From nobody Sat Jun 13 16:24:52 2026 Received: from stravinsky.debian.org (stravinsky.debian.org [82.195.75.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6421A44E044; Wed, 6 May 2026 12:58:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=82.195.75.108 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778072332; cv=none; b=Bw7DK8AjqfmNZjq9Cfl1/ZVbpaFy2YJk3DDaQTVWipWcN8BuedqYtscVOgPt9Ot8yhhsZyJ6G4+yb0VQxpExOtIPst9EdNytJph3vL5Akze+J6gd2OkE1Mu4Gm5sD0kL+sFYcUvC2nH8JQOnpC9/e5gQJGDLFe3dqARDrSvIcNs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778072332; c=relaxed/simple; bh=1//t1UiSD1tR8+vfspZm6iRfOUIZdp28yzjcKy4mlKM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=RffqUgheJTExSb5mXbNRLUo8rQYZB0WdldDpeDv9uFsN/EKngFCczbDHkg4y+5h/8Y9swFLhi3eYCi+t8JyI/iLjwHUvsBZr7a2/hBjseE6zaZPkSiL1PqhhledqUeqBEWBhBzKbBDkacRPFDW+0Gpu0DPpsMqhfeEYHZLcLS1g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=debian.org; spf=pass smtp.mailfrom=debian.org; dkim=pass (2048-bit key) header.d=debian.org header.i=@debian.org header.b=CirBYUWR; arc=none smtp.client-ip=82.195.75.108 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=debian.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=debian.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=debian.org header.i=@debian.org header.b="CirBYUWR" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.stravinsky; h=X-Debian-User:Cc:To:In-Reply-To:References: Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description; bh=SkJGOedf0aM8/IeMqaUUafwdx0GucTYJ0nkxHCNK3IU=; b=CirBYUWRDE1tPMN1IJdGTK+moX MYX+Qvu9pE+IQMlPV3pCmvCQAANx3l0OyfyX6kQxlE4phQzur5qQrxdWJNLXgMKTAiFjNbGwON3ty REASNYAaorfBFBDT8JDal9GNk8ccm8RnBExyL66s4qxH/Z8ZItDoBRVlE4MKadYQPusDyIiT9x6em zWR2akK5E5rgcm3DA4YO9k5DydHm0atwtk7wnsp6esErO0EP9HNRYAHMIn07dOwHw+1o599UPc4k6 iZOCNMYRS7VccKO1rq0xW0IopY16DCeL2hk57kXzt0sWApXdaiUaezsEXj/U4T0IcOCUG2NGdch9P 2pgxHiQg==; Received: from authenticated user by stravinsky.debian.org with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from ) id 1wKbpq-003bX8-1W; Wed, 06 May 2026 12:58:42 +0000 From: Breno Leitao Date: Wed, 06 May 2026 05:58:24 -0700 Subject: [PATCH v3 1/2] mm/kmemleak: dedupe verbose scan output by allocation backtrace Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260506-kmemleak_dedup-v3-1-2d36aafc34da@debian.org> References: <20260506-kmemleak_dedup-v3-0-2d36aafc34da@debian.org> In-Reply-To: <20260506-kmemleak_dedup-v3-0-2d36aafc34da@debian.org> To: Andrew Morton , David Hildenbrand , Lorenzo Stoakes , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Shuah Khan , Catalin Marinas , "Liam R. Howlett" , "Liam R. Howlett" Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, kernel-team@meta.com, Breno Leitao X-Mailer: b4 0.16-dev-453a6 X-Developer-Signature: v=1; a=openpgp-sha256; l=10743; i=leitao@debian.org; h=from:subject:message-id; bh=1//t1UiSD1tR8+vfspZm6iRfOUIZdp28yzjcKy4mlKM=; b=owEBbQKS/ZANAwAIATWjk5/8eHdtAcsmYgBp+zr4wIFH7CFobGJ9WhVeD/cZH9p5+/cccNFJo GHHr13TAqKJAjMEAAEIAB0WIQSshTmm6PRnAspKQ5s1o5Of/Hh3bQUCafs6+AAKCRA1o5Of/Hh3 bWXlEACjDipbj1q85MG0fw5uigq6W4GKdGmqVHvGmDtkl/uXNYQ2JEgjnVhg7C77XBMJOqdFprs q4vdWiWB/6uYe31xJfR6Gag14H91HrYfhoyJqv7dAH1hKYVP8blBgtZyU2N2eULmKjvXYIIpCXr YpkOiTMHams5V7tzBUalEpkNIP832npayCyyvi5O/QoF5TrJ6HI3Xxg3IXRw6kChPNaNDoq0sVj h1vAFg6hznC6pXgDV2IaJosXjRNe0B3A0dE9x7cv27xic/R8CrEg526FG+54RsloATDrhZDQKsf RusuwptrG66RTvSj49ySwaldYgNbEJlqVma8lBvYZk3kDmryC3eM8O9ge83xdkXEvju96S5L3H/ /E/bRAMZ9Bt0oxyVdqfA0HZzMMXy4X2fBWHaTmMQjvYsRbVLqwvFivaZJ8Ib4/9hrjWy1kzrWDA QsJcCJYRUwNW9F/R1delQxAi/Kd7/pU9k/DsdP5XoR0J+G8fehH+DdwQ8ucQQ4NVziY7+bfagj5 9aBOZSAsWTfb5Fd8Fa6pfoAVjEsUnWq66QLS7/OLkIHnQRVpZ6TOjN55vx3XNIT3uuasbN7WPub