From: Mike Rapoport <rppt@linux.ibm.com>
To: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: Marc Gonzalez <marc.w.gonzalez@free.fr>,
Rob Herring <robh+dt@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Prateek Patel <prpatel@nvidia.com>,
Sachin Nikam <snikam@nvidia.com>,
John Hubbard <jhubbard@nvidia.com>,
Ralph Campbell <rcampbell@nvidia.com>,
Robin Murphy <robin.murphy@arm.com>,
Frank Rowand <frowand.list@gmail.com>,
Bjorn Andersson <bjorn.andersson@linaro.org>,
Mark Rutland <mark.rutland@arm.com>,
Arnd Bergmann <arnd@arndb.de>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Oscar Salvador <osalvador@suse.de>,
Wei Yang <richard.weiyang@gmail.com>,
Michal Hocko <mhocko@suse.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Qian Cai <cai@lca.pw>, LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH v2] of: fix kmemleak crash (was: Re: kmemleak panic)
Date: Wed, 23 Jan 2019 14:31:43 +0200 [thread overview]
Message-ID: <20190123123143.GE4747@rapoport-lnx> (raw)
In-Reply-To: <78f4ea8a-996d-038e-9e33-5ff02fa2c43f@samsung.com>
On Wed, Jan 23, 2019 at 08:28:03AM +0100, Marek Szyprowski wrote:
> Hi Mike,
>
> On 2019-01-23 06:54, Mike Rapoport wrote:
>
> > @@ -37,21 +37,16 @@ int __init __weak early_init_dt_alloc_reserved_memory_arch(phys_addr_t size,
> > */
> > end = !end ? MEMBLOCK_ALLOC_ANYWHERE : end;
> > align = !align ? SMP_CACHE_BYTES : align;
> > - base = __memblock_alloc_base(size, align, end);
> > + base = memblock_find_in_range(size, align, start, end);
>
> Please remove a comment about __memblock_alloc_base() above that block
> of code. It is no longer needed after this change.
Huh, missed that, thanks!
Fixed now.
From 2f340afcc8cc81f1829a19f9c595a9995656e547 Mon Sep 17 00:00:00 2001
From: Mike Rapoport <rppt@linux.ibm.com>
Date: Wed, 23 Jan 2019 07:38:50 +0200
Subject: [PATCH v2] of: fix kmemleak crash caused by imbalance in early memory
reservation
Marc Gonzalez reported the following kmemleak crash:
Unable to handle kernel paging request at virtual address ffffffc021e00000
Mem abort info:
ESR = 0x96000006
Exception class = DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
swapper pgtable: 4k pages, 39-bit VAs, pgdp = (____ptrval____)
[ffffffc021e00000] pgd=000000017e3ba803, pud=000000017e3ba803,
pmd=0000000000000000
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 6 PID: 523 Comm: kmemleak Tainted: G S W 5.0.0-rc1 #13
Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
pstate: 80000085 (Nzcv daIf -PAN -UAO)
pc : scan_block+0x70/0x190
lr : scan_block+0x6c/0x190
sp : ffffff8012e8bd20
x29: ffffff8012e8bd20 x28: ffffffc0fdbaf018
x27: ffffffc022000000 x26: 0000000000000080
x25: ffffff8011aadf70 x24: ffffffc0f8cc8000
x23: ffffff8010dc8000 x22: ffffff8010dc8830
x21: ffffffc021e00ff9 x20: ffffffc0f8cc8050
x19: ffffffc021e00000 x18: 0000000000002409
x17: 0000000000000200 x16: 0000000000000000
x15: ffffff8010e14dd8 x14: 0000000000002406
x13: 000000004c4dd0c6 x12: ffffffc0f77dad58
x11: 0000000000000001 x10: ffffff8010d9e688
x9 : ffffff8010d9f000 x8 : ffffff8010d9e688
x7 : 0000000000000002 x6 : 0000000000000000
x5 : ffffff8011511c20 x4 : 00000000000026d1
x3 : ffffff8010e14d88 x2 : 5b36396f4e7d4000
x1 : 0000000000208040 x0 : 0000000000000000
Process kmemleak (pid: 523, stack limit = 0x(____ptrval____))
Call trace:
scan_block+0x70/0x190
scan_gray_list+0x108/0x1c0
kmemleak_scan+0x33c/0x7c0
kmemleak_scan_thread+0x98/0xf0
kthread+0x11c/0x120
ret_from_fork+0x10/0x1c
Code: f9000fb4 d503201f 97ffffd2 35000580 (f9400260)
---[ end trace 176d6ed9d86a0c33 ]---
note: kmemleak[523] exited with preempt_count 2
The crash happens when a no-map area is allocated in
early_init_dt_alloc_reserved_memory_arch(). The allocated region is
registered with kmemleak, but it is then removed from memblock using
memblock_remove() that is not kmemleak-aware.
Replacing __memblock_alloc_base() with memblock_find_in_range() makes sure
that the allocated memory is not added to kmemleak and then
memblock_remove()'ing this memory is safe.
