diff options
| author | Catalin Marinas <catalin.marinas@arm.com> | 2015-06-24 19:58:34 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-06-24 20:49:45 -0400 |
| commit | 9d5a4c730dd164f6f1b4ed6690fbe2667e5149ea (patch) | |
| tree | 6fc2ada2616ddbf4f41d849217bea934509c5684 | |
| parent | 5f369f374ba4889fe3c17883402db5ee8d254216 (diff) | |
mm: kmemleak: avoid deadlock on the kmemleak object insertion error path
While very unlikely (usually kmemleak or sl*b bug), the create_object()
function in mm/kmemleak.c may fail to insert a newly allocated object into
the rb tree. When this happens, kmemleak disables itself and prints
additional information about the object already found in the rb tree.
Such printing is done with the parent->lock acquired, however the
kmemleak_lock is already held. This is a potential race with the scanning
thread which acquires object->lock and kmemleak_lock in a
This patch removes the locking around the 'parent' object information
printing. Such object cannot be freed or removed from object_tree_root
and object_list since kmemleak_lock is already held. There is a very
small risk that some of the object data is being modified on another CPU
but the only downside is inconsistent information printing.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| -rw-r--r-- | mm/kmemleak.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/mm/kmemleak.c b/mm/kmemleak.c index 8a57e34625fa..c0fd7769d227 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c | |||
| @@ -53,6 +53,11 @@ | |||
| 53 | * modifications to the memory scanning parameters including the scan_thread | 53 | * modifications to the memory scanning parameters including the scan_thread |
| 54 | * pointer | 54 | * pointer |
| 55 | * | 55 | * |
| 56 | * Locks and mutexes should only be acquired/nested in the following order: | ||
| 57 | * | ||
| 58 | * scan_mutex -> object->lock -> other_object->lock (SINGLE_DEPTH_NESTING) | ||
| 59 | * -> kmemleak_lock | ||
| 60 | * | ||
| 56 | * The kmemleak_object structures have a use_count incremented or decremented | 61 | * The kmemleak_object structures have a use_count incremented or decremented |
| 57 | * using the get_object()/put_object() functions. When the use_count becomes | 62 | * using the get_object()/put_object() functions. When the use_count becomes |
| 58 | * 0, this count can no longer be incremented and put_object() schedules the | 63 | * 0, this count can no longer be incremented and put_object() schedules the |
| @@ -603,11 +608,13 @@ static struct kmemleak_object *create_object(unsigned long ptr, size_t size, | |||
| 603 | kmemleak_stop("Cannot insert 0x%lx into the object " | 608 | kmemleak_stop("Cannot insert 0x%lx into the object " |
| 604 | "search tree (overlaps existing)\n", | 609 | "search tree (overlaps existing)\n", |
| 605 | ptr); | 610 | ptr); |
| 611 | /* | ||
| 612 | * No need for parent->lock here since "parent" cannot | ||
| 613 | * be freed while the kmemleak_lock is held. | ||
| 614 | */ | ||
| 615 | dump_object_info(parent); | ||
| 606 | kmem_cache_free(object_cache, object); | 616 | kmem_cache_free(object_cache, object); |
| 607 | object = parent; | 617 | object = NULL; |
| 608 | spin_lock(&object->lock); | ||
| 609 | dump_object_info(object); | ||
| 610 | spin_unlock(&object->lock); | ||
| 611 | goto out; | 618 | goto out; |
| 612 | } | 619 | } |
| 613 | } | 620 | } |