* [RFC PATCH v1] powerpc: Enable KFENCE for PPC32
From: Christophe Leroy @ 2021-03-02 8:37 UTC (permalink / raw)
To: Benjamin Herrenschmidt, Paul Mackerras, Michael Ellerman,
Alexander Potapenko, Marco Elver, Dmitry Vyukov
Cc: linuxppc-dev, linux-kernel, kasan-dev
Add architecture specific implementation details for KFENCE and enable
KFENCE for the ppc32 architecture. In particular, this implements the
required interface in <asm/kfence.h>.
KFENCE requires that attributes for pages from its memory pool can
individually be set. Therefore, force the Read/Write linear map to be
mapped at page granularity.
Unit tests succeed on all tests but one:
[ 15.053324] # test_invalid_access: EXPECTATION FAILED at mm/kfence/kfence_test.c:636
[ 15.053324] Expected report_matches(&expect) to be true, but is false
[ 15.068359] not ok 21 - test_invalid_access
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
arch/powerpc/Kconfig | 13 +++++++------
arch/powerpc/include/asm/kfence.h | 32 +++++++++++++++++++++++++++++++
arch/powerpc/mm/book3s32/mmu.c | 2 +-
arch/powerpc/mm/fault.c | 7 ++++++-
arch/powerpc/mm/init_32.c | 3 +++
arch/powerpc/mm/nohash/8xx.c | 5 +++--
6 files changed, 52 insertions(+), 10 deletions(-)
create mode 100644 arch/powerpc/include/asm/kfence.h
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index 386ae12d8523..d46db0bfb998 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -185,6 +185,7 @@ config PPC
select HAVE_ARCH_KASAN if PPC32 && PPC_PAGE_SHIFT <= 14
select HAVE_ARCH_KASAN_VMALLOC if PPC32 && PPC_PAGE_SHIFT <= 14
select HAVE_ARCH_KGDB
+ select HAVE_ARCH_KFENCE if PPC32
select HAVE_ARCH_MMAP_RND_BITS
select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT
select HAVE_ARCH_NVRAM_OPS
@@ -786,7 +787,7 @@ config THREAD_SHIFT
config DATA_SHIFT_BOOL
bool "Set custom data alignment"
depends on ADVANCED_OPTIONS
- depends on STRICT_KERNEL_RWX || DEBUG_PAGEALLOC
+ depends on STRICT_KERNEL_RWX || DEBUG_PAGEALLOC || KFENCE
depends on PPC_BOOK3S_32 || (PPC_8xx && !PIN_TLB_DATA && !STRICT_KERNEL_RWX)
help
This option allows you to set the kernel data alignment. When
@@ -798,13 +799,13 @@ config DATA_SHIFT_BOOL
config DATA_SHIFT
int "Data shift" if DATA_SHIFT_BOOL
default 24 if STRICT_KERNEL_RWX && PPC64
- range 17 28 if (STRICT_KERNEL_RWX || DEBUG_PAGEALLOC) && PPC_BOOK3S_32
- range 19 23 if (STRICT_KERNEL_RWX || DEBUG_PAGEALLOC) && PPC_8xx
+ range 17 28 if (STRICT_KERNEL_RWX || DEBUG_PAGEALLOC || KFENCE) && PPC_BOOK3S_32
+ range 19 23 if (STRICT_KERNEL_RWX || DEBUG_PAGEALLOC || KFENCE) && PPC_8xx
default 22 if STRICT_KERNEL_RWX && PPC_BOOK3S_32
- default 18 if DEBUG_PAGEALLOC && PPC_BOOK3S_32
+ default 18 if (DEBUG_PAGEALLOC || KFENCE) && PPC_BOOK3S_32
default 23 if STRICT_KERNEL_RWX && PPC_8xx
- default 23 if DEBUG_PAGEALLOC && PPC_8xx && PIN_TLB_DATA
- default 19 if DEBUG_PAGEALLOC && PPC_8xx
+ default 23 if (DEBUG_PAGEALLOC || KFENCE) && PPC_8xx && PIN_TLB_DATA
+ default 19 if (DEBUG_PAGEALLOC || KFENCE) && PPC_8xx
default PPC_PAGE_SHIFT
help
On Book3S 32 (603+), DBATs are used to map kernel text and rodata RO.
diff --git a/arch/powerpc/include/asm/kfence.h b/arch/powerpc/include/asm/kfence.h
new file mode 100644
index 000000000000..c229ee6a48f0
--- /dev/null
+++ b/arch/powerpc/include/asm/kfence.h
@@ -0,0 +1,32 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * powerpc KFENCE support.
+ *
+ * Copyright (C) 2020 CS GROUP France
+ */
+
+#ifndef __ASM_POWERPC_KFENCE_H
+#define __ASM_POWERPC_KFENCE_H
+
+#include <asm/pgtable.h>
+
+static inline bool arch_kfence_init_pool(void)
+{
+ return true;
+}
+
+static inline bool kfence_protect_page(unsigned long addr, bool protect)
+{
+ pte_t *kpte = virt_to_kpte(addr);
+
+ if (protect) {
+ pte_update(&init_mm, addr, kpte, _PAGE_PRESENT, 0, 0);
+ flush_tlb_kernel_range(addr, addr + PAGE_SIZE);
+ } else {
+ pte_update(&init_mm, addr, kpte, 0, _PAGE_PRESENT, 0);
+ }
+
+ return true;
+}
+
+#endif /* __ASM_POWERPC_KFENCE_H */
diff --git a/arch/powerpc/mm/book3s32/mmu.c b/arch/powerpc/mm/book3s32/mmu.c
index d7eb266a3f7a..4548aec95561 100644
--- a/arch/powerpc/mm/book3s32/mmu.c
+++ b/arch/powerpc/mm/book3s32/mmu.c
@@ -162,7 +162,7 @@ unsigned long __init mmu_mapin_ram(unsigned long base, unsigned long top)
unsigned long border = (unsigned long)__init_begin - PAGE_OFFSET;
- if (debug_pagealloc_enabled() || __map_without_bats) {
+ if (debug_pagealloc_enabled() || __map_without_bats || IS_ENABLED(CONFIG_KFENCE)) {
pr_debug_once("Read-Write memory mapped without BATs\n");
if (base >= border)
return base;
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
index bb368257b55c..bea13682c909 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -32,6 +32,7 @@
#include <linux/context_tracking.h>
#include <linux/hugetlb.h>
#include <linux/uaccess.h>
+#include <linux/kfence.h>
#include <asm/firmware.h>
#include <asm/interrupt.h>
@@ -418,8 +419,12 @@ static int ___do_page_fault(struct pt_regs *regs, unsigned long address,
* take a page fault to a kernel address or a page fault to a user
* address outside of dedicated places
*/
- if (unlikely(!is_user && bad_kernel_fault(regs, error_code, address, is_write)))
+ if (unlikely(!is_user && bad_kernel_fault(regs, error_code, address, is_write))) {
+ if (kfence_handle_page_fault(address, is_write, regs))
+ return 0;
+
return SIGSEGV;
+ }
/*
* If we're in an interrupt, have no user context or are running
diff --git a/arch/powerpc/mm/init_32.c b/arch/powerpc/mm/init_32.c
index 02c7db4087cb..3d690be48e84 100644
--- a/arch/powerpc/mm/init_32.c
+++ b/arch/powerpc/mm/init_32.c
@@ -97,6 +97,9 @@ static void __init MMU_setup(void)
if (IS_ENABLED(CONFIG_PPC_8xx))
return;
+ if (IS_ENABLED(CONFIG_KFENCE))
+ __map_without_ltlbs = 1;
+
if (debug_pagealloc_enabled())
__map_without_ltlbs = 1;
diff --git a/arch/powerpc/mm/nohash/8xx.c b/arch/powerpc/mm/nohash/8xx.c
index 19a3eec1d8c5..17051377aed7 100644
--- a/arch/powerpc/mm/nohash/8xx.c
+++ b/arch/powerpc/mm/nohash/8xx.c
@@ -149,7 +149,8 @@ unsigned long __init mmu_mapin_ram(unsigned long base, unsigned long top)
{
unsigned long etext8 = ALIGN(__pa(_etext), SZ_8M);
unsigned long sinittext = __pa(_sinittext);
- bool strict_boundary = strict_kernel_rwx_enabled() || debug_pagealloc_enabled();
+ bool strict_boundary = strict_kernel_rwx_enabled() || debug_pagealloc_enabled() ||
+ IS_ENABLED(CONFIG_KFENCE);
unsigned long boundary = strict_boundary ? sinittext : etext8;
unsigned long einittext8 = ALIGN(__pa(_einittext), SZ_8M);
@@ -161,7 +162,7 @@ unsigned long __init mmu_mapin_ram(unsigned long base, unsigned long top)
return 0;
mmu_mapin_ram_chunk(0, boundary, PAGE_KERNEL_TEXT, true);
- if (debug_pagealloc_enabled()) {
+ if (debug_pagealloc_enabled() || IS_ENABLED(CONFIG_KFENCE)) {
top = boundary;
} else {
mmu_mapin_ram_chunk(boundary, einittext8, PAGE_KERNEL_TEXT, true);
--
2.25.0
^ permalink raw reply related
* [PATCH v1 2/2] powerpc: Use %y addressing on bitops
From: Christophe Leroy @ 2021-03-02 8:48 UTC (permalink / raw)
To: Benjamin Herrenschmidt, Paul Mackerras, Michael Ellerman
Cc: linuxppc-dev, linux-kernel
In-Reply-To: <1fc81f07cabebb875b963e295408cc3dd38c8d85.1614674882.git.christophe.leroy@csgroup.eu>
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
arch/powerpc/include/asm/bitops.h | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/arch/powerpc/include/asm/bitops.h b/arch/powerpc/include/asm/bitops.h
index 11847b6a244e..264626b13ea8 100644
--- a/arch/powerpc/include/asm/bitops.h
+++ b/arch/powerpc/include/asm/bitops.h
@@ -70,12 +70,12 @@ static inline void fn(unsigned long mask, \
unsigned long *p = (unsigned long *)_p; \
__asm__ __volatile__ ( \
prefix \
-"1:" PPC_LLARX "%0,0,%3,0\n" \
+"1:" PPC_LLARX "%0,%y3,0\n" \
stringify_in_c(op) "%0,%0,%2\n" \
- PPC_STLCX "%0,0,%3\n" \
+ PPC_STLCX "%0,%y3\n" \
"bne- 1b\n" \
: "=&r" (old), "+m" (*p) \
- : "r" (mask), "r" (p) \
+ : "r" (mask), "Z" (*p) \
: "cc", "memory"); \
}
@@ -115,13 +115,13 @@ static inline unsigned long fn( \
unsigned long *p = (unsigned long *)_p; \
__asm__ __volatile__ ( \
prefix \
-"1:" PPC_LLARX "%0,0,%3,%4\n" \
+"1:" PPC_LLARX "%0,%y3,%4\n" \
stringify_in_c(op) "%1,%0,%2\n" \
- PPC_STLCX "%1,0,%3\n" \
+ PPC_STLCX "%1,%y3\n" \
"bne- 1b\n" \
postfix \
: "=&r" (old), "=&r" (t) \
- : "r" (mask), "r" (p), "i" (IS_ENABLED(CONFIG_PPC64) ? eh : 0) \
+ : "r" (mask), "Z" (*p), "i" (IS_ENABLED(CONFIG_PPC64) ? eh : 0) \
: "cc", "memory"); \
return (old & mask); \
}
@@ -170,12 +170,12 @@ clear_bit_unlock_return_word(int nr, volatile unsigned long *addr)
__asm__ __volatile__ (
PPC_RELEASE_BARRIER
-"1:" PPC_LLARX "%0,0,%3,0\n"
+"1:" PPC_LLARX "%0,%y3,0\n"
"andc %1,%0,%2\n"
- PPC_STLCX "%1,0,%3\n"
+ PPC_STLCX "%1,%y3\n"
"bne- 1b\n"
: "=&r" (old), "=&r" (t)
- : "r" (mask), "r" (p)
+ : "r" (mask), "Z" (*p)
: "cc", "memory");
return old;
--
2.25.0
^ permalink raw reply related
* [PATCH v1 1/2] powerpc: Use lwarx/ldarx directly instead of PPC_LWARX/LDARX macros
From: Christophe Leroy @ 2021-03-02 8:48 UTC (permalink / raw)
To: Benjamin Herrenschmidt, Paul Mackerras, Michael Ellerman
Cc: linuxppc-dev, linux-kernel
Force the eh flag at 0 on PPC32.
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
arch/powerpc/include/asm/asm-compat.h | 4 ++--
arch/powerpc/include/asm/atomic.h | 4 ++--
arch/powerpc/include/asm/bitops.h | 8 ++++----
arch/powerpc/include/asm/ppc-opcode.h | 2 --
arch/powerpc/include/asm/simple_spinlock.h | 6 +++---
5 files changed, 11 insertions(+), 13 deletions(-)
diff --git a/arch/powerpc/include/asm/asm-compat.h b/arch/powerpc/include/asm/asm-compat.h
index 19b70c5b5f18..2b736d9fbb1b 100644
--- a/arch/powerpc/include/asm/asm-compat.h
+++ b/arch/powerpc/include/asm/asm-compat.h
@@ -17,7 +17,7 @@
#define PPC_LONG stringify_in_c(.8byte)
#define PPC_LONG_ALIGN stringify_in_c(.balign 8)
#define PPC_TLNEI stringify_in_c(tdnei)
-#define PPC_LLARX(t, a, b, eh) PPC_LDARX(t, a, b, eh)
+#define PPC_LLARX stringify_in_c(ldarx)
#define PPC_STLCX stringify_in_c(stdcx.)
#define PPC_CNTLZL stringify_in_c(cntlzd)
#define PPC_MTOCRF(FXM, RS) MTOCRF((FXM), RS)
@@ -50,7 +50,7 @@
#define PPC_LONG stringify_in_c(.long)
#define PPC_LONG_ALIGN stringify_in_c(.balign 4)
#define PPC_TLNEI stringify_in_c(twnei)
-#define PPC_LLARX(t, a, b, eh) PPC_LWARX(t, a, b, eh)
+#define PPC_LLARX stringify_in_c(lwarx)
#define PPC_STLCX stringify_in_c(stwcx.)
#define PPC_CNTLZL stringify_in_c(cntlzw)
#define PPC_MTOCRF stringify_in_c(mtcrf)
diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h
index 61c6e8b200e8..ba177d0be278 100644
--- a/arch/powerpc/include/asm/atomic.h
+++ b/arch/powerpc/include/asm/atomic.h
@@ -204,7 +204,7 @@ atomic_try_cmpxchg_lock(atomic_t *v, int *old, int new)
int r, o = *old;
__asm__ __volatile__ (
-"1:\t" PPC_LWARX(%0,0,%2,1) " # atomic_try_cmpxchg_acquire \n"
+"1: lwarx %0,0,%2,%5 # atomic_try_cmpxchg_acquire \n"
" cmpw 0,%0,%3 \n"
" bne- 2f \n"
" stwcx. %4,0,%2 \n"
@@ -212,7 +212,7 @@ atomic_try_cmpxchg_lock(atomic_t *v, int *old, int new)
"\t" PPC_ACQUIRE_BARRIER " \n"
"2: \n"
: "=&r" (r), "+m" (v->counter)
- : "r" (&v->counter), "r" (o), "r" (new)
+ : "r" (&v->counter), "r" (o), "r" (new), "i" (IS_ENABLED(CONFIG_PPC64) ? 1 : 0)
: "cr0", "memory");
if (unlikely(r != o))
diff --git a/arch/powerpc/include/asm/bitops.h b/arch/powerpc/include/asm/bitops.h
index 299ab33505a6..11847b6a244e 100644
--- a/arch/powerpc/include/asm/bitops.h
+++ b/arch/powerpc/include/asm/bitops.h
@@ -70,7 +70,7 @@ static inline void fn(unsigned long mask, \
unsigned long *p = (unsigned long *)_p; \
__asm__ __volatile__ ( \
prefix \
-"1:" PPC_LLARX(%0,0,%3,0) "\n" \
+"1:" PPC_LLARX "%0,0,%3,0\n" \
stringify_in_c(op) "%0,%0,%2\n" \
PPC_STLCX "%0,0,%3\n" \
"bne- 1b\n" \
@@ -115,13 +115,13 @@ static inline unsigned long fn( \
unsigned long *p = (unsigned long *)_p; \
__asm__ __volatile__ ( \
prefix \
-"1:" PPC_LLARX(%0,0,%3,eh) "\n" \
+"1:" PPC_LLARX "%0,0,%3,%4\n" \
stringify_in_c(op) "%1,%0,%2\n" \
PPC_STLCX "%1,0,%3\n" \
"bne- 1b\n" \
postfix \
: "=&r" (old), "=&r" (t) \
- : "r" (mask), "r" (p) \
+ : "r" (mask), "r" (p), "i" (IS_ENABLED(CONFIG_PPC64) ? eh : 0) \
: "cc", "memory"); \
return (old & mask); \
}
@@ -170,7 +170,7 @@ clear_bit_unlock_return_word(int nr, volatile unsigned long *addr)
__asm__ __volatile__ (
PPC_RELEASE_BARRIER
-"1:" PPC_LLARX(%0,0,%3,0) "\n"
+"1:" PPC_LLARX "%0,0,%3,0\n"
"andc %1,%0,%2\n"
PPC_STLCX "%1,0,%3\n"
"bne- 1b\n"
diff --git a/arch/powerpc/include/asm/ppc-opcode.h b/arch/powerpc/include/asm/ppc-opcode.h
index ed161ef2b3ca..9550af2301b1 100644
--- a/arch/powerpc/include/asm/ppc-opcode.h
+++ b/arch/powerpc/include/asm/ppc-opcode.h
@@ -531,8 +531,6 @@
#define PPC_DIVDE(t, a, b) stringify_in_c(.long PPC_RAW_DIVDE(t, a, b))
#define PPC_DIVDEU(t, a, b) stringify_in_c(.long PPC_RAW_DIVDEU(t, a, b))
#define PPC_LQARX(t, a, b, eh) stringify_in_c(.long PPC_RAW_LQARX(t, a, b, eh))
-#define PPC_LDARX(t, a, b, eh) stringify_in_c(.long PPC_RAW_LDARX(t, a, b, eh))
-#define PPC_LWARX(t, a, b, eh) stringify_in_c(.long PPC_RAW_LWARX(t, a, b, eh))
#define PPC_STQCX(t, a, b) stringify_in_c(.long PPC_RAW_STQCX(t, a, b))
#define PPC_MADDHD(t, a, b, c) stringify_in_c(.long PPC_RAW_MADDHD(t, a, b, c))
#define PPC_MADDHDU(t, a, b, c) stringify_in_c(.long PPC_RAW_MADDHDU(t, a, b, c))
diff --git a/arch/powerpc/include/asm/simple_spinlock.h b/arch/powerpc/include/asm/simple_spinlock.h
index 5b862de29dff..1b1ded4a21f3 100644
--- a/arch/powerpc/include/asm/simple_spinlock.h
+++ b/arch/powerpc/include/asm/simple_spinlock.h
@@ -52,7 +52,7 @@ static inline unsigned long __arch_spin_trylock(arch_spinlock_t *lock)
token = LOCK_TOKEN;
__asm__ __volatile__(
-"1: " PPC_LWARX(%0,0,%2,1) "\n\
+"1: lwarx %0,0,%2,1\n\
cmpwi 0,%0,0\n\
bne- 2f\n\
stwcx. %1,0,%2\n\
@@ -180,7 +180,7 @@ static inline long __arch_read_trylock(arch_rwlock_t *rw)
long tmp;
__asm__ __volatile__(
-"1: " PPC_LWARX(%0,0,%1,1) "\n"
+"1: lwarx %0,0,%1,1\n"
__DO_SIGN_EXTEND
" addic. %0,%0,1\n\
ble- 2f\n"
@@ -204,7 +204,7 @@ static inline long __arch_write_trylock(arch_rwlock_t *rw)
token = WRLOCK_TOKEN;
__asm__ __volatile__(
-"1: " PPC_LWARX(%0,0,%2,1) "\n\
+"1: lwarx %0,0,%2,1\n\
cmpwi 0,%0,0\n\
bne- 2f\n"
" stwcx. %1,0,%2\n\
--
2.25.0
^ permalink raw reply related
* Re: [RFC PATCH v1] powerpc: Enable KFENCE for PPC32
From: Marco Elver @ 2021-03-02 8:58 UTC (permalink / raw)
To: Christophe Leroy
Cc: LKML, kasan-dev, Alexander Potapenko, Paul Mackerras,
linuxppc-dev, Dmitry Vyukov
In-Reply-To: <51c397a23631d8bb2e2a6515c63440d88bf74afd.1614674144.git.christophe.leroy@csgroup.eu>
On Tue, 2 Mar 2021 at 09:37, Christophe Leroy
<christophe.leroy@csgroup.eu> wrote:
> Add architecture specific implementation details for KFENCE and enable
> KFENCE for the ppc32 architecture. In particular, this implements the
> required interface in <asm/kfence.h>.
