代码拉取完成,页面将自动刷新
问题现象如下
[root@localhost ~]# echo scan > /sys/kernel/debug/kmemleak
[root@localhost ~]# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff8881238de580 (size 512):
comm "mount.cifs", pid 576, jiffies 4294805132 (age 398.116s)
hex dump (first 32 bytes):
00 30 63 10 81 88 ff ff e0 3d 63 10 81 88 ff ff .0c......=c.....
00 00 00 00 00 00 00 00 80 31 d1 22 81 88 ff ff .........1."....
backtrace:
[<00000000aa76ee94>] cifs_smb3_do_mount+0xa2/0x5b0
[<00000000b87d07fd>] mount_fs+0x5c/0x191
[<000000006a4dd4d9>] vfs_kern_mount.part.0+0x51/0x1b0
[<000000008da7b30f>] do_mount+0x30b/0x1320
[<000000009a9aa187>] ksys_mount+0x7e/0xc0
[<00000000df394707>] __x64_sys_mount+0x62/0x70
[<0000000063676d8d>] do_syscall_64+0x7b/0x2c0
[<00000000c2dae16f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[<00000000aea7b412>] 0xffffffffffffffff
unreferenced object 0xffff888122d13180 (size 32):
comm "mount.cifs", pid 576, jiffies 4294805132 (age 398.116s)
hex dump (first 32 bytes):
5c 5c 31 39 32 2e 31 36 38 2e 36 38 2e 37 37 5c \\192.168.68.77\
54 45 53 54 00 00 00 00 00 00 00 00 00 00 00 00 TEST............
backtrace:
[<00000000717a9281>] cifs_parse_mount_options+0x459/0x2230
[<000000001aa09c5c>] cifs_setup_volume_info+0x1f/0x1f0
[<00000000c1a42c36>] cifs_get_volume_info+0x4e/0x90
[<00000000aa76ee94>] cifs_smb3_do_mount+0xa2/0x5b0
[<00000000b87d07fd>] mount_fs+0x5c/0x191
[<000000006a4dd4d9>] vfs_kern_mount.part.0+0x51/0x1b0
[<000000008da7b30f>] do_mount+0x30b/0x1320
[<000000009a9aa187>] ksys_mount+0x7e/0xc0
[<00000000df394707>] __x64_sys_mount+0x62/0x70
[<0000000063676d8d>] do_syscall_64+0x7b/0x2c0
[<00000000c2dae16f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[<00000000aea7b412>] 0xffffffffffffffff
unreferenced object 0xffff888110633000 (size 8):
comm "mount.cifs", pid 576, jiffies 4294805132 (age 398.116s)
hex dump (first 8 bytes):
66 73 67 71 61 00 ff ff fsgqa...
backtrace:
[<000000006315b419>] cifs_parse_mount_options+0xe5b/0x2230
[<000000001aa09c5c>] cifs_setup_volume_info+0x1f/0x1f0
[<00000000c1a42c36>] cifs_get_volume_info+0x4e/0x90
[<00000000aa76ee94>] cifs_smb3_do_mount+0xa2/0x5b0
[<00000000b87d07fd>] mount_fs+0x5c/0x191
[<000000006a4dd4d9>] vfs_kern_mount.part.0+0x51/0x1b0
[<000000008da7b30f>] do_mount+0x30b/0x1320
[<000000009a9aa187>] ksys_mount+0x7e/0xc0
[<00000000df394707>] __x64_sys_mount+0x62/0x70
[<0000000063676d8d>] do_syscall_64+0x7b/0x2c0
[<00000000c2dae16f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[<00000000aea7b412>] 0xffffffffffffffff
unreferenced object 0xffff888110633de0 (size 8):
comm "mount.cifs", pid 576, jiffies 4294805132 (age 398.116s)
hex dump (first 8 bytes):
68 75 61 77 65 69 00 00 huawei..
backtrace:
[<000000001aa09c5c>] cifs_setup_volume_info+0x1f/0x1f0
[<00000000c1a42c36>] cifs_get_volume_info+0x4e/0x90
[<00000000aa76ee94>] cifs_smb3_do_mount+0xa2/0x5b0
[<00000000b87d07fd>] mount_fs+0x5c/0x191
[<000000006a4dd4d9>] vfs_kern_mount.part.0+0x51/0x1b0
[<000000008da7b30f>] do_mount+0x30b/0x1320
[<000000009a9aa187>] ksys_mount+0x7e/0xc0
[<00000000df394707>] __x64_sys_mount+0x62/0x70
[<0000000063676d8d>] do_syscall_64+0x7b/0x2c0
[<00000000c2dae16f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[<00000000aea7b412>] 0xffffffffffffffff
unreferenced object 0xffff88810cf00120 (size 32):
comm "mount.cifs", pid 701, jiffies 4294848207 (age 355.056s)
hex dump (first 32 bytes):
5c 5c 31 39 32 2e 31 36 38 2e 36 38 2e 37 37 5c \\192.168.68.77\
54 45 53 54 00 00 00 00 00 00 00 00 00 00 00 00 TEST............
backtrace:
[<00000000717a9281>] cifs_parse_mount_options+0x459/0x2230
[<000000001aa09c5c>] cifs_setup_volume_info+0x1f/0x1f0
[<00000000c1a42c36>] cifs_get_volume_info+0x4e/0x90
[<00000000aa76ee94>] cifs_smb3_do_mount+0xa2/0x5b0
[<00000000b87d07fd>] mount_fs+0x5c/0x191
[<000000006a4dd4d9>] vfs_kern_mount.part.0+0x51/0x1b0
[<000000008da7b30f>] do_mount+0x30b/0x1320
[<000000009a9aa187>] ksys_mount+0x7e/0xc0
[<00000000df394707>] __x64_sys_mount+0x62/0x70
[<0000000063676d8d>] do_syscall_64+0x7b/0x2c0
[<00000000c2dae16f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[<00000000aea7b412>] 0xffffffffffffffff
unreferenced object 0xffff88814e6ed180 (size 8):
comm "mount.cifs", pid 701, jiffies 4294848208 (age 355.055s)
hex dump (first 8 bytes):
68 75 61 77 65 69 00 00 huawei..
backtrace:
[<000000001aa09c5c>] cifs_setup_volume_info+0x1f/0x1f0
[<00000000c1a42c36>] cifs_get_volume_info+0x4e/0x90
[<00000000aa76ee94>] cifs_smb3_do_mount+0xa2/0x5b0
[<00000000b87d07fd>] mount_fs+0x5c/0x191
[<000000006a4dd4d9>] vfs_kern_mount.part.0+0x51/0x1b0
[<000000008da7b30f>] do_mount+0x30b/0x1320
[<000000009a9aa187>] ksys_mount+0x7e/0xc0
[<00000000df394707>] __x64_sys_mount+0x62/0x70
[<0000000063676d8d>] do_syscall_64+0x7b/0x2c0
[<00000000c2dae16f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[<00000000aea7b412>] 0xffffffffffffffff
unreferenced object 0xffff88810f851680 (size 512):
comm "mount.cifs", pid 747, jiffies 4295139638 (age 63.625s)
hex dump (first 32 bytes):
b0 c4 41 08 81 88 ff ff d0 ce 41 08 81 88 ff ff ..A.......A.....
00 00 00 00 00 00 00 00 00 60 7f 02 81 88 ff ff .........`......
backtrace:
[<00000000aa76ee94>] cifs_smb3_do_mount+0xa2/0x5b0
[<00000000b87d07fd>] mount_fs+0x5c/0x191
[<000000006a4dd4d9>] vfs_kern_mount.part.0+0x51/0x1b0
[<000000008da7b30f>] do_mount+0x30b/0x1320
[<000000009a9aa187>] ksys_mount+0x7e/0xc0
[<00000000df394707>] __x64_sys_mount+0x62/0x70
[<0000000063676d8d>] do_syscall_64+0x7b/0x2c0
[<00000000c2dae16f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[<00000000aea7b412>] 0xffffffffffffffff
unreferenced object 0xffff8881027f6000 (size 32):
comm "mount.cifs", pid 747, jiffies 4295139638 (age 63.625s)
hex dump (first 32 bytes):
5c 5c 31 39 32 2e 31 36 38 2e 36 38 2e 37 37 5c \\192.168.68.77\
54 45 53 54 00 ff ff ff 50 6a 57 ae ff ff ff ff TEST....PjW.....
