diff options
author | Catalin Marinas <catalin.marinas@arm.com> | 2013-11-12 15:07:45 -0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2014-07-31 12:54:53 -0700 |
commit | 7e2e611849fa3786431f86411346ecb70c3f4283 (patch) | |
tree | 0112264978b0294d2dadc7d4ab049ea26b0dd230 /mm | |
parent | b06b5c6204bdc7c571feedb6b16188ba62feb9a6 (diff) | |
download | linux-stable-7e2e611849fa3786431f86411346ecb70c3f4283.tar.gz linux-stable-7e2e611849fa3786431f86411346ecb70c3f4283.tar.bz2 linux-stable-7e2e611849fa3786431f86411346ecb70c3f4283.zip |
mm: kmemleak: avoid false negatives on vmalloc'ed objects
commit 7f88f88f83ed609650a01b18572e605ea50cd163 upstream.
Commit 248ac0e1943a ("mm/vmalloc: remove guard page from between vmap
blocks") had the side effect of making vmap_area.va_end member point to
the next vmap_area.va_start. This was creating an artificial reference
to vmalloc'ed objects and kmemleak was rarely reporting vmalloc() leaks.
This patch marks the vmap_area containing pointers explicitly and
reduces the min ref_count to 2 as vm_struct still contains a reference
to the vmalloc'ed object. The kmemleak add_scan_area() function has
been improved to allow a SIZE_MAX argument covering the rest of the
object (for simpler calling sites).
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[hq: Backported to 3.4: Adjust context]
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'mm')
-rw-r--r-- | mm/kmemleak.c | 4 | ||||
-rw-r--r-- | mm/vmalloc.c | 14 |
2 files changed, 13 insertions, 5 deletions
diff --git a/mm/kmemleak.c b/mm/kmemleak.c index 45eb6217bf38..ad6ee88a3d48 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c @@ -750,7 +750,9 @@ static void add_scan_area(unsigned long ptr, size_t size, gfp_t gfp) } spin_lock_irqsave(&object->lock, flags); - if (ptr + size > object->pointer + object->size) { + if (size == SIZE_MAX) { + size = object->pointer + object->size - ptr; + } else if (ptr + size > object->pointer + object->size) { kmemleak_warn("Scan area larger than object 0x%08lx\n", ptr); dump_object_info(object); kmem_cache_free(scan_area_cache, area); diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 1196c7728ede..ad9d90064a4b 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -349,6 +349,12 @@ static struct vmap_area *alloc_vmap_area(unsigned long size, if (unlikely(!va)) return ERR_PTR(-ENOMEM); + /* + * Only scan the relevant parts containing pointers to other objects + * to avoid false negatives. + */ + kmemleak_scan_area(&va->rb_node, SIZE_MAX, gfp_mask & GFP_RECLAIM_MASK); + retry: spin_lock(&vmap_area_lock); /* @@ -1669,11 +1675,11 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, insert_vmalloc_vmlist(area); /* - * A ref_count = 3 is needed because the vm_struct and vmap_area - * structures allocated in the __get_vm_area_node() function contain - * references to the virtual address of the vmalloc'ed block. + * A ref_count = 2 is needed because vm_struct allocated in + * __get_vm_area_node() contains a reference to the virtual address of + * the vmalloc'ed block. */ - kmemleak_alloc(addr, real_size, 3, gfp_mask); + kmemleak_alloc(addr, real_size, 2, gfp_mask); return addr; |