Nice!
> KFENCE requires that attributes for pages from its memory pool can
> individually be set. Therefore, force the Read/Write linear map to be
> mapped at page granularity.
>
> Unit tests succeed on all tests but one:
>
> [ 15.053324] # test_invalid_access: EXPECTATION FAILED at mm/kfence/kfence_test.c:636
> [ 15.053324] Expected report_matches(&expect) to be true, but is false
> [ 15.068359] not ok 21 - test_invalid_access
This is strange, given all the other tests passed. Do you mind sharing
the full test log?
Thanks,
-- Marco
^ permalink raw reply
* Re: [RFC PATCH v1] powerpc: Enable KFENCE for PPC32
From: Christophe Leroy @ 2021-03-02 9:05 UTC (permalink / raw)
To: Marco Elver
Cc: LKML, kasan-dev, Alexander Potapenko, Paul Mackerras,
linuxppc-dev, Dmitry Vyukov
In-Reply-To: <CANpmjNPOJfL_qsSZYRbwMUrxnXxtF5L3k9hursZZ7k9H1jLEuA@mail.gmail.com>
Le 02/03/2021 à 09:58, Marco Elver a écrit :
> On Tue, 2 Mar 2021 at 09:37, Christophe Leroy
> <christophe.leroy@csgroup.eu> wrote:
>> Add architecture specific implementation details for KFENCE and enable
>> KFENCE for the ppc32 architecture. In particular, this implements the
>> required interface in <asm/kfence.h>.
>
> Nice!
>
>> KFENCE requires that attributes for pages from its memory pool can
>> individually be set. Therefore, force the Read/Write linear map to be
>> mapped at page granularity.
>>
>> Unit tests succeed on all tests but one:
>>
>> [ 15.053324] # test_invalid_access: EXPECTATION FAILED at mm/kfence/kfence_test.c:636
>> [ 15.053324] Expected report_matches(&expect) to be true, but is false
>> [ 15.068359] not ok 21 - test_invalid_access
>
> This is strange, given all the other tests passed. Do you mind sharing
> the full test log?
>
[ 0.000000] Linux version 5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty
(root@localhost.localdomain) (powerpc64-linux-gcc (GCC) 10.1.0, GNU ld (GNU Binutils) 2.34) #4674
PREEMPT Tue Mar 2 08:18:49 UTC 2021
[ 0.000000] Using CMPCPRO machine description
[ 0.000000] Found legacy serial port 0 for /soc8321@b0000000/serial@4500
[ 0.000000] mem=b0004500, taddr=b0004500, irq=0, clk=133333334, speed=0
[ 0.000000] Found legacy serial port 1 for /soc8321@b0000000/serial@4600
[ 0.000000] mem=b0004600, taddr=b0004600, irq=0, clk=133333334, speed=0
[ 0.000000] ioremap() called early from find_legacy_serial_ports+0x3e4/0x4d8. Use early_ioremap()
instead
[ 0.000000] printk: bootconsole [udbg0] enabled
[ 0.000000] -----------------------------------------------------
[ 0.000000] phys_mem_size = 0x20000000
[ 0.000000] dcache_bsize = 0x20
[ 0.000000] icache_bsize = 0x20
[ 0.000000] cpu_features = 0x0000000001000140
[ 0.000000] possible = 0x00000000277ce140
[ 0.000000] always = 0x0000000001000000
[ 0.000000] cpu_user_features = 0x84000000 0x00000000
[ 0.000000] mmu_features = 0x00210000
[ 0.000000] Hash_size = 0x0
[ 0.000000] -----------------------------------------------------
[ 0.000000] Top of RAM: 0x20000000, Total RAM: 0x20000000
[ 0.000000] Memory hole size: 0MB
[ 0.000000] Zone ranges:
[ 0.000000] Normal [mem 0x0000000000000000-0x000000001fffffff]
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x0000000000000000-0x000000001fffffff]
[ 0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x000000001fffffff]
[ 0.000000] On node 0 totalpages: 131072
[ 0.000000] Normal zone: 1024 pages used for memmap
[ 0.000000] Normal zone: 0 pages reserved
[ 0.000000] Normal zone: 131072 pages, LIFO batch:31
[ 0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
[ 0.000000] pcpu-alloc: [0] 0
[ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 130048
[ 0.000000] Kernel command line: ip=192.168.0.3:192.168.0.1::255.0.0.0:vgoippro:eth0:off
console=ttyS0,115200
[ 0.000000] Dentry cache hash table entries: 65536 (order: 6, 262144 bytes, linear)
[ 0.000000] Inode-cache hash table entries: 32768 (order: 5, 131072 bytes, linear)
[ 0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off
[ 0.000000] Memory: 503516K/524288K available (7532K kernel code, 2236K rwdata, 1328K rodata,
1500K init, 931K bss, 20772K reserved, 0K cma-reserved)
[ 0.000000] Kernel virtual memory layout:
[ 0.000000] * 0xff7ff000..0xfffff000 : fixmap
[ 0.000000] * 0xff7fd000..0xff7ff000 : early ioremap
[ 0.000000] * 0xe1000000..0xff7fd000 : vmalloc & ioremap
[ 0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[ 0.000000] rcu: Preemptible hierarchical RCU implementation.
[ 0.000000] rcu: RCU event tracing is enabled.
[ 0.000000] Trampoline variant of Tasks RCU enabled.
[ 0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies.
[ 0.000000] NR_IRQS: 512, nr_irqs: 512, preallocated irqs: 16
[ 0.000000] IPIC (128 IRQ sources) at (ptrval)
[ 0.000000] kfence: initialized - using 2097152 bytes for 255 objects at 0x(ptrval)-0x(ptrval)
...
[ 4.472455] # Subtest: kfence
[ 4.472490] 1..25
[ 4.476069] # test_out_of_bounds_read: test_alloc: size=32, gfp=cc0, policy=left, cache=0
[ 4.946420] ==================================================================
[ 4.953667] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x90/0x228
[ 4.953667]
[ 4.962657] Out-of-bounds read at 0x(ptrval) (1B left of kfence-#23):
[ 4.969109] test_out_of_bounds_read+0x90/0x228
[ 4.973663] kunit_try_run_case+0x5c/0xd0
[ 4.977712] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 4.983128] kthread+0x15c/0x174
[ 4.986387] ret_from_kernel_thread+0x14/0x1c
[ 4.990774]
[ 4.992274] kfence-#23 [0x(ptrval)-0x(ptrval), size=32, cache=kmalloc-32] allocated by task 91:
[ 5.000997] test_alloc+0x10c/0x384
[ 5.004508] test_out_of_bounds_read+0x90/0x228
[ 5.009057] kunit_try_run_case+0x5c/0xd0
[ 5.013093] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 5.018505] kthread+0x15c/0x174
[ 5.021758] ret_from_kernel_thread+0x14/0x1c
[ 5.026139]
[ 5.027641] CPU: 0 PID: 91 Comm: kunit_try_catch Not tainted
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 5.037729] ==================================================================
[ 5.045220] # test_out_of_bounds_read: test_alloc: size=32, gfp=cc0, policy=right, cache=0
[ 5.146454] ==================================================================
[ 5.153698] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x14c/0x228
[ 5.153698]
[ 5.162770] Out-of-bounds read at 0x(ptrval) (32B right of kfence-#24):
[ 5.169395] test_out_of_bounds_read+0x14c/0x228
[ 5.174037] kunit_try_run_case+0x5c/0xd0
[ 5.178085] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 5.183501] kthread+0x15c/0x174
[ 5.186758] ret_from_kernel_thread+0x14/0x1c
[ 5.191145]
[ 5.192645] kfence-#24 [0x(ptrval)-0x(ptrval), size=32, cache=kmalloc-32] allocated by task 91:
[ 5.201366] test_alloc+0x10c/0x384
[ 5.204878] test_out_of_bounds_read+0x14c/0x228
[ 5.209514] kunit_try_run_case+0x5c/0xd0
[ 5.213552] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 5.218965] kthread+0x15c/0x174
[ 5.222219] ret_from_kernel_thread+0x14/0x1c
[ 5.226600]
[ 5.228103] CPU: 0 PID: 91 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 5.239575] ==================================================================
[ 5.247126] ok 1 - test_out_of_bounds_read
[ 5.247534] # test_out_of_bounds_read-memcache: setup_test_cache: size=32, ctor=0x0
[ 5.260310] # test_out_of_bounds_read-memcache: test_alloc: size=32, gfp=cc0, policy=left,
cache=1
[ 5.356422] ==================================================================
[ 5.363670] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x90/0x228
[ 5.363670]
[ 5.372661] Out-of-bounds read at 0x(ptrval) (1B left of kfence-#25):
[ 5.379115] test_out_of_bounds_read+0x90/0x228
[ 5.383671] kunit_try_run_case+0x5c/0xd0
[ 5.387720] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 5.393138] kthread+0x15c/0x174
[ 5.396398] ret_from_kernel_thread+0x14/0x1c
[ 5.400786]
[ 5.402287] kfence-#25 [0x(ptrval)-0x(ptrval), size=32, cache=test] allocated by task 92:
[ 5.410490] test_alloc+0xfc/0x384
[ 5.413918] test_out_of_bounds_read+0x90/0x228
[ 5.418470] kunit_try_run_case+0x5c/0xd0
[ 5.422511] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 5.427926] kthread+0x15c/0x174
[ 5.431180] ret_from_kernel_thread+0x14/0x1c
[ 5.435563]
[ 5.437067] CPU: 0 PID: 92 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 5.448539] ==================================================================
[ 5.456076] # test_out_of_bounds_read-memcache: test_alloc: size=32, gfp=cc0, policy=right,
cache=1
[ 5.556454] ==================================================================
[ 5.563701] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x14c/0x228
[ 5.563701]
[ 5.572774] Out-of-bounds read at 0x(ptrval) (32B right of kfence-#26):
[ 5.579400] test_out_of_bounds_read+0x14c/0x228
[ 5.584042] kunit_try_run_case+0x5c/0xd0
[ 5.588091] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 5.593509] kthread+0x15c/0x174
[ 5.596768] ret_from_kernel_thread+0x14/0x1c
[ 5.601155]
[ 5.602656] kfence-#26 [0x(ptrval)-0x(ptrval), size=32, cache=test] allocated by task 92:
[ 5.610861] test_alloc+0xfc/0x384
[ 5.614288] test_out_of_bounds_read+0x14c/0x228
[ 5.618927] kunit_try_run_case+0x5c/0xd0
[ 5.622966] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 5.628382] kthread+0x15c/0x174
[ 5.631637] ret_from_kernel_thread+0x14/0x1c
[ 5.636019]
[ 5.637522] CPU: 0 PID: 92 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 5.648993] ==================================================================
[ 5.656810] ok 2 - test_out_of_bounds_read-memcache
[ 5.657178] # test_out_of_bounds_write: test_alloc: size=32, gfp=cc0, policy=left, cache=0
[ 5.766441] ==================================================================
[ 5.773686] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x78/0x164
[ 5.773686]
[ 5.782848] Out-of-bounds write at 0x(ptrval) (1B left of kfence-#27):
[ 5.789387] test_out_of_bounds_write+0x78/0x164
[ 5.794029] kunit_try_run_case+0x5c/0xd0
[ 5.798078] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 5.803494] kthread+0x15c/0x174
[ 5.806753] ret_from_kernel_thread+0x14/0x1c
[ 5.811138]
[ 5.812638] kfence-#27 [0x(ptrval)-0x(ptrval), size=32, cache=kmalloc-32] allocated by task 93:
[ 5.821357] test_alloc+0x10c/0x384
[ 5.824868] test_out_of_bounds_write+0x78/0x164
[ 5.829503] kunit_try_run_case+0x5c/0xd0
[ 5.833538] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 5.838949] kthread+0x15c/0x174
[ 5.842202] ret_from_kernel_thread+0x14/0x1c
[ 5.846580]
[ 5.848083] CPU: 0 PID: 93 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 5.859554] ==================================================================
[ 5.867115] ok 3 - test_out_of_bounds_write
[ 5.867476] # test_out_of_bounds_write-memcache: setup_test_cache: size=32, ctor=0x0
[ 5.880408] # test_out_of_bounds_write-memcache: test_alloc: size=32, gfp=cc0, policy=left,
cache=1
[ 5.976421] ==================================================================
[ 5.983669] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x78/0x164
[ 5.983669]
[ 5.992834] Out-of-bounds write at 0x(ptrval) (1B left of kfence-#28):
[ 5.999374] test_out_of_bounds_write+0x78/0x164
[ 6.004016] kunit_try_run_case+0x5c/0xd0
[ 6.008065] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 6.013481] kthread+0x15c/0x174
[ 6.016741] ret_from_kernel_thread+0x14/0x1c
[ 6.021128]
[ 6.022631] kfence-#28 [0x(ptrval)-0x(ptrval), size=32, cache=test] allocated by task 94:
[ 6.030835] test_alloc+0xfc/0x384
[ 6.034263] test_out_of_bounds_write+0x78/0x164
[ 6.038903] kunit_try_run_case+0x5c/0xd0
[ 6.042944] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 6.048359] kthread+0x15c/0x174
[ 6.051615] ret_from_kernel_thread+0x14/0x1c
[ 6.055998]
[ 6.057501] CPU: 0 PID: 94 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 6.068973] ==================================================================
[ 6.076743] ok 4 - test_out_of_bounds_write-memcache
[ 6.077110] # test_use_after_free_read: test_alloc: size=32, gfp=cc0, policy=any, cache=0
[ 6.186527] ==================================================================
[ 6.193773] BUG: KFENCE: use-after-free read in test_use_after_free_read+0xa0/0x158
[ 6.193773]
[ 6.202934] Use-after-free read at 0x(ptrval) (in kfence-#29):
[ 6.208777] test_use_after_free_read+0xa0/0x158
[ 6.213417] kunit_try_run_case+0x5c/0xd0
[ 6.217466] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 6.222882] kthread+0x15c/0x174
[ 6.226140] ret_from_kernel_thread+0x14/0x1c
[ 6.230526]
[ 6.232026] kfence-#29 [0x(ptrval)-0x(ptrval), size=32, cache=kmalloc-32] allocated by task 95:
[ 6.240746] test_alloc+0x10c/0x384
[ 6.244257] test_use_after_free_read+0x7c/0x158
[ 6.248892] kunit_try_run_case+0x5c/0xd0
[ 6.252927] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 6.258337] kthread+0x15c/0x174
[ 6.261590] ret_from_kernel_thread+0x14/0x1c
[ 6.265969]
[ 6.265969] freed by task 95:
[ 6.270467] test_use_after_free_read+0xa0/0x158
[ 6.275108] kunit_try_run_case+0x5c/0xd0
[ 6.279141] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 6.284551] kthread+0x15c/0x174
[ 6.287802] ret_from_kernel_thread+0x14/0x1c
[ 6.292180]
[ 6.293682] CPU: 0 PID: 95 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 6.305153] ==================================================================
[ 6.312658] ok 5 - test_use_after_free_read
[ 6.313020] # test_use_after_free_read-memcache: setup_test_cache: size=32, ctor=0x0
[ 6.325976] # test_use_after_free_read-memcache: test_alloc: size=32, gfp=cc0, policy=any,
cache=1
[ 6.416496] ==================================================================
[ 6.423743] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x98/0x158
[ 6.423743]
[ 6.432908] Use-after-free read at 0x(ptrval) (in kfence-#30):
[ 6.438752] test_use_after_free_read+0x98/0x158
[ 6.443395] kunit_try_run_case+0x5c/0xd0
[ 6.447445] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 6.452863] kthread+0x15c/0x174
[ 6.456124] ret_from_kernel_thread+0x14/0x1c
[ 6.460511]
[ 6.462014] kfence-#30 [0x(ptrval)-0x(ptrval), size=32, cache=test] allocated by task 96:
[ 6.470219] test_alloc+0xfc/0x384
[ 6.473646] test_use_after_free_read+0x7c/0x158
[ 6.478286] kunit_try_run_case+0x5c/0xd0
[ 6.482327] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 6.487742] kthread+0x15c/0x174
[ 6.490998] ret_from_kernel_thread+0x14/0x1c
[ 6.495381]
[ 6.495381] freed by task 96:
[ 6.499849] test_use_after_free_read+0x98/0x158
[ 6.504490] kunit_try_run_case+0x5c/0xd0
[ 6.508530] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 6.513945] kthread+0x15c/0x174
[ 6.517201] ret_from_kernel_thread+0x14/0x1c
[ 6.521583]
[ 6.523086] CPU: 0 PID: 96 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 6.534558] ==================================================================
[ 6.542222] ok 6 - test_use_after_free_read-memcache
[ 6.542587] # test_double_free: test_alloc: size=32, gfp=cc0, policy=any, cache=0
[ 6.646612] ==================================================================
[ 6.653855] BUG: KFENCE: invalid free in test_double_free+0xc0/0x170
[ 6.653855]
[ 6.661704] Invalid free of 0x(ptrval) (in kfence-#31):
[ 6.666940] test_double_free+0xc0/0x170
[ 6.670889] kunit_try_run_case+0x5c/0xd0
[ 6.674928] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 6.680341] kthread+0x15c/0x174
[ 6.683596] ret_from_kernel_thread+0x14/0x1c
[ 6.687977]
[ 6.689478] kfence-#31 [0x(ptrval)-0x(ptrval), size=32, cache=kmalloc-32] allocated by task 97:
[ 6.698196] test_alloc+0x10c/0x384
[ 6.701706] test_double_free+0x7c/0x170
[ 6.705649] kunit_try_run_case+0x5c/0xd0
[ 6.709685] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 6.715096] kthread+0x15c/0x174
[ 6.718347] ret_from_kernel_thread+0x14/0x1c
[ 6.722725]
[ 6.722725] freed by task 97:
[ 6.727222] test_double_free+0xa0/0x170
[ 6.731169] kunit_try_run_case+0x5c/0xd0
[ 6.735203] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 6.740615] kthread+0x15c/0x174
[ 6.743865] ret_from_kernel_thread+0x14/0x1c
[ 6.748243]
[ 6.749746] CPU: 0 PID: 97 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 6.761217] ==================================================================
[ 6.768683] ok 7 - test_double_free
[ 6.769043] # test_double_free-memcache: setup_test_cache: size=32, ctor=0x0
[ 6.780589] # test_double_free-memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
[ 6.876516] ==================================================================
[ 6.883761] BUG: KFENCE: invalid free in test_double_free+0xb4/0x170
[ 6.883761]
[ 6.891612] Invalid free of 0x(ptrval) (in kfence-#32):
[ 6.896854] test_double_free+0xb4/0x170
[ 6.900807] kunit_try_run_case+0x5c/0xd0
[ 6.904857] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 6.910277] kthread+0x15c/0x174
[ 6.913540] ret_from_kernel_thread+0x14/0x1c
[ 6.917930]
[ 6.919432] kfence-#32 [0x(ptrval)-0x(ptrval), size=32, cache=test] allocated by task 98:
[ 6.927637] test_alloc+0xfc/0x384
[ 6.931067] test_double_free+0x7c/0x170
[ 6.935015] kunit_try_run_case+0x5c/0xd0
[ 6.939057] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 6.944473] kthread+0x15c/0x174
[ 6.947728] ret_from_kernel_thread+0x14/0x1c
[ 6.952113]
[ 6.952113] freed by task 98:
[ 6.956579] test_double_free+0x98/0x170
[ 6.960528] kunit_try_run_case+0x5c/0xd0
[ 6.964570] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 6.969985] kthread+0x15c/0x174
[ 6.973242] ret_from_kernel_thread+0x14/0x1c
[ 6.977626]
[ 6.979130] CPU: 0 PID: 98 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 6.990602] ==================================================================
[ 6.998260] ok 8 - test_double_free-memcache
[ 6.998626] # test_invalid_addr_free: test_alloc: size=32, gfp=cc0, policy=any, cache=0
[ 7.106546] ==================================================================
[ 7.113790] BUG: KFENCE: invalid free in test_invalid_addr_free+0xa4/0x178
[ 7.113790]
[ 7.122159] Invalid free of 0x(ptrval) (in kfence-#33):
[ 7.127397] test_invalid_addr_free+0xa4/0x178
[ 7.131867] kunit_try_run_case+0x5c/0xd0
[ 7.135907] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 7.141323] kthread+0x15c/0x174
[ 7.144576] ret_from_kernel_thread+0x14/0x1c
[ 7.148959]
[ 7.150460] kfence-#33 [0x(ptrval)-0x(ptrval), size=32, cache=kmalloc-32] allocated by task 99:
[ 7.159179] test_alloc+0x10c/0x384
[ 7.162692] test_invalid_addr_free+0x78/0x178
[ 7.167157] kunit_try_run_case+0x5c/0xd0
[ 7.171195] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 7.176608] kthread+0x15c/0x174
[ 7.179862] ret_from_kernel_thread+0x14/0x1c
[ 7.184245]
[ 7.185748] CPU: 0 PID: 99 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 7.197220] ==================================================================
[ 7.204816] ok 9 - test_invalid_addr_free
[ 7.205177] # test_invalid_addr_free-memcache: setup_test_cache: size=32, ctor=0x0
[ 7.217849] # test_invalid_addr_free-memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
[ 7.306455] ==================================================================
[ 7.313701] BUG: KFENCE: invalid free in test_invalid_addr_free+0x98/0x178
[ 7.313701]
[ 7.322070] Invalid free of 0x(ptrval) (in kfence-#34):
[ 7.327310] test_invalid_addr_free+0x98/0x178
[ 7.331781] kunit_try_run_case+0x5c/0xd0
