From patchwork Sun Oct  8 02:33:16 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Liu Shixin <liushixin2@huawei.com>
X-Patchwork-Id: 13412529
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2DCAFE95A67
	for <linux-mm@archiver.kernel.org>; Sun,  8 Oct 2023 01:52:09 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id B41278D001B; Sat,  7 Oct 2023 21:52:08 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id AF1338D0001; Sat,  7 Oct 2023 21:52:08 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 9DFDD8D001B; Sat,  7 Oct 2023 21:52:08 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com
 [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 8F8A38D0001
	for <linux-mm@kvack.org>; Sat,  7 Oct 2023 21:52:08 -0400 (EDT)
Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay06.hostedemail.com (Postfix) with ESMTP id 5A301B4723
	for <linux-mm@kvack.org>; Sun,  8 Oct 2023 01:52:08 +0000 (UTC)
X-FDA: 81320618736.30.6B3FD9F
Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187])
	by imf22.hostedemail.com (Postfix) with ESMTP id 0E16BC001E
	for <linux-mm@kvack.org>; Sun,  8 Oct 2023 01:52:04 +0000 (UTC)
Authentication-Results: imf22.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf22.hostedemail.com: domain of liushixin2@huawei.com designates
 45.249.212.187 as permitted sender) smtp.mailfrom=liushixin2@huawei.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696729926; a=rsa-sha256;
	cv=none;
	b=q69F285cCGQxeBjoabTvLVtv4Zxz2Wx0UFJuDrqFRI/asXJ1kp+KU4tMg76wPPKXjK/HEw
	A/Io5FIcVHiWjRXue2bCAzEaEiixUq5itz6Fa8MpQCdqAM6t1j1snf2WCQTgKTV+DnWcj5
	cCzx02UU7BdqkQLhontNIGTIoVvwY/w=
ARC-Authentication-Results: i=1;
	imf22.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=quarantine) header.from=huawei.com;
	spf=pass (imf22.hostedemail.com: domain of liushixin2@huawei.com designates
 45.249.212.187 as permitted sender) smtp.mailfrom=liushixin2@huawei.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1696729926;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=kIA9pqOpOsNwldWmWgfkumgb8X/NzdMY33JHLY+Khkc=;
	b=HdhWpqM+eo0t2ujLI06B83Nc91rcZF7pAfKAJGEFAeYl2++QWWfGb2JoMxB1YrC5p+5ia2
	J63tKaSexjvegpRY7LkWXZuUT7J96yYoTSVe+x1UyGw50BGFbhD8Ow9bMQ2Z+nRWaOia+8
	rFEoEDBVpbrAQPRxVMsydYmrvNonEwU=
Received: from dggpemm500009.china.huawei.com (unknown [172.30.72.54])
	by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4S34Lj1DjzztTDg;
	Sun,  8 Oct 2023 09:28:45 +0800 (CST)
Received: from huawei.com (10.175.113.32) by dggpemm500009.china.huawei.com
 (7.185.36.225) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.31; Sun, 8 Oct
 2023 09:33:18 +0800
From: Liu Shixin <liushixin2@huawei.com>
To: Catalin Marinas <catalin.marinas@arm.com>, Patrick Wang
	<patrick.wang.shcn@gmail.com>, Andrew Morton <akpm@linux-foundation.org>
CC: <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>, Liu Shixin
	<liushixin2@huawei.com>
Subject: [PATCH v2 3/4] mm/kmemleak: fix partially freeing unknown object
 warning
Date: Sun, 8 Oct 2023 10:33:16 +0800
Message-ID: <20231008023317.3015699-4-liushixin2@huawei.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20231008023317.3015699-1-liushixin2@huawei.com>
References: <20231008023317.3015699-1-liushixin2@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.175.113.32]
X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To
 dggpemm500009.china.huawei.com (7.185.36.225)
X-CFilter-Loop: Reflected
X-Rspamd-Server: rspam08
X-Rspamd-Queue-Id: 0E16BC001E
X-Stat-Signature: 11ehjwstttm56zznugf74ms651w3tpcf
X-Rspam-User: 
X-HE-Tag: 1696729924-181458
X-HE-Meta: 
 U2FsdGVkX19UnuSTD0cJ/ILno3qj+yinP/M8zTz7Bks+MnLedwZzmCJxjTT/n0cLtaiK8Z6/lgHA18pjOn4INjtfoaQvqKUT24ir6M47IT+GGA45Pn0FF/Rqo5vO7KLPXm3F0VkD/w1luIcx7BKp2ofq4MOZYIuet/SK16w+2KY291Lugr2wesJba0KqUUSwz5yPfChW1Op7tTwHAyiMqEwcl9gyy0+A80Rbbc9Ecg5MUJ6IquIK/ct64+mbB0m+M2+VOqy+QuXuLCXc0N+I4o4pydfDib7fjsSwcb8eWLwxa0ejQIAjfTWe1+j1Mtk1TTn5uViwWYoAghFqoD0o0VNdTxkXr3tMCT46QoqTr95UdmSva6GrcsrSJV9bbjmyznpKLVXEsvlVdTKs9eACIQ14ITHK5TBBLoUIQZ2vaVYYtqj/JWyS/zmla/jG6W4U8LceJB+1ob3Dta+Spk7oeI0MEtXi9k5wswFUA5GthCpb7V9OTNKTRTzOFRSHbuffB7xGcVcjz0TSuuN8VFKo0B+w6yrM8GB6GyW+3P5AkWU91a3/FIBNXkO8y4j8r55tae9xidcfh3X802EqGUNkh8vFDtL1g0Vwx5SRIZXnBUlpL7NCU86q/M9GdDuDFwZZfZ5hZjgipuVP50mV70BkBxla7WBlcBmIaG2weTElht1gw1QxD44jU6+/Luqprsy3z4Ot2qM2pYTv8atCHsYCNK7FnT0ZCbpfI1Fe23Ebq9GxRNNUF74lk8HZE1wkXVnDc8rBAtG4DuhzY/V3WW/BgYpmnxWlQN+GF8tzoD91PltRllNeb7fvx+T0M4ZcpCAPYHl/gGD+kwf3uyldCZwJF0cKmYmyiRYgae1EgHTIQxcloBSd3ELsvy+udZ/i+fRuWZDhnfbnRcSNO0xQAPPRf39ENKrHBwLfZfztDvsep3oV2PUIVZ01c3JfF/9anudkdJ/+ZCOhgQ07nMVlZFq
 0iR3GI6U
 D4nvQ0HXgooOmvTpFWfarwrvwRdggRrMtrUvzRNmZ2jRXCI2rCZurcscjrglpcI+EmvwkW73OiPKbwCPDAfJtcrJATcZQiYHF0qv9ooVEJax/okr7TEC4Iu4Pce6+TyUe3iDhtwfSwFz51qmDzgzuwxagENqEqyiKMDYDsuuBex1lAQsY4O5X4zEZOUOjyltSADaitGPd7EiknZv8VvvsBiKQnvG637puVqZ5HojElhFJa08TZOqxjiwzGZc06nfN0MQXrepaIV+fKpvav3F8qgvYJZMM8S3OEKx9u8JopUGx7YLP5VY+0Reg9g==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

