[Devel] [PATCH VZ9] mm/kmemleak: Fix use of uninitialized pointer in percpu object creation

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Fri Jul 12 10:00:00 MSK 2024


After ms commit ad1a3e15fcd3b ("kmemleak: fix kmemleak false positive
report with HW tag-based kasan enable") [1], the untagged_ptr is also
used in rbtree search loop, the patch [2] was not correctly updated in
rebase, so untagged_ptr is used uninitialized in percpu case.

Fix it by always setting untagged_ptr. Also, while on it, also use
untagged_ptr for min/max_percpu_addr.

https://virtuozzo.atlassian.net/browse/PSBM-156004
Fixes: c9438a892d597 ("mm/kmemleak: Add support for percpu memory leak detect") [2]
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
 mm/kmemleak.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index d1a5d27e5269b..8e5f957ba71ef 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -685,11 +685,11 @@ static void __create_object(unsigned long ptr, size_t size,
 
 	raw_spin_lock_irqsave(&kmemleak_lock, flags);
 
+	untagged_ptr = (unsigned long)kasan_reset_tag((void *)ptr);
 	if (object->flags & OBJECT_PERCPU) {
-		min_percpu_addr = min(min_percpu_addr, ptr);
-		max_percpu_addr = max(max_percpu_addr, ptr + size);
+		min_percpu_addr = min(min_percpu_addr, untagged_ptr);
+		max_percpu_addr = max(max_percpu_addr, untagged_ptr + size);
 	} else {
-		untagged_ptr = (unsigned long)kasan_reset_tag((void *)ptr);
 		/*
 		 * Only update min_addr and max_addr with object
 		 * storing virtual address.
@@ -1342,11 +1342,11 @@ static void add_pointer_to_gray_list(struct kmemleak_object *scanned, unsigned l
 	unsigned long untagged_ptr;
 	unsigned long excess_ref;
 
+	untagged_ptr = (unsigned long)kasan_reset_tag((void *)pointer);
 	if (pcpu) {
-		if (pointer < min_percpu_addr || pointer >= max_percpu_addr)
+		if (untagged_ptr < min_percpu_addr || untagged_ptr >= max_percpu_addr)
 			return;
 	} else {
-		untagged_ptr = (unsigned long)kasan_reset_tag((void *)pointer);
 		if (untagged_ptr < min_addr || untagged_ptr >= max_addr)
 			return;
 	}
-- 
2.45.2



More information about the Devel mailing list