[ 7.335832] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 7.341252] kthread+0x15c/0x174
[ 7.344514] ret_from_kernel_thread+0x14/0x1c
[ 7.348903]
[ 7.350405] kfence-#34 [0x(ptrval)-0x(ptrval), size=32, cache=test] allocated by task 100:
[ 7.358695] test_alloc+0xfc/0x384
[ 7.362125] test_invalid_addr_free+0x78/0x178
[ 7.366591] kunit_try_run_case+0x5c/0xd0
[ 7.370631] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 7.376047] kthread+0x15c/0x174
[ 7.379303] ret_from_kernel_thread+0x14/0x1c
[ 7.383687]
[ 7.385191] CPU: 0 PID: 100 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 7.396751] ==================================================================
[ 7.404531] ok 10 - test_invalid_addr_free-memcache
[ 7.404897] # test_corruption: test_alloc: size=32, gfp=cc0, policy=left, cache=0
[ 7.506510] ==================================================================
[ 7.513754] BUG: KFENCE: memory corruption in test_corruption+0xac/0x20c
[ 7.513754]
[ 7.521951] Corrupted memory at 0x(ptrval) [ ! . . . . . . . . . . . . . . . ] (in kfence-#35):
[ 7.530760] test_corruption+0xac/0x20c
[ 7.534624] kunit_try_run_case+0x5c/0xd0
[ 7.538664] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 7.544080] kthread+0x15c/0x174
[ 7.547335] ret_from_kernel_thread+0x14/0x1c
[ 7.551719]
[ 7.553219] kfence-#35 [0x(ptrval)-0x(ptrval), size=32, cache=kmalloc-32] allocated by task 101:
[ 7.562027] test_alloc+0x10c/0x384
[ 7.565540] test_corruption+0x7c/0x20c
[ 7.569399] kunit_try_run_case+0x5c/0xd0
[ 7.573437] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 7.578850] kthread+0x15c/0x174
[ 7.582104] ret_from_kernel_thread+0x14/0x1c
[ 7.586485]
[ 7.587988] CPU: 0 PID: 101 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 7.599545] ==================================================================
[ 7.606994] # test_corruption: test_alloc: size=32, gfp=cc0, policy=right, cache=0
[ 7.976603] ==================================================================
[ 7.983846] BUG: KFENCE: memory corruption in test_corruption+0x168/0x20c
[ 7.983846]
[ 7.992128] Corrupted memory at 0x(ptrval) [ ! ] (in kfence-#38):
[ 7.998258] test_corruption+0x168/0x20c
[ 8.002208] kunit_try_run_case+0x5c/0xd0
[ 8.006247] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 8.011661] kthread+0x15c/0x174
[ 8.014915] ret_from_kernel_thread+0x14/0x1c
[ 8.019297]
[ 8.020797] kfence-#38 [0x(ptrval)-0x(ptrval), size=32, cache=kmalloc-32] allocated by task 101:
[ 8.029603] test_alloc+0x10c/0x384
[ 8.033114] test_corruption+0x138/0x20c
[ 8.037057] kunit_try_run_case+0x5c/0xd0
[ 8.041092] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 8.046503] kthread+0x15c/0x174
[ 8.049752] ret_from_kernel_thread+0x14/0x1c
[ 8.054131]
[ 8.055633] CPU: 0 PID: 101 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 8.067190] ==================================================================
[ 8.074671] ok 11 - test_corruption
[ 8.075043] # test_corruption-memcache: setup_test_cache: size=32, ctor=0x0
[ 8.086586] # test_corruption-memcache: test_alloc: size=32, gfp=cc0, policy=left, cache=1
[ 8.436449] ==================================================================
[ 8.443694] BUG: KFENCE: memory corruption in test_corruption+0xa4/0x20c
[ 8.443694]
[ 8.451888] Corrupted memory at 0x(ptrval) [ ! . . . . . . . . . . . . . . . ] (in kfence-#41):
[ 8.460709] test_corruption+0xa4/0x20c
[ 8.464573] kunit_try_run_case+0x5c/0xd0
[ 8.468622] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 8.474039] kthread+0x15c/0x174
[ 8.477298] ret_from_kernel_thread+0x14/0x1c
[ 8.481685]
[ 8.483187] kfence-#41 [0x(ptrval)-0x(ptrval), size=32, cache=test] allocated by task 102:
[ 8.491476] test_alloc+0xfc/0x384
[ 8.494904] test_corruption+0x7c/0x20c
[ 8.498763] kunit_try_run_case+0x5c/0xd0
[ 8.502801] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 8.508215] kthread+0x15c/0x174
[ 8.511468] ret_from_kernel_thread+0x14/0x1c
[ 8.515849]
[ 8.517352] CPU: 0 PID: 102 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 8.528910] ==================================================================
[ 8.536421] # test_corruption-memcache: test_alloc: size=32, gfp=cc0, policy=right, cache=1
[ 8.646543] ==================================================================
[ 8.653786] BUG: KFENCE: memory corruption in test_corruption+0x160/0x20c
[ 8.653786]
[ 8.662066] Corrupted memory at 0x(ptrval) [ ! ] (in kfence-#42):
[ 8.668201] test_corruption+0x160/0x20c
[ 8.672151] kunit_try_run_case+0x5c/0xd0
[ 8.676199] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 8.681615] kthread+0x15c/0x174
[ 8.684872] ret_from_kernel_thread+0x14/0x1c
[ 8.689259]
[ 8.690760] kfence-#42 [0x(ptrval)-0x(ptrval), size=32, cache=test] allocated by task 102:
[ 8.699050] test_alloc+0xfc/0x384
[ 8.702477] test_corruption+0x138/0x20c
[ 8.706422] kunit_try_run_case+0x5c/0xd0
[ 8.710461] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 8.715875] kthread+0x15c/0x174
[ 8.719130] ret_from_kernel_thread+0x14/0x1c
[ 8.723511]
[ 8.725014] CPU: 0 PID: 102 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 8.736572] ==================================================================
[ 8.744274] ok 12 - test_corruption-memcache
[ 8.744642] # test_free_bulk: test_alloc: size=108, gfp=cc0, policy=right, cache=0
[ 8.846447] # test_free_bulk: test_alloc: size=108, gfp=cc0, policy=none, cache=0
[ 8.854317] # test_free_bulk: test_alloc: size=108, gfp=cc0, policy=left, cache=0
[ 8.976407] # test_free_bulk: test_alloc: size=108, gfp=cc0, policy=none, cache=0
[ 8.984275] # test_free_bulk: test_alloc: size=108, gfp=cc0, policy=none, cache=0
[ 8.992322] # test_free_bulk: test_alloc: size=279, gfp=cc0, policy=right, cache=0
[ 9.496452] # test_free_bulk: test_alloc: size=279, gfp=cc0, policy=none, cache=0
[ 9.504323] # test_free_bulk: test_alloc: size=279, gfp=cc0, policy=left, cache=0
[ 9.626404] # test_free_bulk: test_alloc: size=279, gfp=cc0, policy=none, cache=0
[ 9.634272] # test_free_bulk: test_alloc: size=279, gfp=cc0, policy=none, cache=0
[ 9.642331] # test_free_bulk: test_alloc: size=168, gfp=cc0, policy=right, cache=0
[ 9.886438] # test_free_bulk: test_alloc: size=168, gfp=cc0, policy=none, cache=0
[ 9.894309] # test_free_bulk: test_alloc: size=168, gfp=cc0, policy=left, cache=0
[ 10.146407] # test_free_bulk: test_alloc: size=168, gfp=cc0, policy=none, cache=0
[ 10.154277] # test_free_bulk: test_alloc: size=168, gfp=cc0, policy=none, cache=0
[ 10.162329] # test_free_bulk: test_alloc: size=95, gfp=cc0, policy=right, cache=0
[ 10.406442] # test_free_bulk: test_alloc: size=95, gfp=cc0, policy=none, cache=0
[ 10.414225] # test_free_bulk: test_alloc: size=95, gfp=cc0, policy=left, cache=0
[ 10.796405] # test_free_bulk: test_alloc: size=95, gfp=cc0, policy=none, cache=0
[ 10.804189] # test_free_bulk: test_alloc: size=95, gfp=cc0, policy=none, cache=0
[ 10.812156] # test_free_bulk: test_alloc: size=214, gfp=cc0, policy=right, cache=0
[ 11.056442] # test_free_bulk: test_alloc: size=214, gfp=cc0, policy=none, cache=0
[ 11.064312] # test_free_bulk: test_alloc: size=214, gfp=cc0, policy=left, cache=0
[ 11.186407] # test_free_bulk: test_alloc: size=214, gfp=cc0, policy=none, cache=0
[ 11.194276] # test_free_bulk: test_alloc: size=214, gfp=cc0, policy=none, cache=0
[ 11.202357] ok 13 - test_free_bulk
[ 11.202730] # test_free_bulk-memcache: setup_test_cache: size=264, ctor=0x0
[ 11.214213] # test_free_bulk-memcache: test_alloc: size=264, gfp=cc0, policy=right, cache=1
[ 11.316443] # test_free_bulk-memcache: test_alloc: size=264, gfp=cc0, policy=none, cache=1
[ 11.325092] # test_free_bulk-memcache: test_alloc: size=264, gfp=cc0, policy=left, cache=1
[ 11.706404] # test_free_bulk-memcache: test_alloc: size=264, gfp=cc0, policy=none, cache=1
[ 11.715052] # test_free_bulk-memcache: test_alloc: size=264, gfp=cc0, policy=none, cache=1
[ 11.724042] # test_free_bulk-memcache: setup_test_cache: size=58, ctor=ctor_set_x
[ 11.732296] # test_free_bulk-memcache: test_alloc: size=58, gfp=cc0, policy=right, cache=1
[ 12.486442] # test_free_bulk-memcache: test_alloc: size=58, gfp=cc0, policy=none, cache=1
[ 12.495083] # test_free_bulk-memcache: test_alloc: size=58, gfp=cc0, policy=left, cache=1
[ 12.616406] # test_free_bulk-memcache: test_alloc: size=58, gfp=cc0, policy=none, cache=1
[ 12.624967] # test_free_bulk-memcache: test_alloc: size=58, gfp=cc0, policy=none, cache=1
[ 12.633885] # test_free_bulk-memcache: setup_test_cache: size=260, ctor=0x0
[ 12.641609] # test_free_bulk-memcache: test_alloc: size=260, gfp=cc0, policy=right, cache=1
[ 12.746443] # test_free_bulk-memcache: test_alloc: size=260, gfp=cc0, policy=none, cache=1
[ 12.755091] # test_free_bulk-memcache: test_alloc: size=260, gfp=cc0, policy=left, cache=1
[ 13.136401] # test_free_bulk-memcache: test_alloc: size=260, gfp=cc0, policy=none, cache=1
[ 13.145052] # test_free_bulk-memcache: test_alloc: size=260, gfp=cc0, policy=none, cache=1
[ 13.154042] # test_free_bulk-memcache: setup_test_cache: size=155, ctor=ctor_set_x
[ 13.162383] # test_free_bulk-memcache: test_alloc: size=155, gfp=cc0, policy=right, cache=1
[ 13.526458] # test_free_bulk-memcache: test_alloc: size=155, gfp=cc0, policy=none, cache=1
[ 13.535107] # test_free_bulk-memcache: test_alloc: size=155, gfp=cc0, policy=left, cache=1
[ 13.786404] # test_free_bulk-memcache: test_alloc: size=155, gfp=cc0, policy=none, cache=1
[ 13.795051] # test_free_bulk-memcache: test_alloc: size=155, gfp=cc0, policy=none, cache=1
[ 13.804047] # test_free_bulk-memcache: setup_test_cache: size=173, ctor=0x0
[ 13.811768] # test_free_bulk-memcache: test_alloc: size=173, gfp=cc0, policy=right, cache=1
[ 13.916446] # test_free_bulk-memcache: test_alloc: size=173, gfp=cc0, policy=none, cache=1
[ 13.925094] # test_free_bulk-memcache: test_alloc: size=173, gfp=cc0, policy=left, cache=1
[ 14.046408] # test_free_bulk-memcache: test_alloc: size=173, gfp=cc0, policy=none, cache=1
[ 14.055057] # test_free_bulk-memcache: test_alloc: size=173, gfp=cc0, policy=none, cache=1
[ 14.064085] ok 14 - test_free_bulk-memcache
[ 14.064468] ok 15 - test_init_on_free
[ 14.069584] ok 16 - test_init_on_free-memcache
[ 14.073956] # test_kmalloc_aligned_oob_read: test_alloc: size=73, gfp=cc0, policy=right, cache=0
[ 14.176456] ==================================================================
[ 14.183702] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x60/0x200
[ 14.183702]
[ 14.193213] Out-of-bounds read at 0x(ptrval) (81B right of kfence-#84):
[ 14.199839] test_kmalloc_aligned_oob_read+0x60/0x200
[ 14.204914] kunit_try_run_case+0x5c/0xd0
[ 14.208964] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 14.214380] kthread+0x15c/0x174
[ 14.217640] ret_from_kernel_thread+0x14/0x1c
[ 14.222026]
[ 14.223527] kfence-#84 [0x(ptrval)-0x(ptrval), size=73, cache=kmalloc-96] allocated by task 107:
[ 14.232335] test_alloc+0x10c/0x384
[ 14.235847] test_kmalloc_aligned_oob_read+0x60/0x200
[ 14.240916] kunit_try_run_case+0x5c/0xd0
[ 14.244953] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 14.250365] kthread+0x15c/0x174
[ 14.253617] ret_from_kernel_thread+0x14/0x1c
[ 14.257998]
[ 14.259501] CPU: 0 PID: 107 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 14.271058] ==================================================================
[ 14.278626] ok 17 - test_kmalloc_aligned_oob_read
[ 14.278987] # test_kmalloc_aligned_oob_write: test_alloc: size=73, gfp=cc0, policy=right, cache=0
[ 14.646606] ==================================================================
[ 14.653849] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x104/0x1b0
[ 14.653849]
[ 14.663430] Corrupted memory at 0x(ptrval) [ ! . . . . . . ] (in kfence-#87):
[ 14.670630] test_kmalloc_aligned_oob_write+0x104/0x1b0
[ 14.675880] kunit_try_run_case+0x5c/0xd0
[ 14.679921] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 14.685337] kthread+0x15c/0x174
[ 14.688592] ret_from_kernel_thread+0x14/0x1c
[ 14.692975]
[ 14.694477] kfence-#87 [0x(ptrval)-0x(ptrval), size=73, cache=kmalloc-96] allocated by task 108:
[ 14.703285] test_alloc+0x10c/0x384
[ 14.706800] test_kmalloc_aligned_oob_write+0x58/0x1b0
[ 14.711959] kunit_try_run_case+0x5c/0xd0
[ 14.715997] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 14.721411] kthread+0x15c/0x174
[ 14.724666] ret_from_kernel_thread+0x14/0x1c
[ 14.729047]
[ 14.730551] CPU: 0 PID: 108 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 14.742108] ==================================================================
[ 14.749627] ok 18 - test_kmalloc_aligned_oob_write
[ 14.749989] # test_shrink_memcache: setup_test_cache: size=32, ctor=0x0
[ 14.762405] # test_shrink_memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
[ 14.856686] ok 19 - test_shrink_memcache
[ 14.857052] # test_memcache_ctor: setup_test_cache: size=32, ctor=ctor_set_x
[ 14.869060] # test_memcache_ctor: test_alloc: size=32, gfp=cc0, policy=any, cache=1
[ 14.986723] ok 20 - test_memcache_ctor
[ 14.987102] ==================================================================
[ 14.998426] BUG: KFENCE: invalid read in finish_task_switch.isra.0+0x54/0x23c
[ 14.998426]
[ 15.007061] Invalid read at 0x(ptrval):
[ 15.010906] finish_task_switch.isra.0+0x54/0x23c
[ 15.015633] kunit_try_run_case+0x5c/0xd0
[ 15.019682] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 15.025099] kthread+0x15c/0x174
[ 15.028359] ret_from_kernel_thread+0x14/0x1c
[ 15.032747]
[ 15.034251] CPU: 0 PID: 111 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 15.045811] ==================================================================
[ 15.053324] # test_invalid_access: EXPECTATION FAILED at mm/kfence/kfence_test.c:636
[ 15.053324] Expected report_matches(&expect) to be true, but is false
[ 15.068359] not ok 21 - test_invalid_access
[ 15.068722] # test_gfpzero: test_alloc: size=4096, gfp=cc0, policy=any, cache=0
[ 15.156430] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.286387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.416379] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.546385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.676382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.806388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 15.936382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.066420] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.196384] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.326379] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.456381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.586400] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.716382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.846389] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 16.976382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.106388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.236380] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.366395] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.496385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.626383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.756398] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 17.886386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.016387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.146383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.276385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.406388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.536389] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.666387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.796386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 18.926381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.056383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.186384] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.316388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.446382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.576387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.706386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.836379] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 19.966387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.096387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.226387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.356381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.486386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.616380] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.746387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 20.876379] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.006383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.136389] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.266385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.396385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.526382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.656387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.786385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 21.916385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.046381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.176381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.306401] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.436383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.566381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.696411] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.826388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 22.956383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.086387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.216405] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.346379] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.476381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.606387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.736385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.866383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 23.996386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.126390] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.256386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.386382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.516388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.646385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.776381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 24.906385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.036379] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.166381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.296391] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.426385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.556380] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.686385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.816387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 