From: Tejun Heo <tj@kernel.org>
To: David Miller <davem@davemloft.net>
Cc: mroos@linux.ee, grant.likely@secretlab.ca,
rob.herring@calxeda.com, sparclinux@vger.kernel.org,
linux-kernel@vger.kernel.org, sam@ravnborg.org
Subject: Re: OF-related boot crash in 3.3.0-rc3-00188-g3ec1e88
Date: Wed, 22 Feb 2012 13:00:59 -0800 [thread overview]
Message-ID: <20120222210059.GA22536@google.com> (raw)
In-Reply-To: <20120222.154417.1110838022563953071.davem@davemloft.net>
Hello, David.
On Wed, Feb 22, 2012 at 03:44:17PM -0500, David Miller wrote:
> > Can you please try the following patch? If it still fails to boot,
> > please attach the failing log. Thank you.
>
> Interesting, but two things strike me.
>
> First, this seems like it would only cause problems if the caller
> specified a too small size parameter, and then wrote past the 'size'
> bytes of the buffer. And if so, this means we have an improperly
> sized allocation somewhere, probably in the OF tree fetching code.
There's another, less likely, possibility. It made the allocation
table much larger and the lowest address used ended up lower.
0x0000007fc8fa40 vs 0x0000007fc94000. Not too much of difference and
just allocating some more memory should rule out or confirm it.
> For example, maybe we mis-calculate the size of an OF device node
> property before we fetch it from the firmware, therefore allocate
> too small a buffer, and the property fetch operation splats all
> over the end of the buffer. Another possibility is that the
> property length reported by the firmware is wrong and too small.
>
> BTW, this kind of bug would be easy to catch, simply put a magic
> number signature into all unallocated memblock memory then at
> allocation time check that signature. If we signal an error when we
> don't see the proper signature and turn on the OF tree building
> logging, we can see exactly which operation writes past the end of a
> buffer.
Yeah, redzonning can definitely help but I'm not sure whether we want
to go full on allocation debugging and all for early allocator. The
thing doesn't even support freeing.
> Second, you'd need similar handling in other call chains such as
> memblock_double_array()'s invocation of memblock_find_in_range().
> It seems a bad idea to hide how size is modified, so probably it's
> best to pass the address of the size parameter and modify the
> caller's value in that way so that the size used in the reserve
> matches up.
I suspect the size modification was added later to avoid expanding
allocation table early during boot and we can do that only for
memblock_alloc*() calls as they don't have matching free interface.
If we modify explicit reservations, we have to propagate the modified
size to each user and so on. Given that the allocation table is
discarded after boot completion and there aren't too many explicit
reservations, I don't think we need to expand size aligning to all
find_in_range users. I guess it all depends on how complete allocator
we want for early boot.
Thanks.
--
tejun
next prev parent reply other threads:[~2012-02-22 21:01 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-28 20:56 [PATCH v3.3-rc5] memblock: Fix size aligning of memblock_alloc_base_nid() Tejun Heo
2012-02-13 7:45 ` OF-related boot crash in 3.3.0-rc3-00188-g3ec1e88 Meelis Roos
2012-02-13 8:06 ` Grant Likely
2012-02-13 9:20 ` Meelis Roos
2012-02-13 21:46 ` Grant Likely
2012-02-14 0:58 ` David Miller
2012-02-14 2:30 ` Grant Likely
2012-02-14 2:41 ` Grant Likely
2012-02-16 21:08 ` mroos
2012-02-14 5:54 ` mroos
2012-02-16 19:53 ` Meelis Roos
2012-02-16 21:23 ` Sam Ravnborg
2012-02-20 9:11 ` Meelis Roos
2012-02-20 17:06 ` Tejun Heo
2012-02-20 20:04 ` Meelis Roos
2012-02-20 21:01 ` Tejun Heo
2012-02-20 22:32 ` Meelis Roos
2012-02-21 1:05 ` Tejun Heo
2012-02-22 0:36 ` Meelis Roos
2012-02-22 17:48 ` Tejun Heo
2012-02-22 18:25 ` Meelis Roos
2012-02-23 18:55 ` Tejun Heo
2012-02-23 23:31 ` David Miller
2012-02-24 9:20 ` Meelis Roos
2012-02-27 17:17 ` Meelis Roos
2012-02-27 19:43 ` Sam Ravnborg
2012-02-27 21:25 ` Meelis Roos
2012-02-27 21:30 ` David Miller
2012-02-28 21:10 ` David Miller
2012-02-28 21:36 ` Meelis Roos
2012-02-28 22:56 ` David Miller
2012-02-29 6:15 ` Meelis Roos
2012-02-29 6:27 ` David Miller
2012-02-22 20:44 ` David Miller
2012-02-22 21:00 ` Tejun Heo [this message]
2012-02-22 18:22 ` Richard Mortimer
2012-02-22 20:26 ` David Miller
2012-02-22 17:03 ` Sam Ravnborg
2012-02-22 17:12 ` Meelis Roos
2012-02-22 17:21 ` Sam Ravnborg
2012-02-22 17:41 ` Meelis Roos
2012-02-13 9:50 ` Meelis Roos
2012-02-13 9:51 ` Meelis Roos
2012-02-13 10:35 ` Meelis Roos
2012-03-01 12:24 ` [tip:core/urgent] memblock: Fix size aligning of memblock_alloc_base_nid() tip-bot for Tejun Heo
2012-02-28 22:16 ` [PATCH v3.3-rc5] " Sam Ravnborg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120222210059.GA22536@google.com \
--to=tj@kernel.org \
--cc=davem@davemloft.net \
--cc=grant.likely@secretlab.ca \
--cc=linux-kernel@vger.kernel.org \
--cc=mroos@linux.ee \
--cc=rob.herring@calxeda.com \
--cc=sam@ravnborg.org \
--cc=sparclinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).