From: Mike Rapoport <rppt@linux.ibm.com>
To: Sasha Levin <sashal@kernel.org>
Cc: Marc Gonzalez <marc.w.gonzalez@free.fr>,
Rob Herring <robh+dt@kernel.org>,
stable@vger.kernel.org
Subject: Re: [RESEND PATCH v2] of: fix kmemleak crash caused by imbalance in early memory reservation
Date: Fri, 8 Feb 2019 12:02:10 +0200 [thread overview]
Message-ID: <20190208100209.GA11096@rapoport-lnx> (raw)
In-Reply-To: <20190207163214.45C1B218D3@mail.kernel.org>
Hi,
On Thu, Feb 07, 2019 at 04:32:13PM +0000, Sasha Levin wrote:
> Hi,
>
> [This is an automated email]
>
> This commit has been processed because it contains a "Fixes:" tag,
> fixing commit: 3f0c82066448 drivers: of: add initialization code for dynamic reserved memory.
>
> The bot has tested the following trees: v4.20.6, v4.19.19, v4.14.97, v4.9.154, v4.4.172, v3.18.133.
...
> How should we proceed with this patch?
Below is the backport of the patch to 4.19.19 and below. I've build-tested
for 4.19 and verified it applies cleanly to the older versions.
From 2052bf06134fd8feae3e621acea6421f916bbbae Mon Sep 17 00:00:00 2001
From: Mike Rapoport <rppt@linux.ibm.com>
Date: Mon, 4 Feb 2019 15:37:21 +0100
Subject: [PATCH] of: fix kmemleak crash caused by imbalance in early memory
reservation
Marc Gonzalez reported the following kmemleak crash:
Unable to handle kernel paging request at virtual address ffffffc021e00000
Mem abort info:
ESR = 0x96000006
Exception class = DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
swapper pgtable: 4k pages, 39-bit VAs, pgdp = (____ptrval____)
[ffffffc021e00000] pgd=000000017e3ba803, pud=000000017e3ba803,
pmd=0000000000000000
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 6 PID: 523 Comm: kmemleak Tainted: G S W 5.0.0-rc1 #13
Hardware name: Qualcomm Technologies, Inc. MSM8998 v1 MTP (DT)
pstate: 80000085 (Nzcv daIf -PAN -UAO)
pc : scan_block+0x70/0x190
lr : scan_block+0x6c/0x190
sp : ffffff8012e8bd20
x29: ffffff8012e8bd20 x28: ffffffc0fdbaf018
x27: ffffffc022000000 x26: 0000000000000080
x25: ffffff8011aadf70 x24: ffffffc0f8cc8000
x23: ffffff8010dc8000 x22: ffffff8010dc8830
x21: ffffffc021e00ff9 x20: ffffffc0f8cc8050
x19: ffffffc021e00000 x18: 0000000000002409
x17: 0000000000000200 x16: 0000000000000000
x15: ffffff8010e14dd8 x14: 0000000000002406
x13: 000000004c4dd0c6 x12: ffffffc0f77dad58
x11: 0000000000000001 x10: ffffff8010d9e688
x9 : ffffff8010d9f000 x8 : ffffff8010d9e688
x7 : 0000000000000002 x6 : 0000000000000000
x5 : ffffff8011511c20 x4 : 00000000000026d1
x3 : ffffff8010e14d88 x2 : 5b36396f4e7d4000
x1 : 0000000000208040 x0 : 0000000000000000
Process kmemleak (pid: 523, stack limit = 0x(____ptrval____))
Call trace:
scan_block+0x70/0x190
scan_gray_list+0x108/0x1c0
kmemleak_scan+0x33c/0x7c0
kmemleak_scan_thread+0x98/0xf0
kthread+0x11c/0x120
ret_from_fork+0x10/0x1c
Code: f9000fb4 d503201f 97ffffd2 35000580 (f9400260)
---[ end trace 176d6ed9d86a0c33 ]---
note: kmemleak[523] exited with preempt_count 2
The crash happens when a no-map area is allocated in
early_init_dt_alloc_reserved_memory_arch(). The allocated region is
registered with kmemleak, but it is then removed from memblock using
memblock_remove() that is not kmemleak-aware.
Replacing __memblock_alloc_base() with memblock_find_in_range() makes sure
that the allocated memory is not added to kmemleak and then
memblock_remove()'ing this memory is safe.
As a bonus, since memblock_find_in_range() ensures the allocation in the
specified range, the bounds check can be removed.
