めも たまにはkmemleakを実行してみる

linux kernel

カーネルは3.8.0にしてたのととりあえずselinuxはdisableにしているときにどんな感じかでチェック。

まずはリークしてるとレポートされたプロセスの一覧を出してみるとこんな感じに。

[root@kanon ~]# grep "  comm \"" /sys/kernel/debug/kmemleak | cut -f2 -d"\"" | sort | uniq                                                                             
(journald)
(lymouthd)
plymouthd
swapper/0
systemctl
systemd
systemd-journal
(ystemctl)
[root@kanon ~]#

これらの内容をざっと見るとsecurity_sb_allo()、security_inode_alloc()、security_inode_alloc()が絡んでいてselinuxがやっぱり絡んでいるか。。。

その中でswapperプロセスの場合を見てみると、init_sel_fs()が入っているので/sys/kernel/securityをマウントしたりするときに起きてそう。

1 unreferenced object 0xffff88003d3bec60 (size 96):
   2   comm "swapper/0", pid 1, jiffies 4294669017 (age 418.510s)
   3   hex dump (first 32 bytes):
   4     00 9c 00 3e 00 88 ff ff 03 00 00 00 05 00 00 00  ...>............
   5     03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
   6   backtrace:
   7     [<ffffffff815af47b>] kmemleak_alloc+0x5b/0xc0
   8     [<ffffffff8117ffaa>] kmem_cache_alloc_trace+0xca/0x230
   9     [<ffffffff812987aa>] selinux_sb_alloc_security+0x2a/0xa0
  10     [<ffffffff81295776>] security_sb_alloc+0x16/0x20
  11     [<ffffffff8119aa05>] sget+0x175/0x570
  12     [<ffffffff8119bb0e>] mount_single+0x3e/0xd0
  13     [<ffffffff812a0068>] sel_mount+0x18/0x20
  14     [<ffffffff8119bd63>] mount_fs+0x43/0x1b0
  15     [<ffffffff811b535f>] vfs_kern_mount+0x6f/0x100
  16     [<ffffffff811b5409>] kern_mount_data+0x19/0x30
  17     [<ffffffff81b25f5d>] init_sel_fs+0x62/0xa4
  18     [<ffffffff8100215a>] do_one_initcall+0x12a/0x180
  19     [<ffffffff81afc040>] kernel_init_freeable+0x150/0x1df
  20     [<ffffffff815acd2e>] kernel_init+0xe/0xf0
  21     [<ffffffff815d1aac>] ret_from_fork+0x7c/0xb0
  22     [<ffffffffffffffff>] 0xffffffffffffffff
  23 unreferenced object 0xffff88003be2ea20 (size 72):
  24   comm "swapper/0", pid 1, jiffies 4294669017 (age 418.510s)
  25   hex dump (first 32 bytes):
  26     00 c0 80 3b 00 88 ff ff a0 ec 3b 3d 00 88 ff ff  ...;......;=....
  27     70 ea e2 3b 00 88 ff ff 01 00 00 00 03 00 00 00  p..;............
  28   backtrace:
  29     [<ffffffff815af47b>] kmemleak_alloc+0x5b/0xc0
  30     [<ffffffff8117f66b>] kmem_cache_alloc+0xbb/0x200
  31     [<ffffffff81298ca5>] selinux_inode_alloc_security+0x45/0xb0
  32     [<ffffffff8129589e>] security_inode_alloc+0x1e/0x20
  33     [<ffffffff811b04d7>] inode_init_always+0xd7/0x1c0
  34     [<ffffffff811b05f9>] alloc_inode+0x39/0xa0
  35     [<ffffffff811b2653>] new_inode_pseudo+0x13/0x60
  36     [<ffffffff811b26bd>] new_inode+0x1d/0x40
  37     [<ffffffff811bc6e3>] simple_fill_super+0x43/0x1e0
  38     [<ffffffff812a10da>] sel_fill_super+0x2a/0x2f0
  39     [<ffffffff8119bb72>] mount_single+0xa2/0xd0
  40     [<ffffffff812a0068>] sel_mount+0x18/0x20
  41     [<ffffffff8119bd63>] mount_fs+0x43/0x1b0
  42     [<ffffffff811b535f>] vfs_kern_mount+0x6f/0x100
  43     [<ffffffff811b5409>] kern_mount_data+0x19/0x30
  44     [<ffffffff81b25f5d>] init_sel_fs+0x62/0xa4
~~~~~
397 unreferenced object 0xffff88003be2eee8 (size 72):
 398   comm "swapper/0", pid 1, jiffies 4294669017 (age 418.532s)
 399   hex dump (first 32 bytes):
 400     78 e6 80 3b 00 88 ff ff a8 ee e2 3b 00 88 ff ff  x..;.......;....
 401     38 ef e2 3b 00 88 ff ff 01 00 00 00 03 00 00 00  8..;............
 402   backtrace:
 403     [<ffffffff815af47b>] kmemleak_alloc+0x5b/0xc0
 404     [<ffffffff8117f66b>] kmem_cache_alloc+0xbb/0x200
 405     [<ffffffff81298ca5>] selinux_inode_alloc_security+0x45/0xb0