delete_object_part() can be called by multiple callers in the same time.
If an object is found and removed by a caller, and then another caller
try to find it too, it failed and return directly. The secound part still
be recorded by kmemleak even if it has alreadly been freed to buddy.
With DEBUG on, kmemleak will report the following warning:

 kmemleak: Partially freeing unknown object at 0xa1af86000 (size 4096)
 CPU: 0 PID: 742 Comm: test_huge Not tainted 6.6.0-rc3kmemleak+ #54
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
 Call Trace:
  <TASK>
  dump_stack_lvl+0x37/0x50
  kmemleak_free_part_phys+0x50/0x60
  hugetlb_vmemmap_optimize+0x172/0x290
  ? __pfx_vmemmap_remap_pte+0x10/0x10
  __prep_new_hugetlb_folio+0xe/0x30
  prep_new_hugetlb_folio.isra.0+0xe/0x40
  alloc_fresh_hugetlb_folio+0xc3/0xd0
  alloc_surplus_hugetlb_folio.constprop.0+0x6e/0xd0
  hugetlb_acct_memory.part.0+0xe6/0x2a0
  hugetlb_reserve_pages+0x110/0x2c0
  hugetlbfs_file_mmap+0x11d/0x1b0
  mmap_region+0x248/0x9a0
  ? hugetlb_get_unmapped_area+0x15c/0x2d0
  do_mmap+0x38b/0x580
  vm_mmap_pgoff+0xe6/0x190
  ksys_mmap_pgoff+0x18a/0x1f0
  do_syscall_64+0x3f/0x90
  entry_SYSCALL_64_after_hwframe+0x6e/0xd8

Fix the problem by adding a new mutex lock to make sure all objects are
deleted sequentially in delete_object_part(). The kmemleak_lock is not
suitable here because there is a memory allocation with flag GFP_KERNEL.

Fixes: 53238a60dd4a ("kmemleak: Allow partial freeing of memory blocks")
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
---
 mm/kmemleak.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index 54c2c90d3abc..ed497866361a 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -208,6 +208,8 @@ static struct rb_root object_tree_root = RB_ROOT;
 static struct rb_root object_phys_tree_root = RB_ROOT;
 /* protecting the access to object_list, object_tree_root (or object_phys_tree_root) */
 static DEFINE_RAW_SPINLOCK(kmemleak_lock);
+/* Serial delete_object_part() to ensure all objects are deleted correctly */
+static DEFINE_MUTEX(delete_object_part_mutex);
 
 /* allocation caches for kmemleak internal data */
 static struct kmem_cache *object_cache;
@@ -785,13 +787,15 @@ static void delete_object_part(unsigned long ptr, size_t size, bool is_phys)
 	struct kmemleak_object *object;
 	unsigned long start, end;
 
+	mutex_lock(&delete_object_part_mutex);
+
 	object = find_and_remove_object(ptr, 1, is_phys);
 	if (!object) {
 #ifdef DEBUG
 		kmemleak_warn("Partially freeing unknown object at 0x%08lx (size %zu)\n",
 			      ptr, size);
 #endif
-		return;
+		goto unlock;
 	}
 
 	/*
@@ -809,6 +813,9 @@ static void delete_object_part(unsigned long ptr, size_t size, bool is_phys)
 			      GFP_KERNEL, is_phys);
 
 	__delete_object(object);
+
+unlock:
+	mutex_unlock(&delete_object_part_mutex);
 }
 
 static void __paint_it(struct kmemleak_object *object, int color)