Cc: stable@vger.kernel.org # 3.15+
Fixes: 3f0c820664483 ("drivers: of: add initialization code for dynamic reserved memory")
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Acked-by: Prateek Patel <prpatel@nvidia.com>
Tested-by: Marc Gonzalez <marc.w.gonzalez@free.fr>
Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
---
drivers/of/of_reserved_mem.c | 18 +++++-------------
1 file changed, 5 insertions(+), 13 deletions(-)
diff --git a/drivers/of/of_reserved_mem.c b/drivers/of/of_reserved_mem.c
index 895c83e..240763b 100644
--- a/drivers/of/of_reserved_mem.c
+++ b/drivers/of/of_reserved_mem.c
@@ -32,26 +32,18 @@ int __init __weak early_init_dt_alloc_reserved_memory_arch(phys_addr_t size,
phys_addr_t *res_base)
{
phys_addr_t base;
- /*
- * We use __memblock_alloc_base() because memblock_alloc_base()
- * panic()s on allocation failure.
- */
+
end = !end ? MEMBLOCK_ALLOC_ANYWHERE : end;
- base = __memblock_alloc_base(size, align, end);
+ base = memblock_find_in_range(size, align, start, end);
if (!base)
return -ENOMEM;
- /*
- * Check if the allocated region fits in to start..end window
- */
- if (base < start) {
- memblock_free(base, size);
- return -ENOMEM;
- }
-
*res_base = base;
if (nomap)
return memblock_remove(base, size);
+ else
+ return memblock_reserve(base, size);
+
return 0;
}
#else
--
2.7.4
> --
> Thanks,
> Sasha
>
--
Sincerely yours,
Mike.
next prev parent reply other threads:[~2019-02-08 10:02 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-18 13:36 kmemleak panic Marc Gonzalez
2019-01-18 14:10 ` Marc Gonzalez
2019-01-18 14:34 ` Catalin Marinas
2019-01-18 15:36 ` Marc Gonzalez
2019-01-18 16:14 ` Qian Cai
2019-01-18 17:05 ` Marc Gonzalez
2019-01-18 17:38 ` Qian Cai
2019-01-19 10:21 ` Marc Gonzalez
2019-01-18 19:12 ` Robin Murphy
2019-01-19 13:28 ` Catalin Marinas
2019-01-21 11:57 ` Marc Gonzalez
2019-01-21 12:19 ` Robin Murphy
2019-01-21 13:35 ` Rob Herring
2019-01-21 13:54 ` Marc Gonzalez
2019-01-22 8:20 ` Prateek Patel
2019-01-21 14:37 ` Catalin Marinas
2019-01-21 15:42 ` Rob Herring
2019-01-21 15:53 ` Robin Murphy
2019-01-21 17:42 ` Mike Rapoport
2019-01-22 14:02 ` Marc Gonzalez
2019-01-22 14:12 ` Marc Gonzalez
2019-01-23 5:54 ` Mike Rapoport
2019-01-23 7:05 ` Prateek Patel
2019-01-23 7:28 ` Marek Szyprowski
2019-01-23 12:31 ` [PATCH v2] of: fix kmemleak crash (was: Re: kmemleak panic) Mike Rapoport
2019-02-01 16:23 ` [PATCH v2] of: fix kmemleak crash Marc Gonzalez
2019-02-04 10:10 ` Marc Gonzalez
2019-02-04 15:25 ` Greg Kroah-Hartman
2019-02-04 16:41 ` Rob Herring
2019-02-04 14:37 ` [RESEND PATCH v2] of: fix kmemleak crash caused by imbalance in early memory reservation Marc Gonzalez
[not found] ` <20190207163214.45C1B218D3@mail.kernel.org>
2019-02-08 10:02 ` Mike Rapoport [this message]
2019-02-11 16:47 ` Marc Gonzalez
2019-02-12 16:03 ` Rob Herring
2019-02-12 21:50 ` Stephen Rothwell
2019-02-12 21:52 ` Andrew Morton
2019-02-12 22:12 ` Rob Herring
2019-02-13 6:57 ` Mike Rapoport
2019-02-13 6:57 ` Mike Rapoport
2019-02-13 9:27 ` Marc Gonzalez
2019-02-13 16:30 ` Mike Rapoport
2019-03-06 2:12 ` Guenter Roeck
2019-03-06 13:39 ` Rob Herring
2019-03-06 16:18 ` Guenter Roeck
2019-01-21 12:22 ` kmemleak panic Marc Gonzalez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190208100209.GA11096@rapoport-lnx \
--to=rppt@linux.ibm.com \
--cc=marc.w.gonzalez@free.fr \
--cc=robh+dt@kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.