[PATCH] of: fdt: do not reserve memory below MIN_MEMBLOCK_ADDR

[PATCH] of: fdt: do not reserve memory below MIN_MEMBLOCK_ADDR

[Patrick Wang]

Dt reserve memory without base checking, which will trigger an oops in
kmemleak when the base address is below MIN_MEMBLOCK_ADDR:

# echo scan > /sys/kernel/debug/kmemleak
[   54.888353] Unable to handle kernel paging request at virtual address ff5fffffffe00000
[   54.888932] Oops [#1]
[   54.889102] Modules linked in:
[   54.889326] CPU: 2 PID: 134 Comm: bash Not tainted 5.18.0-rc1-next-20220407 #33
[   54.889620] Hardware name: riscv-virtio,qemu (DT)
[   54.889901] epc : scan_block+0x74/0x15c
[   54.890215]  ra : scan_block+0x72/0x15c
[   54.890390] epc : ffffffff801e5806 ra : ffffffff801e5804 sp : ff200000104abc30
[   54.890607]  gp : ffffffff815cd4e8 tp : ff60000004cfa340 t0 : 0000000000000200
[   54.890835]  t1 : 00aaaaaac23954cc t2 : 00000000000003ff s0 : ff200000104abc90
[   54.891024]  s1 : ffffffff81b0ff28 a0 : 0000000000000000 a1 : ff5fffffffe01000
[   54.891201]  a2 : ffffffff81b0ff28 a3 : 0000000000000002 a4 : 0000000000000001
[   54.891377]  a5 : 0000000000000000 a6 : ff200000104abd7c a7 : 0000000000000005
[   54.891552]  s2 : ff5fffffffe00ff9 s3 : ffffffff815cd998 s4 : ffffffff815d0e90
[   54.891727]  s5 : ffffffff81b0ff28 s6 : 0000000000000020 s7 : ffffffff815d0eb0
[   54.891903]  s8 : ffffffffffffffff s9 : ff5fffffffe00000 s10: ff5fffffffe01000
[   54.892078]  s11: 0000000000000022 t3 : 00ffffffaa17db4c t4 : 000000000000000f
[   54.892271]  t5 : 0000000000000001 t6 : 0000000000000000
[   54.892408] status: 0000000000000100 badaddr: ff5fffffffe00000 cause: 000000000000000d
[   54.892643] [<ffffffff801e5a1c>] scan_gray_list+0x12e/0x1a6
[   54.892824] [<ffffffff801e5d3e>] kmemleak_scan+0x2aa/0x57e
[   54.892961] [<ffffffff801e633c>] kmemleak_write+0x32a/0x40c
[   54.893096] [<ffffffff803915ac>] full_proxy_write+0x56/0x82
[   54.893235] [<ffffffff801ef456>] vfs_write+0xa6/0x2a6
[   54.893362] [<ffffffff801ef880>] ksys_write+0x6c/0xe2
[   54.893487] [<ffffffff801ef918>] sys_write+0x22/0x2a
[   54.893609] [<ffffffff8000397c>] ret_from_syscall+0x0/0x2
[   54.894183] ---[ end trace 0000000000000000 ]---

Add base checking and ignore the range lower than MIN_MEMBLOCK_ADDR.

Signed-off-by: Patrick Wang <patrick.wang.shcn@gmail.com>
---
 drivers/of/fdt.c | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index ec315b060..296c4ab8e 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -33,6 +33,13 @@
 
 #include "of_private.h"
 
+#ifndef MIN_MEMBLOCK_ADDR
+#define MIN_MEMBLOCK_ADDR	__pa(PAGE_OFFSET)
+#endif
+#ifndef MAX_MEMBLOCK_ADDR
+#define MAX_MEMBLOCK_ADDR	((phys_addr_t)~0)
+#endif
+
 /*
  * of_fdt_limit_memory - limit the number of regions in the /memory node
  * @limit: maximum entries
@@ -480,6 +487,19 @@ static u32 of_fdt_crc32;
 static int __init early_init_dt_reserve_memory_arch(phys_addr_t base,
 					phys_addr_t size, bool nomap)
 {
+	const u64 phys_offset = MIN_MEMBLOCK_ADDR;
+
+	if (base < phys_offset) {
+		pr_warn("Ignoring reserved memory range 0x%llx - 0x%llx\n",
+			base, phys_offset);
+		size = (phys_offset - base) < size ?
+			size - (phys_offset - base) : 0;
+		base = phys_offset;
+
+		if (!size)
+			return -EFAULT;
+	}
+
 	if (nomap) {
 		/*
 		 * If the memory is already reserved (by another region), we
@@ -1198,13 +1218,6 @@ int __init early_init_dt_scan_chosen(char *cmdline)
 	return 0;
 }
 