25.946382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.076379] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.206384] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.336389] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.466383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.596385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.726379] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.856389] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 26.986384] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.116383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.246381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.376387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.506395] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.636381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.766386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 27.896381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.026387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.156386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.286393] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.416388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.546385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.676380] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.806384] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 28.936387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.066390] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.196384] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.326416] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.456388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.586383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.716385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.846402] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 29.976396] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.106385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.236379] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.366395] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.496386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.626387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.756380] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 30.886386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.016381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.146383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.276388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.406386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.536383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.666388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.796384] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 31.926384] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.056391] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.186382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.316385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.446391] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.576385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.706381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.836388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 32.966388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.096378] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.226386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.356383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.486389] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.616386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.746383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 33.876385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.006383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.136389] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.266384] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.396385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.526382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.656385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.786383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 34.916383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.046390] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.176387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.306386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.436385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.566382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.696386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.826383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 35.956415] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.086386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.216382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.346378] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.476404] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.606382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.736386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.866381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 36.996388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.126390] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.256395] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.386388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.516386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.646382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.776385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 37.906385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.036389] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.166382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.296389] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.426387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.556388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.686388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.816386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 38.946381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.076382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.206387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.336386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.466382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.596392] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.726382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.856390] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 39.986389] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 40.116382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 40.246382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 40.376381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 40.506387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 40.636388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 40.766387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 40.896381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 41.026390] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 41.156384] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 41.286380] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 41.416384] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 41.546383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 41.676388] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 41.806386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 41.936381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 42.066390] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 42.196389] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 42.326386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 42.456390] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 42.586414] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 42.716380] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 42.846386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 42.976381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 43.106404] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 43.236385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 43.366387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 43.496382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 43.626385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 43.756378] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 43.886387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 44.016390] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 44.146385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 44.276389] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 44.406382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 44.536384] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 44.666391] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 44.796382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 44.926387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 45.056381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 45.186384] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 45.316389] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 45.446382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 45.576385] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 45.706382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 45.836387] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 45.966383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 46.096383] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 46.226382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 46.356382] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 46.486384] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 46.616391] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 46.746386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 46.876381] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 47.006399] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
[ 47.136923] ok 22 - test_gfpzero
[ 47.137299] # test_memcache_typesafe_by_rcu: setup_test_cache: size=32, ctor=0x0
[ 47.148950] # test_memcache_typesafe_by_rcu: test_alloc: size=32, gfp=cc0, policy=any, cache=1
[ 47.296422] ==================================================================
[ 47.303670] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x210/0x34c
[ 47.303670]
[ 47.313354] Use-after-free read at 0x(ptrval) (in kfence-#91):
[ 47.319199] test_memcache_typesafe_by_rcu+0x210/0x34c
[ 47.324363] kunit_try_run_case+0x5c/0xd0
[ 47.328412] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 47.333830] kthread+0x15c/0x174
[ 47.337090] ret_from_kernel_thread+0x14/0x1c
[ 47.341476]
[ 47.342979] kfence-#91 [0x(ptrval)-0x(ptrval), size=32, cache=test] allocated by task 113:
[ 47.351269] test_alloc+0xfc/0x384
[ 47.354696] test_memcache_typesafe_by_rcu+0x100/0x34c
[ 47.359855] kunit_try_run_case+0x5c/0xd0
[ 47.363896] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 47.369311] kthread+0x15c/0x174
[ 47.372568] ret_from_kernel_thread+0x14/0x1c
[ 47.376951]
[ 47.376951] freed by task 0:
[ 47.381401] rcu_core+0x1c8/0x900
[ 47.384741] __do_softirq+0x13c/0x374
[ 47.388431] irq_exit+0x9c/0xf8
[ 47.391599] ret_from_except+0x0/0x14
[ 47.395289] default_idle_call+0x5c/0x10c
[ 47.399326] do_idle+0x8c/0x118
[ 47.402495] cpu_startup_entry+0x14/0x1c
[ 47.406441] start_kernel+0x4e4/0x530
[ 47.410123] 0x37d0
[ 47.412239]
[ 47.413742] CPU: 0 PID: 113 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 47.425300] ==================================================================
[ 47.432931] ok 23 - test_memcache_typesafe_by_rcu
[ 47.433487] # test_krealloc: test_alloc: size=32, gfp=cc0, policy=any, cache=0
[ 47.556587] ==================================================================
[ 47.563835] BUG: KFENCE: use-after-free read in test_krealloc+0x3dc/0x578
[ 47.563835]
[ 47.572130] Use-after-free read at 0x(ptrval) (in kfence-#93):
[ 47.577973] test_krealloc+0x3dc/0x578
[ 47.581751] kunit_try_run_case+0x5c/0xd0
[ 47.585800] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 47.591218] kthread+0x15c/0x174
[ 47.594476] ret_from_kernel_thread+0x14/0x1c
[ 47.598863]
[ 47.600364] kfence-#93 [0x(ptrval)-0x(ptrval), size=32, cache=kmalloc-32] allocated by task 114:
[ 47.609170] test_alloc+0x10c/0x384
[ 47.612684] test_krealloc+0x4c/0x578
[ 47.616369] kunit_try_run_case+0x5c/0xd0
[ 47.620411] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 47.625825] kthread+0x15c/0x174
[ 47.629078] ret_from_kernel_thread+0x14/0x1c
[ 47.633460]
[ 47.633460] freed by task 114:
[ 47.638066] krealloc+0xc4/0x124
[ 47.641327] test_krealloc+0x170/0x578
[ 47.645103] kunit_try_run_case+0x5c/0xd0
[ 47.649140] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 47.654554] kthread+0x15c/0x174
[ 47.657808] ret_from_kernel_thread+0x14/0x1c
[ 47.662188]
[ 47.663691] CPU: 0 PID: 114 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 47.675248] ==================================================================
[ 47.682686] ok 24 - test_krealloc
[ 47.683045] # test_memcache_alloc_bulk: setup_test_cache: size=32, ctor=0x0
[ 47.786755] ok 25 - test_memcache_alloc_bulk
[ 47.786799] not ok 1 - kfence
^ permalink raw reply
* Re: [PATCH] sound: pps: fix spelling typo of values
From: Takashi Iwai @ 2021-03-02 9:26 UTC (permalink / raw)
To: dingsenjie; +Cc: geoff, linux-kernel, tiwai, dingsenjie, perex, linuxppc-dev
In-Reply-To: <20210302034053.34524-1-dingsenjie@163.com>
On Tue, 02 Mar 2021 04:40:53 +0100,
dingsenjie@163.com wrote:
>
> From: dingsenjie <dingsenjie@yulong.com>
>
> vaules -> values
>
> Signed-off-by: dingsenjie <dingsenjie@yulong.com>
Thanks, applied.
Takashi
^ permalink raw reply
* Re: [RFC PATCH v1] powerpc: Enable KFENCE for PPC32
From: Christophe Leroy @ 2021-03-02 9:27 UTC (permalink / raw)
To: Alexander Potapenko
Cc: Marco Elver, LKML, kasan-dev, Paul Mackerras, linuxppc-dev,
Dmitry Vyukov
In-Reply-To: <CAG_fn=WFffkVzqC9b6pyNuweFhFswZfa8RRio2nL9-Wq10nBbw@mail.gmail.com>
Le 02/03/2021 à 10:21, Alexander Potapenko a écrit :
>> [ 14.998426] BUG: KFENCE: invalid read in finish_task_switch.isra.0+0x54/0x23c
>> [ 14.998426]
>> [ 15.007061] Invalid read at 0x(ptrval):
>> [ 15.010906] finish_task_switch.isra.0+0x54/0x23c
>> [ 15.015633] kunit_try_run_case+0x5c/0xd0
>> [ 15.019682] kunit_generic_run_threadfn_adapter+0x24/0x30
>> [ 15.025099] kthread+0x15c/0x174
>> [ 15.028359] ret_from_kernel_thread+0x14/0x1c
>> [ 15.032747]
>> [ 15.034251] CPU: 0 PID: 111 Comm: kunit_try_catch Tainted: G B
>> 5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
>> [ 15.045811] ==================================================================
>> [ 15.053324] # test_invalid_access: EXPECTATION FAILED at mm/kfence/kfence_test.c:636
>> [ 15.053324] Expected report_matches(&expect) to be true, but is false
>> [ 15.068359] not ok 21 - test_invalid_access
>
> The test expects the function name to be test_invalid_access, i. e.
> the first line should be "BUG: KFENCE: invalid read in
> test_invalid_access".
> The error reporting function unwinds the stack, skips a couple of
> "uninteresting" frames
> (https://elixir.bootlin.com/linux/v5.12-rc1/source/mm/kfence/report.c#L43)
> and uses the first "interesting" one frame to print the report header
> (https://elixir.bootlin.com/linux/v5.12-rc1/source/mm/kfence/report.c#L226).
>
> It's strange that test_invalid_access is missing altogether from the
> stack trace - is that expected?
> Can you try printing the whole stacktrace without skipping any frames
> to see if that function is there?
>
Booting with 'no_hash_pointers" I get the following. Does it helps ?
[ 16.837198] ==================================================================
[ 16.848521] BUG: KFENCE: invalid read in finish_task_switch.isra.0+0x54/0x23c
[ 16.848521]
[ 16.857158] Invalid read at 0xdf98800a:
[ 16.861004] finish_task_switch.isra.0+0x54/0x23c
[ 16.865731] kunit_try_run_case+0x5c/0xd0
[ 16.869780] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 16.875199] kthread+0x15c/0x174
[ 16.878460] ret_from_kernel_thread+0x14/0x1c
[ 16.882847]
[ 16.884351] CPU: 0 PID: 111 Comm: kunit_try_catch Tainted: G B
5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
[ 16.895908] NIP: c016eb8c LR: c02f50dc CTR: c016eb38
[ 16.900963] REGS: e2449d90 TRAP: 0301 Tainted: G B
(5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty)
[ 16.911386] MSR: 00009032 <EE,ME,IR,DR,RI> CR: 22000004 XER: 00000000
[ 16.918153] DAR: df98800a DSISR: 20000000
[ 16.918153] GPR00: c02f50dc e2449e50 c1140d00 e100dd24 c084b13c 00000008 c084b32b c016eb38
[ 16.918153] GPR08: c0850000 df988000 c0d10000 e2449eb0 22000288
[ 16.936695] NIP [c016eb8c] test_invalid_access+0x54/0x108
[ 16.942125] LR [c02f50dc] kunit_try_run_case+0x5c/0xd0
[ 16.947292] Call Trace:
[ 16.949746] [e2449e50] [c005a5ec] finish_task_switch.isra.0+0x54/0x23c (unreliable)
[ 16.957443] [e2449eb0] [c02f50dc] kunit_try_run_case+0x5c/0xd0
[ 16.963319] [e2449ed0] [c02f63ec] kunit_generic_run_threadfn_adapter+0x24/0x30
[ 16.970574] [e2449ef0] [c004e710] kthread+0x15c/0x174
[ 16.975670] [e2449f30] [c001317c] ret_from_kernel_thread+0x14/0x1c
[ 16.981896] Instruction dump:
[ 16.984879] 8129d608 38e7eb38 81020280 911f004c 39000000 995f0024 907f0028 90ff001c
[ 16.992710] 3949000a 915f0020 3d40c0d1 3d00c085 <8929000a> 3908adb0 812a4b98 3d40c02f
[ 17.000711] ==================================================================
[ 17.008223] # test_invalid_access: EXPECTATION FAILED at mm/kfence/kfence_test.c:636
[ 17.008223] Expected report_matches(&expect) to be true, but is false
[ 17.023243] not ok 21 - test_invalid_access
^ permalink raw reply
* Re: [RFC PATCH v1] powerpc: Enable KFENCE for PPC32
From: Alexander Potapenko @ 2021-03-02 9:21 UTC (permalink / raw)
To: Christophe Leroy
Cc: Marco Elver, LKML, kasan-dev, Paul Mackerras, linuxppc-dev,
Dmitry Vyukov
In-Reply-To: <b9dc8d35-a3b0-261a-b1a4-5f4d33406095@csgroup.eu>
> [ 14.998426] BUG: KFENCE: invalid read in finish_task_switch.isra.0+0x54/0x23c
> [ 14.998426]
> [ 15.007061] Invalid read at 0x(ptrval):
> [ 15.010906] finish_task_switch.isra.0+0x54/0x23c
> [ 15.015633] kunit_try_run_case+0x5c/0xd0
> [ 15.019682] kunit_generic_run_threadfn_adapter+0x24/0x30
> [ 15.025099] kthread+0x15c/0x174
> [ 15.028359] ret_from_kernel_thread+0x14/0x1c
> [ 15.032747]
> [ 15.034251] CPU: 0 PID: 111 Comm: kunit_try_catch Tainted: G B
> 5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
> [ 15.045811] ==================================================================
> [ 15.053324] # test_invalid_access: EXPECTATION FAILED at mm/kfence/kfence_test.c:636
> [ 15.053324] Expected report_matches(&expect) to be true, but is false
> [ 15.068359] not ok 21 - test_invalid_access
The test expects the function name to be test_invalid_access, i. e.
the first line should be "BUG: KFENCE: invalid read in
test_invalid_access".
The error reporting function unwinds the stack, skips a couple of
"uninteresting" frames
(https://elixir.bootlin.com/linux/v5.12-rc1/source/mm/kfence/report.c#L43)
and uses the first "interesting" one frame to print the report header
(https://elixir.bootlin.com/linux/v5.12-rc1/source/mm/kfence/report.c#L226).
It's strange that test_invalid_access is missing altogether from the
stack trace - is that expected?