nfgu9QqF2U8B73ZtC2uKRLT3BDBWdlkeHRbmdrdLTi/0mvHxVS3INBZAcIkEDW2c/qCnWxX/0HB MUTBPPaofXx4ygA== X-Developer-Key: i=leitao@debian.org; a=openpgp; fpr=AC8539A6E8F46702CA4A439B35A3939FFC78776D X-Debian-User: leitao In kmemleak's verbose mode, every unreferenced object found during a scan is logged with its full header, hex dump and 16-frame backtrace. Workloads that leak many objects from a single allocation site flood dmesg with byte-for-byte identical backtraces, drowning out distinct leaks and other kernel messages. Dedupe within each scan using stackdepot's trace_handle as the key: for every leaked object with a recorded stack trace, look up the representative kmemleak_object in a per-scan xarray keyed by trace_handle. The first sighting stores the object pointer (with a get_object() reference) and sets object->dup_count to 1; later sightings just bump dup_count on the representative. After the scan, walk the xarray once and emit each unique backtrace, followed by a single summary line when more than one object shares it. Leaks whose trace_handle is 0 (early-boot allocations tracked before kmemleak_init() set up object_cache, or stack_depot_save() failures under memory pressure) cannot be deduped, so they are still printed inline via the same locked OBJECT_ALLOCATED-checked helper. The contents of /sys/kernel/debug/kmemleak are unchanged - only the verbose console output is collapsed. Safety notes: - The xarray store happens outside object->lock: object->lock is a raw spinlock, while xa_store() may grab xa_node slab locks at a higher wait-context level which lockdep flags as invalid. trace_handle is captured under object->lock (which serialises with kmemleak_update_trace()'s writer), so it is safe to use after dropping the lock. - get_object() pins the kmemleak_object metadata across rcu_read_unlock(), but the underlying tracked allocation can still be freed concurrently. The deferred print path therefore re-acquires object->lock and re-checks OBJECT_ALLOCATED via print_leak_locked() before touching object->pointer; __delete_object() clears that flag under the same lock before the user memory goes away. The same helper is used by the trace_handle =3D=3D 0 and xa_store() failure fallbacks, so every printer in the new path has identical safety guarantees. - If get_object() fails after we set OBJECT_REPORTED, the object is already being torn down (use_count hit zero); the leak count is still accurate but the verbose line is dropped, which is correct - the memory was freed concurrently and is no longer a leak. - If xa_store() fails to allocate an xa_node under memory pressure, we fall back to printing inline via print_leak_locked() instead of silently dropping the leak. - The hex dump is skipped for coalesced entries (dup_count > 1): bytes would differ across objects sharing a backtrace anyway, and skipping it removes the only remaining read of object->pointer's contents in the deferred path. The representative's reported size may also differ from the coalesced objects' sizes; the printed trace_handle reflects the representative's current value rather than the value used as the dedup key, which is normally - but not strictly - identical. Reviewed-by: Catalin Marinas Signed-off-by: Breno Leitao --- mm/kmemleak.c | 148 ++++++++++++++++++++++++++++++++++++++++++++++++++++++= ---- 1 file changed, 140 insertions(+), 8 deletions(-) diff --git a/mm/kmemleak.c b/mm/kmemleak.c index 2eff0d6b622b6..7c7ba17ce7af0 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c @@ -92,6 +92,7 @@ #include #include #include +#include #include =20 #include @@ -157,6 +158,8 @@ struct kmemleak_object { struct hlist_head area_list; unsigned long jiffies; /* creation timestamp */ pid_t pid; /* pid of the current task */ + /* per-scan dedup count, valid only while in scan-local dedup xarray */ + unsigned int dup_count; char comm[TASK_COMM_LEN]; /* executable name */ }; =20 @@ -360,8 +363,9 @@ static const char *__object_type_str(struct kmemleak_ob= ject *object) * Printing of the unreferenced objects information to the seq file. The * print_unreferenced function must be called with the object->lock held. */ -static void print_unreferenced(struct seq_file *seq, - struct kmemleak_object *object) +static void __print_unreferenced(struct seq_file *seq, + struct kmemleak_object *object, + bool hex_dump) { int i; unsigned long *entries; @@ -373,7 +377,8 @@ static void print_unreferenced(struct seq_file *seq, object->pointer, object->size); warn_or_seq_printf(seq, " comm \"%s\", pid %d, jiffies %lu\n", object->comm, object->pid, object->jiffies); - hex_dump_object(seq, object); + if (hex_dump) + hex_dump_object(seq, object); warn_or_seq_printf(seq, " backtrace (crc %x):\n", object->checksum); =20 for (i =3D 0; i < nr_entries; i++) { @@ -382,6 +387,12 @@ static void print_unreferenced(struct seq_file *seq, } } =20 +static void print_unreferenced(struct seq_file *seq, + struct kmemleak_object *object) +{ + __print_unreferenced(seq, object, true); +} + /* * Print the kmemleak_object information. This function is used mainly for * debugging special cases when kmemleak operations. It must be called with @@ -1684,6 +1695,103 @@ static void kmemleak_cond_resched(struct kmemleak_o= bject *object) put_object(object); } =20 +/* + * Print one leak inline. The hex dump is gated on OBJECT_ALLOCATED so it + * does not touch user memory that was freed concurrently; the rest of the + * report (backtrace, comm, pid) is always emitted since the kmemleak_obje= ct + * metadata is pinned by the caller. + */ +static void print_leak_locked(struct kmemleak_object *object, bool hex_dum= p) +{ + raw_spin_lock_irq(&object->lock); + __print_unreferenced(NULL, object, + hex_dump && (object->flags & OBJECT_ALLOCATED)); + raw_spin_unlock_irq(&object->lock); +} + +/* + * Per-scan dedup table for verbose leak printing. The xarray is keyed by + * stackdepot trace_handle and stores a pointer to the representative + * kmemleak_object. The per-scan repeat count lives in object->dup_count. + * + * dedup_record() must run outside object->lock: xa_store() may take + * mutexes (xa_node slab allocation) which lockdep would flag against the + * raw spinlock object->lock. + */ +static void dedup_record(struct xarray *dedup, struct kmemleak_object *obj= ect, + depot_stack_handle_t trace_handle) +{ + struct kmemleak_object *rep; + void *old; + + /* + * No stack trace to dedup against: early-boot allocation tracked + * before kmemleak_init() set up object_cache, or stack_depot_save() + * failure under memory pressure. + */ + if (!trace_handle) { + print_leak_locked(object, true); + return; + } + + /* stack is available, now we can de-dup */ + rep =3D xa_load(dedup, trace_handle); + if (rep) { + rep->dup_count++; + return; + } + + /* + * Object is being torn down (use_count already hit zero); the + * tracked memory at object->pointer is unsafe to read, so skip. + */ + if (!get_object(object)) + return; + + object->dup_count =3D 1; + old =3D xa_store(dedup, trace_handle, object, GFP_ATOMIC); + if (xa_is_err(old)) { + /* xa_node allocation failed; fall back to inline print. */ + print_leak_locked(object, true); + put_object(object); + return; + } + /* + * scan_mutex serialises all writers to the dedup xarray, so xa_store() + * after a NULL xa_load() must always overwrite an empty slot. + */ + WARN_ON_ONCE(old); +} + +/* + * Drain the dedup