-#ifndef MIN_MEMBLOCK_ADDR
-#define MIN_MEMBLOCK_ADDR	__pa(PAGE_OFFSET)
-#endif
-#ifndef MAX_MEMBLOCK_ADDR
-#define MAX_MEMBLOCK_ADDR	((phys_addr_t)~0)
-#endif
-
 void __init __weak early_init_dt_add_memory_arch(u64 base, u64 size)
 {
 	const u64 phys_offset = MIN_MEMBLOCK_ADDR;
-- 
2.25.1

Re: [PATCH] of: fdt: do not reserve memory below MIN_MEMBLOCK_ADDR

[kernel test robot]

Hi Patrick,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on robh/for-next]
[also build test WARNING on v5.18-rc2 next-20220412]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/intel-lab-lkp/linux/commits/Patrick-Wang/of-fdt-do-not-reserve-memory-below-MIN_MEMBLOCK_ADDR/20220412-125309
base:   https://git.kernel.org/pub/scm/linux/kernel/git/robh/linux.git for-next
config: arm-buildonly-randconfig-r006-20220411 (https://download.01.org/0day-ci/archive/20220412/202204121637.4ZHpTqwT-lkp@intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project fe2478d44e4f7f191c43fef629ac7a23d0251e72)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install arm cross compiling tool for clang build
        # apt-get install binutils-arm-linux-gnueabi
        # https://github.com/intel-lab-lkp/linux/commit/d362274832c02bb7812c13eff968322a76f10ed3
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Patrick-Wang/of-fdt-do-not-reserve-memory-below-MIN_MEMBLOCK_ADDR/20220412-125309
        git checkout d362274832c02bb7812c13eff968322a76f10ed3
        # save the config file to linux build tree
        mkdir build_dir
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=arm SHELL=/bin/bash

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All warnings (new ones prefixed by >>):

>> drivers/of/fdt.c:494:4: warning: format specifies type 'unsigned long long' but the argument has type 'phys_addr_t' (aka 'unsigned int') [-Wformat]
                           base, phys_offset);
                           ^~~~
   include/linux/printk.h:499:37: note: expanded from macro 'pr_warn'
           printk(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
                                      ~~~     ^~~~~~~~~~~
   include/linux/printk.h:446:60: note: expanded from macro 'printk'
   #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
                                                       ~~~    ^~~~~~~~~~~
   include/linux/printk.h:418:19: note: expanded from macro 'printk_index_wrap'
                   _p_func(_fmt, ##__VA_ARGS__);                           \
                           ~~~~    ^~~~~~~~~~~
   1 warning generated.

Kconfig warnings: (for reference only)
   WARNING: unmet direct dependencies detected for DRM_GEM_SHMEM_HELPER
   Depends on HAS_IOMEM && DRM && MMU
   Selected by
   - DRM_SSD130X && HAS_IOMEM && DRM


vim +494 drivers/of/fdt.c

   486	
   487	static int __init early_init_dt_reserve_memory_arch(phys_addr_t base,
   488						phys_addr_t size, bool nomap)
   489	{
   490		const u64 phys_offset = MIN_MEMBLOCK_ADDR;
   491	
   492		if (base < phys_offset) {
   493			pr_warn("Ignoring reserved memory range 0x%llx - 0x%llx\n",
 > 494				base, phys_offset);
   495			size = (phys_offset - base) < size ?
   496				size - (phys_offset - base) : 0;
   497			base = phys_offset;
   498	
   499			if (!size)
   500				return -EFAULT;
   501		}
   502	
   503		if (nomap) {
   504			/*
   505			 * If the memory is already reserved (by another region), we
   506			 * should not allow it to be marked nomap, but don't worry
   507			 * if the region isn't memory as it won't be mapped.
   508			 */
   509			if (memblock_overlaps_region(&memblock.memory, base, size) &&
   510			    memblock_is_region_reserved(base, size))
   511				return -EBUSY;
   512	
   513			return memblock_mark_nomap(base, size);
   514		}
   515		return memblock_reserve(base, size);
   516	}
   517	

