| Message ID | 1547023162-6381-1-git-send-email-prpatel@nvidia.com |
|---|---|
| State | Deferred |
| Headers | show |
| Series | selinux: avc: mark avc node as not a leak | expand |
Hi Prateek, On Wed, Jan 09, 2019 at 02:09:22PM +0530, Prateek Patel wrote: > From: Sri Krishna chowdary <schowdary@nvidia.com> > > kmemleak detects allocated objects as leaks if not accessed for > default scan time. The memory allocated using avc_alloc_node > is freed using rcu mechanism when nodes are reclaimed or on > avc_flush. So, there is no real leak here and kmemleak_scan > detects it as a leak which is false positive. Hence, mark it as > kmemleak_not_leak. In theory, kmemleak should detect the node->rhead in the lists used by call_rcu() and not report it as a leak. Which RCU options do you have enabled (just to check whether kmemleak tracks the RCU internal lists)? Also, does this leak eventually disappear without your patch? Does echo dump=0xffffffc0dd1a0e60 > /sys/kernel/debug/kmemleak still display this object? Thanks.
On 1/9/2019 5:01 PM, Catalin Marinas wrote: > Hi Prateek, > > On Wed, Jan 09, 2019 at 02:09:22PM +0530, Prateek Patel wrote: >> From: Sri Krishna chowdary <schowdary@nvidia.com> >> >> kmemleak detects allocated objects as leaks if not accessed for >> default scan time. The memory allocated using avc_alloc_node >> is freed using rcu mechanism when nodes are reclaimed or on >> avc_flush. So, there is no real leak here and kmemleak_scan >> detects it as a leak which is false positive. Hence, mark it as >> kmemleak_not_leak. > In theory, kmemleak should detect the node->rhead in the lists used by > call_rcu() and not report it as a leak. Which RCU options do you have > enabled (just to check whether kmemleak tracks the RCU internal lists)? > > Also, does this leak eventually disappear without your patch? Does > > echo dump=0xffffffc0dd1a0e60 > /sys/kernel/debug/kmemleak > > still display this object? > > Thanks. Hi Catalin, It was intermittently showing leak and didn't repro on multiple runs. To repo, I decreased the minimum object age for reporting, I found triggering the second scan just after first is not showing any leak. Also, without my patch, on echo dump, obj is not displaying. Is increasing minimum object age for reporting a good idea to handle such type of issues to avoid false-positives? Following is the log: t186_int:/ # echo scan > /sys/kernel/debug/kmemleak t186_int:/ # cat /sys/kernel/debug/kmemleak unreferenced object 0xffffffc1e06424c8 (size 72): comm "netd", pid 4891, jiffies 4294906431 (age 23.120s) hex dump (first 32 bytes): 97 01 00 00 1b 00 00 00 0b 00 00 00 57 06 04 00 ............W... 00 00 00 00 ff ff ff ff 01 00 00 00 00 00 00 00 ................ backtrace: [<ffffff8008275214>] kmem_cache_alloc+0x1ac/0x2c0 [<ffffff80084dcf90>] avc_alloc_node+0x28/0x240 [<ffffff80084dd404>] avc_compute_av+0xa4/0x1d0 [<ffffff80084de1b8>] avc_has_perm+0xf8/0x1b8 [<ffffff80084e37f8>] file_has_perm+0xb8/0xe8 [<ffffff80084e3d64>] match_file+0x44/0x98 [<ffffff80082cc9d4>] iterate_fd+0x84/0xd0 [<ffffff80084e2b3c>] selinux_bprm_committing_creds+0xec/0x230 [<ffffff80084d842c>] security_bprm_committing_creds+0x44/0x60 [<ffffff80082ad020>] install_exec_creds+0x20/0x70 [<ffffff800831b9a4>] load_elf_binary+0x31c/0xd10 [<ffffff80082ae530>] search_binary_handler+0x98/0x288 [<ffffff80082af078>] do_execveat_common.isra.14+0x550/0x6d0 [<ffffff80082af4ac>] SyS_execve+0x4c/0x60 [<ffffff80080839c0>] el0_svc_naked+0x34/0x38 [<ffffffffffffffff>] 0xffffffffffffffff unreferenced object 0xffffffc1ab3c61b0 (size 72): comm "crash_dump64", pid 5058, jiffies 4294907834 (age 17.508s) hex dump (first 32 bytes): 2f 02 00 00 6b 00 00 00 07 00 00 00 53 04 04 00 /...k.......S... 00 00 00 00 ff ff fd ff 01 00 00 00 00 00 00 00 ................ backtrace: [<ffffff8008275214>] kmem_cache_alloc+0x1ac/0x2c0 [<ffffff80084dcf90>] avc_alloc_node+0x28/0x240 [<ffffff80084dd404>] avc_compute_av+0xa4/0x1d0 [<ffffff80084de084>] avc_has_perm_noaudit+0xe4/0x120 [<ffffff80084e1264>] selinux_inode_permission+0xc4/0x1c8 [<ffffff80084d8fe8>] security_inode_permission+0x60/0x88 [<ffffff80082b2cf4>] __inode_permission2+0x54/0x120 [<ffffff80082b2e30>] inode_permission2+0x38/0x80 [<ffffff80082b4b58>] may_open+0x70/0x128 [<ffffff80082b6fd4>] do_last+0x234/0xee8 [<ffffff80082b7d30>] path_openat+0xa8/0x310 [<ffffff80082b9390>] do_filp_open+0x88/0x108 [<ffffff80082a1fec>] do_sys_open+0x1a4/0x290 [<ffffff80082a215c>] SyS_openat+0x3c/0x50 [<ffffff80080839c0>] el0_svc_naked+0x34/0x38 [<ffffffffffffffff>] 0xffffffffffffffff unreferenced object 0xffffffc1d3bcf678 (size 72): comm "mediaserver", pid 5156, jiffies 4294909577 (age 10.536s) hex dump (first 32 bytes): 0b 02 00 00 e2 01 00 00 07 00 00 00 53 04 04 00 ............S... 00 00 00 00 f7 ff ff ff 01 00 00 00 00 00 00 00 ................ backtrace: [<ffffff8008275214>] kmem_cache_alloc+0x1ac/0x2c0 [<ffffff80084dcf90>] avc_alloc_node+0x28/0x240 [<ffffff80084dd404>] avc_compute_av+0xa4/0x1d0 [<ffffff80084de084>] avc_has_perm_noaudit+0xe4/0x120 [<ffffff80084e1264>] selinux_inode_permission+0xc4/0x1c8 [<ffffff80084d8fe8>] security_inode_permission+0x60/0x88 [<ffffff80082b2cf4>] __inode_permission2+0x54/0x120 [<ffffff80082b2e30>] inode_permission2+0x38/0x80 [<ffffff80082b4b58>] may_open+0x70/0x128 [<ffffff80082b6fd4>] do_last+0x234/0xee8 [<ffffff80082b7d30>] path_openat+0xa8/0x310 [<ffffff80082b9390>] do_filp_open+0x88/0x108 [<ffffff80082a1fec>] do_sys_open+0x1a4/0x290 [<ffffff80082a21f4>] compat_SyS_openat+0x3c/0x50 [<ffffff80080839c0>] el0_svc_naked+0x34/0x38 [<ffffffffffffffff>] 0xffffffffffffffff t186_int:/ # echo dump=0xffffffc1d3bcf678 > /sys/kernel/debug/kmemleak kmemleak: Unknown object at 0xffffffc1d3bcf678 Thanks,
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 635e5c1..ecfd0cd 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -30,6 +30,7 @@ #include <linux/audit.h> #include <linux/ipv6.h> #include <net/ipv6.h> +#include <linux/kmemleak.h> #include "avc.h" #include "avc_ss.h" #include "classmap.h" @@ -573,6 +574,7 @@ static struct avc_node *avc_alloc_node(struct selinux_avc *avc) if (!node) goto out; + kmemleak_not_leak(node); INIT_HLIST_NODE(&node->list); avc_cache_stats_incr(allocations);