table. Re-acquires object->lock and re-checks + * OBJECT_ALLOCATED before printing: while get_object() pins the + * kmemleak_object metadata, the underlying tracked allocation may have + * been freed since the scan walked it (kmemleak_free clears + * OBJECT_ALLOCATED under object->lock before the user memory goes away). + * The hex dump is skipped for coalesced entries since the bytes would + * differ across objects anyway. + */ +static void dedup_flush(struct xarray *dedup) +{ + struct kmemleak_object *object; + unsigned long idx; + unsigned int dup; + bool coalesced; + + xa_for_each(dedup, idx, object) { + dup =3D object->dup_count; + coalesced =3D dup > 1; + + print_leak_locked(object, !coalesced); + if (coalesced) + pr_warn(" ... and %u more object(s) with the same backtrace\n", + dup - 1); + put_object(object); + xa_erase(dedup, idx); + } +} + /* * Scan data sections and all the referenced memory blocks allocated via t= he * kernel's standard allocators. This function must be called with the @@ -1694,6 +1802,7 @@ static void kmemleak_scan(void) struct kmemleak_object *object; struct zone *zone; int __maybe_unused i; + struct xarray dedup; int new_leaks =3D 0; =20 jiffies_last_scan =3D jiffies; @@ -1834,10 +1943,18 @@ static void kmemleak_scan(void) return; =20 /* - * Scanning result reporting. + * Scanning result reporting. When verbose printing is enabled, dedupe + * by stackdepot trace_handle so each unique backtrace is logged once + * per scan, annotated with the number of objects that share it. The + * per-leak count below still reflects every object, and + * /sys/kernel/debug/kmemleak still lists them individually. */ + xa_init(&dedup); rcu_read_lock(); list_for_each_entry_rcu(object, &object_list, object_list) { + depot_stack_handle_t trace_handle; + bool dedup_print; + if (need_resched()) kmemleak_cond_resched(object); =20 @@ -1849,18 +1966,33 @@ static void kmemleak_scan(void) if (!color_white(object)) continue; raw_spin_lock_irq(&object->lock); + trace_handle =3D 0; + dedup_print =3D false; if (unreferenced_object(object) && !(object->flags & OBJECT_REPORTED)) { object->flags |=3D OBJECT_REPORTED; - - if (kmemleak_verbose) - print_unreferenced(NULL, object); - + if (kmemleak_verbose) { + trace_handle =3D object->trace_handle; + dedup_print =3D true; + } new_leaks++; } raw_spin_unlock_irq(&object->lock); + + /* + * Defer the verbose print outside object->lock: xa_store() + * may take xa_node slab locks at a higher wait-context level + * which lockdep would flag against the raw_spinlock_t + * object->lock. rcu_read_lock() keeps the kmemleak_object + * alive across the call. + */ + if (dedup_print) + dedup_record(&dedup, object, trace_handle); } rcu_read_unlock(); + /* Flush'em all */ + dedup_flush(&dedup); + xa_destroy(&dedup); =20 if (new_leaks) { kmemleak_found_leaks =3D true; --=20 2.52.0 From nobody Sat Jun 13 16:24:52 2026 Received: from stravinsky.debian.org (stravinsky.debian.org [82.195.75.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 948173F1676; Wed, 6 May 2026 12:58:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=82.195.75.108 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778072339; cv=none; b=CUpaS0lNGGtHSQufnXQZSKUIlwFx/MuYewP25qWGYMdruCuiJybdJ59jSOu+1qhp2Q4lH8Ujgyrh5VmKxg5pGUzxPaftgSEqJVgYKHKtdQ29icL9l9n2RL5+MZtic1ABgU7pGtwztUAqYbvlFuJxgsZVaa8BUl6AggGh+2bxTco= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778072339; c=relaxed/simple; bh=HNC66DdFx4sxkSUiDErSM+03OizehuxGGcWPFdtoziU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=MLrNyKNnNcgXog4Far6zNMfj9SGq8uzmuH9Vn4mHsYS3WrinX5oZFyOjdSa50jgMNW7chgc0txpNWlXFpCUmATeQ8x50PblLaxVLuTaPEcwQ4D33boInSyaauQeow85Gr5nOHAuIjnBHUh4ojwRvpCdE49qIPDWhnw8SZ7hwUao= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=debian.org; spf=pass smtp.mailfrom=debian.org; dkim=pass (2048-bit key) header.d=debian.org header.i=@debian.org header.b=jraVxtYN; arc=none smtp.client-ip=82.195.75.108 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=debian.