From patchwork Mon Nov 4 11:19:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Catalin Marinas X-Patchwork-Id: 13861243 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B284DD132AF for ; Mon, 4 Nov 2024 11:19:53 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 278EF6B0088; Mon, 4 Nov 2024 06:19:53 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 228C76B008A; Mon, 4 Nov 2024 06:19:53 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 118396B008C; Mon, 4 Nov 2024 06:19:53 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id E7FA66B0088 for ; Mon, 4 Nov 2024 06:19:52 -0500 (EST) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 8F4EE40AE4 for ; Mon, 4 Nov 2024 11:19:52 +0000 (UTC) X-FDA: 82748166102.09.B1A9752 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf03.hostedemail.com (Postfix) with ESMTP id 31FBD20021 for ; Mon, 4 Nov 2024 11:19:35 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=none; spf=pass (imf03.hostedemail.com: domain of cmarinas@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=cmarinas@kernel.org; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=arm.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1730718970; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references; bh=Fim6+NSVitpWsSATkniCwi790cICkhqblC9vXtMU0wk=; b=eatyKrmYsGME+FfGYRqT4gEP0hZHc+zy4alC4dP8ivHR1BpIlRLJkG/dLEGfgp9fFheY3s jMH50ctchae4zK6Grukk1z2IrCA+B2q2NDekXvffIbzXKkudgOcXPpWZrSWXNuFSozJbU4 wr2H3kMf97nSxh1vk7YPVapgShjQErE= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=none; spf=pass (imf03.hostedemail.com: domain of cmarinas@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=cmarinas@kernel.org; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=arm.com (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1730718970; a=rsa-sha256; cv=none; b=8nauswu+EJnjwJZCRUlNrSIDgScxVAArPv+cJP6kWJAPSfXp67MgCUHuTf4WlUs7LhvCgZ oBcvplxf49BuWhoPOeuxm8td3XxCPLoRmL4VJZfsIQyN5AwV827jGJkb8PnKjIx37RQiYj z05giYdREshdJPzTkSo93q0VG4pSvZk= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 1257B5C5531; Mon, 4 Nov 2024 11:19:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 966C9C4CECE; Mon, 4 Nov 2024 11:19:47 +0000 (UTC) From: Catalin Marinas To: iommu@lists.linux.dev, linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, Ido Schimmel , Ido Schimmel , Robin Murphy , Joerg Roedel , Will Deacon , Andrew Morton Subject: [PATCH] kmemleak: iommu/iova: Fix transient kmemleak false positive Date: Mon, 4 Nov 2024 11:19:44 +0000 Message-Id: <20241104111944.2207155-1-catalin.marinas@arm.com> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 31FBD20021 X-Stat-Signature: u467a6tkwx747u7fu6sigg7s4pn3o3f4 X-Rspam-User: X-HE-Tag: 1730719175-627799 X-HE-Meta: U2FsdGVkX1+WjSBHAvGIPKLLpnyJ5D1oIhN0fL0bzkgjSP+oydqVpg7q4WIpE+gbMq4Xu1gDph26/rCNT+hADRifMYbGLPu6IoTHEW9m3ud1q1760SMuFH0qR5vQrFWob0i6PnkBgr0l0A2pkMUT4zq8Boz4TwewhcX1x2JsDrNf9TlDBs6JX82xytJvYFllP+klMO4KfP9NT+F1cFQxxnKYuvAYecHTm16+/G9iJjN1f6i6nACaaI+91yvTmc1r3/Nyp0vbaqzaKVrN6FeVbgquLXRcYgYpTBiOfKI9+cKn/nEOxFsd0dKe8eLeX8ldkCsvbvI7Ppt3FV4UNVD/BHD0QQhklUmGFLnDKuPuf/SEhinmwlZ7IgTCTAF097blCdmHYp2ktkK1paquWTVYHj8z0mm5W2psU21GnYxBF3YkNBP4WVbAw1xqfb8v+BP7e915X1geqYemqRzc4TTpcqnT/y2kcYYsEfhMabxJwV7I8rIcsuhTh3+TwUmv3PabHeeoHZmfJt/YJWDXGf2jOqoqSTbTCLgKsHTAfPazafIVZYFk5Bi8xCkwQG0McMAAysI1R/hnSXKP/PJNZat4GJMc0U6vnaDzGrHoE1og0/jKNplodNam29vWyoWVStae44WhyqCUsDL4AttJGpDu+WNfJZ9t7pxktNZH+tJ6/DLlbLMseZSYmIxFyIaS1cu1Wye0F+ulf2sra71gTvD8P3RcPPfH6WLednUvcSxpC6Kdi0jpmeptRn3lOh/TS5NVsNpmI3He4q3I1kd92p3Js58VpveyGDKLz8RuAC3R+1afNDOmD4Nyjs08sub/UuBX+RjgiTSpJc6X1vkEny3bPTVv0AY+chOYBoEmlYCEiypUw2QHWK5Citqf3W/PY1xgGwoi/50kXSFV+bqin3czBFK7HpiOuqNFdV+we7YrR7sa5b5SCZGJwpOmzb/OSOty/AFZTdA6+YmOdntG5Sd