mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-12-28 16:56:26 +00:00
7591c127f3
The introduction of iova_depot_pop() in 911aa1245d ("iommu/iova: Make
the rcache depot scale better") confused kmemleak by moving a struct
iova_magazine object from a singly linked list to rcache->depot and
resetting the 'next' pointer referencing it. Unlike doubly linked lists,
the content of the object being referred is never changed on removal from
a singly linked list and the kmemleak checksum heuristics do not detect
such scenario. This leads to false positives like:
unreferenced object 0xffff8881a5301000 (size 1024):
comm "softirq", pid 0, jiffies 4306297099 (age 462.991s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 e7 7d 05 00 00 00 00 00 .........}......
0f b4 05 00 00 00 00 00 b4 96 05 00 00 00 00 00 ................
backtrace:
[<ffffffff819f5f08>] __kmem_cache_alloc_node+0x1e8/0x320
[<ffffffff818a239a>] kmalloc_trace+0x2a/0x60
[<ffffffff8231d31e>] free_iova_fast+0x28e/0x4e0
[<ffffffff82310860>] fq_ring_free_locked+0x1b0/0x310
[<ffffffff8231225d>] fq_flush_timeout+0x19d/0x2e0
[<ffffffff813e95ba>] call_timer_fn+0x19a/0x5c0
[<ffffffff813ea16b>] __run_timers+0x78b/0xb80
[<ffffffff813ea5bd>] run_timer_softirq+0x5d/0xd0
[<ffffffff82f1d915>] __do_softirq+0x205/0x8b5
Introduce kmemleak_transient_leak() which resets the object checksum
requiring another scan pass before it is reported (if still unreferenced).
Call this new API in iova_depot_pop().
Link: https://lkml.kernel.org/r/20241104111944.2207155-1-catalin.marinas@arm.com
Link: https://lore.kernel.org/r/ZY1osaGLyT-sdKE8@shredder/
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Reported-by: Ido Schimmel <idosch@idosch.org>
Tested-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Robin Murphy <robin.murphy@arm.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
126 lines
3.2 KiB
C
126 lines
3.2 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* include/linux/kmemleak.h
|
|
*
|
|
* Copyright (C) 2008 ARM Limited
|
|
* Written by Catalin Marinas <catalin.marinas@arm.com>
|
|
*/
|
|
|
|
#ifndef __KMEMLEAK_H
|
|
#define __KMEMLEAK_H
|
|
|
|
#include <linux/slab.h>
|
|
#include <linux/vmalloc.h>
|
|
|
|
#ifdef CONFIG_DEBUG_KMEMLEAK
|
|
|
|
extern void kmemleak_init(void) __init;
|
|
extern void kmemleak_alloc(const void *ptr, size_t size, int min_count,
|
|
gfp_t gfp) __ref;
|
|
extern void kmemleak_alloc_percpu(const void __percpu *ptr, size_t size,
|
|
gfp_t gfp) __ref;
|
|
extern void kmemleak_vmalloc(const struct vm_struct *area, size_t size,
|
|
gfp_t gfp) __ref;
|
|
extern void kmemleak_free(const void *ptr) __ref;
|
|
extern void kmemleak_free_part(const void *ptr, size_t size) __ref;
|
|
extern void kmemleak_free_percpu(const void __percpu *ptr) __ref;
|
|
extern void kmemleak_update_trace(const void *ptr) __ref;
|
|
extern void kmemleak_not_leak(const void *ptr) __ref;
|
|
extern void kmemleak_transient_leak(const void *ptr) __ref;
|
|
extern void kmemleak_ignore(const void *ptr) __ref;
|
|
extern void kmemleak_scan_area(const void *ptr, size_t size, gfp_t gfp) __ref;
|
|
extern void kmemleak_no_scan(const void *ptr) __ref;
|
|
extern void kmemleak_alloc_phys(phys_addr_t phys, size_t size,
|
|
gfp_t gfp) __ref;
|
|
extern void kmemleak_free_part_phys(phys_addr_t phys, size_t size) __ref;
|
|
extern void kmemleak_ignore_phys(phys_addr_t phys) __ref;
|
|
|
|
static inline void kmemleak_alloc_recursive(const void *ptr, size_t size,
|
|
int min_count, slab_flags_t flags,
|
|
gfp_t gfp)
|
|
{
|
|
if (!(flags & SLAB_NOLEAKTRACE))
|
|
kmemleak_alloc(ptr, size, min_count, gfp);
|
|
}
|
|
|
|
static inline void kmemleak_free_recursive(const void *ptr, slab_flags_t flags)
|
|
{
|
|
if (!(flags & SLAB_NOLEAKTRACE))
|
|
kmemleak_free(ptr);
|
|
}
|
|
|
|
static inline void kmemleak_erase(void **ptr)
|
|
{
|
|
*ptr = NULL;
|
|
}
|
|
|
|
#else
|
|
|
|
static inline void kmemleak_init(void)
|
|
{
|
|
}
|
|
static inline void kmemleak_alloc(const void *ptr, size_t size, int min_count,
|
|
gfp_t gfp)
|
|
{
|
|
}
|
|
static inline void kmemleak_alloc_recursive(const void *ptr, size_t size,
|
|
int min_count, slab_flags_t flags,
|
|
gfp_t gfp)
|
|
{
|
|
}
|
|
static inline void kmemleak_alloc_percpu(const void __percpu *ptr, size_t size,
|
|
gfp_t gfp)
|
|
{
|
|
}
|
|
static inline void kmemleak_vmalloc(const struct vm_struct *area, size_t size,
|
|
gfp_t gfp)
|
|
{
|
|
}
|
|
static inline void kmemleak_free(const void *ptr)
|
|
{
|
|
}
|
|
static inline void kmemleak_free_part(const void *ptr, size_t size)
|
|
{
|
|
}
|
|
static inline void kmemleak_free_recursive(const void *ptr, slab_flags_t flags)
|
|
{
|
|
}
|
|
static inline void kmemleak_free_percpu(const void __percpu *ptr)
|
|
{
|
|
}
|
|
static inline void kmemleak_update_trace(const void *ptr)
|
|
{
|
|
}
|
|
static inline void kmemleak_not_leak(const void *ptr)
|
|
{
|
|
}
|
|
static inline void kmemleak_transient_leak(const void *ptr)
|
|
{
|
|
}
|
|
static inline void kmemleak_ignore(const void *ptr)
|
|
{
|
|
}
|
|
static inline void kmemleak_scan_area(const void *ptr, size_t size, gfp_t gfp)
|
|
{
|
|
}
|
|
static inline void kmemleak_erase(void **ptr)
|
|
{
|
|
}
|
|
static inline void kmemleak_no_scan(const void *ptr)
|
|
{
|
|
}
|
|
static inline void kmemleak_alloc_phys(phys_addr_t phys, size_t size,
|
|
gfp_t gfp)
|
|
{
|
|
}
|
|
static inline void kmemleak_free_part_phys(phys_addr_t phys, size_t size)
|
|
{
|
|
}
|
|
static inline void kmemleak_ignore_phys(phys_addr_t phys)
|
|
{
|
|
}
|
|
|
|
#endif /* CONFIG_DEBUG_KMEMLEAK */
|
|
|
|
#endif /* __KMEMLEAK_H */
|