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=debian.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=debian.org header.i=@debian.org header.b="jraVxtYN" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.stravinsky; h=X-Debian-User:Cc:To:In-Reply-To:References: Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Subject:Date: From:Reply-To:Content-ID:Content-Description; bh=2hsVRlQ0/XX4Lvi0I/xpVpRnUAFS0o/pLAACrLv+p0o=; b=jraVxtYN1uxjFGa7BOQO0ljKe3 P2D5GD57RerSjRBpXmC0xoHyF0G6mm7q3OA/5McgtVadBlKrbkgsQK8QQNx7C8Y4iWeVzrrXM97QH 0V0iGe+tv3QOcBVJuJeoEQ5rR8B3/ihiQpJepwzjpISZa7ZTNF6/zad8/fhc3X2jwW3nU+FS42wEx P4oEHhYkteY7p//mLjtFKhITI4xfahDoTlMi2pw8DhDe+zuowE0046d/h/DBX0yNW+PKbN3fSgSl6 EXXvFKDvQI36DU/Wv6jc+6coG+73yBzxV4Y3YxKLpmWuqlLgdWQWmQB6w92EAafmZ8qB8tB4/A2ET 2P7zhS/g==; Received: from authenticated user by stravinsky.debian.org with esmtpsa (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from ) id 1wKbpv-003bXE-0D; Wed, 06 May 2026 12:58:47 +0000 From: Breno Leitao Date: Wed, 06 May 2026 05:58:25 -0700 Subject: [PATCH v3 2/2] selftests/mm: add kmemleak verbose dedup test Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260506-kmemleak_dedup-v3-2-2d36aafc34da@debian.org> References: <20260506-kmemleak_dedup-v3-0-2d36aafc34da@debian.org> In-Reply-To: <20260506-kmemleak_dedup-v3-0-2d36aafc34da@debian.org> To: Andrew Morton , David Hildenbrand , Lorenzo Stoakes , Vlastimil Babka , Mike Rapoport , Suren Baghdasaryan , Michal Hocko , Shuah Khan , Catalin Marinas , "Liam R. Howlett" , "Liam R. Howlett" Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, kernel-team@meta.com, Breno Leitao X-Mailer: b4 0.16-dev-453a6 X-Developer-Signature: v=1; a=openpgp-sha256; l=11971; i=leitao@debian.org; h=from:subject:message-id; bh=HNC66DdFx4sxkSUiDErSM+03OizehuxGGcWPFdtoziU=; b=owEBbQKS/ZANAwAIATWjk5/8eHdtAcsmYgBp+zr4xjlpSgfZccRUtxvPoN9gmYDCYd9w3aw+e haQcdA4/OuJAjMEAAEIAB0WIQSshTmm6PRnAspKQ5s1o5Of/Hh3bQUCafs6+AAKCRA1o5Of/Hh3 bRu5EACbe2n8sEFVlNV7iME6df0isHCDSn9g0/XMeEPxc3C9rVN3X/KCR3WTqXg5HDIgVlM8zMn KNQ9TbwE+VRtuGTNUhxikalOHsFzl6QhU3SYP7ZnEkhCDcCvS/LiFvqp+2dqMZ6nBHJcGguHWsF UTn+fLGDoCex4pFRXJKjBP9N8eARUMp2/dvV01IOMD4wBi+u/sIobZnAYA0BgNvOm1e4Kls5j0n o1uFDeSSnCtBpFRP7kd08z+pbcU4gwJGWmhJyzxDmCIrQa4HWzU3wdzwiVOgSolo9f3Nw8vjEFu kaaONZAN+HLAw0xF1f00n2/NRM/gEANQ6+eirWbOROio9dULbAilMBC7qRaIbEicd4raN0g351u olihrQNNagsWFNHMd9zZFoN8m+WRbf4N3ZH59FfB2xFGKNlFrsesdmK9iYyuaZMRe/pNbfOKopK Ae5ub2JKgxHjcdMK68zd+wjaYWm4aNS3tYwDIjn4PRXLnjbLsmXdLfeYSTwQSUSUva+vOC2reDU 7+MkdTa9IKXYhQ3157AYtWzbAphAlDaZMxwODAKi23uWa+q02Ec3izpIFI9LHy+kluEAYLKbmcL xKzmZoOfps5bLawFRahPyf+p7Ch14CYFB0Hm4OOnaAjbdQxU+1eOpvmTGIZBohCw+eCrd0s6f6+ GQY8qP7qKPnSHkA== X-Developer-Key: i=leitao@debian.org; a=openpgp; fpr=AC8539A6E8F46702CA4A439B35A3939FFC78776D X-Debian-User: leitao Add a regression test for the per-scan verbose dedup added in the preceding commit. The test loads samples/kmemleak's helper module (CONFIG_SAMPLE_KMEMLEAK=3Dm) to generate orphan allocations, several of which share an allocation backtrace, runs four kmemleak scans with verbose printing enabled, then walks dmesg looking for two "unreferenced object" reports within a single scan that share an identical backtrace - which would mean dedup failed to collapse them. The test is intentionally permissive on detection but strict on regressions: - PASS when no duplicates are observed, regardless