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

Re: [PATCH] of: fdt: do not reserve memory below MIN_MEMBLOCK_ADDR

[Rob Herring]

+Mike Rapoport

On Mon, Apr 11, 2022 at 11:52 PM Patrick Wang
<patrick.wang.shcn@gmail.com> wrote:
>
> Dt reserve memory without base checking, which will trigger an oops in
> kmemleak when the base address is below MIN_MEMBLOCK_ADDR:

Why does the caller need to know what this address is? Shouldn't
memblock handle all this internally?

What about when EFI memory maps are used?

>
> # echo scan > /sys/kernel/debug/kmemleak
> [   54.888353] Unable to handle kernel paging request at virtual address ff5fffffffe00000
> [   54.888932] Oops [#1]
> [   54.889102] Modules linked in:
> [   54.889326] CPU: 2 PID: 134 Comm: bash Not tainted 5.18.0-rc1-next-20220407 #33
> [   54.889620] Hardware name: riscv-virtio,qemu (DT)
> [   54.889901] epc : scan_block+0x74/0x15c
> [   54.890215]  ra : scan_block+0x72/0x15c
> [   54.890390] epc : ffffffff801e5806 ra : ffffffff801e5804 sp : ff200000104abc30
> [   54.890607]  gp : ffffffff815cd4e8 tp : ff60000004cfa340 t0 : 0000000000000200
> [   54.890835]  t1 : 00aaaaaac23954cc t2 : 00000000000003ff s0 : ff200000104abc90
> [   54.891024]  s1 : ffffffff81b0ff28 a0 : 0000000000000000 a1 : ff5fffffffe01000
> [   54.891201]  a2 : ffffffff81b0ff28 a3 : 0000000000000002 a4 : 0000000000000001
> [   54.891377]  a5 : 0000000000000000 a6 : ff200000104abd7c a7 : 0000000000000005
> [   54.891552]  s2 : ff5fffffffe00ff9 s3 : ffffffff815cd998 s4 : ffffffff815d0e90
> [   54.891727]  s5 : ffffffff81b0ff28 s6 : 0000000000000020 s7 : ffffffff815d0eb0
> [   54.891903]  s8 : ffffffffffffffff s9 : ff5fffffffe00000 s10: ff5fffffffe01000
> [   54.892078]  s11: 0000000000000022 t3 : 00ffffffaa17db4c t4 : 000000000000000f
> [   54.892271]  t5 : 0000000000000001 t6 : 0000000000000000
> [   54.892408] status: 0000000000000100 badaddr: ff5fffffffe00000 cause: 000000000000000d
> [   54.892643] [<ffffffff801e5a1c>] scan_gray_list+0x12e/0x1a6
> [   54.892824] [<ffffffff801e5d3e>] kmemleak_scan+0x2aa/0x57e
> [   54.892961] [<ffffffff801e633c>] kmemleak_write+0x32a/0x40c
> [   54.893096] [<ffffffff803915ac>] full_proxy_write+0x56/0x82
> [   54.893235] [<ffffffff801ef456>] vfs_write+0xa6/0x2a6
> [   54.893362] [<ffffffff801ef880>] ksys_write+0x6c/0xe2
> [   54.893487] [<ffffffff801ef918>] sys_write+0x22/0x2a
> [   54.893609] [<ffffffff8000397c>] ret_from_syscall+0x0/0x2
> [   54.894183] ---[ end trace 0000000000000000 ]---
>
> Add base checking and ignore the range lower than MIN_MEMBLOCK_ADDR.
>
> Signed-off-by: Patrick Wang <patrick.wang.shcn@gmail.com>
> ---
>  drivers/of/fdt.c | 27 ++++++++++++++++++++-------
>  1 file changed, 20 insertions(+), 7 deletions(-)
>
> diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
> index ec315b060..296c4ab8e 100644
> --- a/drivers/of/fdt.c
> +++ b/drivers/of/fdt.c
> @@ -33,6 +33,13 @@
>
>  #include "of_private.h"
>
> +#ifndef MIN_MEMBLOCK_ADDR
> +#define MIN_MEMBLOCK_ADDR      __pa(PAGE_OFFSET)
> +#endif
> +#ifndef MAX_MEMBLOCK_ADDR
> +#define MAX_MEMBLOCK_ADDR      ((phys_addr_t)~0)
> +#endif
> +
>  /*
>   * of_fdt_limit_memory - limit the number of regions in the /memory node
>   * @limit: maximum entries
> @@ -480,6 +487,19 @@ static u32 of_fdt_crc32;
>  static int __init early_init_dt_reserve_memory_arch(phys_addr_t base,
>                                         phys_addr_t size, bool nomap)
>  {
> +       const u64 phys_offset = MIN_MEMBLOCK_ADDR;
> +
> +       if (base < phys_offset) {
> +               pr_warn("Ignoring reserved memory range 0x%llx - 0x%llx\n",
> +                       base, phys_offset);
> +               size = (phys_offset - base) < size ?
> +                       size - (phys_offset - base) : 0;
> +               base = phys_offset;
> +
> +               if (!size)
> +                       return -EFAULT;
> +       }
> +
>         if (nomap) {
>                 /*
>                  * If the memory is already reserved (by another region), we
> @@ -1198,13 +1218,6 @@ int __init early_init_dt_scan_chosen(char *cmdline)
>         return 0;
>  }
>
> -#ifndef MIN_MEMBLOCK_ADDR
> -#define MIN_MEMBLOCK_ADDR      __pa(PAGE_OFFSET)
> -#endif
> -#ifndef MAX_MEMBLOCK_ADDR
> -#define MAX_MEMBLOCK_ADDR      ((phys_addr_t)~0)
> -#endif
> -
>  void __init __weak early_init_dt_add_memory_arch(u64 base, u64 size)
>  {
>         const u64 phys_offset = MIN_MEMBLOCK_ADDR;
> --
> 2.25.1
>

