how to determine if a Linux kernel module is leaking memory

kakinada picture kakinada · May 6, 2011 · Viewed 14.6k times · Source

For testing the behavior of the kernel when it leaks memory, I am writing a kernel module that continuously allocates memory e.g. the code looks like

int bytesLeaked = 128000;
char *var = kmalloc(bytesLeaked, GFP_KERNEL); 
if (var != NULL)
printk("leaked %d bytes at address %x\n", bytesLeaked, (unsigned int)var);

This code is in the init_module. I have the following questions

  1. How do I determine whether the code has leaked memory? lsmod does not reveal much.
  2. The tutorials on the internet only show the code in init_module and exit_module. What if I wish to do the memory allocation over a period of time after the module has been inserted but before exiting.
  3. Is it possible for me to write code that leaks memory only when the user gives an instruction for it to do so e.g. can a user space program do a system call which will cause the module to leak memory?

Answer

Eugene picture Eugene · May 7, 2011

If you need to check if a kernel module has leaked memory and your machine has x86 architecture, you can use KEDR system, it includes a memory leak detector.

KEDR does not require you to rebuild the kernel. The online docs (see "Getting Started", for example) describe how to install and use KEDR. In short, the procedure is as follows.

Installation (from source): untar source archive - cmake <...> - make - make install

Start KEDR before you load your module:

$ kedr start <name_of_the_module_to_analyze> -f leak_check.conf

Then you can load your module and work with it as usual. After you unload it, KEDR will give you a report in debugfs (usually debugfs is mounted to /sys/kernel/debug), for example:

$ cat /sys/kernel/debug/kedr_leak_check/info
Target module: "...", 
Memory allocations: 3
Possible leaks: 2
Unallocated frees: 0

The file possible_leaks from /sys/kernel/debug/kedr_leak_check/ provides information (address, size, call stack) about each leaked memory block.

Finally, you can stop KEDR (note that /sys/kernel/debug/kedr_leak_check/ will disappear):

kedr stop

If you are using a system with architecture other than x86, Kmemleak may also be helpful although it is a bit more difficult to use. You will probably need to rebuild the kernel with CONFIG_DEBUG_KMEMLEAK parameter set to 'y'. Still, Kmemleak is a very useful tool too. See Documentation/kmemleak.txt in the kernel sources for details.