of whether the dedup summary line ("... and N more object(s) with the same backtrace") was actually emitted. Per-CPU chunk reuse, slab freelist pointers, kernel stack residue and CONFIG_DEBUG_KMEMLEAK_ AUTO_SCAN can all keep most of the orphans "still referenced" or reported across many separate scans, so the dedup path may have nothing to fold within one scan. That is not a regression. - PASS reports whether dedup actually fired, so a passing run on a well-behaved environment is still informative. - FAIL when two same-backtrace reports land in a single scan (clear dedup regression). - FAIL when kmemleak's own per-scan tally counts leaks but the verbose path emits zero "unreferenced object" lines - that catches a regression in the verbose printer itself, which would otherwise pass the duplicate check trivially. - SKIP when kmemleak is absent, disabled at runtime, or the helper module is not built. The dmesg parser anchors stack-frame matching to the indentation kmemleak uses for them (4+ spaces under "kmemleak: ") so unrelated kmemleak warnings landing between reports do not get lumped into the backtrace key and mask a duplicate. Signed-off-by: Breno Leitao Reviewed-by: Catalin Marinas --- tools/testing/selftests/mm/Makefile | 1 + tools/testing/selftests/mm/ksft_kmemleak_dedup.sh | 222 ++++++++++++++++++= ++++ 2 files changed, 223 insertions(+) diff --git a/tools/testing/selftests/mm/Makefile b/tools/testing/selftests/= mm/Makefile index 18779045b7f69..41053fdaad88d 100644 --- a/tools/testing/selftests/mm/Makefile +++ b/tools/testing/selftests/mm/Makefile @@ -151,6 +151,7 @@ TEST_PROGS +=3D ksft_gup_test.sh TEST_PROGS +=3D ksft_hmm.sh TEST_PROGS +=3D ksft_hugetlb.sh TEST_PROGS +=3D ksft_hugevm.sh +TEST_PROGS +=3D ksft_kmemleak_dedup.sh TEST_PROGS +=3D ksft_ksm.sh TEST_PROGS +=3D ksft_ksm_numa.sh TEST_PROGS +=3D ksft_madv_guard.sh diff --git a/tools/testing/selftests/mm/ksft_kmemleak_dedup.sh b/tools/test= ing/selftests/mm/ksft_kmemleak_dedup.sh new file mode 100755 index 0000000000000..d019502444901 --- /dev/null +++ b/tools/testing/selftests/mm/ksft_kmemleak_dedup.sh @@ -0,0 +1,222 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# Regression test for kmemleak's per-scan verbose dedup. +# +# Loads samples/kmemleak's helper module to generate orphan allocations +# (some of which share an allocation backtrace), runs a few kmemleak +# scans with verbose printing enabled, and verifies that no two +# "unreferenced object" reports within a single scan share the same +# backtrace - which would mean dedup failed to collapse them. +# +# This test is intentionally permissive: the kmemleak-test module's +# leaks frequently get reported across many separate scans (per-CPU +# chunk reuse, slab freelist pointers, kernel stack residue), so dedup +# may never have anything to fold within one scan. That is not a +# regression. The test only fails when it actually catches dedup not +# happening on input that should have triggered it - i.e. two reports +# with identical backtraces in the same scan. +# +# Author: Breno Leitao + +ksft_skip=3D4 +KMEMLEAK=3D/sys/kernel/debug/kmemleak +VERBOSE_PARAM=3D/sys/module/kmemleak/parameters/verbose +MODULE=3Dkmemleak-test + +skip() { + echo "SKIP: $*" + exit $ksft_skip +} + +fail() { + echo "FAIL: $*" + exit 1 +} + +pass() { + echo "PASS: $*" + exit 0 +} + +[ "$(id -u)" -eq 0 ] || skip "must run as root" +[ -r "$KMEMLEAK" ] || skip "no kmemleak debugfs (CONFIG_DEBUG_KMEMLEAK)" +[ -w "$VERBOSE_PARAM" ] || skip "kmemleak verbose param missing" +modinfo "$MODULE" >/dev/null 2>&1 || + skip "$MODULE not built (CONFIG_SAMPLE_KMEMLEAK)" + +# The verdict depends entirely on dmesg contents, so a