCAN,
|
||||||
|
KMEMLEAK_SET_EXCESS_REF
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -264,7 +267,10 @@ struct early_log {
|
||||||
int op_type; /* kmemleak operation type */
|
int op_type; /* kmemleak operation type */
|
||||||
int min_count; /* minimum reference count */
|
int min_count; /* minimum reference count */
|
||||||
const void *ptr; /* allocated/freed memory block */
|
const void *ptr; /* allocated/freed memory block */
|
||||||
size_t size; /* memory block size */
|
union {
|
||||||
|
size_t size; /* memory block size */
|
||||||
|
unsigned long excess_ref; /* surplus reference passing */
|
||||||
|
};
|
||||||
unsigned long trace[MAX_TRACE]; /* stack trace */
|
unsigned long trace[MAX_TRACE]; /* stack trace */
|
||||||
unsigned int trace_len; /* stack trace length */
|
unsigned int trace_len; /* stack trace length */
|
||||||
};
|
};
|
||||||
|
@ -562,6 +568,7 @@ static struct kmemleak_object *create_object(unsigned long ptr, size_t size,
|
||||||
object->flags = OBJECT_ALLOCATED;
|
object->flags = OBJECT_ALLOCATED;
|
||||||
object->pointer = ptr;
|
object->pointer = ptr;
|
||||||
object->size = size;
|
object->size = size;
|
||||||
|
object->excess_ref = 0;
|
||||||
object->min_count = min_count;
|
object->min_count = min_count;
|
||||||
object->count = 0; /* white color initially */
|
object->count = 0; /* white color initially */
|
||||||
object->jiffies = jiffies;
|
object->jiffies = jiffies;
|
||||||
|
@ -794,6 +801,30 @@ out:
|
||||||
put_object(object);
|
put_object(object);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Any surplus references (object already gray) to 'ptr' are passed to
|
||||||
|
* 'excess_ref'. This is used in the vmalloc() case where a pointer to
|
||||||
|
* vm_struct may be used as an alternative reference to the vmalloc'ed object
|
||||||
|
* (see free_thread_stack()).
|
||||||
|
*/
|
||||||
|
static void object_set_excess_ref(unsigned long ptr, unsigned long excess_ref)
|
||||||
|
{
|
||||||
|
unsigned long flags;
|
||||||
|
struct kmemleak_object *object;
|
||||||
|
|
||||||
|
object = find_and_get_object(ptr, 0);
|
||||||
|
if (!object) {
|
||||||
|
kmemleak_warn("Setting excess_ref on unknown object at 0x%08lx\n",
|
||||||
|
ptr);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
spin_lock_irqsave(&object->lock, flags);
|
||||||
|
object->excess_ref = excess_ref;
|
||||||
|
spin_unlock_irqrestore(&object->lock, flags);
|
||||||
|
put_object(object);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Set the OBJECT_NO_SCAN flag for the object corresponding to the give
|
* Set the OBJECT_NO_SCAN flag for the object corresponding to the give
|
||||||
* pointer. Such object will not be scanned by kmemleak but references to it
|
* pointer. Such object will not be scanned by kmemleak but references to it
|
||||||
|
@ -908,7 +939,7 @@ static void early_alloc_percpu(struct early_log *log)
|
||||||
* @gfp: kmalloc() flags used for kmemleak internal memory allocations
|
* @gfp: kmalloc() flags used for kmemleak internal memory allocations
|
||||||
*
|
*
|
||||||
* This function is called from the kernel allocators when a new object
|
* This function is called from the kernel allocators when a new object
|
||||||
* (memory block) is allocated (kmem_cache_alloc, kmalloc, vmalloc etc.).
|
* (memory block) is allocated (kmem_cache_alloc, kmalloc etc.).
|
||||||
*/
|
*/
|
||||||
void __ref kmemleak_alloc(const void *ptr, size_t size, int min_count,
|
void __ref kmemleak_alloc(const void *ptr, size_t size, int min_count,
|
||||||
gfp_t gfp)
|
gfp_t gfp)
|
||||||
|
@ -951,6 +982,36 @@ void __ref kmemleak_alloc_percpu(const void __percpu *ptr, size_t size,
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(kmemleak_alloc_percpu);
|
EXPORT_SYMBOL_GPL(kmemleak_alloc_percpu);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* kmemleak_vmalloc - register a newly vmalloc'ed object
|
||||||
|
* @area: pointer to vm_struct
|
||||||
|
* @size: size of the object
|
||||||
|
* @gfp: __vmalloc() flags used for kmemleak internal memory allocations
|
||||||
|
*
|
||||||
|
* This function is called from the vmalloc() kernel allocator when a new
|
||||||
|
* object (memory block) is allocated.