Re: [PATCH] of: fdt: do not reserve memory below MIN_MEMBLOCK_ADDR

[patrick wang]

I check the code again, it's not about  reserved memory, it's the calling of
kmemleak_alloc_phys, this api is for lowmem, added in commit 9099daed9c6.

So I think the address should be checked before kmemleak_alloc_phys,
only the range in lowmem should be passed to the  kmemleak api.

if (size &&
    early_init_dt_reserve_memory_arch(base, size, nomap) == 0) {
pr_debug("Reserved memory: reserved region for node '%s': base %pa,
size %lu MiB\n",
uname, &base, (unsigned long)(size / SZ_1M));
if (!nomap)
kmemleak_alloc_phys(base, size, 0, 0); // here to check
}



Rob Herring <robh+dt@kernel.org> 于2022年4月12日周二 20:31写道：
>
> +Mike Rapoport
>
> On Mon, Apr 11, 2022 at 11:52 PM Patrick Wang
> <patrick.wang.shcn@gmail.com> wrote:
> >
> > Dt reserve memory without base checking, which will trigger an oops in
> > kmemleak when the base address is below MIN_MEMBLOCK_ADDR:
>
> Why does the caller need to know what this address is? Shouldn't
> memblock handle all this internally?
>
> What about when EFI memory maps are used?
>
> >
> > # echo scan > /sys/kernel/debug/kmemleak
> > [   54.888353] Unable to handle kernel paging request at virtual address ff5fffffffe00000
> > [   54.888932] Oops [#1]
> > [   54.889102] Modules linked in:
> > [   54.889326] CPU: 2 PID: 134 Comm: bash Not tainted 5.18.0-rc1-next-20220407 #33
> > [   54.889620] Hardware name: riscv-virtio,qemu (DT)
> > [   54.889901] epc : scan_block+0x74/0x15c
> > [   54.890215]  ra : scan_block+0x72/0x15c
> > [   54.890390] epc : ffffffff801e5806 ra : ffffffff801e5804 sp : ff200000104abc30
> > [   54.890607]  gp : ffffffff815cd4e8 tp : ff60000004cfa340 t0 : 0000000000000200
> > [   54.890835]  t1 : 00aaaaaac23954cc t2 : 00000000000003ff s0 : ff200000104abc90
> > [   54.891024]  s1 : ffffffff81b0ff28 a0 : 0000000000000000 a1 : ff5fffffffe01000
> > [   54.891201]  a2 : ffffffff81b0ff28 a3 : 0000000000000002 a4 : 0000000000000001
> > [   54.891377]  a5 : 0000000000000000 a6 : ff200000104abd7c a7 : 0000000000000005
> > [   54.891552]  s2 : ff5fffffffe00ff9 s3 : ffffffff815cd998 s4 : ffffffff815d0e90
> > [   54.891727]  s5 : ffffffff81b0ff28 s6 : 0000000000000020 s7 : ffffffff815d0eb0
> > [   54.891903]  s8 : ffffffffffffffff s9 : ff5fffffffe00000 s10: ff5fffffffe01000
> > [   54.892078]  s11: 0000000000000022 t3 : 00ffffffaa17db4c t4 : 000000000000000f
> > [   54.892271]  t5 : 0000000000000001 t6 : 0000000000000000
> > [   54.892408] status: 0000000000000100 badaddr: ff5fffffffe00000 cause: 000000000000000d
> > [   54.892643] [<ffffffff801e5a1c>] scan_gray_list+0x12e/0x1a6