silently-empty +# dmesg (dmesg_restrict=3D1 with CAP_SYSLOG dropped, restricted container, +# etc.) would let the script report PASS without parsing anything. Probe +# both read and clear up front and skip cleanly if either is denied. +dmesg >/dev/null 2>&1 || + skip "cannot read dmesg (need CAP_SYSLOG or dmesg_restrict=3D0)" +dmesg -C >/dev/null 2>&1 || + skip "cannot clear dmesg (need CAP_SYSLOG or dmesg_restrict=3D0)" + +# kmemleak can be present but disabled at runtime (boot arg kmemleak=3Doff, +# or it self-disabled after an internal error). In that state writes other +# than "clear" return EPERM, so probe once and skip if so. +if ! echo scan > "$KMEMLEAK" 2>/dev/null; then + skip "kmemleak is disabled (check dmesg or kmemleak=3D boot arg)" +fi + +prev_verbose=3D$(cat "$VERBOSE_PARAM") +# shellcheck disable=3DSC2317 # invoked indirectly via trap +cleanup() { + echo "$prev_verbose" > "$VERBOSE_PARAM" 2>/dev/null + rmmod "$MODULE" 2>/dev/null + # Drain the leak set we generated. Subsequent selftests (e.g. + # tools/testing/selftests/net/netfilter/nft_interface_stress.sh) + # fail on any non-empty kmemleak report, so leaving the helper + # module's intentional leaks behind would poison the rest of a + # kselftest run. + # + # Caveat: kmemleak_clear() only greys objects that have already + # been reported (OBJECT_REPORTED && unreferenced_object()). Helper + # allocations that stayed "still referenced" throughout the test + # (stale pointers in per-CPU chunks, slab freelists, kernel stacks) + # were never reported and are therefore not greyed by this clear - + # they remain tracked and a later scan can still surface them. Such + # leftovers are inherent to the kmemleak-test sample module and are + # not specific to this test; consumers that fail on any kmemleak + # output (rather than on the test-specific backtraces) need to be + # robust to that, or this test should be excluded from the run. + echo clear > "$KMEMLEAK" 2>/dev/null +} +trap cleanup EXIT + +echo 1 > "$VERBOSE_PARAM" + +# Drain the existing leak set so the next scan only reports our objects. +echo clear > "$KMEMLEAK" + +# Re-clear dmesg now (the up-front probe also cleared it, but anything +# logged between then and here - module unload chatter, the probe scan, +# the verbose-param write - would otherwise pollute the parse window). +dmesg -C >/dev/null + +# If the module was left loaded by a previous aborted run, modprobe would +# be a no-op and the init function would not run, so no new leaks would be +# generated. Force a clean state first. +rmmod "$MODULE" 2>/dev/null +modprobe "$MODULE" || skip "failed to load $MODULE" +# Removing the module orphans the list elements without freeing them. +rmmod "$MODULE" || skip "failed to unload $MODULE" + +# Run a handful of scans so kmemleak has the chance to age and report +# the orphans. We do not require any particular number to be reported: +# the regression check below operates on whatever lands in dmesg. +# +# Note: with CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=3Dy the kernel's own scan +# thread can report and mark these orphans (OBJECT_REPORTED) before our +# manual scans run, after which our scans will see nothing. The +# lower-bound check below catches the case where that happens and the +# manual scans also produce nothing. +SCAN_COUNT=3D4 +SCAN_SLEEP=3D6 +for _ in $(seq 1 "$SCAN_COUNT"); do + echo scan > "$KMEMLEAK" + sleep "$SCAN_SLEEP" +done + +# Strip the leading "[ nnn.nnnnnn] " dmesg timestamp prefix. Without +# this, two identical stack frames printed from two reports in the same +# scan would produce different per-frame strings (different timestamps) +# and the duplicate-backtrace check