Re: [PATCH 00/10] Kernel memory leak detector 0.8

From: Catalin Marinas
Date: Tue Jul 11 2006 - 12:29:36 EST

Next message: Roman Zippel: "Re: patch for timer.c"
Previous message: Nick Piggin: "Re: [PATCH] Consolidate the request merging"
In reply to: Michal Piotrowski: "Re: [PATCH 00/10] Kernel memory leak detector 0.8"
Next in thread: Michal Piotrowski: "Re: [PATCH 00/10] Kernel memory leak detector 0.8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/07/06, Michal Piotrowski <michal.k.k.piotrowski@xxxxxxxxx> wrote:

On 11/07/06, Catalin Marinas <catalin.marinas@xxxxxxxxx> wrote:
> Looking at the call trace, the pointer to the memory allocated in
> context_struct_to_string() is stored in the "cb" variable in struct
> sk_buff (argument passed to selinux_socket_getpeersec_dgram from
> unix_get_peersec_dgram).
>
> This pointer should be found when scanning the "struct sk_buff"
> blocks, unless you also get a comparable number of "struct sk_buff"
> reports (from __alloc_skb). If not, it might be a real leak.

So if we got 3970
orphan pointer 0xf5a6fd60 (size 39):
c0173822: <__kmalloc>
c01df500: <context_struct_to_string>

[...]

and 4673
orphan pointer 0xf4249488 (size 29):
c0173822: <__kmalloc>
c01df500: <context_struct_to_string>

[...]

It's not a memleak?

Not exactly. What I meant is that if you have a corresponding number
of reports from __alloc_skb, maybe they were false positives and the
block wasn't scanned leading to other false positive reports

It looks like there are some reports in __alloc_skb. Please try the
attached patch.

Thanks.

--
Catalin
Clear the false positive in __alloc_skb

From: Catalin Marinas <catalin.marinas@xxxxxxx>

This happens when fclone is 1 because the allocated size is different from
the struct sk_buff one and therefore the pointer aliases are not correctly
determined.

Signed-off-by: Catalin Marinas <catalin.marinas@xxxxxxx>
---

net/core/skbuff.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 44f6a18..ee4fd9b 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -158,6 +158,9 @@ struct sk_buff *__alloc_skb(unsigned int

/* Get the HEAD */
skb = kmem_cache_alloc(cache, gfp_mask & ~__GFP_DMA);
+ /* the skbuff_fclone_cache contains objects larger than
+ * "struct sk_buff" and kmemleak cannot guess the type */
+ memleak_typeid(skb, struct sk_buff);
if (!skb)
goto out;

Next message: Roman Zippel: "Re: patch for timer.c"
Previous message: Nick Piggin: "Re: [PATCH] Consolidate the request merging"
In reply to: Michal Piotrowski: "Re: [PATCH 00/10] Kernel memory leak detector 0.8"
Next in thread: Michal Piotrowski: "Re: [PATCH 00/10] Kernel memory leak detector 0.8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]