> > [   54.892824] [<ffffffff801e5d3e>] kmemleak_scan+0x2aa/0x57e
> > [   54.892961] [<ffffffff801e633c>] kmemleak_write+0x32a/0x40c
> > [   54.893096] [<ffffffff803915ac>] full_proxy_write+0x56/0x82
> > [   54.893235] [<ffffffff801ef456>] vfs_write+0xa6/0x2a6
> > [   54.893362] [<ffffffff801ef880>] ksys_write+0x6c/0xe2
> > [   54.893487] [<ffffffff801ef918>] sys_write+0x22/0x2a
> > [   54.893609] [<ffffffff8000397c>] ret_from_syscall+0x0/0x2
> > [   54.894183] ---[ end trace 0000000000000000 ]---
> >
> > Add base checking and ignore the range lower than MIN_MEMBLOCK_ADDR.
> >
> > Signed-off-by: Patrick Wang <patrick.wang.shcn@gmail.com>
> > ---
> >  drivers/of/fdt.c | 27 ++++++++++++++++++++-------
> >  1 file changed, 20 insertions(+), 7 deletions(-)
> >
> > diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
> > index ec315b060..296c4ab8e 100644
> > --- a/drivers/of/fdt.c
> > +++ b/drivers/of/fdt.c
> > @@ -33,6 +33,13 @@
> >
> >  #include "of_private.h"
> >
> > +#ifndef MIN_MEMBLOCK_ADDR
> > +#define MIN_MEMBLOCK_ADDR      __pa(PAGE_OFFSET)
> > +#endif
> > +#ifndef MAX_MEMBLOCK_ADDR
> > +#define MAX_MEMBLOCK_ADDR      ((phys_addr_t)~0)
> > +#endif
> > +
> >  /*
> >   * of_fdt_limit_memory - limit the number of regions in the /memory node
> >   * @limit: maximum entries
> > @@ -480,6 +487,19 @@ static u32 of_fdt_crc32;
> >  static int __init early_init_dt_reserve_memory_arch(phys_addr_t base,
> >                                         phys_addr_t size, bool nomap)
> >  {
> > +       const u64 phys_offset = MIN_MEMBLOCK_ADDR;
> > +
> > +       if (base < phys_offset) {
> > +               pr_warn("Ignoring reserved memory range 0x%llx - 0x%llx\n",
> > +                       base, phys_offset);
> > +               size = (phys_offset - base) < size ?
> > +                       size - (phys_offset - base) : 0;
> > +               base = phys_offset;
> > +
> > +               if (!size)
> > +                       return -EFAULT;
> > +       }
> > +
> >         if (nomap) {
> >                 /*
> >                  * If the memory is already reserved (by another region), we
> > @@ -1198,13 +1218,6 @@ int __init early_init_dt_scan_chosen(char *cmdline)
> >         return 0;
> >  }
> >
> > -#ifndef MIN_MEMBLOCK_ADDR
> > -#define MIN_MEMBLOCK_ADDR      __pa(PAGE_OFFSET)
> > -#endif
> > -#ifndef MAX_MEMBLOCK_ADDR
> > -#define MAX_MEMBLOCK_ADDR      ((phys_addr_t)~0)
> > -#endif
> > -
> >  void __init __weak early_init_dt_add_memory_arch(u64 base, u64 size)
> >  {
> >         const u64 phys_offset = MIN_MEMBLOCK_ADDR;
> > --
> > 2.25.1
> >

