Re: [PATCH v8 00/70] Introducing the Maple Tree

From: Liam Howlett
Date: Wed Apr 27 2022 - 18:41:59 EST


* Qian Cai <quic_qiancai@xxxxxxxxxxx> [220427 16:22]:
> On Wed, Apr 27, 2022 at 04:51:50PM +0000, Liam Howlett wrote:
> > Thanks. This is indeed an issue with 0d43186b36c1 (mm/mlock: use vma
> > iterator and instead of vma linked list)
> >
> > Andrew, Please include this patch as a fix.
>
> Even with the patch applied, there are still thousands of memory leaks
> reports from kmemleak after booting.

Thank you for finding this.

>
> unreferenced object 0xffff400259bd6d00 (size 256):
> comm "multipathd", pid 2577, jiffies 4294915929 (age 2370.384s)
> hex dump (first 32 bytes):
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
> backtrace:
> slab_post_alloc_hook
> kmem_cache_alloc_bulk
> mas_alloc_nodes
> mt_alloc_bulk at lib/maple_tree.c:151
> (inlined by) mas_alloc_nodes at lib/maple_tree.c:1244
> mas_preallocate
> __vma_adjust
> shift_arg_pages
> setup_arg_pages
> load_elf_binary
> search_binary_handler
> exec_binprm
> bprm_execve
> do_execveat_common.isra.0
> __arm64_sys_execve
> invoke_syscall
> el0_svc_common.constprop.0
> do_el0_svc

__vma_adjust is way too complicated. This patch should fix the leak.

Andrew, please add this patch to "mm: start tracking VMAs with maple tree"


Thanks,
Liam
From 74f551227d44b351d56f4ec0a36542d871f337d5 Mon Sep 17 00:00:00 2001
From: "Liam R. Howlett" <Liam.Howlett@xxxxxxxxxx>
Date: Wed, 27 Apr 2022 18:40:00 -0400
Subject: [PATCH] mm/mmap: Fix __vma_adjust() memory leak.

When shifting the arg pages, the maple state may be left with allocated
memory. Free the memory by calling mas_destroy() unconditionally at the
end of the function.

Fixes: bd6a1fd58daf (mm: start tracking VMAs with maple tree)
Signed-off-by: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx>
---
mm/mmap.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/mm/mmap.c b/mm/mmap.c
index 6a37f5d2e496..f52bbf9aa024 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -904,6 +904,7 @@ int __vma_adjust(struct vm_area_struct *vma, unsigned long start,
uprobe_mmap(insert);
}

+ mas_destroy(&mas);
validate_mm(mm);

return 0;
--
2.35.1