pQnK+AZX 6we0y75kc+32UktYaL6hucSCN0QLjkKFYI8Abxg2vr4z9qDU2Odsa+8mqCtERBxj/7bsIbO4QpaWsl7o7QxIePYC2QlLq2H0LUg9o/BdL8zlknJqNqSywlp4bX3eQnw6Z+lx9xkSxP9AlKmud+gnyc4g/DNbDiq83eBPmU2bckvYCAa0iM2Ey++2N0wa3qTfwcwcIuryq3axp5/bOezA6shSE0A8F2Mw8lUQ2tADR5ilKIbfDS4fCLt0p8y7+EHx3DzPlp+nW7QR791XVk+9BB2TB2pKB7GAsvT+UvnQ2YXbRoPbxN8NWzLw0OKqAyujCaDe3F0E4IFH2xkmis1QWZGgJwhWBIc9p6AuuJq3xweuMD9dLkGtjnwI73Rid61bPwiIUOlwu9CiFTCbPBYvQNaF+b2743UBIrY9OJUKFKQ9GGuXX1x4OTLWtEFaC4oAJz6lIE0dzP9+QNCsozP522CkEDx3+7shupIDYgG/ONwlgRf1zZ1VM05zpEBjzV60ArIyqKEiB3F7CrNwymkQZkZpfvPm9rCDq5b3mSrnex3St0VUe9dCNceohGHqautGNjLTxl8NsYAGn5Zs= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: The introduction of iova_depot_pop() in 911aa1245da8 ("iommu/iova: Make the rcache depot scale better") confused kmemleak by moving a struct iova_magazine object from a singly linked list to rcache->depot and resetting the 'next' pointer referencing it. Unlike doubly linked lists, the content of the object being referred is never changed on removal from a singly linked list and the kmemleak checksum heuristics do not detect such scenario. This leads to false positives like: unreferenced object 0xffff8881a5301000 (size 1024): comm "softirq", pid 0, jiffies 4306297099 (age 462.991s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 e7 7d 05 00 00 00 00 00 .........}...... 0f b4 05 00 00 00 00 00 b4 96 05 00 00 00 00 00 ................ backtrace: [] __kmem_cache_alloc_node+0x1e8/0x320 [] kmalloc_trace+0x2a/0x60 [] free_iova_fast+0x28e/0x4e0 [] fq_ring_free_locked+0x1b0/0x310 [] fq_flush_timeout+0x19d/0x2e0 [] call_timer_fn+0x19a/0x5c0 [] __run_timers+0x78b/0xb80 [] run_timer_softirq+0x5d/0xd0 [] __do_softirq+0x205/0x8b5 Introduce kmemleak_transient_leak() which resets the object checksum requiring another scan pass before it is reported (if still unreferenced). Call this new API in iova_depot_pop(). Signed-off-by: Catalin Marinas Reported-by: Ido Schimmel Tested-by: Ido Schimmel Cc: Robin Murphy Cc: Joerg Roedel Cc: Will Deacon Cc: Andrew Morton Link: https://lore.kernel.org/r/ZY1osaGLyT-sdKE8@shredder/ Acked-by: Robin Murphy --- This could be two patches but I thought the rationale for a new kmemleak API goes better with its use in the iova code. Happy to move the 6 lines iova change to a separate patch but they should still go in together. Given that there are more line under mm/, I'd say it better goes in via the mm tree with the relevant acks from the iommu folk. Thanks. Documentation/dev-tools/kmemleak.rst | 1 + drivers/iommu/iova.c | 6 +++++ include/linux/kmemleak.h | 4 +++ mm/kmemleak.c | 39 ++++++++++++++++++++++++++++ 4 files changed, 50 insertions(+) diff --git a/Documentation/dev-tools/kmemleak.rst b/Documentation/dev-tools/kmemleak.rst index 2cb00b53339f..7d784e03f3f9 100644 --- a/Documentation/dev-tools/kmemleak.rst +++ b/Documentation/dev-tools/kmemleak.rst @@ -161,6 +161,7 @@ See the include/linux/kmemleak.h header for the functions prototype. - ``kmemleak_free_percpu`` - notify of a percpu memory block freeing - ``kmemleak_update_trace`` - update object allocation stack trace - ``kmemleak_not_leak`` - mark an object as not a leak +- ``kmemleak_transient_leak`` - mark an object as a transient leak - ``kmemleak_ignore`` - do not scan or report an