Re: [PATCH] of: fdt: do not reserve memory below MIN_MEMBLOCK_ADDR

[patrick wang]

On Wed, Apr 13, 2022 at 12:06 AM patrick wang
<patrick.wang.shcn@gmail.com> wrote:
>
> I check the code again, it's not about  reserved memory, it's the calling of
> kmemleak_alloc_phys, this api is for lowmem, added in commit 9099daed9c6.
>
> So I think the address should be checked before kmemleak_alloc_phys,
> only the range in lowmem should be passed to the  kmemleak api.
>
> if (size &&
>     early_init_dt_reserve_memory_arch(base, size, nomap) == 0) {
> pr_debug("Reserved memory: reserved region for node '%s': base %pa,
> size %lu MiB\n",
> uname, &base, (unsigned long)(size / SZ_1M));
> if (!nomap)
> kmemleak_alloc_phys(base, size, 0, 0); // here to check
> }
>

Since the kmemleak_alloc_phys api is only for lowmem, this should be
handled by itself.

I will post a patch to kmemleak.

>
>
> Rob Herring <robh+dt@kernel.org> 于2022年4月12日周二 20:31写道：
> >
> > +Mike Rapoport
> >
> > On Mon, Apr 11, 2022 at 11:52 PM Patrick Wang
> > <patrick.wang.shcn@gmail.com> wrote:
> > >
> > > Dt reserve memory without base checking, which will trigger an oops in
> > > kmemleak when the base address is below MIN_MEMBLOCK_ADDR:
> >
> > Why does the caller need to know what this address is? Shouldn't
> > memblock handle all this internally?

early_init_dt_add_memory_arch() handled this.


> >
> > What about when EFI memory maps are used?

If reserved memory should be handled, this should also be handled too, I think.

