[Devel] [PATCH RHEL7 COMMIT] ms/mm: kmemleak: avoid deadlock on the kmemleak object insertion error path

Konstantin Khorenko khorenko at virtuozzo.com
Mon Aug 29 14:30:19 MSK 2022 

The commit is pushed to "branch-rh7-3.10.0-1160.76.1.vz7.189.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.76.1.vz7.189.1
------>
commit 75b4148670b11ebd2537d53d3cf78f74b4bf7ea5
Author: Catalin Marinas <catalin.marinas at arm.com>
Date:   Wed Jun 24 16:58:34 2015 -0700

    ms/mm: kmemleak: avoid deadlock on the kmemleak object insertion error path
    
    While very unlikely (usually kmemleak or sl*b bug), the create_object()
    function in mm/kmemleak.c may fail to insert a newly allocated object into
    the rb tree.  When this happens, kmemleak disables itself and prints
    additional information about the object already found in the rb tree.
    Such printing is done with the parent->lock acquired, however the
    kmemleak_lock is already held.  This is a potential race with the scanning
    thread which acquires object->lock and kmemleak_lock in a
    
    This patch removes the locking around the 'parent' object information
    printing.  Such object cannot be freed or removed from object_tree_root
    and object_list since kmemleak_lock is already held.  There is a very
    small risk that some of the object data is being modified on another CPU
    but the only downside is inconsistent information printing.
    
    Signed-off-by: Catalin Marinas <catalin.marinas at arm.com>
    Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
    
    Preparational patch for non merged to mainstream series:
    https://lore.kernel.org/lkml/20200921020007.35803-1-chenjun102@huawei.com/
    
    (cherry-picked from ms commit 9d5a4c730dd164f6f1b4ed6690fbe2667e5149ea)
    https://jira.sw.ru/browse/PSBM-141114
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
 mm/kmemleak.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index 11f10ce8ebbc1..2f592381e3c34 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -53,6 +53,11 @@
  *   modifications to the memory scanning parameters including the scan_thread
  *   pointer
  *
+ * Locks and mutexes should only be acquired/nested in the following order:
+ *
+ *   scan_mutex -> object->lock -> other_object->lock (SINGLE_DEPTH_NESTING)
+ *				-> kmemleak_lock
+ *
  * The kmemleak_object structures have a use_count incremented or decremented
  * using the get_object()/put_object() functions. When the use_count becomes
  * 0, this count can no longer be incremented and put_object() schedules the
@@ -581,11 +586,13 @@ static struct kmemleak_object *create_object(unsigned long ptr, size_t size,
 			kmemleak_stop("Cannot insert 0x%lx into the object "
 				      "search tree (overlaps existing)\n",
 				      ptr);
+			/*
+			 * No need for parent->lock here since "parent" cannot
+			 * be freed while the kmemleak_lock is held.
+			 */
+			dump_object_info(parent);
 			kmem_cache_free(object_cache, object);
-			object = parent;
-			spin_lock(&object->lock);
-			dump_object_info(object);
-			spin_unlock(&object->lock);
+			object = NULL;
 			goto out;
 		}
 	}

More information about the Devel mailing list