 406     [<ffffffff8129589e>] security_inode_alloc+0x1e/0x20
 407     [<ffffffff811b04d7>] inode_init_always+0xd7/0x1c0
 408     [<ffffffff811b05f9>] alloc_inode+0x39/0xa0
 409     [<ffffffff811b2653>] new_inode_pseudo+0x13/0x60
 410     [<ffffffff811b26bd>] new_inode+0x1d/0x40
 411     [<ffffffff811bc78f>] simple_fill_super+0xef/0x1e0
 412     [<ffffffff812a10da>] sel_fill_super+0x2a/0x2f0
 413     [<ffffffff8119bb72>] mount_single+0xa2/0xd0
 414     [<ffffffff812a0068>] sel_mount+0x18/0x20
 415     [<ffffffff8119bd63>] mount_fs+0x43/0x1b0
 416     [<ffffffff811b535f>] vfs_kern_mount+0x6f/0x100
 417     [<ffffffff811b5409>] kern_mount_data+0x19/0x30
 418     [<ffffffff81b25f5d>] init_sel_fs+0x62/0xa4

fedora 18だとマウントされているsecurityfsは/sys/kernel/securityですし。

securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)

これは疑似ファイルシステムだからマウントされている間はメモリを解放しないだろうからfalse positiveな気もするんだけど、どうなんだろ。

journaldの場合も同じような感じでproc_pid_make_inode()で/proc用にinodeを作ってってとこで。

1255 unreferenced object 0xffff880037902000 (size 72):
1256   comm "(journald)", pid 51, jiffies 4294670234 (age 417.354s)
1257   hex dump (first 32 bytes):
1258     b8 1a 87 3b 00 88 ff ff 08 20 90 37 00 88 ff ff  ...;..... .7....
1259     08 20 90 37 00 88 ff ff 01 00 00 00 01 00 00 00  . .7............
1260   backtrace:
1261     [<ffffffff815af47b>] kmemleak_alloc+0x5b/0xc0
1262     [<ffffffff8117f66b>] kmem_cache_alloc+0xbb/0x200
1263     [<ffffffff81298ca5>] selinux_inode_alloc_security+0x45/0xb0
1264     [<ffffffff8129589e>] security_inode_alloc+0x1e/0x20
1265     [<ffffffff811b04d7>] inode_init_always+0xd7/0x1c0
1266     [<ffffffff811b05f9>] alloc_inode+0x39/0xa0
1267     [<ffffffff811b2653>] new_inode_pseudo+0x13/0x60
1268     [<ffffffff811b26bd>] new_inode+0x1d/0x40
1269     [<ffffffff812017d4>] proc_pid_make_inode+0x14/0xe0
1270     [<ffffffff81201984>] proc_pident_instantiate+0x24/0xd0
1271     [<ffffffff81201aca>] proc_pident_lookup+0x9a/0xf0
1272     [<ffffffff81201b7a>] proc_tgid_base_lookup+0x1a/0x20
1273     [<ffffffff811a1c8d>] lookup_real+0x1d/0x60
1274     [<ffffffff811a6c0e>] do_last+0x91e/0xe50
1275     [<ffffffff811a71f7>] path_openat+0xb7/0x4b0
1276     [<ffffffff811a78c1>] do_filp_open+0x41/0xa0
1277 unreferenced object 0xffff880037902048 (size 72):
1278   comm "(journald)", pid 51, jiffies 4294670234 (age 417.354s)
1279   hex dump (first 32 bytes):
1280     20 1d 87 3b 00 88 ff ff 50 20 90 37 00 88 ff ff   ..;....P .7....
1281     50 20 90 37 00 88 ff ff 01 00 00 00 01 00 00 00  P .7............
1282   backtrace:
1283     [<ffffffff815af47b>] kmemleak_alloc+0x5b/0xc0
1284     [<ffffffff8117f66b>] kmem_cache_alloc+0xbb/0x200
1285     [<ffffffff81298ca5>] selinux_inode_alloc_security+0x45/0xb0
1286     [<ffffffff8129589e>] security_inode_alloc+0x1e/0x20
1287     [<ffffffff811b04d7>] inode_init_always+0xd7/0x1c0
1288     [<ffffffff811b05f9>] alloc_inode+0x39/0xa0
1289     [<ffffffff811b2653>] new_inode_pseudo+0x13/0x60
1290     [<ffffffff811b26bd>] new_inode+0x1d/0x40
1291     [<ffffffff812017d4>] proc_pid_make_inode+0x14/0xe0
1292     [<ffffffff8120581b>] proc_fd_instantiate+0x2b/0xb0
1293     [<ffffffff81201eba>] proc_fill_cache+0x12a/0x160
1294     [<ffffffff812050ea>] proc_readfd_common+0xea/0x1e0
1295     [<ffffffff81205215>] proc_readfd+0x15/0x20
1296     [<ffffffff811aa0b8>] vfs_readdir+0xb8/0xe0
1297     [<ffffffff811aa40f>] sys_getdents+0x8f/0x110
1298     [<ffffffff815d1b59>] system_call_fastpath+0x16/0x1b

これも別に問題なさそうだよなーとも思うんだけど、ホントにメモリリークだったときもあるので気をつけないといけないんんだけどね。