[Devel] [PATCH VZ9] mm/kmemleak: Fix use of uninitialized pointer in percpu object creation
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Fri Jul 12 10:00:00 MSK 2024
After ms commit ad1a3e15fcd3b ("kmemleak: fix kmemleak false positive
report with HW tag-based kasan enable") [1], the untagged_ptr is also
used in rbtree search loop, the patch [2] was not correctly updated in
rebase, so untagged_ptr is used uninitialized in percpu case.
Fix it by always setting untagged_ptr. Also, while on it, also use
untagged_ptr for min/max_percpu_addr.
https://virtuozzo.atlassian.net/browse/PSBM-156004
Fixes: c9438a892d597 ("mm/kmemleak: Add support for percpu memory leak detect") [2]
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
mm/kmemleak.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index d1a5d27e5269b..8e5f957ba71ef 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -685,11 +685,11 @@ static void __create_object(unsigned long ptr, size_t size,
raw_spin_lock_irqsave(&kmemleak_lock, flags);
+ untagged_ptr = (unsigned long)kasan_reset_tag((void *)ptr);
if (object->flags & OBJECT_PERCPU) {
- min_percpu_addr = min(min_percpu_addr, ptr);
- max_percpu_addr = max(max_percpu_addr, ptr + size);
+ min_percpu_addr = min(min_percpu_addr, untagged_ptr);
+ max_percpu_addr = max(max_percpu_addr, untagged_ptr + size);
} else {
- untagged_ptr = (unsigned long)kasan_reset_tag((void *)ptr);
/*
* Only update min_addr and max_addr with object
* storing virtual address.
@@ -1342,11 +1342,11 @@ static void add_pointer_to_gray_list(struct kmemleak_object *scanned, unsigned l
unsigned long untagged_ptr;
unsigned long excess_ref;
+ untagged_ptr = (unsigned long)kasan_reset_tag((void *)pointer);
if (pcpu) {
- if (pointer < min_percpu_addr || pointer >= max_percpu_addr)
+ if (untagged_ptr < min_percpu_addr || untagged_ptr >= max_percpu_addr)
return;
} else {
- untagged_ptr = (unsigned long)kasan_reset_tag((void *)pointer);
if (untagged_ptr < min_addr || untagged_ptr >= max_addr)
return;
}
--
2.45.2
More information about the Devel
mailing list