Can you try printing the whole stacktrace without skipping any frames
to see if that function is there?
^ permalink raw reply
* Re: [RFC PATCH v1] powerpc: Enable KFENCE for PPC32
From: Marco Elver @ 2021-03-02 9:53 UTC (permalink / raw)
To: Christophe Leroy
Cc: LKML, kasan-dev, Alexander Potapenko, Paul Mackerras,
linuxppc-dev, Dmitry Vyukov
In-Reply-To: <f806de26-daf9-9317-fdaa-a0f7a32d8fe0@csgroup.eu>
On Tue, 2 Mar 2021 at 10:27, Christophe Leroy
<christophe.leroy@csgroup.eu> wrote:
> Le 02/03/2021 à 10:21, Alexander Potapenko a écrit :
> >> [ 14.998426] BUG: KFENCE: invalid read in finish_task_switch.isra.0+0x54/0x23c
> >> [ 14.998426]
> >> [ 15.007061] Invalid read at 0x(ptrval):
> >> [ 15.010906] finish_task_switch.isra.0+0x54/0x23c
> >> [ 15.015633] kunit_try_run_case+0x5c/0xd0
> >> [ 15.019682] kunit_generic_run_threadfn_adapter+0x24/0x30
> >> [ 15.025099] kthread+0x15c/0x174
> >> [ 15.028359] ret_from_kernel_thread+0x14/0x1c
> >> [ 15.032747]
> >> [ 15.034251] CPU: 0 PID: 111 Comm: kunit_try_catch Tainted: G B
> >> 5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
> >> [ 15.045811] ==================================================================
> >> [ 15.053324] # test_invalid_access: EXPECTATION FAILED at mm/kfence/kfence_test.c:636
> >> [ 15.053324] Expected report_matches(&expect) to be true, but is false
> >> [ 15.068359] not ok 21 - test_invalid_access
> >
> > The test expects the function name to be test_invalid_access, i. e.
> > the first line should be "BUG: KFENCE: invalid read in
> > test_invalid_access".
> > The error reporting function unwinds the stack, skips a couple of
> > "uninteresting" frames
> > (https://elixir.bootlin.com/linux/v5.12-rc1/source/mm/kfence/report.c#L43)
> > and uses the first "interesting" one frame to print the report header
> > (https://elixir.bootlin.com/linux/v5.12-rc1/source/mm/kfence/report.c#L226).
> >
> > It's strange that test_invalid_access is missing altogether from the
> > stack trace - is that expected?
> > Can you try printing the whole stacktrace without skipping any frames
> > to see if that function is there?
> >
>
> Booting with 'no_hash_pointers" I get the following. Does it helps ?
>
> [ 16.837198] ==================================================================
> [ 16.848521] BUG: KFENCE: invalid read in finish_task_switch.isra.0+0x54/0x23c
> [ 16.848521]
> [ 16.857158] Invalid read at 0xdf98800a:
> [ 16.861004] finish_task_switch.isra.0+0x54/0x23c
> [ 16.865731] kunit_try_run_case+0x5c/0xd0
> [ 16.869780] kunit_generic_run_threadfn_adapter+0x24/0x30
> [ 16.875199] kthread+0x15c/0x174
> [ 16.878460] ret_from_kernel_thread+0x14/0x1c
> [ 16.882847]
> [ 16.884351] CPU: 0 PID: 111 Comm: kunit_try_catch Tainted: G B
> 5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
> [ 16.895908] NIP: c016eb8c LR: c02f50dc CTR: c016eb38
> [ 16.900963] REGS: e2449d90 TRAP: 0301 Tainted: G B
> (5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty)
> [ 16.911386] MSR: 00009032 <EE,ME,IR,DR,RI> CR: 22000004 XER: 00000000
> [ 16.918153] DAR: df98800a DSISR: 20000000
> [ 16.918153] GPR00: c02f50dc e2449e50 c1140d00 e100dd24 c084b13c 00000008 c084b32b c016eb38
> [ 16.918153] GPR08: c0850000 df988000 c0d10000 e2449eb0 22000288
> [ 16.936695] NIP [c016eb8c] test_invalid_access+0x54/0x108
> [ 16.942125] LR [c02f50dc] kunit_try_run_case+0x5c/0xd0
> [ 16.947292] Call Trace:
> [ 16.949746] [e2449e50] [c005a5ec] finish_task_switch.isra.0+0x54/0x23c (unreliable)
The "(unreliable)" might be a clue that it's related to ppc32 stack
unwinding. Any ppc expert know what this is about?
> [ 16.957443] [e2449eb0] [c02f50dc] kunit_try_run_case+0x5c/0xd0
> [ 16.963319] [e2449ed0] [c02f63ec] kunit_generic_run_threadfn_adapter+0x24/0x30
> [ 16.970574] [e2449ef0] [c004e710] kthread+0x15c/0x174
> [ 16.975670] [e2449f30] [c001317c] ret_from_kernel_thread+0x14/0x1c
> [ 16.981896] Instruction dump:
> [ 16.984879] 8129d608 38e7eb38 81020280 911f004c 39000000 995f0024 907f0028 90ff001c
> [ 16.992710] 3949000a 915f0020 3d40c0d1 3d00c085 <8929000a> 3908adb0 812a4b98 3d40c02f
> [ 17.000711] ==================================================================
> [ 17.008223] # test_invalid_access: EXPECTATION FAILED at mm/kfence/kfence_test.c:636
> [ 17.008223] Expected report_matches(&expect) to be true, but is false
> [ 17.023243] not ok 21 - test_invalid_access
On a fault in test_invalid_access, KFENCE prints the stack trace based
on the information in pt_regs. So we do not think there's anything we
can do to improve stack printing pe-se.
What's confusing is that it's only this test, and none of the others.
Given that, it might be code-gen related, which results in some subtle
issue with stack unwinding. There are a few things to try, if you feel
like it:
-- Change the unwinder, if it's possible for ppc32.
-- Add code to test_invalid_access(), to get the compiler to emit
different code. E.g. add a bunch (unnecessary) function calls, or add
barriers, etc.
-- Play with compiler options. We already pass
-fno-optimize-sibling-calls for kfence_test.o to avoid tail-call
optimizations that'd hide stack trace entries. But perhaps there's
something ppc-specific we missed?
Well, the good thing is that KFENCE detects the bad access just fine.
Since, according to the test, everything works from KFENCE's side, I'd
be happy to give my Ack:
Acked-by: Marco Elver <elver@google.com>
Thanks,
-- Marco
^ permalink raw reply
* Re: [PATCH] powerpc: iommu: fix build when neither PCI or IBMVIO is set
From: Michael Ellerman @ 2021-03-02 11:08 UTC (permalink / raw)
To: Randy Dunlap, linux-kernel
Cc: Randy Dunlap, linuxppc-dev, kernel test robot, Anton Blanchard
In-Reply-To: <20210302082811.8671-1-rdunlap@infradead.org>
Randy Dunlap <rdunlap@infradead.org> writes:
> When neither CONFIG_PCI nor CONFIG_IBMVIO is enabled:
>
> ../arch/powerpc/kernel/iommu.c:178:30: error: 'fail_iommu_bus_notifier' defined but not used [-Werror=unused-variable]
> 178 | static struct notifier_block fail_iommu_bus_notifier = {
>
> If only that struct is bounded by 2 #if defined() phrases (PCI && IBMVIO):
>
> ../arch/powerpc/kernel/iommu.c:162:12: error: 'fail_iommu_bus_notify' defined but not used [-Werror=unused-function]
> 162 | static int fail_iommu_bus_notify(struct notifier_block *nb,
>
> If that function is also guarded by 2 #if defined() phrases:
>
> In file included from ../include/linux/dma-mapping.h:7,
> from ../arch/powerpc/kernel/iommu.c:19:
> ../include/linux/device.h:131:26: error: 'dev_attr_fail_iommu' defined but not used [-Werror=unused-variable]
> 131 | struct device_attribute dev_attr_##_name = __ATTR_RW(_name)
> ../arch/powerpc/kernel/iommu.c:160:8: note: in expansion of macro 'DEVICE_ATTR_RW'
> 160 | static DEVICE_ATTR_RW(fail_iommu);
>
> and the snowball continues to grow.
> Next I got this one:
>
> ../arch/powerpc/kernel/iommu.c: In function 'iommu_range_alloc':
> ../arch/powerpc/kernel/iommu.c:234:6: error: implicit declaration of function 'should_fail_iommu'; did you mean 'should_failslab'? [-Werror=implicit-function-declaration]
> 234 | if (should_fail_iommu(dev))
>
> and
>
> ../arch/powerpc/kernel/iommu.c: In function 'should_fail_iommu':
> ../arch/powerpc/kernel/iommu.c:122:50: error: 'fail_iommu' undeclared (first use in this function)
> 122 | return dev->archdata.fail_iommu && should_fail(&fail_iommu, 1);
>
> So combine CONFIG_FAIL_IOMMU && (CONFIG_PCI || CONFIG_IBMVIO)
> to decide on building some of this code/data.
Couldn't we just make FAIL_IOMMU depend on PCI || IBMVIO?
cheers
^ permalink raw reply
* Re: [RFC PATCH v1] powerpc: Enable KFENCE for PPC32
From: Christophe Leroy @ 2021-03-02 11:21 UTC (permalink / raw)
To: Marco Elver
Cc: LKML, kasan-dev, Alexander Potapenko, Paul Mackerras,
linuxppc-dev, Dmitry Vyukov
In-Reply-To: <CANpmjNPGj4C2rr2FbSD+FC-GnWUvJrtdLyX5TYpJE_Um8CGu1Q@mail.gmail.com>
Le 02/03/2021 à 10:53, Marco Elver a écrit :
> On Tue, 2 Mar 2021 at 10:27, Christophe Leroy
> <christophe.leroy@csgroup.eu> wrote:
>> Le 02/03/2021 à 10:21, Alexander Potapenko a écrit :
>>>> [ 14.998426] BUG: KFENCE: invalid read in finish_task_switch.isra.0+0x54/0x23c
>>>> [ 14.998426]
>>>> [ 15.007061] Invalid read at 0x(ptrval):
>>>> [ 15.010906] finish_task_switch.isra.0+0x54/0x23c
>>>> [ 15.015633] kunit_try_run_case+0x5c/0xd0
>>>> [ 15.019682] kunit_generic_run_threadfn_adapter+0x24/0x30
>>>> [ 15.025099] kthread+0x15c/0x174
>>>> [ 15.028359] ret_from_kernel_thread+0x14/0x1c
>>>> [ 15.032747]
>>>> [ 15.034251] CPU: 0 PID: 111 Comm: kunit_try_catch Tainted: G B
>>>> 5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
>>>> [ 15.045811] ==================================================================
>>>> [ 15.053324] # test_invalid_access: EXPECTATION FAILED at mm/kfence/kfence_test.c:636
>>>> [ 15.053324] Expected report_matches(&expect) to be true, but is false
>>>> [ 15.068359] not ok 21 - test_invalid_access
>>>
>>> The test expects the function name to be test_invalid_access, i. e.
>>> the first line should be "BUG: KFENCE: invalid read in
>>> test_invalid_access".
>>> The error reporting function unwinds the stack, skips a couple of
>>> "uninteresting" frames
>>> (https://elixir.bootlin.com/linux/v5.12-rc1/source/mm/kfence/report.c#L43)
>>> and uses the first "interesting" one frame to print the report header
>>> (https://elixir.bootlin.com/linux/v5.12-rc1/source/mm/kfence/report.c#L226).
>>>
>>> It's strange that test_invalid_access is missing altogether from the
>>> stack trace - is that expected?
>>> Can you try printing the whole stacktrace without skipping any frames
>>> to see if that function is there?
>>>
>>
>> Booting with 'no_hash_pointers" I get the following. Does it helps ?
>>
>> [ 16.837198] ==================================================================
>> [ 16.848521] BUG: KFENCE: invalid read in finish_task_switch.isra.0+0x54/0x23c
>> [ 16.848521]
>> [ 16.857158] Invalid read at 0xdf98800a:
>> [ 16.861004] finish_task_switch.isra.0+0x54/0x23c
>> [ 16.865731] kunit_try_run_case+0x5c/0xd0
>> [ 16.869780] kunit_generic_run_threadfn_adapter+0x24/0x30
>> [ 16.875199] kthread+0x15c/0x174
>> [ 16.878460] ret_from_kernel_thread+0x14/0x1c
>> [ 16.882847]
>> [ 16.884351] CPU: 0 PID: 111 Comm: kunit_try_catch Tainted: G B
>> 5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
>> [ 16.895908] NIP: c016eb8c LR: c02f50dc CTR: c016eb38
>> [ 16.900963] REGS: e2449d90 TRAP: 0301 Tainted: G B
>> (5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty)
>> [ 16.911386] MSR: 00009032 <EE,ME,IR,DR,RI> CR: 22000004 XER: 00000000
>> [ 16.918153] DAR: df98800a DSISR: 20000000
>> [ 16.918153] GPR00: c02f50dc e2449e50 c1140d00 e100dd24 c084b13c 00000008 c084b32b c016eb38
>> [ 16.918153] GPR08: c0850000 df988000 c0d10000 e2449eb0 22000288
>> [ 16.936695] NIP [c016eb8c] test_invalid_access+0x54/0x108
>> [ 16.942125] LR [c02f50dc] kunit_try_run_case+0x5c/0xd0
>> [ 16.947292] Call Trace:
>> [ 16.949746] [e2449e50] [c005a5ec] finish_task_switch.isra.0+0x54/0x23c (unreliable)
>
> The "(unreliable)" might be a clue that it's related to ppc32 stack
> unwinding. Any ppc expert know what this is about?
>
>> [ 16.957443] [e2449eb0] [c02f50dc] kunit_try_run_case+0x5c/0xd0
>> [ 16.963319] [e2449ed0] [c02f63ec] kunit_generic_run_threadfn_adapter+0x24/0x30
>> [ 16.970574] [e2449ef0] [c004e710] kthread+0x15c/0x174
>> [ 16.975670] [e2449f30] [c001317c] ret_from_kernel_thread+0x14/0x1c
>> [ 16.981896] Instruction dump:
>> [ 16.984879] 8129d608 38e7eb38 81020280 911f004c 39000000 995f0024 907f0028 90ff001c
>> [ 16.992710] 3949000a 915f0020 3d40c0d1 3d00c085 <8929000a> 3908adb0 812a4b98 3d40c02f
>> [ 17.000711] ==================================================================
>> [ 17.008223] # test_invalid_access: EXPECTATION FAILED at mm/kfence/kfence_test.c:636
>> [ 17.008223] Expected report_matches(&expect) to be true, but is false
>> [ 17.023243] not ok 21 - test_invalid_access
>
> On a fault in test_invalid_access, KFENCE prints the stack trace based
> on the information in pt_regs. So we do not think there's anything we
> can do to improve stack printing pe-se.
stack printing, probably not. Would be good anyway to mark the last level [unreliable] as the ppc does.
IIUC, on ppc the address in the stack frame of the caller is written by the caller. In most tests,
there is some function call being done before the fault, for instance
test_kmalloc_aligned_oob_read() does a call to kunit_do_assertion which populates the address of the
call in the stack. However this is fragile.
This works for function calls because in order to call a subfunction, a function has to set up a
stack frame in order to same the value in the Link Register, which contains the address of the
function's parent and that will be clobbered by the sub-function call.
However, it cannot be done by exceptions, because exceptions can happen in a function that has no
stack frame (because that function has no need to call a subfunction and doesn't need to same
anything on the stack). If the exception handler was writting the caller's address in the stack
frame, it would in fact write it in the parent's frame, leading to a mess.
But in fact the information is in pt_regs, it is in regs->nip so KFENCE should be able to use that
instead of the stack.
>
> What's confusing is that it's only this test, and none of the others.
> Given that, it might be code-gen related, which results in some subtle
> issue with stack unwinding. There are a few things to try, if you feel
> like it:
>
> -- Change the unwinder, if it's possible for ppc32.
I don't think it is possible.
>
> -- Add code to test_invalid_access(), to get the compiler to emit
> different code. E.g. add a bunch (unnecessary) function calls, or add
> barriers, etc.
The following does the trick
diff --git a/mm/kfence/kfence_test.c b/mm/kfence/kfence_test.c
index 4acf4251ee04..22550676cd1f 100644
--- a/mm/kfence/kfence_test.c
+++ b/mm/kfence/kfence_test.c
@@ -631,8 +631,11 @@ static void test_invalid_access(struct kunit *test)
.addr = &__kfence_pool[10],
.is_write = false,
};
+ char *buf;
+ buf = test_alloc(test, 4, GFP_KERNEL, ALLOCATE_RIGHT);
READ_ONCE(__kfence_pool[10]);
+ test_free(buf);
KUNIT_EXPECT_TRUE(test, report_matches(&expect));
}
But as I said above, this is fragile. If for some reason one day test_alloc() gets inlined, it may
not work anymore.
>
> -- Play with compiler options. We already pass
> -fno-optimize-sibling-calls for kfence_test.o to avoid tail-call
> optimizations that'd hide stack trace entries. But perhaps there's
> something ppc-specific we missed?
>
> Well, the good thing is that KFENCE detects the bad access just fine.
> Since, according to the test, everything works from KFENCE's side, I'd
> be happy to give my Ack:
>
> Acked-by: Marco Elver <elver@google.com>
>
Thanks
Christophe
^ permalink raw reply related
* Re: [RFC PATCH v1] powerpc: Enable KFENCE for PPC32
From: Marco Elver @ 2021-03-02 11:39 UTC (permalink / raw)
To: Christophe Leroy
Cc: LKML, kasan-dev, Alexander Potapenko, Paul Mackerras,
linuxppc-dev, Dmitry Vyukov
In-Reply-To: <08a96c5d-4ae7-03b4-208f-956226dee6bb@csgroup.eu>
On Tue, 2 Mar 2021 at 12:21, Christophe Leroy
<christophe.leroy@csgroup.eu> wrote:
[...]
> >> Booting with 'no_hash_pointers" I get the following. Does it helps ?
