The patch titled
Subject: rcu: make call_rcu() print mem_dump_obj() info for double-freed callback
has been added to the -mm tree. Its filename is
rcu-make-call_rcu-print-mem_dump_obj-info-for-double-freed-callback.patch
This patch should soon appear at
https://ozlabs.org/~akpm/mmots/broken-out/rcu-make-call_rcu-print-mem_dump_obj-info-for-double-freed-callback.patch
and later at
https://ozlabs.org/~akpm/mmotm/broken-out/rcu-make-call_rcu-print-mem_dump_obj-info-for-double-freed-callback.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: "Paul E. McKenney" <paulmck@xxxxxxxxxx>
Subject: rcu: make call_rcu() print mem_dump_obj() info for double-freed callback
The debug-object double-free checks in __call_rcu() print out the RCU
callback function, which is usually sufficient to track down the double
free. However, all uses of things like queue_rcu_work() will have the
same RCU callback function (rcu_work_rcufn() in this case), so a
diagnostic message for a double queue_rcu_work() needs more than just the
callback function.
This commit therefore calls mem_dump_obj() to dump out any additional
available information on the double-freed callback.
Link: https://lkml.kernel.org/r/20210106011750.13709-5-paulmck@xxxxxxxxxx
Signed-off-by: Paul E. McKenney <paulmck@xxxxxxxxxx>
Reported-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
Cc: Christoph Lameter <cl@xxxxxxxxx>
Cc: Pekka Enberg <penberg@xxxxxxxxxx>
Cc: David Rientjes <rientjes@xxxxxxxxxx>
Cc: Joonsoo Kim <iamjoonsoo.kim@xxxxxxx>
Cc: Jens Axboe <axboe@xxxxxxxxx>
Cc: Ming Lei <ming.lei@xxxxxxxxxx>
Cc: Vlastimil Babka <vbabka@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
kernel/rcu/tree.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/kernel/rcu/tree.c~rcu-make-call_rcu-print-mem_dump_obj-info-for-double-freed-callback
+++ a/kernel/rcu/tree.c
@@ -2941,6 +2941,7 @@ static void check_cb_ovld(struct rcu_dat
static void
__call_rcu(struct rcu_head *head, rcu_callback_t func)
{
+ static atomic_t doublefrees;
unsigned long flags;
struct rcu_data *rdp;
bool was_alldone;
@@ -2954,8 +2955,10 @@ __call_rcu(struct rcu_head *head, rcu_ca
* Use rcu:rcu_callback trace event to find the previous
* time callback was passed to __call_rcu().
*/
- WARN_ONCE(1, "__call_rcu(): Double-freed CB %p->%pS()!!!\n",
- head, head->func);
+ if (atomic_inc_return(&doublefrees) < 4) {
+ pr_err("%s(): Double-freed CB %p->%pS()!!! ", __func__, head, head->func);
+ mem_dump_obj(head);
+ }
WRITE_ONCE(head->func, rcu_leak_callback);
return;
}
_
Patches currently in -mm which might be from paulmck@xxxxxxxxxx are
mm-add-mem_dump_obj-to-print-source-of-memory-block.patch
mm-make-mem_dump_obj-handle-null-and-zero-sized-pointers.patch
mm-make-mem_dump_obj-handle-vmalloc-memory.patch
mm-make-mem_obj_dump-vmalloc-dumps-include-start-and-length.patch
rcu-make-call_rcu-print-mem_dump_obj-info-for-double-freed-callback.patch
percpu_ref-dump-mem_dump_obj-info-upon-reference-count-underflow.patch
