[Devel] [PATCH RHEL9 COMMIT] mm/kmemleak: Fix use of uninitialized pointer in percpu object creation

[Konstantin Khorenko]

The commit is pushed to "branch-rh9-5.14.0-427.22.1.vz9.62.x-ovz" and will 
appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-427.22.1.vz9.62.2
------>
commit ffb512bc0e698321c23d49590981ae37bb06b5cd
Author: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
Date:   Fri Jul 12 15:00:00 2024 +0800

    mm/kmemleak: Fix use of uninitialized pointer in percpu object creation
    
    After ms commit ad1a3e15fcd3b ("kmemleak: fix kmemleak false positive
    report with HW tag-based kasan enable") [1], the untagged_ptr is also
    used in rbtree search loop, the patch [2] was not correctly updated in
    rebase, so untagged_ptr is used uninitialized in percpu case.
    
    Fix it by always setting untagged_ptr. Also, while on it, also use
    untagged_ptr for min/max_percpu_addr.
    
    https://virtuozzo.atlassian.net/browse/PSBM-156004
    Fixes: c9438a892d597 ("mm/kmemleak: Add support for percpu memory leak 
detect") [2]
    Signed-off-by: Pavel Tikhomirov <ptikhomi...@virtuozzo.com>
---
 mm/kmemleak.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index d1a5d27e5269..8e5f957ba71e 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -685,11 +685,11 @@ static void __create_object(unsigned long ptr, size_t 
size,
 
        raw_spin_lock_irqsave(&kmemleak_lock, flags);
 
+       untagged_ptr = (unsigned long)kasan_reset_tag((void *)ptr);
        if (object->flags & OBJECT_PERCPU) {
-               min_percpu_addr = min(min_percpu_addr, ptr);
-               max_percpu_addr = max(max_percpu_addr, ptr + size);
+               min_percpu_addr = min(min_percpu_addr, untagged_ptr);
+               max_percpu_addr = max(max_percpu_addr, untagged_ptr + size);
        } else {
-               untagged_ptr = (unsigned long)kasan_reset_tag((void *)ptr);
                /*
                 * Only update min_addr and max_addr with object
                 * storing virtual address.
@@ -1342,11 +1342,11 @@ static void add_pointer_to_gray_list(struct 
kmemleak_object *scanned, unsigned l
        unsigned long untagged_ptr;
        unsigned long excess_ref;
 
+       untagged_ptr = (unsigned long)kasan_reset_tag((void *)pointer);
        if (pcpu) {
-               if (pointer < min_percpu_addr || pointer >= max_percpu_addr)
+               if (untagged_ptr < min_percpu_addr || untagged_ptr >= 
max_percpu_addr)
                        return;
        } else {
-               untagged_ptr = (unsigned long)kasan_reset_tag((void *)pointer);
                if (untagged_ptr < min_addr || untagged_ptr >= max_addr)
                        return;
        }
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel