From: Catalin Marinas <catalin.marinas@arm.com>
To: Denis Kirjanov <kda@linux-powerpc.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
Paul Mackerras <paulus@samba.org>,
Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>,
linuxppc-dev@lists.ozlabs.org
Subject: Re: kmemleak: Unable to handle kernel paging request
Date: Fri, 13 Jun 2014 09:56:40 +0100 [thread overview]
Message-ID: <20140613085640.GA21018@arm.com> (raw)
In-Reply-To: <CAOJe8K3zN+fFWumKaGx3Tmv5JRZu10_FZ6R3Tjjc+nc-KVB0hg@mail.gmail.com>
On Fri, Jun 13, 2014 at 08:12:08AM +0100, Denis Kirjanov wrote:
> On 6/12/14, Catalin Marinas <catalin.marinas@arm.com> wrote:
> > On Thu, Jun 12, 2014 at 01:00:57PM +0100, Denis Kirjanov wrote:
> >> On 6/12/14, Denis Kirjanov <kda@linux-powerpc.org> wrote:
> >> > On 6/12/14, Catalin Marinas <catalin.marinas@arm.com> wrote:
> >> >> On 11 Jun 2014, at 21:04, Denis Kirjanov <kda@linux-powerpc.org>
> >> >> wrote:
> >> >>> On 6/11/14, Catalin Marinas <catalin.marinas@arm.com> wrote:
> >> >>>> On Wed, Jun 11, 2014 at 04:13:07PM +0400, Denis Kirjanov wrote:
> >> >>>>> I got a trace while running 3.15.0-08556-gdfb9454:
> >> >>>>>
> >> >>>>> [ 104.534026] Unable to handle kernel paging request for data at
> >> >>>>> address 0xc00000007f000000
> >> >>>>
> >> >>>> Were there any kmemleak messages prior to this, like "kmemleak
> >> >>>> disabled"? There could be a race when kmemleak is disabled because
> >> >>>> of
> >> >>>> some fatal (for kmemleak) error while the scanning is taking place
> >> >>>> (which needs some more thinking to fix properly).
> >> >>>
> >> >>> No. I checked for the similar problem and didn't find anything
> >> >>> relevant.
> >> >>> I'll try to bisect it.
> >> >>
> >> >> Does this happen soon after boot? I guess it’s the first scan
> >> >> (scheduled at around 1min after boot). Something seems to be telling
> >> >> kmemleak that there is a valid memory block at 0xc00000007f000000.
> >> >
> >> > Yeah, it happens after a while with a booted system so that's the
> >> > first kmemleak scan.
> >>
> >> I've bisected to this commit: d4c54919ed86302094c0ca7d48a8cbd4ee753e92
> >> "mm: add !pte_present() check on existing hugetlb_entry callbacks".
> >> Reverting the commit fixes the issue
> >
> > I can't figure how this causes the problem but I have more questions. Is
> > 0xc00000007f000000 address always the same in all crashes? If yes, you
> > could comment out start_scan_thread() in kmemleak_late_init() to avoid
> > the scanning thread starting. Once booted, you can run:
> >
> > echo dump=0xc00000007f000000 > /sys/kernel/debug/kmemleak
> >
> > and check the dmesg for what kmemleak knows about that address, when it
> > was allocated and whether it should be mapped or not.
>
> The address is always the same.