> >>
> >> [ 16.837198] ==================================================================
> >> [ 16.848521] BUG: KFENCE: invalid read in finish_task_switch.isra.0+0x54/0x23c
> >> [ 16.848521]
> >> [ 16.857158] Invalid read at 0xdf98800a:
> >> [ 16.861004] finish_task_switch.isra.0+0x54/0x23c
> >> [ 16.865731] kunit_try_run_case+0x5c/0xd0
> >> [ 16.869780] kunit_generic_run_threadfn_adapter+0x24/0x30
> >> [ 16.875199] kthread+0x15c/0x174
> >> [ 16.878460] ret_from_kernel_thread+0x14/0x1c
> >> [ 16.882847]
> >> [ 16.884351] CPU: 0 PID: 111 Comm: kunit_try_catch Tainted: G B
> >> 5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
> >> [ 16.895908] NIP: c016eb8c LR: c02f50dc CTR: c016eb38
> >> [ 16.900963] REGS: e2449d90 TRAP: 0301 Tainted: G B
> >> (5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty)
> >> [ 16.911386] MSR: 00009032 <EE,ME,IR,DR,RI> CR: 22000004 XER: 00000000
> >> [ 16.918153] DAR: df98800a DSISR: 20000000
> >> [ 16.918153] GPR00: c02f50dc e2449e50 c1140d00 e100dd24 c084b13c 00000008 c084b32b c016eb38
> >> [ 16.918153] GPR08: c0850000 df988000 c0d10000 e2449eb0 22000288
> >> [ 16.936695] NIP [c016eb8c] test_invalid_access+0x54/0x108
> >> [ 16.942125] LR [c02f50dc] kunit_try_run_case+0x5c/0xd0
> >> [ 16.947292] Call Trace:
> >> [ 16.949746] [e2449e50] [c005a5ec] finish_task_switch.isra.0+0x54/0x23c (unreliable)
> >
> > The "(unreliable)" might be a clue that it's related to ppc32 stack
> > unwinding. Any ppc expert know what this is about?
> >
> >> [ 16.957443] [e2449eb0] [c02f50dc] kunit_try_run_case+0x5c/0xd0
> >> [ 16.963319] [e2449ed0] [c02f63ec] kunit_generic_run_threadfn_adapter+0x24/0x30
> >> [ 16.970574] [e2449ef0] [c004e710] kthread+0x15c/0x174
> >> [ 16.975670] [e2449f30] [c001317c] ret_from_kernel_thread+0x14/0x1c
> >> [ 16.981896] Instruction dump:
> >> [ 16.984879] 8129d608 38e7eb38 81020280 911f004c 39000000 995f0024 907f0028 90ff001c
> >> [ 16.992710] 3949000a 915f0020 3d40c0d1 3d00c085 <8929000a> 3908adb0 812a4b98 3d40c02f
> >> [ 17.000711] ==================================================================
> >> [ 17.008223] # test_invalid_access: EXPECTATION FAILED at mm/kfence/kfence_test.c:636
> >> [ 17.008223] Expected report_matches(&expect) to be true, but is false
> >> [ 17.023243] not ok 21 - test_invalid_access
> >
> > On a fault in test_invalid_access, KFENCE prints the stack trace based
> > on the information in pt_regs. So we do not think there's anything we
> > can do to improve stack printing pe-se.
>
> stack printing, probably not. Would be good anyway to mark the last level [unreliable] as the ppc does.
We use stack_trace_save_regs() + stack_trace_print().
> IIUC, on ppc the address in the stack frame of the caller is written by the caller. In most tests,
> there is some function call being done before the fault, for instance
> test_kmalloc_aligned_oob_read() does a call to kunit_do_assertion which populates the address of the
> call in the stack. However this is fragile.
Interesting, this might explain it.
> This works for function calls because in order to call a subfunction, a function has to set up a
> stack frame in order to same the value in the Link Register, which contains the address of the
> function's parent and that will be clobbered by the sub-function call.
>
> However, it cannot be done by exceptions, because exceptions can happen in a function that has no
> stack frame (because that function has no need to call a subfunction and doesn't need to same
> anything on the stack). If the exception handler was writting the caller's address in the stack
> frame, it would in fact write it in the parent's frame, leading to a mess.
>
> But in fact the information is in pt_regs, it is in regs->nip so KFENCE should be able to use that
> instead of the stack.
Perhaps stack_trace_save_regs() needs fixing for ppc32? Although that
seems to use arch_stack_walk().
> > What's confusing is that it's only this test, and none of the others.
> > Given that, it might be code-gen related, which results in some subtle
> > issue with stack unwinding. There are a few things to try, if you feel
> > like it:
> >
> > -- Change the unwinder, if it's possible for ppc32.
>
> I don't think it is possible.
>
> >
> > -- Add code to test_invalid_access(), to get the compiler to emit
> > different code. E.g. add a bunch (unnecessary) function calls, or add
> > barriers, etc.
>
> The following does the trick
>
> diff --git a/mm/kfence/kfence_test.c b/mm/kfence/kfence_test.c
> index 4acf4251ee04..22550676cd1f 100644
> --- a/mm/kfence/kfence_test.c
> +++ b/mm/kfence/kfence_test.c
> @@ -631,8 +631,11 @@ static void test_invalid_access(struct kunit *test)
> .addr = &__kfence_pool[10],
> .is_write = false,
> };
> + char *buf;
>
> + buf = test_alloc(test, 4, GFP_KERNEL, ALLOCATE_RIGHT);
> READ_ONCE(__kfence_pool[10]);
> + test_free(buf);
> KUNIT_EXPECT_TRUE(test, report_matches(&expect));
> }
>
>
> But as I said above, this is fragile. If for some reason one day test_alloc() gets inlined, it may
> not work anymore.
Yeah, obviously that's hack, but interesting nevertheless.
Based on what you say above, however, it seems that
stack_trace_save_regs()/arch_stack_walk() don't exactly do what they
should? Can they be fixed for ppc32?
Thanks,
-- Marco
^ permalink raw reply
* Re: [RFC PATCH v1] powerpc: Enable KFENCE for PPC32
From: Michael Ellerman @ 2021-03-02 11:40 UTC (permalink / raw)
To: Christophe Leroy, Marco Elver
Cc: LKML, kasan-dev, Alexander Potapenko, Paul Mackerras,
linuxppc-dev, Dmitry Vyukov
In-Reply-To: <08a96c5d-4ae7-03b4-208f-956226dee6bb@csgroup.eu>
Christophe Leroy <christophe.leroy@csgroup.eu> writes:
> Le 02/03/2021 à 10:53, Marco Elver a écrit :
>> On Tue, 2 Mar 2021 at 10:27, Christophe Leroy
>> <christophe.leroy@csgroup.eu> wrote:
>>> Le 02/03/2021 à 10:21, Alexander Potapenko a écrit :
>>>>> [ 14.998426] BUG: KFENCE: invalid read in finish_task_switch.isra.0+0x54/0x23c
>>>>> [ 14.998426]
>>>>> [ 15.007061] Invalid read at 0x(ptrval):
>>>>> [ 15.010906] finish_task_switch.isra.0+0x54/0x23c
>>>>> [ 15.015633] kunit_try_run_case+0x5c/0xd0
>>>>> [ 15.019682] kunit_generic_run_threadfn_adapter+0x24/0x30
>>>>> [ 15.025099] kthread+0x15c/0x174
>>>>> [ 15.028359] ret_from_kernel_thread+0x14/0x1c
>>>>> [ 15.032747]
>>>>> [ 15.034251] CPU: 0 PID: 111 Comm: kunit_try_catch Tainted: G B
>>>>> 5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
>>>>> [ 15.045811] ==================================================================
>>>>> [ 15.053324] # test_invalid_access: EXPECTATION FAILED at mm/kfence/kfence_test.c:636
>>>>> [ 15.053324] Expected report_matches(&expect) to be true, but is false
>>>>> [ 15.068359] not ok 21 - test_invalid_access
>>>>
>>>> The test expects the function name to be test_invalid_access, i. e.
>>>> the first line should be "BUG: KFENCE: invalid read in
>>>> test_invalid_access".
>>>> The error reporting function unwinds the stack, skips a couple of
>>>> "uninteresting" frames
>>>> (https://elixir.bootlin.com/linux/v5.12-rc1/source/mm/kfence/report.c#L43)
>>>> and uses the first "interesting" one frame to print the report header
>>>> (https://elixir.bootlin.com/linux/v5.12-rc1/source/mm/kfence/report.c#L226).
>>>>
>>>> It's strange that test_invalid_access is missing altogether from the
>>>> stack trace - is that expected?
>>>> Can you try printing the whole stacktrace without skipping any frames
>>>> to see if that function is there?
>>>>
>>>
>>> Booting with 'no_hash_pointers" I get the following. Does it helps ?
>>>
>>> [ 16.837198] ==================================================================
>>> [ 16.848521] BUG: KFENCE: invalid read in finish_task_switch.isra.0+0x54/0x23c
>>> [ 16.848521]
>>> [ 16.857158] Invalid read at 0xdf98800a:
>>> [ 16.861004] finish_task_switch.isra.0+0x54/0x23c
>>> [ 16.865731] kunit_try_run_case+0x5c/0xd0
>>> [ 16.869780] kunit_generic_run_threadfn_adapter+0x24/0x30
>>> [ 16.875199] kthread+0x15c/0x174
>>> [ 16.878460] ret_from_kernel_thread+0x14/0x1c
>>> [ 16.882847]
>>> [ 16.884351] CPU: 0 PID: 111 Comm: kunit_try_catch Tainted: G B
>>> 5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty #4674
>>> [ 16.895908] NIP: c016eb8c LR: c02f50dc CTR: c016eb38
>>> [ 16.900963] REGS: e2449d90 TRAP: 0301 Tainted: G B
>>> (5.12.0-rc1-s3k-dev-01534-g4f14ae75edf0-dirty)
>>> [ 16.911386] MSR: 00009032 <EE,ME,IR,DR,RI> CR: 22000004 XER: 00000000
>>> [ 16.918153] DAR: df98800a DSISR: 20000000
>>> [ 16.918153] GPR00: c02f50dc e2449e50 c1140d00 e100dd24 c084b13c 00000008 c084b32b c016eb38
>>> [ 16.918153] GPR08: c0850000 df988000 c0d10000 e2449eb0 22000288
>>> [ 16.936695] NIP [c016eb8c] test_invalid_access+0x54/0x108
>>> [ 16.942125] LR [c02f50dc] kunit_try_run_case+0x5c/0xd0
>>> [ 16.947292] Call Trace:
>>> [ 16.949746] [e2449e50] [c005a5ec] finish_task_switch.isra.0+0x54/0x23c (unreliable)
>>
>> The "(unreliable)" might be a clue that it's related to ppc32 stack
>> unwinding. Any ppc expert know what this is about?
>>
>>> [ 16.957443] [e2449eb0] [c02f50dc] kunit_try_run_case+0x5c/0xd0
>>> [ 16.963319] [e2449ed0] [c02f63ec] kunit_generic_run_threadfn_adapter+0x24/0x30
>>> [ 16.970574] [e2449ef0] [c004e710] kthread+0x15c/0x174
>>> [ 16.975670] [e2449f30] [c001317c] ret_from_kernel_thread+0x14/0x1c
>>> [ 16.981896] Instruction dump:
>>> [ 16.984879] 8129d608 38e7eb38 81020280 911f004c 39000000 995f0024 907f0028 90ff001c
>>> [ 16.992710] 3949000a 915f0020 3d40c0d1 3d00c085 <8929000a> 3908adb0 812a4b98 3d40c02f
>>> [ 17.000711] ==================================================================
>>> [ 17.008223] # test_invalid_access: EXPECTATION FAILED at mm/kfence/kfence_test.c:636
>>> [ 17.008223] Expected report_matches(&expect) to be true, but is false
>>> [ 17.023243] not ok 21 - test_invalid_access
>>
>> On a fault in test_invalid_access, KFENCE prints the stack trace based
>> on the information in pt_regs. So we do not think there's anything we
>> can do to improve stack printing pe-se.
>
> stack printing, probably not. Would be good anyway to mark the last level [unreliable] as the ppc does.
>
> IIUC, on ppc the address in the stack frame of the caller is written by the caller. In most tests,
> there is some function call being done before the fault, for instance
> test_kmalloc_aligned_oob_read() does a call to kunit_do_assertion which populates the address of the
> call in the stack. However this is fragile.
>
> This works for function calls because in order to call a subfunction, a function has to set up a
> stack frame in order to same the value in the Link Register, which contains the address of the
> function's parent and that will be clobbered by the sub-function call.
>
> However, it cannot be done by exceptions, because exceptions can happen in a function that has no
> stack frame (because that function has no need to call a subfunction and doesn't need to same
> anything on the stack). If the exception handler was writting the caller's address in the stack
> frame, it would in fact write it in the parent's frame, leading to a mess.
>
> But in fact the information is in pt_regs, it is in regs->nip so KFENCE should be able to use that
> instead of the stack.
>
>>
>> What's confusing is that it's only this test, and none of the others.
>> Given that, it might be code-gen related, which results in some subtle
>> issue with stack unwinding. There are a few things to try, if you feel
>> like it:
>>
>> -- Change the unwinder, if it's possible for ppc32.
>
> I don't think it is possible.
I think this actually is the solution.
It seems the good architectures have all added support for
arch_stack_walk(), and we have not.
Looking at some of the implementations of arch_stack_walk() it seems
it's expected that the first entry emitted includes the PC (or NIP on
ppc).
For us stack_trace_save() calls save_stack_trace() which only emits
entries from the stack, which doesn't necessarily include the function
NIP is pointing to.
So I think it's probably on us to update to that new API. Or at least
update our save_stack_trace() to fabricate an entry using the NIP, as it
seems that's what callers expect.
cheers
^ permalink raw reply
* [PATCH AUTOSEL 5.11 16/52] powerpc/pci: Add ppc_md.discover_phbs()
From: Sasha Levin @ 2021-03-02 11:54 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Sasha Levin, linuxppc-dev, Oliver O'Halloran,
kernel test robot
In-Reply-To: <20210302115534.61800-1-sashal@kernel.org>
From: Oliver O'Halloran <oohall@gmail.com>
[ Upstream commit 5537fcb319d016ce387f818dd774179bc03217f5 ]
On many powerpc platforms the discovery and initalisation of
pci_controllers (PHBs) happens inside of setup_arch(). This is very early
in boot (pre-initcalls) and means that we're initialising the PHB long
before many basic kernel services (slab allocator, debugfs, a real ioremap)
are available.
On PowerNV this causes an additional problem since we map the PHB registers
with ioremap(). As of commit d538aadc2718 ("powerpc/ioremap: warn on early
use of ioremap()") a warning is printed because we're using the "incorrect"
API to setup and MMIO mapping in searly boot. The kernel does provide
early_ioremap(), but that is not intended to create long-lived MMIO
mappings and a seperate warning is printed by generic code if
early_ioremap() mappings are "leaked."
This is all fixable with dumb hacks like using early_ioremap() to setup
the initial mapping then replacing it with a real ioremap later on in
boot, but it does raise the question: Why the hell are we setting up the
PHB's this early in boot?
The old and wise claim it's due to "hysterical rasins." Aside from amused
grapes there doesn't appear to be any real reason to maintain the current
behaviour. Already most of the newer embedded platforms perform PHB
discovery in an arch_initcall and between the end of setup_arch() and the
start of initcalls none of the generic kernel code does anything PCI
related. On powerpc scanning PHBs occurs in a subsys_initcall so it should
be possible to move the PHB discovery to a core, postcore or arch initcall.
This patch adds the ppc_md.discover_phbs hook and a core_initcall stub that
calls it. The core_initcalls are the earliest to be called so this will
any possibly issues with dependency between initcalls. This isn't just an
academic issue either since on pseries and PowerNV EEH init occurs in an
arch_initcall and depends on the pci_controllers being available, similarly
the creation of pci_dns occurs at core_initcall_sync (i.e. between core and
postcore initcalls). These problems need to be addressed seperately.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
[mpe: Make discover_phbs() static]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20201103043523.916109-1-oohall@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/machdep.h | 3 +++
arch/powerpc/kernel/pci-common.c | 10 ++++++++++
2 files changed, 13 insertions(+)
diff --git a/arch/powerpc/include/asm/machdep.h b/arch/powerpc/include/asm/machdep.h
index cf6ebbc16cb4..764f2732a821 100644
--- a/arch/powerpc/include/asm/machdep.h
+++ b/arch/powerpc/include/asm/machdep.h
@@ -59,6 +59,9 @@ struct machdep_calls {
int (*pcibios_root_bridge_prepare)(struct pci_host_bridge
*bridge);
+ /* finds all the pci_controllers present at boot */
+ void (*discover_phbs)(void);
+
/* To setup PHBs when using automatic OF platform driver for PCI */
int (*pci_setup_phb)(struct pci_controller *host);
diff --git a/arch/powerpc/kernel/pci-common.c b/arch/powerpc/kernel/pci-common.c
index 2b555997b295..001e90cd8948 100644
--- a/arch/powerpc/kernel/pci-common.c
+++ b/arch/powerpc/kernel/pci-common.c
@@ -1699,3 +1699,13 @@ static void fixup_hide_host_resource_fsl(struct pci_dev *dev)
}
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MOTOROLA, PCI_ANY_ID, fixup_hide_host_resource_fsl);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_FREESCALE, PCI_ANY_ID, fixup_hide_host_resource_fsl);
+
+
+static int __init discover_phbs(void)
+{
+ if (ppc_md.discover_phbs)
+ ppc_md.discover_phbs();
+
+ return 0;
+}
+core_initcall(discover_phbs);
--
2.30.1
^ permalink raw reply related
* [PATCH AUTOSEL 5.11 19/52] powerpc: improve handling of unrecoverable system reset
From: Sasha Levin @ 2021-03-02 11:55 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Sasha Levin, linuxppc-dev, Nicholas Piggin
In-Reply-To: <20210302115534.61800-1-sashal@kernel.org>
From: Nicholas Piggin <npiggin@gmail.com>
[ Upstream commit 11cb0a25f71818ca7ab4856548ecfd83c169aa4d ]
If an unrecoverable system reset hits in process context, the system
does not have to panic. Similar to machine check, call nmi_exit()
before die().