backtrace:
[<00000000717a9281>] cifs_parse_mount_options+0x459/0x2230
[<000000001aa09c5c>] cifs_setup_volume_info+0x1f/0x1f0
[<00000000c1a42c36>] cifs_get_volume_info+0x4e/0x90
[<00000000aa76ee94>] cifs_smb3_do_mount+0xa2/0x5b0
[<00000000b87d07fd>] mount_fs+0x5c/0x191
[<000000006a4dd4d9>] vfs_kern_mount.part.0+0x51/0x1b0
[<000000008da7b30f>] do_mount+0x30b/0x1320
[<000000009a9aa187>] ksys_mount+0x7e/0xc0
[<00000000df394707>] __x64_sys_mount+0x62/0x70
[<0000000063676d8d>] do_syscall_64+0x7b/0x2c0
[<00000000c2dae16f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[<00000000aea7b412>] 0xffffffffffffffff
unreferenced object 0xffff88810841c4b0 (size 8):
comm "mount.cifs", pid 747, jiffies 4295139638 (age 63.640s)
hex dump (first 8 bytes):
66 73 67 71 61 00 ff ff fsgqa...
backtrace:
[<000000006315b419>] cifs_parse_mount_options+0xe5b/0x2230
[<000000001aa09c5c>] cifs_setup_volume_info+0x1f/0x1f0
[<00000000c1a42c36>] cifs_get_volume_info+0x4e/0x90
[<00000000aa76ee94>] cifs_smb3_do_mount+0xa2/0x5b0
[<00000000b87d07fd>] mount_fs+0x5c/0x191
[<000000006a4dd4d9>] vfs_kern_mount.part.0+0x51/0x1b0
[<000000008da7b30f>] do_mount+0x30b/0x1320
[<000000009a9aa187>] ksys_mount+0x7e/0xc0
[<00000000df394707>] __x64_sys_mount+0x62/0x70
[<0000000063676d8d>] do_syscall_64+0x7b/0x2c0
[<00000000c2dae16f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[<00000000aea7b412>] 0xffffffffffffffff
unreferenced object 0xffff88810841ced0 (size 8):
comm "mount.cifs", pid 747, jiffies 4295139638 (age 63.640s)
hex dump (first 8 bytes):
68 75 61 77 65 69 00 00 huawei..
backtrace:
[<000000001aa09c5c>] cifs_setup_volume_info+0x1f/0x1f0
[<00000000c1a42c36>] cifs_get_volume_info+0x4e/0x90
[<00000000aa76ee94>] cifs_smb3_do_mount+0xa2/0x5b0
[<00000000b87d07fd>] mount_fs+0x5c/0x191
[<000000006a4dd4d9>] vfs_kern_mount.part.0+0x51/0x1b0
[<000000008da7b30f>] do_mount+0x30b/0x1320
[<000000009a9aa187>] ksys_mount+0x7e/0xc0
[<00000000df394707>] __x64_sys_mount+0x62/0x70
[<0000000063676d8d>] do_syscall_64+0x7b/0x2c0
[<00000000c2dae16f>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[<00000000aea7b412>] 0xffffffffffffffff
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
LuoMeng
3年前
LTS补丁2fe0e281f7ad 分析:
代码分析:
cifs_get_root # 此处失败
deactivate_locked_super
cifs_kill_sb # 通过 fs->kill_sb 回调
cifs_umount
kfree(cifs_sb->prepath); # 已释放一次
call_rcu(&cifs_sb->rcu, delayed_free)
smb3_cleanup_fs_context(cifs_sb->ctx)
kfree(ctx)
kfree(cifs_sb->prepath); # 重复释放
smb3_cleanup_fs_context(cifs_sb->ctx);
kfree(cifs_sb); # 重复释放
delayed_free # 此处会释放
smb3_cleanup_fs_context(cifs_sb->ctx);
根据上述流程补丁修复了double free的问题
LuoMeng
3年前
在openEuler-1.0-LTS里流程如下:
cifs_get_root
deactivate_locked_super
cifs_kill_sb
cifs_umount
kfree(cifs_sb->mountdata)
kfree(cifs_sb->prepath)
call_rcu(&cifs_sb->rcu, delayed_free)
cifs_cleanup_volume_info(volume_info) # 回合补丁后该分支跳过
kfree(volume_info)
在4,19的代码逻辑中不会发生double free,而此时若在合入LTS补丁会导致跳过cifs_cleanup_volume_info(),此时会导致memory leak。
登录 后才可以发表评论
FileDragTip