Rustam Kovhaev
unread,Jun 24, 2021, 1:28:18 PM6/24/21Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Andrii Nakryiko, Dmitry Vyukov, Andrii Nakryiko, syzbot, Alexei Starovoitov, bpf, Daniel Borkmann, John Fastabend, Martin KaFai Lau, KP Singh, LKML, netdev, Song Liu, syzkaller-bugs, Yonghong Song, Greg Kroah-Hartman
Andrii, we have discovered that kmemleak scans struct page, but it does
not scan page contents and this is by design. if we allocate some memory
with kmalloc(), then allocate page with alloc_page(), and if we put
kmalloc pointer somewhere inside that page, kmemleak will report kmalloc
pointer as a false positive.
we can instruct kmemleak to scan the memory area by calling
kmemleak_alloc()/kmemleak_free() as shown below. if we don't need that
memory to be scanned then we can use kmemleak_not_leak().
if we use the former then i guess we need to be careful since we do not
want/need to scan the memory that is being used by user-space.
---
kernel/bpf/ringbuf.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/bpf/ringbuf.c b/kernel/bpf/ringbuf.c
index 84b3b35fc0d0..cf7ce10b4fb1 100644
--- a/kernel/bpf/ringbuf.c
+++ b/kernel/bpf/ringbuf.c
@@ -8,6 +8,7 @@
#include <linux/vmalloc.h>
#include <linux/wait.h>
#include <linux/poll.h>
+#include <linux/kmemleak.h>
#include <uapi/linux/btf.h>
#define RINGBUF_CREATE_FLAG_MASK (BPF_F_NUMA_NODE)
@@ -105,6 +106,7 @@ static struct bpf_ringbuf *bpf_ringbuf_area_alloc(size_t data_sz, int numa_node)
rb = vmap(pages, nr_meta_pages + 2 * nr_data_pages,
VM_ALLOC | VM_USERMAP, PAGE_KERNEL);
if (rb) {
+ kmemleak_alloc(rb, PAGE_SIZE, 1, flags);
rb->pages = pages;
rb->nr_pages = nr_pages;
return rb;
@@ -184,6 +186,7 @@ static void bpf_ringbuf_free(struct bpf_ringbuf *rb)
struct page **pages = rb->pages;
int i, nr_pages = rb->nr_pages;
+ kmemleak_free(rb);
vunmap(rb);
for (i = 0; i < nr_pages; i++)
__free_page(pages[i]);
--
2.30.2