Re: [PATCH] selinux: avc: mark avc node as not a leak

From: Prateek Patel
Date: Thu Jan 24 2019 - 16:57:13 EST

Next message: Jiri Kosina: "Re: [PATCH v2] HID: intel-ish-hid: Switch to use new generic UUID API"
Previous message: SeongJae Park: "[PATCH 2/2] locking/memory-barriers/kokr: Update Korean translation to replace smp_cond_acquire() with smp_cond_load_acquire()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/9/2019 5:01 PM, Catalin Marinas wrote:

Hi Prateek,

On Wed, Jan 09, 2019 at 02:09:22PM +0530, Prateek Patel wrote:

From: Sri Krishna chowdary <schowdary@xxxxxxxxxx>

kmemleak detects allocated objects as leaks if not accessed for
default scan time. The memory allocated using avc_alloc_node
is freed using rcu mechanism when nodes are reclaimed or on
avc_flush. So, there is no real leak here and kmemleak_scan
detects it as a leak which is false positive. Hence, mark it as
kmemleak_not_leak.

In theory, kmemleak should detect the node->rhead in the lists used by
call_rcu() and not report it as a leak. Which RCU options do you have
enabled (just to check whether kmemleak tracks the RCU internal lists)?

Also, does this leak eventually disappear without your patch? Does

echo dump=0xffffffc0dd1a0e60 > /sys/kernel/debug/kmemleak

still display this object?

Thanks.

Hi Catalin,
It was intermittently showing leak and didn't repro on multiple runs. To repo, I decreased the
minimum object age for reporting, I found triggering the second scan just after first is not showing
any leak. Also, without my patch, on echo dump, obj is not displaying.
Is increasing minimum object age for reporting a good idea to handle such type of issues to
avoid false-positives?

Following is the log:

t186_int:/ # echo scan > /sys/kernel/debug/kmemleak
t186_int:/ # cat /sys/kernel/debug/kmemleak

unreferenced object 0xffffffc1e06424c8 (size 72):
Â comm "netd", pid 4891, jiffies 4294906431 (age 23.120s)
Â hex dump (first 32 bytes):
ÂÂÂ 97 01 00 00 1b 00 00 00 0b 00 00 00 57 06 04 00 ............W...
ÂÂÂ 00 00 00 00 ff ff ff ff 01 00 00 00 00 00 00 00 ................
Â backtrace:
ÂÂÂ [<ffffff8008275214>] kmem_cache_alloc+0x1ac/0x2c0
ÂÂÂ [<ffffff80084dcf90>] avc_alloc_node+0x28/0x240
ÂÂÂ [<ffffff80084dd404>] avc_compute_av+0xa4/0x1d0
ÂÂÂ [<ffffff80084de1b8>] avc_has_perm+0xf8/0x1b8
ÂÂÂ [<ffffff80084e37f8>] file_has_perm+0xb8/0xe8
ÂÂÂ [<ffffff80084e3d64>] match_file+0x44/0x98
ÂÂÂ [<ffffff80082cc9d4>] iterate_fd+0x84/0xd0
ÂÂÂ [<ffffff80084e2b3c>] selinux_bprm_committing_creds+0xec/0x230
ÂÂÂ [<ffffff80084d842c>] security_bprm_committing_creds+0x44/0x60
ÂÂÂ [<ffffff80082ad020>] install_exec_creds+0x20/0x70
ÂÂÂ [<ffffff800831b9a4>] load_elf_binary+0x31c/0xd10
ÂÂÂ [<ffffff80082ae530>] search_binary_handler+0x98/0x288
ÂÂÂ [<ffffff80082af078>] do_execveat_common.isra.14+0x550/0x6d0
ÂÂÂ [<ffffff80082af4ac>] SyS_execve+0x4c/0x60
ÂÂÂ [<ffffff80080839c0>] el0_svc_naked+0x34/0x38
ÂÂÂ [<ffffffffffffffff>] 0xffffffffffffffff
unreferenced object 0xffffffc1ab3c61b0 (size 72):
Â comm "crash_dump64", pid 5058, jiffies 4294907834 (age 17.508s)
Â hex dump (first 32 bytes):
ÂÂÂ 2f 02 00 00 6b 00 00 00 07 00 00 00 53 04 04 00 /...k.......S...
ÂÂÂ 00 00 00 00 ff ff fd ff 01 00 00 00 00 00 00 00 ................
Â backtrace:
ÂÂÂ [<ffffff8008275214>] kmem_cache_alloc+0x1ac/0x2c0
ÂÂÂ [<ffffff80084dcf90>] avc_alloc_node+0x28/0x240
ÂÂÂ [<ffffff80084dd404>] avc_compute_av+0xa4/0x1d0
ÂÂÂ [<ffffff80084de084>] avc_has_perm_noaudit+0xe4/0x120
ÂÂÂ [<ffffff80084e1264>] selinux_inode_permission+0xc4/0x1c8
ÂÂÂ [<ffffff80084d8fe8>] security_inode_permission+0x60/0x88
ÂÂÂ [<ffffff80082b2cf4>] __inode_permission2+0x54/0x120
ÂÂÂ [<ffffff80082b2e30>] inode_permission2+0x38/0x80
ÂÂÂ [<ffffff80082b4b58>] may_open+0x70/0x128
ÂÂÂ [<ffffff80082b6fd4>] do_last+0x234/0xee8
ÂÂÂ [<ffffff80082b7d30>] path_openat+0xa8/0x310
ÂÂÂ [<ffffff80082b9390>] do_filp_open+0x88/0x108
ÂÂÂ [<ffffff80082a1fec>] do_sys_open+0x1a4/0x290
ÂÂÂ [<ffffff80082a215c>] SyS_openat+0x3c/0x50
ÂÂÂ [<ffffff80080839c0>] el0_svc_naked+0x34/0x38
ÂÂÂ [<ffffffffffffffff>] 0xffffffffffffffff
unreferenced object 0xffffffc1d3bcf678 (size 72):
Â comm "mediaserver", pid 5156, jiffies 4294909577 (age 10.536s)
Â hex dump (first 32 bytes):
ÂÂÂ 0b 02 00 00 e2 01 00 00 07 00 00 00 53 04 04 00 ............S...
ÂÂÂ 00 00 00 00 f7 ff ff ff 01 00 00 00 00 00 00 00 ................
Â backtrace:
ÂÂÂ [<ffffff8008275214>] kmem_cache_alloc+0x1ac/0x2c0
ÂÂÂ [<ffffff80084dcf90>] avc_alloc_node+0x28/0x240
ÂÂÂ [<ffffff80084dd404>] avc_compute_av+0xa4/0x1d0
ÂÂÂ [<ffffff80084de084>] avc_has_perm_noaudit+0xe4/0x120
ÂÂÂ [<ffffff80084e1264>] selinux_inode_permission+0xc4/0x1c8
ÂÂÂ [<ffffff80084d8fe8>] security_inode_permission+0x60/0x88
ÂÂÂ [<ffffff80082b2cf4>] __inode_permission2+0x54/0x120
ÂÂÂ [<ffffff80082b2e30>] inode_permission2+0x38/0x80
ÂÂÂ [<ffffff80082b4b58>] may_open+0x70/0x128
ÂÂÂ [<ffffff80082b6fd4>] do_last+0x234/0xee8
ÂÂÂ [<ffffff80082b7d30>] path_openat+0xa8/0x310
ÂÂÂ [<ffffff80082b9390>] do_filp_open+0x88/0x108
ÂÂÂ [<ffffff80082a1fec>] do_sys_open+0x1a4/0x290
ÂÂÂ [<ffffff80082a21f4>] compat_SyS_openat+0x3c/0x50
ÂÂÂ [<ffffff80080839c0>] el0_svc_naked+0x34/0x38
ÂÂÂ [<ffffffffffffffff>] 0xffffffffffffffff
t186_int:/ # echo dump=0xffffffc1d3bcf678 > /sys/kernel/debug/kmemleak
kmemleak: Unknown object at 0xffffffc1d3bcf678

Thanks,

Next message: Jiri Kosina: "Re: [PATCH v2] HID: intel-ish-hid: Switch to use new generic UUID API"
Previous message: SeongJae Park: "[PATCH 2/2] locking/memory-barriers/kokr: Update Korean translation to replace smp_cond_acquire() with smp_cond_load_acquire()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]