object as leak - ``kmemleak_scan_area`` - add scan areas inside a memory block - ``kmemleak_no_scan`` - do not scan a memory block diff --git a/drivers/iommu/iova.c b/drivers/iommu/iova.c index 16c6adff3eb7..5b5400efb657 100644 --- a/drivers/iommu/iova.c +++ b/drivers/iommu/iova.c @@ -6,6 +6,7 @@ */ #include +#include #include #include #include @@ -673,6 +674,11 @@ static struct iova_magazine *iova_depot_pop(struct iova_rcache *rcache) { struct iova_magazine *mag = rcache->depot; + /* + * As the mag->next pointer is moved to rcache->depot and reset via + * the mag->size assignment, mark it as a transient false positive. + */ + kmemleak_transient_leak(mag->next); rcache->depot = mag->next; mag->size = IOVA_MAG_SIZE; rcache->depot_size--; diff --git a/include/linux/kmemleak.h b/include/linux/kmemleak.h index 6a3cd1bf4680..93a73c076d16 100644 --- a/include/linux/kmemleak.h +++ b/include/linux/kmemleak.h @@ -26,6 +26,7 @@ extern void kmemleak_free_part(const void *ptr, size_t size) __ref; extern void kmemleak_free_percpu(const void __percpu *ptr) __ref; extern void kmemleak_update_trace(const void *ptr) __ref; extern void kmemleak_not_leak(const void *ptr) __ref; +extern void kmemleak_transient_leak(const void *ptr) __ref; extern void kmemleak_ignore(const void *ptr) __ref; extern void kmemleak_scan_area(const void *ptr, size_t size, gfp_t gfp) __ref; extern void kmemleak_no_scan(const void *ptr) __ref; @@ -93,6 +94,9 @@ static inline void kmemleak_update_trace(const void *ptr) static inline void kmemleak_not_leak(const void *ptr) { } +static inline void kmemleak_transient_leak(const void *ptr) +{ +} static inline void kmemleak_ignore(const void *ptr) { } diff --git a/mm/kmemleak.c b/mm/kmemleak.c index 0400f5e8ac60..72e09ac9140b 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c @@ -934,6 +934,28 @@ static void make_black_object(unsigned long ptr, unsigned int objflags) paint_ptr(ptr, KMEMLEAK_BLACK, objflags); } +/* + * Reset the checksum of an object. The immediate effect is that it will not + * be reported as a leak during the next scan until its checksum is updated. + */ +static void reset_checksum(unsigned long ptr) +{ + unsigned long flags; + struct kmemleak_object *object; + + object = find_and_get_object(ptr, 0); + if (!object) { + kmemleak_warn("Not resetting the checksum of an unknown object at 0x%08lx\n", + ptr); + return; + } + + raw_spin_lock_irqsave(&object->lock, flags); + object->checksum = 0; + raw_spin_unlock_irqrestore(&object->lock, flags); + put_object(object); +} + /* * Add a scanning area to the object. If at least one such area is added, * kmemleak will only scan these ranges rather than the whole memory block. @@ -1202,6 +1224,23 @@ void __ref kmemleak_not_leak(const void *ptr) } EXPORT_SYMBOL(kmemleak_not_leak); +/** + * kmemleak_transient_leak - mark an allocated object as transient false positive + * @ptr: pointer to beginning of the object + * + * Calling this function on an object will cause the memory block to not be + * reported as a leak temporarily. This may happen, for example, if the object + * is part of a singly linked list and the ->next reference to it is changed. + */ +void __ref kmemleak_transient_leak(const void *ptr) +{ + pr_debug("%s(0x%px)\n", __func__, ptr); + + if (kmemleak_enabled && ptr && !IS_ERR(ptr)) + reset_checksum((unsigned long)ptr); +} +EXPORT_SYMBOL(kmemleak_transient_leak); + /** * kmemleak_ignore - ignore an allocated object * @ptr: pointer to beginning of the object