>
> [ 179.466239] kmemleak: Object 0xc00000007f000000 (size 16777216):
> [ 179.466503] kmemleak: comm "swapper/0", pid 0, jiffies 4294892300
> [ 179.466508] kmemleak: min_count = 0
> [ 179.466512] kmemleak: count = 0
> [ 179.466517] kmemleak: flags = 0x1
> [ 179.466522] kmemleak: checksum = 0
> [ 179.466526] kmemleak: backtrace:
> [ 179.466531] [<c000000000afc3dc>] .memblock_alloc_range_nid+0x68/0x88
> [ 179.466544] [<c000000000afc444>] .memblock_alloc_base+0x20/0x58
> [ 179.466553] [<c000000000ae96cc>] .alloc_dart_table+0x5c/0xb0
> [ 179.466561] [<c000000000aea300>] .pmac_probe+0x38/0xa0
> [ 179.466569] [<000000000002166c>] 0x2166c
> [ 179.466579] [<0000000000ae0e68>] 0xae0e68
> [ 179.466587] [<0000000000009bc4>] 0x9bc4
OK, so that's the DART table allocated via alloc_dart_table(). Is
dart_tablebase removed from the kernel linear mapping after allocation?
If that's the case, we need to tell kmemleak to ignore this block (see
patch below, untested). But I still can't explain how commit
d4c54919ed863020 causes this issue.
(also cc'ing the powerpc list and maintainers)
---------------8<--------------------------
>From 09a7f1c97166c7bdca7ca4e8a4ff2774f3706ea3 Mon Sep 17 00:00:00 2001
From: Catalin Marinas <catalin.marinas@arm.com>
Date: Fri, 13 Jun 2014 09:44:21 +0100
Subject: [PATCH] powerpc/kmemleak: Do not scan the DART table
The DART table allocation is registered to kmemleak via the
memblock_alloc_base() call. However, the DART table is later unmapped
and dart_tablebase VA no longer accessible. This patch tells kmemleak
not to scan this block and avoid an unhandled paging request.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
---
arch/powerpc/sysdev/dart_iommu.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/powerpc/sysdev/dart_iommu.c b/arch/powerpc/sysdev/dart_iommu.c
index 62c47bb76517..9e5353ff6d1b 100644
--- a/arch/powerpc/sysdev/dart_iommu.c
+++ b/arch/powerpc/sysdev/dart_iommu.c
@@ -476,6 +476,11 @@ void __init alloc_dart_table(void)
*/
dart_tablebase = (unsigned long)
__va(memblock_alloc_base(1UL<<24, 1UL<<24, 0x80000000L));
+ /*
+ * The DART space is later unmapped from the kernel linear mapping and
+ * accessing dart_tablebase during kmemleak scanning will fault.
+ */
+ kmemleak_no_scan((void *)dart_tablebase);
printk(KERN_INFO "DART table allocated at: %lx\n", dart_tablebase);
}
WARNING: multiple messages have this Message-ID (diff)
From: Catalin Marinas <catalin.marinas@arm.com>
To: Denis Kirjanov <kda@linux-powerpc.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>,
linuxppc-dev@lists.ozlabs.org,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>
Subject: Re: kmemleak: Unable to handle kernel paging request
Date: Fri, 13 Jun 2014 09:56:40 +0100 [thread overview]
Message-ID: <20140613085640.GA21018@arm.com> (raw)
In-Reply-To: <CAOJe8K3zN+fFWumKaGx3Tmv5JRZu10_FZ6R3Tjjc+nc-KVB0hg@mail.gmail.com>
On Fri, Jun 13, 2014 at 08:12:08AM +0100, Denis Kirjanov wrote:
> On 6/12/14, Catalin Marinas <catalin.marinas@arm.com> wrote:
> > On Thu, Jun 12, 2014 at 01:00:57PM +0100, Denis Kirjanov wrote:
> >> On 6/12/14, Denis Kirjanov <kda@linux-powerpc.org> wrote:
> >> > On 6/12/14, Catalin Marinas <catalin.marinas@arm.com> wrote:
> >> >> On 11 Jun 2014, at 21:04, Denis Kirjanov <kda@linux-powerpc.org>
> >> >> wrote:
> >> >>> On 6/11/14, Catalin Marinas <catalin.marinas@arm.com> wrote:
> >> >>>> On Wed, Jun 11, 2014 at 04:13:07PM +0400, Denis Kirjanov wrote:
> >> >>>>> I got a trace while running 3.15.0-08556-gdfb9454:
> >> >>>>>
> >> >>>>> [ 104.534026] Unable to handle kernel paging request for data at
> >> >>>>> address 0xc00000007f000000
> >> >>>>
> >> >>>> Were there any kmemleak messages prior to this, like "kmemleak
> >> >>>> disabled"? There could be a race when kmemleak is disabled because
> >> >>>> of
> >> >>>> some fatal (for kmemleak) error while the scanning is taking place
> >> >>>> (which needs some more thinking to fix properly).
> >> >>>
> >> >>> No. I checked for the similar problem and didn't find anything
> >> >>> relevant.
> >> >>> I'll try to bisect it.
> >> >>
> >> >> Does this happen soon after boot? I guess ita??s the first scan
> >> >> (scheduled at around 1min after boot). Something seems to be telling
> >> >> kmemleak that there is a valid memory block at 0xc00000007f000000.
> >> >
> >> > Yeah, it happens after a while with a booted system so that's the
> >> > first kmemleak scan.
> >>
> >> I've bisected to this commit: d4c54919ed86302094c0ca7d48a8cbd4ee753e92
> >> "mm: add !pte_present() check on existing hugetlb_entry callbacks".
> >> Reverting the commit fixes the issue
> >
> > I can't figure how this causes the problem but I have more questions. Is
> > 0xc00000007f000000 address always the same in all crashes? If yes, you
> > could comment out start_scan_thread() in kmemleak_late_init() to avoid
> > the scanning thread starting. Once booted, you can run:
> >
> > echo dump=0xc00000007f000000 > /sys/kernel/debug/kmemleak
> >
> > and check the dmesg for what kmemleak knows about that address, when it
> > was allocated and whether it should be mapped or not.
>
> The address is always the same.
>
> [ 179.466239] kmemleak: Object 0xc00000007f000000 (size 16777216):
> [ 179.466503] kmemleak: comm "swapper/0", pid 0, jiffies 4294892300
> [ 179.466508] kmemleak: min_count = 0
> [ 179.466512] kmemleak: count = 0
> [ 179.466517] kmemleak: flags = 0x1
> [ 179.466522] kmemleak: checksum = 0
> [ 179.466526] kmemleak: backtrace:
> [ 179.466531] [<c000000000afc3dc>] .memblock_alloc_range_nid+0x68/0x88
> [ 179.466544] [<c000000000afc444>] .memblock_alloc_base+0x20/0x58
> [ 179.466553] [<c000000000ae96cc>] .alloc_dart_table+0x5c/0xb0
> [ 179.466561] [<c000000000aea300>] .pmac_probe+0x38/0xa0
> [ 179.466569] [<000000000002166c>] 0x2166c
> [ 179.466579] [<0000000000ae0e68>] 0xae0e68
> [ 179.466587] [<0000000000009bc4>] 0x9bc4
OK, so that's the DART table allocated via alloc_dart_table(). Is
dart_tablebase removed from the kernel linear mapping after allocation?
If that's the case, we need to tell kmemleak to ignore this block (see
patch below, untested). But I still can't explain how commit
d4c54919ed863020 causes this issue.
(also cc'ing the powerpc list and maintainers)
---------------8<--------------------------
WARNING: multiple messages have this Message-ID (diff)
From: Catalin Marinas <catalin.marinas@arm.com>
To: Denis Kirjanov <kda@linux-powerpc.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>,
linuxppc-dev@lists.ozlabs.org,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>
Subject: Re: kmemleak: Unable to handle kernel paging request
Date: Fri, 13 Jun 2014 09:56:40 +0100 [thread overview]
Message-ID: <20140613085640.GA21018@arm.com> (raw)
In-Reply-To: <CAOJe8K3zN+fFWumKaGx3Tmv5JRZu10_FZ6R3Tjjc+nc-KVB0hg@mail.gmail.com>
On Fri, Jun 13, 2014 at 08:12:08AM +0100, Denis Kirjanov wrote:
> On 6/12/14, Catalin Marinas <catalin.marinas@arm.com> wrote:
> > On Thu, Jun 12, 2014 at 01:00:57PM +0100, Denis Kirjanov wrote:
> >> On 6/12/14, Denis Kirjanov <kda@linux-powerpc.org> wrote:
> >> > On 6/12/14, Catalin Marinas <catalin.marinas@arm.com> wrote:
> >> >> On 11 Jun 2014, at 21:04, Denis Kirjanov <kda@linux-powerpc.org>
> >> >> wrote:
> >> >>> On 6/11/14, Catalin Marinas <catalin.marinas@arm.com> wrote:
> >> >>>> On Wed, Jun 11, 2014 at 04:13:07PM +0400, Denis Kirjanov wrote:
> >> >>>>> I got a trace while running 3.15.0-08556-gdfb9454:
> >> >>>>>
> >> >>>>> [ 104.534026] Unable to handle kernel paging request for data at
> >> >>>>> address 0xc00000007f000000
> >> >>>>
> >> >>>> Were there any kmemleak messages prior to this, like "kmemleak
> >> >>>> disabled"? There could be a race when kmemleak is disabled because
> >> >>>> of
> >> >>>> some fatal (for kmemleak) error while the scanning is taking place
> >> >>>> (which needs some more thinking to fix properly).
> >> >>>
> >> >>> No. I checked for the similar problem and didn't find anything
> >> >>> relevant.
> >> >>> I'll try to bisect it.
> >> >>
> >> >> Does this happen soon after boot? I guess it’s the first scan
> >> >> (scheduled at around 1min after boot). Something seems to be telling
> >> >> kmemleak that there is a valid memory block at 0xc00000007f000000.
> >> >
> >> > Yeah, it happens after a while with a booted system so that's the
> >> > first kmemleak scan.
> >>
> >> I've bisected to this commit: d4c54919ed86302094c0ca7d48a8cbd4ee753e92
> >> "mm: add !pte_present() check on existing hugetlb_entry callbacks".
> >> Reverting the commit fixes the issue
> >
> > I can't figure how this causes the problem but I have more questions. Is
> > 0xc00000007f000000 address always the same in all crashes? If yes, you
> > could comment out start_scan_thread() in kmemleak_late_init() to avoid
> > the scanning thread starting. Once booted, you can run:
> >
> > echo dump=0xc00000007f000000 > /sys/kernel/debug/kmemleak
> >
> > and check the dmesg for what kmemleak knows about that address, when it
> > was allocated and whether it should be mapped or not.
>
> The address is always the same.
>
> [ 179.466239] kmemleak: Object 0xc00000007f000000 (size 16777216):
> [ 179.466503] kmemleak: comm "swapper/0", pid 0, jiffies 4294892300
> [ 179.466508] kmemleak: min_count = 0
> [ 179.466512] kmemleak: count = 0
> [ 179.466517] kmemleak: flags = 0x1
> [ 179.466522] kmemleak: checksum = 0
> [ 179.466526] kmemleak: backtrace:
> [ 179.466531] [<c000000000afc3dc>] .memblock_alloc_range_nid+0x68/0x88
> [ 179.466544] [<c000000000afc444>] .memblock_alloc_base+0x20/0x58
> [ 179.466553] [<c000000000ae96cc>] .alloc_dart_table+0x5c/0xb0
> [ 179.466561] [<c000000000aea300>] .pmac_probe+0x38/0xa0
> [ 179.466569] [<000000000002166c>] 0x2166c
> [ 179.466579] [<0000000000ae0e68>] 0xae0e68
> [ 179.466587] [<0000000000009bc4>] 0x9bc4
OK, so that's the DART table allocated via alloc_dart_table(). Is
dart_tablebase removed from the kernel linear mapping after allocation?
If that's the case, we need to tell kmemleak to ignore this block (see
patch below, untested). But I still can't explain how commit
d4c54919ed863020 causes this issue.
(also cc'ing the powerpc list and maintainers)
---------------8<--------------------------
>From 09a7f1c97166c7bdca7ca4e8a4ff2774f3706ea3 Mon Sep 17 00:00:00 2001
From: Catalin Marinas <catalin.marinas@arm.com>
Date: Fri, 13 Jun 2014 09:44:21 +0100
Subject: [PATCH] powerpc/kmemleak: Do not scan the DART table
The DART table allocation is registered to kmemleak via the
memblock_alloc_base() call. However, the DART table is later unmapped
and dart_tablebase VA no longer accessible. This patch tells kmemleak
not to scan this block and avoid an unhandled paging request.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
---
arch/powerpc/sysdev/dart_iommu.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/powerpc/sysdev/dart_iommu.c b/arch/powerpc/sysdev/dart_iommu.c
index 62c47bb76517..9e5353ff6d1b 100644
--- a/arch/powerpc/sysdev/dart_iommu.c
+++ b/arch/powerpc/sysdev/dart_iommu.c
@@ -476,6 +476,11 @@ void __init alloc_dart_table(void)
*/
dart_tablebase = (unsigned long)
__va(memblock_alloc_base(1UL<<24, 1UL<<24, 0x80000000L));
+ /*
+ * The DART space is later unmapped from the kernel linear mapping and
+ * accessing dart_tablebase during kmemleak scanning will fault.
+ */
+ kmemleak_no_scan((void *)dart_tablebase);
printk(KERN_INFO "DART table allocated at: %lx\n", dart_tablebase);
}
next prev parent reply other threads:[~2014-06-13 9:05 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-11 12:13 kmemleak: Unable to handle kernel paging request Denis Kirjanov
2014-06-11 12:13 ` Denis Kirjanov
2014-06-11 17:38 ` Catalin Marinas
2014-06-11 17:38 ` Catalin Marinas
2014-06-11 20:04 ` Denis Kirjanov
2014-06-11 20:04 ` Denis Kirjanov
2014-06-11 22:00 ` Catalin Marinas
2014-06-11 22:00 ` Catalin Marinas
2014-06-12 7:39 ` Denis Kirjanov
2014-06-12 7:39 ` Denis Kirjanov
2014-06-12 12:00 ` Denis Kirjanov
2014-06-12 12:00 ` Denis Kirjanov
2014-06-12 13:29 ` Naoya Horiguchi
2014-06-12 14:39 ` Catalin Marinas
2014-06-12 14:39 ` Catalin Marinas
2014-06-13 7:12 ` Denis Kirjanov
2014-06-13 7:12 ` Denis Kirjanov
2014-06-13 8:56 ` Catalin Marinas [this message]
2014-06-13 8:56 ` Catalin Marinas
2014-06-13 8:56 ` Catalin Marinas
2014-06-13 10:26 ` Denis Kirjanov
2014-06-13 10:26 ` Denis Kirjanov
2014-06-13 10:26 ` Denis Kirjanov
2014-06-16 2:40 ` Michael Ellerman
2014-06-16 2:40 ` Michael Ellerman
2014-06-13 21:44 ` Benjamin Herrenschmidt
2014-06-13 21:44 ` Benjamin Herrenschmidt
2014-06-14 12:05 ` Catalin Marinas
2014-06-14 12:05 ` Catalin Marinas
2014-06-14 12:05 ` Catalin Marinas
[not found] ` <5399ab3b.4825e00a.60fd.5014SMTPIN_ADDED_BROKEN@mx.google.com>
2014-06-13 6:39 ` Denis Kirjanov
2014-06-13 6:39 ` Denis Kirjanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140613085640.GA21018@arm.com \
--to=catalin.marinas@arm.com \
--cc=kda@linux-powerpc.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=n-horiguchi@ah.jp.nec.com \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.