|
||||||
|
*/
|
||||||
|
void __ref kmemleak_vmalloc(const struct vm_struct *area, size_t size, gfp_t gfp)
|
||||||
|
{
|
||||||
|
pr_debug("%s(0x%p, %zu)\n", __func__, area, size);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* A min_count = 2 is needed because vm_struct contains a reference to
|
||||||
|
* the virtual address of the vmalloc'ed block.
|
||||||
|
*/
|
||||||
|
if (kmemleak_enabled) {
|
||||||
|
create_object((unsigned long)area->addr, size, 2, gfp);
|
||||||
|
object_set_excess_ref((unsigned long)area,
|
||||||
|
(unsigned long)area->addr);
|
||||||
|
} else if (kmemleak_early_log) {
|
||||||
|
log_early(KMEMLEAK_ALLOC, area->addr, size, 2);
|
||||||
|
/* reusing early_log.size for storing area->addr */
|
||||||
|
log_early(KMEMLEAK_SET_EXCESS_REF,
|
||||||
|
area, (unsigned long)area->addr, 0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EXPORT_SYMBOL_GPL(kmemleak_vmalloc);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* kmemleak_free - unregister a previously registered object
|
* kmemleak_free - unregister a previously registered object
|
||||||
* @ptr: pointer to beginning of the object
|
* @ptr: pointer to beginning of the object
|
||||||
|
@ -1248,6 +1309,7 @@ static void scan_block(void *_start, void *_end,
|
||||||
for (ptr = start; ptr < end; ptr++) {
|
for (ptr = start; ptr < end; ptr++) {
|
||||||
struct kmemleak_object *object;
|
struct kmemleak_object *object;
|
||||||
unsigned long pointer;
|
unsigned long pointer;
|
||||||
|
unsigned long excess_ref;
|
||||||
|
|
||||||
if (scan_should_stop())
|
if (scan_should_stop())
|
||||||
break;
|
break;
|
||||||
|
@ -1283,8 +1345,27 @@ static void scan_block(void *_start, void *_end,
|
||||||
* enclosed by scan_mutex.
|
* enclosed by scan_mutex.
|
||||||
*/
|
*/
|
||||||
spin_lock_nested(&object->lock, SINGLE_DEPTH_NESTING);
|
spin_lock_nested(&object->lock, SINGLE_DEPTH_NESTING);
|
||||||
update_refs(object);
|
/* only pass surplus references (object already gray) */
|
||||||
|
if (color_gray(object)) {
|
||||||
|
excess_ref = object->excess_ref;
|
||||||
|
/* no need for update_refs() if object already gray */
|
||||||
|
} else {
|
||||||
|
excess_ref = 0;
|
||||||
|
update_refs(object);
|
||||||
|
}
|
||||||
spin_unlock(&object->lock);
|
spin_unlock(&object->lock);
|
||||||
|
|
||||||
|
if (excess_ref) {
|
||||||
|
object = lookup_object(excess_ref, 0);
|
||||||
|
if (!object)
|
||||||
|
continue;
|
||||||
|
if (object == scanned)
|
||||||
|
/* circular reference, ignore */
|
||||||
|
continue;
|
||||||
|
spin_lock_nested(&object->lock, SINGLE_DEPTH_NESTING);
|
||||||
|
update_refs(object);
|
||||||
|
spin_unlock(&object->lock);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
read_unlock_irqrestore(&kmemleak_lock, flags);
|
read_unlock_irqrestore(&kmemleak_lock, flags);
|
||||||
}
|
}
|
||||||
|
@ -1987,6 +2068,10 @@ void __init kmemleak_init(void)
|
||||||
case KMEMLEAK_NO_SCAN:
|
case KMEMLEAK_NO_SCAN:
|
||||||
kmemleak_no_scan(log->ptr);
|
kmemleak_no_scan(log->ptr);
|
||||||
break;
|
break;
|
||||||
|
case KMEMLEAK_SET_EXCESS_REF:
|
||||||
|
object_set_excess_ref((unsigned long)log->ptr,
|
||||||
|
log->excess_ref);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
kmemleak_warn("Unknown early log operation: %d\n",
|
kmemleak_warn("Unknown early log operation: %d\n",
|
||||||
log->op_type);
|
log->op_type);
|
||||||
|
|
|
@ -1770,12 +1770,7 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
|
||||||
*/
|
*/
|
||||||
clear_vm_uninitialized_flag(area);
|
clear_vm_uninitialized_flag(area);
|
||||||
|
|
||||||
/*
|
kmemleak_vmalloc(area, size, gfp_mask);
|
||||||
* A ref_count = 2 is needed because vm_struct allocated in
|
|
||||||
* __get_vm_area_node() contains a reference to the virtual address of
|
|
||||||
* the vmalloc'ed block.
|
|
||||||
*/
|
|
||||||
kmemleak_alloc(addr, real_size, 2, gfp_mask);
|
|
||||||
|
|
||||||
return addr;
|
return addr;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue