Re: [PATCH v8 00/70] Introducing the Maple Tree

Liam Howlett <liam.howlett@xxxxxxxxxx> · Wed, 27 Apr 2022 22:41:41 +0000

* Qian Cai <quic_qiancai@xxxxxxxxxxx> [220427 16:22]:
> On Wed, Apr 27, 2022 at 04:51:50PM +0000, Liam Howlett wrote:
> > Thanks.  This is indeed an issue with 0d43186b36c1 (mm/mlock: use vma
> > iterator and instead of vma linked list)                                                 
> > 
> > Andrew, Please include this patch as a fix.
> 
> Even with the patch applied, there are still thousands of memory leaks
> reports from kmemleak after booting.

Thank you for finding this.

> 
> unreferenced object 0xffff400259bd6d00 (size 256):
>   comm "multipathd", pid 2577, jiffies 4294915929 (age 2370.384s)
>   hex dump (first 32 bytes):
>     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
>   backtrace:
>      slab_post_alloc_hook
>      kmem_cache_alloc_bulk
>      mas_alloc_nodes
>      mt_alloc_bulk at lib/maple_tree.c:151
>      (inlined by) mas_alloc_nodes at lib/maple_tree.c:1244
>      mas_preallocate
>      __vma_adjust
>      shift_arg_pages
>      setup_arg_pages
>      load_elf_binary
>      search_binary_handler
>      exec_binprm
>      bprm_execve
>      do_execveat_common.isra.0
>      __arm64_sys_execve
>      invoke_syscall
>      el0_svc_common.constprop.0
>      do_el0_svc

__vma_adjust is way too complicated.  This patch should fix the leak.

Andrew, please add this patch to "mm: start tracking VMAs with maple tree"


Thanks,
Liam
From 74f551227d44b351d56f4ec0a36542d871f337d5 Mon Sep 17 00:00:00 2001
From: "Liam R. Howlett" <Liam.Howlett@xxxxxxxxxx>
Date: Wed, 27 Apr 2022 18:40:00 -0400
Subject: [PATCH] mm/mmap: Fix __vma_adjust() memory leak.

When shifting the arg pages, the maple state may be left with allocated
memory.  Free the memory by calling mas_destroy() unconditionally at the
end of the function.

Fixes: bd6a1fd58daf (mm: start tracking VMAs with maple tree)
Signed-off-by: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx>
---
 mm/mmap.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mm/mmap.c b/mm/mmap.c
index 6a37f5d2e496..f52bbf9aa024 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -904,6 +904,7 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start,
 		uprobe_mmap(insert);
 	}
 
+	mas_destroy(&mas);
 	validate_mm(mm);
 
 	return 0;
-- 
2.35.1