below would not match them, silently +# passing a real dedup regression. Doing the strip here makes the rest +# of the parser timestamp-agnostic regardless of what dmesg defaults to. +log=3D$(dmesg | sed 's/^\[[^]]*\] //') + +# After running the workload (modprobe + scans), dmesg should contain at +# least the helper module's pr_info lines and our manual-scan output. An +# empty capture here means dmesg succeeded earlier but is now denying us +# the buffer (race with dmesg_restrict toggling, etc.); refuse to give a +# verdict on no evidence. +[ -n "$log" ] || skip "dmesg returned empty after running workload" + +# Lower bound: if kmemleak's own per-scan tally counted leaks but the +# verbose path emitted no "unreferenced object" line, the verbose printer +# itself is regressed - fail rather than silently passing on no input. +new_leaks=3D$(echo "$log" | + sed -n 's/.*kmemleak: \([0-9]\+\) new suspected.*/\1/p' | + awk '{s+=3D$1} END{print s+0}') +printed=3D$(echo "$log" | grep -c 'kmemleak: unreferenced object') +if [ "$new_leaks" -gt 0 ] && [ "$printed" -eq 0 ]; then + fail "verbose path broken: $new_leaks leaks counted, 0 printed in $SCAN_C= OUNT scans" +fi + +# Walk the log: split into per-scan chunks at "N new suspected memory +# leaks" boundaries; within each chunk, capture each "unreferenced +# object" report's backtrace and check that no backtrace is reported +# more than once. A duplicate within a single scan means dedup failed +# to collapse two leaks that share an allocation site. +violations=3D$(echo "$log" | awk ' + function flush_block() { + if (in_block) { + # Skip empty backtraces: leaks with trace_handle =3D=3D 0 + # (early-boot allocations or stack_depot_save() failures + # under memory pressure) are intentionally not deduped, + # so multiple such reports in one scan are expected and + # must not be flagged as a regression. + if (bt !=3D "") + seen[bt]++ + in_block =3D 0 + collecting =3D 0 + bt =3D "" + } + } + function check_and_reset( b) { + for (b in seen) + if (seen[b] > 1) + printf("backtrace seen %d times in one scan:\n%s\n", + seen[b], b) + delete seen + } + # Scan boundary: the per-scan summary line. + /kmemleak: [0-9]+ new suspected memory leaks/ { + flush_block() + check_and_reset() + next + } + # Start of a new "unreferenced object" report. + /kmemleak: unreferenced object/ { + flush_block() + in_block =3D 1 + next + } + # Inside a report, the "backtrace (crc ...):" line switches us to + # backtrace-collecting mode. + in_block && /kmemleak:[[:space:]]+backtrace \(crc/ { + collecting =3D 1 + next + } + # Once collecting, capture only deeply-indented "kmemleak: " lines + # (stack frames have 4+ spaces of indentation under "kmemleak: "; + # headers and the "... and N more" tail line have less). This stops + # unrelated kmemleak warns landing between reports from being lumped + # into the backtrace key, which would mask a genuine duplicate. + in_block && collecting && /kmemleak:[[:space:]]{4,}/ { + bt =3D bt $0 "\n" + next + } + END { + flush_block() + check_and_reset() + } +') + +if [ -n "$violations" ]; then + echo "$violations" + fail "kmemleak dedup regression: same backtrace reported more than once i= n a single scan" +fi + +# Count the dedup summary lines so the report distinguishes "dedup +# actually fired" from "no same-backtrace leaks turned up to dedup". +dedup_lines=3D$(echo "$log" | grep -c 'more object(s) with the same backtr= ace') + +if [ "$dedup_lines" -gt 0 ]; then + pass "no dedup violations across $SCAN_COUNT scans; dedup fired ($dedup_l= ines summary line(s) observed)" +else + pass "no dedup violations across $SCAN_COUNT scans; dedup had nothing to = collapse" +fi --=20 2.52.0