Thanks

> >
> > >
> > > # echo scan > /sys/kernel/debug/kmemleak
> > > [   54.888353] Unable to handle kernel paging request at virtual address ff5fffffffe00000
> > > [   54.888932] Oops [#1]
> > > [   54.889102] Modules linked in:
> > > [   54.889326] CPU: 2 PID: 134 Comm: bash Not tainted 5.18.0-rc1-next-20220407 #33
> > > [   54.889620] Hardware name: riscv-virtio,qemu (DT)
> > > [   54.889901] epc : scan_block+0x74/0x15c
> > > [   54.890215]  ra : scan_block+0x72/0x15c
> > > [   54.890390] epc : ffffffff801e5806 ra : ffffffff801e5804 sp : ff200000104abc30
> > > [   54.890607]  gp : ffffffff815cd4e8 tp : ff60000004cfa340 t0 : 0000000000000200
> > > [   54.890835]  t1 : 00aaaaaac23954cc t2 : 00000000000003ff s0 : ff200000104abc90
> > > [   54.891024]  s1 : ffffffff81b0ff28 a0 : 0000000000000000 a1 : ff5fffffffe01000
> > > [   54.891201]  a2 : ffffffff81b0ff28 a3 : 0000000000000002 a4 : 0000000000000001
> > > [   54.891377]  a5 : 0000000000000000 a6 : ff200000104abd7c a7 : 0000000000000005
> > > [   54.891552]  s2 : ff5fffffffe00ff9 s3 : ffffffff815cd998 s4 : ffffffff815d0e90
> > > [   54.891727]  s5 : ffffffff81b0ff28 s6 : 0000000000000020 s7 : ffffffff815d0eb0
> > > [   54.891903]  s8 : ffffffffffffffff s9 : ff5fffffffe00000 s10: ff5fffffffe01000
> > > [   54.892078]  s11: 0000000000000022 t3 : 00ffffffaa17db4c t4 : 000000000000000f
> > > [   54.892271]  t5 : 0000000000000001 t6 : 0000000000000000
> > > [   54.892408] status: 0000000000000100 badaddr: ff5fffffffe00000 cause: 000000000000000d
> > > [   54.892643] [<ffffffff801e5a1c>] scan_gray_list+0x12e/0x1a6
> > > [   54.892824] [<ffffffff801e5d3e>] kmemleak_scan+0x2aa/0x57e
> > > [   54.892961] [<ffffffff801e633c>] kmemleak_write+0x32a/0x40c
> > > [   54.893096] [<ffffffff803915ac>] full_proxy_write+0x56/0x82
> > > [   54.893235] [<ffffffff801ef456>] vfs_write+0xa6/0x2a6
> > > [   54.893362] [<ffffffff801ef880>] ksys_write+0x6c/0xe2
> > > [   54.893487] [<ffffffff801ef918>] sys_write+0x22/0x2a
> > > [   54.893609] [<ffffffff8000397c>] ret_from_syscall+0x0/0x2
> > > [   54.894183] ---[ end trace 0000000000000000 ]---
> > >
> > > Add base checking and ignore the range lower than MIN_MEMBLOCK_ADDR.
> > >
> > > Signed-off-by: Patrick Wang <patrick.wang.shcn@gmail.com>
> > > ---
> > >  drivers/of/fdt.c | 27 ++++++++++++++++++++-------
> > >  1 file changed, 20 insertions(+), 7 deletions(-)
> > >
> > > diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
> > > index ec315b060..296c4ab8e 100644
> > > --- a/drivers/of/fdt.c
> > > +++ b/drivers/of/fdt.c
> > > @@ -33,6 +33,13 @@
> > >
> > >  #include "of_private.h"
> > >
> > > +#ifndef MIN_MEMBLOCK_ADDR
> > > +#define MIN_MEMBLOCK_ADDR      __pa(PAGE_OFFSET)
> > > +#endif
> > > +#ifndef MAX_MEMBLOCK_ADDR
> > > +#define MAX_MEMBLOCK_ADDR      ((phys_addr_t)~0)
> > > +#endif
> > > +
> > >  /*
> > >   * of_fdt_limit_memory - limit the number of regions in the /memory node
> > >   * @limit: maximum entries
> > > @@ -480,6 +487,19 @@ static u32 of_fdt_crc32;
> > >  static int __init early_init_dt_reserve_memory_arch(phys_addr_t base,
> > >                                         phys_addr_t size, bool nomap)
> > >  {
> > > +       const u64 phys_offset = MIN_MEMBLOCK_ADDR;
> > > +
> > > +       if (base < phys_offset) {
> > > +               pr_warn("Ignoring reserved memory range 0x%llx - 0x%llx\n",
> > > +                       base, phys_offset);
> > > +               size = (phys_offset - base) < size ?
> > > +                       size - (phys_offset - base) : 0;
> > > +               base = phys_offset;
> > > +
> > > +               if (!size)
> > > +                       return -EFAULT;
> > > +       }
> > > +
> > >         if (nomap) {
> > >                 /*
> > >                  * If the memory is already reserved (by another region), we
> > > @@ -1198,13 +1218,6 @@ int __init early_init_dt_scan_chosen(char *cmdline)
> > >         return 0;
> > >  }
> > >
> > > -#ifndef MIN_MEMBLOCK_ADDR
> > > -#define MIN_MEMBLOCK_ADDR      __pa(PAGE_OFFSET)
> > > -#endif
> > > -#ifndef MAX_MEMBLOCK_ADDR
> > > -#define MAX_MEMBLOCK_ADDR      ((phys_addr_t)~0)
> > > -#endif
> > > -
> > >  void __init __weak early_init_dt_add_memory_arch(u64 base, u64 size)
> > >  {
> > >         const u64 phys_offset = MIN_MEMBLOCK_ADDR;
> > > --
> > > 2.25.1
> > >