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210130130852.2952424-26-npiggin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/traps.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
index 3ec7b443fe6b..4be05517f2db 100644
--- a/arch/powerpc/kernel/traps.c
+++ b/arch/powerpc/kernel/traps.c
@@ -503,8 +503,11 @@ out:
die("Unrecoverable nested System Reset", regs, SIGABRT);
#endif
/* Must die if the interrupt is not recoverable */
- if (!(regs->msr & MSR_RI))
+ if (!(regs->msr & MSR_RI)) {
+ /* For the reason explained in die_mce, nmi_exit before die */
+ nmi_exit();
die("Unrecoverable System Reset", regs, SIGABRT);
+ }
if (saved_hsrrs) {
mtspr(SPRN_HSRR0, hsrr0);
--
2.30.1
^ permalink raw reply related
* [PATCH AUTOSEL 5.11 20/52] powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
From: Sasha Levin @ 2021-03-02 11:55 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Sasha Levin, Athira Rajeev, linuxppc-dev
In-Reply-To: <20210302115534.61800-1-sashal@kernel.org>
From: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
[ Upstream commit d137845c973147a22622cc76c7b0bc16f6206323 ]
While sampling for marked events, currently we record the sample only
if the SIAR valid bit of Sampled Instruction Event Register (SIER) is
set. SIAR_VALID bit is used for fetching the instruction address from
Sampled Instruction Address Register(SIAR). But there are some
usecases, where the user is interested only in the PMU stats at each
counter overflow and the exact IP of the overflow event is not
required. Dropping SIAR invalid samples will fail to record some of
the counter overflows in such cases.
Example of such usecase is dumping the PMU stats (event counts) after
some regular amount of instructions/events from the userspace (ex: via
ptrace). Here counter overflow is indicated to userspace via signal
handler, and captured by monitoring and enabling I/O signaling on the
event file descriptor. In these cases, we expect to get
sample/overflow indication after each specified sample_period.
Perf event attribute will not have PERF_SAMPLE_IP set in the
sample_type if exact IP of the overflow event is not requested. So
while profiling if SAMPLE_IP is not set, just record the counter
overflow irrespective of SIAR_VALID check.
Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
[mpe: Reflow comment and if formatting]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1612516492-1428-1-git-send-email-atrajeev@linux.vnet.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/perf/core-book3s.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c
index 28206b1fe172..8b529daf40ea 100644
--- a/arch/powerpc/perf/core-book3s.c
+++ b/arch/powerpc/perf/core-book3s.c
@@ -2149,7 +2149,17 @@ static void record_and_restart(struct perf_event *event, unsigned long val,
left += period;
if (left <= 0)
left = period;
- record = siar_valid(regs);
+
+ /*
+ * If address is not requested in the sample via
+ * PERF_SAMPLE_IP, just record that sample irrespective
+ * of SIAR valid check.
+ */
+ if (event->attr.sample_type & PERF_SAMPLE_IP)
+ record = siar_valid(regs);
+ else
+ record = 1;
+
event->hw.last_period = event->hw.sample_period;
}
if (left < 0x80000000LL)
@@ -2167,9 +2177,10 @@ static void record_and_restart(struct perf_event *event, unsigned long val,
* MMCR2. Check attr.exclude_kernel and address to drop the sample in
* these cases.
*/
- if (event->attr.exclude_kernel && record)
- if (is_kernel_addr(mfspr(SPRN_SIAR)))
- record = 0;
+ if (event->attr.exclude_kernel &&
+ (event->attr.sample_type & PERF_SAMPLE_IP) &&
+ is_kernel_addr(mfspr(SPRN_SIAR)))
+ record = 0;
/*
* Finally record data if requested.
--
2.30.1
^ permalink raw reply related
* [PATCH AUTOSEL 5.11 24/52] powerpc/64: Fix stack trace not displaying final frame
From: Sasha Levin @ 2021-03-02 11:55 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Sasha Levin, linuxppc-dev
In-Reply-To: <20210302115534.61800-1-sashal@kernel.org>
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit e3de1e291fa58a1ab0f471a4b458eff2514e4b5f ]
In commit bf13718bc57a ("powerpc: show registers when unwinding
interrupt frames") we changed our stack dumping logic to show the full
registers whenever we find an interrupt frame on the stack.
However we didn't notice that on 64-bit this doesn't show the final
frame, ie. the interrupt that brought us in from userspace, whereas on
32-bit it does.
That is due to confusion about the size of that last frame. The code
in show_stack() calls validate_sp(), passing it STACK_INT_FRAME_SIZE
to check the sp is at least that far below the top of the stack.
However on 64-bit that size is too large for the final frame, because
it includes the red zone, but we don't allocate a red zone for the
first frame.
So add a new define that encodes the correct size for 32-bit and
64-bit, and use it in show_stack().
This results in the full trace being shown on 64-bit, eg:
sysrq: Trigger a crash
Kernel panic - not syncing: sysrq triggered crash
CPU: 0 PID: 83 Comm: sh Not tainted 5.11.0-rc2-gcc-8.2.0-00188-g571abcb96b10-dirty #649
Call Trace:
[c00000000a1c3ac0] [c000000000897b70] dump_stack+0xc4/0x114 (unreliable)
[c00000000a1c3b00] [c00000000014334c] panic+0x178/0x41c
[c00000000a1c3ba0] [c00000000094e600] sysrq_handle_crash+0x40/0x50
[c00000000a1c3c00] [c00000000094ef98] __handle_sysrq+0xd8/0x210
[c00000000a1c3ca0] [c00000000094f820] write_sysrq_trigger+0x100/0x188
[c00000000a1c3ce0] [c0000000005559dc] proc_reg_write+0x10c/0x1b0
[c00000000a1c3d10] [c000000000479950] vfs_write+0xf0/0x360
[c00000000a1c3d60] [c000000000479d9c] ksys_write+0x7c/0x140
[c00000000a1c3db0] [c00000000002bf5c] system_call_exception+0x19c/0x2c0
[c00000000a1c3e10] [c00000000000d35c] system_call_common+0xec/0x278
--- interrupt: c00 at 0x7fff9fbab428
NIP: 00007fff9fbab428 LR: 000000001000b724 CTR: 0000000000000000
REGS: c00000000a1c3e80 TRAP: 0c00 Not tainted (5.11.0-rc2-gcc-8.2.0-00188-g571abcb96b10-dirty)
MSR: 900000000280f033 <SF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE> CR: 22002884 XER: 00000000
IRQMASK: 0
GPR00: 0000000000000004 00007fffc3cb8960 00007fff9fc59900 0000000000000001
GPR04: 000000002a4b32d0 0000000000000002 0000000000000063 0000000000000063
GPR08: 000000002a4b32d0 0000000000000000 0000000000000000 0000000000000000
GPR12: 0000000000000000 00007fff9fcca9a0 0000000000000000 0000000000000000
GPR16: 0000000000000000 0000000000000000 0000000000000000 00000000100b8fd0
GPR20: 000000002a4b3485 00000000100b8f90 0000000000000000 0000000000000000
GPR24: 000000002a4b0440 00000000100e77b8 0000000000000020 000000002a4b32d0
GPR28: 0000000000000001 0000000000000002 000000002a4b32d0 0000000000000001
NIP [00007fff9fbab428] 0x7fff9fbab428
LR [000000001000b724] 0x1000b724
--- interrupt: c00
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210209141627.2898485-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/ptrace.h | 3 +++
arch/powerpc/kernel/asm-offsets.c | 2 +-
arch/powerpc/kernel/process.c | 2 +-
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/include/asm/ptrace.h b/arch/powerpc/include/asm/ptrace.h
index 58f9dc060a7b..8236c5e749e4 100644
--- a/arch/powerpc/include/asm/ptrace.h
+++ b/arch/powerpc/include/asm/ptrace.h
@@ -70,6 +70,9 @@ struct pt_regs
};
#endif
+
+#define STACK_FRAME_WITH_PT_REGS (STACK_FRAME_OVERHEAD + sizeof(struct pt_regs))
+
#ifdef __powerpc64__
/*
diff --git a/arch/powerpc/kernel/asm-offsets.c b/arch/powerpc/kernel/asm-offsets.c
index b12d7c049bfe..989006b5ad0f 100644
--- a/arch/powerpc/kernel/asm-offsets.c
+++ b/arch/powerpc/kernel/asm-offsets.c
@@ -309,7 +309,7 @@ int main(void)
/* Interrupt register frame */
DEFINE(INT_FRAME_SIZE, STACK_INT_FRAME_SIZE);
- DEFINE(SWITCH_FRAME_SIZE, STACK_FRAME_OVERHEAD + sizeof(struct pt_regs));
+ DEFINE(SWITCH_FRAME_SIZE, STACK_FRAME_WITH_PT_REGS);
STACK_PT_REGS_OFFSET(GPR0, gpr[0]);
STACK_PT_REGS_OFFSET(GPR1, gpr[1]);
STACK_PT_REGS_OFFSET(GPR2, gpr[2]);
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
index a66f435dabbf..b65a73e4d642 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -2176,7 +2176,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack,
* See if this is an exception frame.
* We look for the "regshere" marker in the current frame.
*/
- if (validate_sp(sp, tsk, STACK_INT_FRAME_SIZE)
+ if (validate_sp(sp, tsk, STACK_FRAME_WITH_PT_REGS)
&& stack[STACK_FRAME_MARKER] == STACK_FRAME_REGS_MARKER) {
struct pt_regs *regs = (struct pt_regs *)
(sp + STACK_FRAME_OVERHEAD);
--
2.30.1
^ permalink raw reply related
* [PATCH AUTOSEL 5.10 13/47] powerpc/pci: Add ppc_md.discover_phbs()
From: Sasha Levin @ 2021-03-02 11:56 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Sasha Levin, linuxppc-dev, Oliver O'Halloran,
kernel test robot
In-Reply-To: <20210302115646.62291-1-sashal@kernel.org>
From: Oliver O'Halloran <oohall@gmail.com>
[ Upstream commit 5537fcb319d016ce387f818dd774179bc03217f5 ]
On many powerpc platforms the discovery and initalisation of
pci_controllers (PHBs) happens inside of setup_arch(). This is very early
in boot (pre-initcalls) and means that we're initialising the PHB long
before many basic kernel services (slab allocator, debugfs, a real ioremap)
are available.
On PowerNV this causes an additional problem since we map the PHB registers
with ioremap(). As of commit d538aadc2718 ("powerpc/ioremap: warn on early
use of ioremap()") a warning is printed because we're using the "incorrect"
API to setup and MMIO mapping in searly boot. The kernel does provide
early_ioremap(), but that is not intended to create long-lived MMIO
mappings and a seperate warning is printed by generic code if
early_ioremap() mappings are "leaked."
This is all fixable with dumb hacks like using early_ioremap() to setup
the initial mapping then replacing it with a real ioremap later on in
boot, but it does raise the question: Why the hell are we setting up the
PHB's this early in boot?
The old and wise claim it's due to "hysterical rasins." Aside from amused
grapes there doesn't appear to be any real reason to maintain the current
behaviour. Already most of the newer embedded platforms perform PHB
discovery in an arch_initcall and between the end of setup_arch() and the
start of initcalls none of the generic kernel code does anything PCI
related. On powerpc scanning PHBs occurs in a subsys_initcall so it should
be possible to move the PHB discovery to a core, postcore or arch initcall.
This patch adds the ppc_md.discover_phbs hook and a core_initcall stub that
calls it. The core_initcalls are the earliest to be called so this will
any possibly issues with dependency between initcalls. This isn't just an
academic issue either since on pseries and PowerNV EEH init occurs in an
arch_initcall and depends on the pci_controllers being available, similarly
the creation of pci_dns occurs at core_initcall_sync (i.e. between core and
postcore initcalls). These problems need to be addressed seperately.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
[mpe: Make discover_phbs() static]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20201103043523.916109-1-oohall@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/machdep.h | 3 +++
arch/powerpc/kernel/pci-common.c | 10 ++++++++++
2 files changed, 13 insertions(+)
diff --git a/arch/powerpc/include/asm/machdep.h b/arch/powerpc/include/asm/machdep.h
index 475687f24f4a..d319160d790c 100644
--- a/arch/powerpc/include/asm/machdep.h
+++ b/arch/powerpc/include/asm/machdep.h
@@ -59,6 +59,9 @@ struct machdep_calls {
int (*pcibios_root_bridge_prepare)(struct pci_host_bridge
*bridge);
+ /* finds all the pci_controllers present at boot */
+ void (*discover_phbs)(void);
+
/* To setup PHBs when using automatic OF platform driver for PCI */
int (*pci_setup_phb)(struct pci_controller *host);
diff --git a/arch/powerpc/kernel/pci-common.c b/arch/powerpc/kernel/pci-common.c
index be108616a721..7920559a1ca8 100644
--- a/arch/powerpc/kernel/pci-common.c
+++ b/arch/powerpc/kernel/pci-common.c
@@ -1625,3 +1625,13 @@ static void fixup_hide_host_resource_fsl(struct pci_dev *dev)
}
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MOTOROLA, PCI_ANY_ID, fixup_hide_host_resource_fsl);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_FREESCALE, PCI_ANY_ID, fixup_hide_host_resource_fsl);
+
+
+static int __init discover_phbs(void)
+{
+ if (ppc_md.discover_phbs)
+ ppc_md.discover_phbs();
+
+ return 0;
+}
+core_initcall(discover_phbs);
--
2.30.1
^ permalink raw reply related
* [PATCH AUTOSEL 5.10 16/47] powerpc: improve handling of unrecoverable system reset
From: Sasha Levin @ 2021-03-02 11:56 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Sasha Levin, linuxppc-dev, Nicholas Piggin
In-Reply-To: <20210302115646.62291-1-sashal@kernel.org>
From: Nicholas Piggin <npiggin@gmail.com>
[ Upstream commit 11cb0a25f71818ca7ab4856548ecfd83c169aa4d ]
If an unrecoverable system reset hits in process context, the system
does not have to panic. Similar to machine check, call nmi_exit()
before die().
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210130130852.2952424-26-npiggin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/traps.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
index 5006dcbe1d9f..77dffea3d537 100644
--- a/arch/powerpc/kernel/traps.c
+++ b/arch/powerpc/kernel/traps.c
@@ -509,8 +509,11 @@ out:
die("Unrecoverable nested System Reset", regs, SIGABRT);
#endif
/* Must die if the interrupt is not recoverable */
- if (!(regs->msr & MSR_RI))
+ if (!(regs->msr & MSR_RI)) {
+ /* For the reason explained in die_mce, nmi_exit before die */
+ nmi_exit();
die("Unrecoverable System Reset", regs, SIGABRT);
+ }
if (saved_hsrrs) {
mtspr(SPRN_HSRR0, hsrr0);
--
2.30.1
^ permalink raw reply related
* [PATCH AUTOSEL 5.10 17/47] powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
From: Sasha Levin @ 2021-03-02 11:56 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Sasha Levin, Athira Rajeev, linuxppc-dev
In-Reply-To: <20210302115646.62291-1-sashal@kernel.org>
From: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
[ Upstream commit d137845c973147a22622cc76c7b0bc16f6206323 ]
While sampling for marked events, currently we record the sample only
if the SIAR valid bit of Sampled Instruction Event Register (SIER) is
set. SIAR_VALID bit is used for fetching the instruction address from
Sampled Instruction Address Register(SIAR). But there are some
usecases, where the user is interested only in the PMU stats at each
counter overflow and the exact IP of the overflow event is not
required. Dropping SIAR invalid samples will fail to record some of
the counter overflows in such cases.
Example of such usecase is dumping the PMU stats (event counts) after
some regular amount of instructions/events from the userspace (ex: via
ptrace). Here counter overflow is indicated to userspace via signal
handler, and captured by monitoring and enabling I/O signaling on the
event file descriptor. In these cases, we expect to get
sample/overflow indication after each specified sample_period.
Perf event attribute will not have PERF_SAMPLE_IP set in the
sample_type if exact IP of the overflow event is not requested. So
while profiling if SAMPLE_IP is not set, just record the counter
overflow irrespective of SIAR_VALID check.
Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
[mpe: Reflow comment and if formatting]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1612516492-1428-1-git-send-email-atrajeev@linux.vnet.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/perf/core-book3s.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c
index 43599e671d38..d84ab867b986 100644
--- a/arch/powerpc/perf/core-book3s.c
+++ b/arch/powerpc/perf/core-book3s.c
@@ -2112,7 +2112,17 @@ static void record_and_restart(struct perf_event *event, unsigned long val,
left += period;
if (left <= 0)
left = period;
- record = siar_valid(regs);
+
+ /*
+ * If address is not requested in the sample via
+ * PERF_SAMPLE_IP, just record that sample irrespective
+ * of SIAR valid check.
+ */
+ if (event->attr.sample_type & PERF_SAMPLE_IP)
+ record = siar_valid(regs);
+ else
+ record = 1;
+
event->hw.last_period = event->hw.sample_period;
}
if (left < 0x80000000LL)
@@ -2130,9 +2140,10 @@ static void record_and_restart(struct perf_event *event, unsigned long val,
* MMCR2. Check attr.exclude_kernel and address to drop the sample in
* these cases.
*/
- if (event->attr.exclude_kernel && record)
- if (is_kernel_addr(mfspr(SPRN_SIAR)))
- record = 0;
+ if (event->attr.exclude_kernel &&
+ (event->attr.sample_type & PERF_SAMPLE_IP) &&
+ is_kernel_addr(mfspr(SPRN_SIAR)))
+ record = 0;
/*
* Finally record data if requested.
--
2.30.1
^ permalink raw reply related
* [PATCH AUTOSEL 5.10 20/47] powerpc/64: Fix stack trace not displaying final frame
From: Sasha Levin @ 2021-03-02 11:56 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Sasha Levin, linuxppc-dev
In-Reply-To: <20210302115646.62291-1-sashal@kernel.org>
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit e3de1e291fa58a1ab0f471a4b458eff2514e4b5f ]
In commit bf13718bc57a ("powerpc: show registers when unwinding
interrupt frames") we changed our stack dumping logic to show the full
registers whenever we find an interrupt frame on the stack.
However we didn't notice that on 64-bit this doesn't show the final
frame, ie. the interrupt that brought us in from userspace, whereas on
32-bit it does.
That is due to confusion about the size of that last frame. The code
in show_stack() calls validate_sp(), passing it STACK_INT_FRAME_SIZE
to check the sp is at least that far below the top of the stack.
However on 64-bit that size is too large for the final frame, because
it includes the red zone, but we don't allocate a red zone for the
first frame.
So add a new define that encodes the correct size for 32-bit and
64-bit, and use it in show_stack().