As a bonus, since memblock_find_in_range() ensures the allocation in the
specified range, the bounds check can be removed.
Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
Tested-by: Marc Gonzalez <marc.w.gonzalez@free.fr>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
---
drivers/of/of_reserved_mem.c | 18 +++++-------------
1 file changed, 5 insertions(+), 13 deletions(-)
diff --git a/drivers/of/of_reserved_mem.c b/drivers/of/of_reserved_mem.c
index 1977ee0adcb1..2ae81604ffef 100644
--- a/drivers/of/of_reserved_mem.c
+++ b/drivers/of/of_reserved_mem.c
@@ -31,27 +31,19 @@ int __init __weak early_init_dt_alloc_reserved_memory_arch(phys_addr_t size,
phys_addr_t *res_base)
{
phys_addr_t base;
- /*
- * We use __memblock_alloc_base() because memblock_alloc_base()
- * panic()s on allocation failure.
- */
+
end = !end ? MEMBLOCK_ALLOC_ANYWHERE : end;
align = !align ? SMP_CACHE_BYTES : align;
- base = __memblock_alloc_base(size, align, end);
+ base = memblock_find_in_range(size, align, start, end);
if (!base)
return -ENOMEM;
- /*
- * Check if the allocated region fits in to start..end window
- */
- if (base < start) {
- memblock_free(base, size);
- return -ENOMEM;
- }
-
*res_base = base;
if (nomap)
return memblock_remove(base, size);
+ else
+ return memblock_reserve(base, size);
+
return 0;
}
--
2.7.4
next prev parent reply other threads:[~2019-01-23 12:31 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-18 13:36 kmemleak panic Marc Gonzalez
2019-01-18 14:10 ` Marc Gonzalez
2019-01-18 14:34 ` Catalin Marinas
2019-01-18 15:36 ` Marc Gonzalez
2019-01-18 16:14 ` Qian Cai
2019-01-18 17:05 ` Marc Gonzalez
2019-01-18 17:38 ` Qian Cai
2019-01-19 10:21 ` Marc Gonzalez
2019-01-18 19:12 ` Robin Murphy
2019-01-19 13:28 ` Catalin Marinas
2019-01-21 11:57 ` Marc Gonzalez
2019-01-21 12:19 ` Robin Murphy
2019-01-21 13:35 ` Rob Herring
2019-01-21 13:54 ` Marc Gonzalez
2019-01-22 8:20 ` Prateek Patel
2019-01-21 14:37 ` Catalin Marinas
2019-01-21 15:42 ` Rob Herring
2019-01-21 15:53 ` Robin Murphy
2019-01-21 17:42 ` Mike Rapoport
2019-01-22 14:02 ` Marc Gonzalez
2019-01-22 14:12 ` Marc Gonzalez
2019-01-23 5:54 ` Mike Rapoport
2019-01-23 7:05 ` Prateek Patel
2019-01-23 7:28 ` Marek Szyprowski
2019-01-23 12:31 ` Mike Rapoport [this message]
2019-02-01 16:23 ` [PATCH v2] of: fix kmemleak crash Marc Gonzalez
2019-02-04 10:10 ` Marc Gonzalez
2019-02-04 15:25 ` Greg Kroah-Hartman
2019-02-04 16:41 ` Rob Herring
2019-02-04 14:37 ` [RESEND PATCH v2] of: fix kmemleak crash caused by imbalance in early memory reservation Marc Gonzalez
[not found] ` <20190207163214.45C1B218D3@mail.kernel.org>
2019-02-08 10:02 ` Mike Rapoport
2019-02-11 16:47 ` Marc Gonzalez
2019-02-12 16:03 ` Rob Herring
2019-02-12 21:50 ` Stephen Rothwell
2019-02-12 21:52 ` Andrew Morton
2019-02-12 22:12 ` Rob Herring
2019-02-13 6:57 ` Mike Rapoport
2019-02-13 6:57 ` Mike Rapoport
2019-02-13 9:27 ` Marc Gonzalez
2019-02-13 16:30 ` Mike Rapoport
2019-03-06 2:12 ` Guenter Roeck
2019-03-06 13:39 ` Rob Herring
2019-03-06 16:18 ` Guenter Roeck
2019-01-21 12:22 ` kmemleak panic Marc Gonzalez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190123123143.GE4747@rapoport-lnx \
--to=rppt@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=arnd@arndb.de \
--cc=bjorn.andersson@linaro.org \
--cc=cai@lca.pw \
--cc=catalin.marinas@arm.com \
--cc=frowand.list@gmail.com \
--cc=jhubbard@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=marc.w.gonzalez@free.fr \
--cc=mark.rutland@arm.com \
--cc=mhocko@suse.com \
--cc=osalvador@suse.de \
--cc=prpatel@nvidia.com \
--cc=rcampbell@nvidia.com \
--cc=richard.weiyang@gmail.com \
--cc=robh+dt@kernel.org \
--cc=robin.murphy@arm.com \
--cc=snikam@nvidia.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.