This results in the full trace being shown on 64-bit, eg:
sysrq: Trigger a crash
Kernel panic - not syncing: sysrq triggered crash
CPU: 0 PID: 83 Comm: sh Not tainted 5.11.0-rc2-gcc-8.2.0-00188-g571abcb96b10-dirty #649
Call Trace:
[c00000000a1c3ac0] [c000000000897b70] dump_stack+0xc4/0x114 (unreliable)
[c00000000a1c3b00] [c00000000014334c] panic+0x178/0x41c
[c00000000a1c3ba0] [c00000000094e600] sysrq_handle_crash+0x40/0x50
[c00000000a1c3c00] [c00000000094ef98] __handle_sysrq+0xd8/0x210
[c00000000a1c3ca0] [c00000000094f820] write_sysrq_trigger+0x100/0x188
[c00000000a1c3ce0] [c0000000005559dc] proc_reg_write+0x10c/0x1b0
[c00000000a1c3d10] [c000000000479950] vfs_write+0xf0/0x360
[c00000000a1c3d60] [c000000000479d9c] ksys_write+0x7c/0x140
[c00000000a1c3db0] [c00000000002bf5c] system_call_exception+0x19c/0x2c0
[c00000000a1c3e10] [c00000000000d35c] system_call_common+0xec/0x278
--- interrupt: c00 at 0x7fff9fbab428
NIP: 00007fff9fbab428 LR: 000000001000b724 CTR: 0000000000000000
REGS: c00000000a1c3e80 TRAP: 0c00 Not tainted (5.11.0-rc2-gcc-8.2.0-00188-g571abcb96b10-dirty)
MSR: 900000000280f033 <SF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE> CR: 22002884 XER: 00000000
IRQMASK: 0
GPR00: 0000000000000004 00007fffc3cb8960 00007fff9fc59900 0000000000000001
GPR04: 000000002a4b32d0 0000000000000002 0000000000000063 0000000000000063
GPR08: 000000002a4b32d0 0000000000000000 0000000000000000 0000000000000000
GPR12: 0000000000000000 00007fff9fcca9a0 0000000000000000 0000000000000000
GPR16: 0000000000000000 0000000000000000 0000000000000000 00000000100b8fd0
GPR20: 000000002a4b3485 00000000100b8f90 0000000000000000 0000000000000000
GPR24: 000000002a4b0440 00000000100e77b8 0000000000000020 000000002a4b32d0
GPR28: 0000000000000001 0000000000000002 000000002a4b32d0 0000000000000001
NIP [00007fff9fbab428] 0x7fff9fbab428
LR [000000001000b724] 0x1000b724
--- interrupt: c00
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210209141627.2898485-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/ptrace.h | 3 +++
arch/powerpc/kernel/asm-offsets.c | 2 +-
arch/powerpc/kernel/process.c | 2 +-
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/include/asm/ptrace.h b/arch/powerpc/include/asm/ptrace.h
index e2c778c176a3..7bb064ad04d8 100644
--- a/arch/powerpc/include/asm/ptrace.h
+++ b/arch/powerpc/include/asm/ptrace.h
@@ -62,6 +62,9 @@ struct pt_regs
};
#endif
+
+#define STACK_FRAME_WITH_PT_REGS (STACK_FRAME_OVERHEAD + sizeof(struct pt_regs))
+
#ifdef __powerpc64__
/*
diff --git a/arch/powerpc/kernel/asm-offsets.c b/arch/powerpc/kernel/asm-offsets.c
index c2722ff36e98..5c125255571c 100644
--- a/arch/powerpc/kernel/asm-offsets.c
+++ b/arch/powerpc/kernel/asm-offsets.c
@@ -307,7 +307,7 @@ int main(void)
/* Interrupt register frame */
DEFINE(INT_FRAME_SIZE, STACK_INT_FRAME_SIZE);
- DEFINE(SWITCH_FRAME_SIZE, STACK_FRAME_OVERHEAD + sizeof(struct pt_regs));
+ DEFINE(SWITCH_FRAME_SIZE, STACK_FRAME_WITH_PT_REGS);
STACK_PT_REGS_OFFSET(GPR0, gpr[0]);
STACK_PT_REGS_OFFSET(GPR1, gpr[1]);
STACK_PT_REGS_OFFSET(GPR2, gpr[2]);
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
index d421a2c7f822..1a1d2657fe8d 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -2170,7 +2170,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack,
* See if this is an exception frame.
* We look for the "regshere" marker in the current frame.
*/
- if (validate_sp(sp, tsk, STACK_INT_FRAME_SIZE)
+ if (validate_sp(sp, tsk, STACK_FRAME_WITH_PT_REGS)
&& stack[STACK_FRAME_MARKER] == STACK_FRAME_REGS_MARKER) {
struct pt_regs *regs = (struct pt_regs *)
(sp + STACK_FRAME_OVERHEAD);
--
2.30.1
^ permalink raw reply related
* [PATCH AUTOSEL 5.4 08/33] powerpc/pci: Add ppc_md.discover_phbs()
From: Sasha Levin @ 2021-03-02 11:57 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Sasha Levin, linuxppc-dev, Oliver O'Halloran,
kernel test robot
In-Reply-To: <20210302115749.62653-1-sashal@kernel.org>
From: Oliver O'Halloran <oohall@gmail.com>
[ Upstream commit 5537fcb319d016ce387f818dd774179bc03217f5 ]
On many powerpc platforms the discovery and initalisation of
pci_controllers (PHBs) happens inside of setup_arch(). This is very early
in boot (pre-initcalls) and means that we're initialising the PHB long
before many basic kernel services (slab allocator, debugfs, a real ioremap)
are available.
On PowerNV this causes an additional problem since we map the PHB registers
with ioremap(). As of commit d538aadc2718 ("powerpc/ioremap: warn on early
use of ioremap()") a warning is printed because we're using the "incorrect"
API to setup and MMIO mapping in searly boot. The kernel does provide
early_ioremap(), but that is not intended to create long-lived MMIO
mappings and a seperate warning is printed by generic code if
early_ioremap() mappings are "leaked."
This is all fixable with dumb hacks like using early_ioremap() to setup
the initial mapping then replacing it with a real ioremap later on in
boot, but it does raise the question: Why the hell are we setting up the
PHB's this early in boot?
The old and wise claim it's due to "hysterical rasins." Aside from amused
grapes there doesn't appear to be any real reason to maintain the current
behaviour. Already most of the newer embedded platforms perform PHB
discovery in an arch_initcall and between the end of setup_arch() and the
start of initcalls none of the generic kernel code does anything PCI
related. On powerpc scanning PHBs occurs in a subsys_initcall so it should
be possible to move the PHB discovery to a core, postcore or arch initcall.
This patch adds the ppc_md.discover_phbs hook and a core_initcall stub that
calls it. The core_initcalls are the earliest to be called so this will
any possibly issues with dependency between initcalls. This isn't just an
academic issue either since on pseries and PowerNV EEH init occurs in an
arch_initcall and depends on the pci_controllers being available, similarly
the creation of pci_dns occurs at core_initcall_sync (i.e. between core and
postcore initcalls). These problems need to be addressed seperately.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
[mpe: Make discover_phbs() static]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20201103043523.916109-1-oohall@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/machdep.h | 3 +++
arch/powerpc/kernel/pci-common.c | 10 ++++++++++
2 files changed, 13 insertions(+)
diff --git a/arch/powerpc/include/asm/machdep.h b/arch/powerpc/include/asm/machdep.h
index 7bcb64444a39..f71c361dc356 100644
--- a/arch/powerpc/include/asm/machdep.h
+++ b/arch/powerpc/include/asm/machdep.h
@@ -59,6 +59,9 @@ struct machdep_calls {
int (*pcibios_root_bridge_prepare)(struct pci_host_bridge
*bridge);
+ /* finds all the pci_controllers present at boot */
+ void (*discover_phbs)(void);
+
/* To setup PHBs when using automatic OF platform driver for PCI */
int (*pci_setup_phb)(struct pci_controller *host);
diff --git a/arch/powerpc/kernel/pci-common.c b/arch/powerpc/kernel/pci-common.c
index 1c448cf25506..a2c258a8d736 100644
--- a/arch/powerpc/kernel/pci-common.c
+++ b/arch/powerpc/kernel/pci-common.c
@@ -1669,3 +1669,13 @@ static void fixup_hide_host_resource_fsl(struct pci_dev *dev)
}
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MOTOROLA, PCI_ANY_ID, fixup_hide_host_resource_fsl);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_FREESCALE, PCI_ANY_ID, fixup_hide_host_resource_fsl);
+
+
+static int __init discover_phbs(void)
+{
+ if (ppc_md.discover_phbs)
+ ppc_md.discover_phbs();
+
+ return 0;
+}
+core_initcall(discover_phbs);
--
2.30.1
^ permalink raw reply related
* [PATCH AUTOSEL 5.4 11/33] powerpc: improve handling of unrecoverable system reset
From: Sasha Levin @ 2021-03-02 11:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Sasha Levin, linuxppc-dev, Nicholas Piggin
In-Reply-To: <20210302115749.62653-1-sashal@kernel.org>
From: Nicholas Piggin <npiggin@gmail.com>
[ Upstream commit 11cb0a25f71818ca7ab4856548ecfd83c169aa4d ]
If an unrecoverable system reset hits in process context, the system
does not have to panic. Similar to machine check, call nmi_exit()
before die().
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210130130852.2952424-26-npiggin@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/traps.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
index 206032c9b545..ecfa460f66d1 100644
--- a/arch/powerpc/kernel/traps.c
+++ b/arch/powerpc/kernel/traps.c
@@ -513,8 +513,11 @@ out:
die("Unrecoverable nested System Reset", regs, SIGABRT);
#endif
/* Must die if the interrupt is not recoverable */
- if (!(regs->msr & MSR_RI))
+ if (!(regs->msr & MSR_RI)) {
+ /* For the reason explained in die_mce, nmi_exit before die */
+ nmi_exit();
die("Unrecoverable System Reset", regs, SIGABRT);
+ }
if (saved_hsrrs) {
mtspr(SPRN_HSRR0, hsrr0);
--
2.30.1
^ permalink raw reply related
* [PATCH AUTOSEL 5.4 12/33] powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
From: Sasha Levin @ 2021-03-02 11:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Sasha Levin, Athira Rajeev, linuxppc-dev
In-Reply-To: <20210302115749.62653-1-sashal@kernel.org>
From: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
[ Upstream commit d137845c973147a22622cc76c7b0bc16f6206323 ]
While sampling for marked events, currently we record the sample only
if the SIAR valid bit of Sampled Instruction Event Register (SIER) is
set. SIAR_VALID bit is used for fetching the instruction address from
Sampled Instruction Address Register(SIAR). But there are some
usecases, where the user is interested only in the PMU stats at each
counter overflow and the exact IP of the overflow event is not
required. Dropping SIAR invalid samples will fail to record some of
the counter overflows in such cases.
Example of such usecase is dumping the PMU stats (event counts) after
some regular amount of instructions/events from the userspace (ex: via
ptrace). Here counter overflow is indicated to userspace via signal
handler, and captured by monitoring and enabling I/O signaling on the
event file descriptor. In these cases, we expect to get
sample/overflow indication after each specified sample_period.
Perf event attribute will not have PERF_SAMPLE_IP set in the
sample_type if exact IP of the overflow event is not requested. So
while profiling if SAMPLE_IP is not set, just record the counter
overflow irrespective of SIAR_VALID check.
Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Athira Rajeev <atrajeev@linux.vnet.ibm.com>
[mpe: Reflow comment and if formatting]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/1612516492-1428-1-git-send-email-atrajeev@linux.vnet.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/perf/core-book3s.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c
index 02fc75ddcbb3..6f013e418834 100644
--- a/arch/powerpc/perf/core-book3s.c
+++ b/arch/powerpc/perf/core-book3s.c
@@ -2077,7 +2077,17 @@ static void record_and_restart(struct perf_event *event, unsigned long val,
left += period;
if (left <= 0)
left = period;
- record = siar_valid(regs);
+
+ /*
+ * If address is not requested in the sample via
+ * PERF_SAMPLE_IP, just record that sample irrespective
+ * of SIAR valid check.
+ */
+ if (event->attr.sample_type & PERF_SAMPLE_IP)
+ record = siar_valid(regs);
+ else
+ record = 1;
+
event->hw.last_period = event->hw.sample_period;
}
if (left < 0x80000000LL)
@@ -2095,9 +2105,10 @@ static void record_and_restart(struct perf_event *event, unsigned long val,
* MMCR2. Check attr.exclude_kernel and address to drop the sample in
* these cases.
*/
- if (event->attr.exclude_kernel && record)
- if (is_kernel_addr(mfspr(SPRN_SIAR)))
- record = 0;
+ if (event->attr.exclude_kernel &&
+ (event->attr.sample_type & PERF_SAMPLE_IP) &&
+ is_kernel_addr(mfspr(SPRN_SIAR)))
+ record = 0;
/*
* Finally record data if requested.
--
2.30.1
^ permalink raw reply related
* [PATCH AUTOSEL 5.4 14/33] powerpc/64: Fix stack trace not displaying final frame
From: Sasha Levin @ 2021-03-02 11:57 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Sasha Levin, linuxppc-dev
In-Reply-To: <20210302115749.62653-1-sashal@kernel.org>
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit e3de1e291fa58a1ab0f471a4b458eff2514e4b5f ]
In commit bf13718bc57a ("powerpc: show registers when unwinding
interrupt frames") we changed our stack dumping logic to show the full
registers whenever we find an interrupt frame on the stack.
However we didn't notice that on 64-bit this doesn't show the final
frame, ie. the interrupt that brought us in from userspace, whereas on
32-bit it does.
That is due to confusion about the size of that last frame. The code
in show_stack() calls validate_sp(), passing it STACK_INT_FRAME_SIZE
to check the sp is at least that far below the top of the stack.
However on 64-bit that size is too large for the final frame, because
it includes the red zone, but we don't allocate a red zone for the
first frame.
So add a new define that encodes the correct size for 32-bit and
64-bit, and use it in show_stack().
This results in the full trace being shown on 64-bit, eg:
sysrq: Trigger a crash
Kernel panic - not syncing: sysrq triggered crash
CPU: 0 PID: 83 Comm: sh Not tainted 5.11.0-rc2-gcc-8.2.0-00188-g571abcb96b10-dirty #649
Call Trace:
[c00000000a1c3ac0] [c000000000897b70] dump_stack+0xc4/0x114 (unreliable)
[c00000000a1c3b00] [c00000000014334c] panic+0x178/0x41c
[c00000000a1c3ba0] [c00000000094e600] sysrq_handle_crash+0x40/0x50
[c00000000a1c3c00] [c00000000094ef98] __handle_sysrq+0xd8/0x210
[c00000000a1c3ca0] [c00000000094f820] write_sysrq_trigger+0x100/0x188
[c00000000a1c3ce0] [c0000000005559dc] proc_reg_write+0x10c/0x1b0
[c00000000a1c3d10] [c000000000479950] vfs_write+0xf0/0x360
[c00000000a1c3d60] [c000000000479d9c] ksys_write+0x7c/0x140
[c00000000a1c3db0] [c00000000002bf5c] system_call_exception+0x19c/0x2c0
[c00000000a1c3e10] [c00000000000d35c] system_call_common+0xec/0x278
--- interrupt: c00 at 0x7fff9fbab428
NIP: 00007fff9fbab428 LR: 000000001000b724 CTR: 0000000000000000
REGS: c00000000a1c3e80 TRAP: 0c00 Not tainted (5.11.0-rc2-gcc-8.2.0-00188-g571abcb96b10-dirty)
MSR: 900000000280f033 <SF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE> CR: 22002884 XER: 00000000
IRQMASK: 0
GPR00: 0000000000000004 00007fffc3cb8960 00007fff9fc59900 0000000000000001
GPR04: 000000002a4b32d0 0000000000000002 0000000000000063 0000000000000063
GPR08: 000000002a4b32d0 0000000000000000 0000000000000000 0000000000000000
GPR12: 0000000000000000 00007fff9fcca9a0 0000000000000000 0000000000000000
GPR16: 0000000000000000 0000000000000000 0000000000000000 00000000100b8fd0
GPR20: 000000002a4b3485 00000000100b8f90 0000000000000000 0000000000000000
GPR24: 000000002a4b0440 00000000100e77b8 0000000000000020 000000002a4b32d0
GPR28: 0000000000000001 0000000000000002 000000002a4b32d0 0000000000000001
NIP [00007fff9fbab428] 0x7fff9fbab428
LR [000000001000b724] 0x1000b724
--- interrupt: c00
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20210209141627.2898485-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/ptrace.h | 3 +++
arch/powerpc/kernel/asm-offsets.c | 2 +-
arch/powerpc/kernel/process.c | 2 +-
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/include/asm/ptrace.h b/arch/powerpc/include/asm/ptrace.h
index c41220f4aad9..5a424f867c82 100644
--- a/arch/powerpc/include/asm/ptrace.h
+++ b/arch/powerpc/include/asm/ptrace.h
@@ -62,6 +62,9 @@ struct pt_regs
};
#endif
+
+#define STACK_FRAME_WITH_PT_REGS (STACK_FRAME_OVERHEAD + sizeof(struct pt_regs))
+
#ifdef __powerpc64__
/*
diff --git a/arch/powerpc/kernel/asm-offsets.c b/arch/powerpc/kernel/asm-offsets.c
index 5c0a1e17219b..af399675248e 100644
--- a/arch/powerpc/kernel/asm-offsets.c
+++ b/arch/powerpc/kernel/asm-offsets.c
@@ -285,7 +285,7 @@ int main(void)
/* Interrupt register frame */
DEFINE(INT_FRAME_SIZE, STACK_INT_FRAME_SIZE);
- DEFINE(SWITCH_FRAME_SIZE, STACK_FRAME_OVERHEAD + sizeof(struct pt_regs));
+ DEFINE(SWITCH_FRAME_SIZE, STACK_FRAME_WITH_PT_REGS);
STACK_PT_REGS_OFFSET(GPR0, gpr[0]);
STACK_PT_REGS_OFFSET(GPR1, gpr[1]);
STACK_PT_REGS_OFFSET(GPR2, gpr[2]);
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
index bd0c258a1d5d..c94bba9142e7 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -2081,7 +2081,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
* See if this is an exception frame.
* We look for the "regshere" marker in the current frame.
*/
- if (validate_sp(sp, tsk, STACK_INT_FRAME_SIZE)
+ if (validate_sp(sp, tsk, STACK_FRAME_WITH_PT_REGS)
&& stack[STACK_FRAME_MARKER] == STACK_FRAME_REGS_MARKER) {
struct pt_regs *regs = (struct pt_regs *)
(sp + STACK_FRAME_OVERHEAD);
--
2.30.1
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox