Re: kmemleak or crc32_le bug?

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Catalin Marinas <catalin.marinas@arm.com>
To: Bernd Schubert <bernd.schubert@itwm.fraunhofer.de>
Cc: linux-kernel@vger.kernel.org, Vegard Nossum <vegardno@ifi.uio.no>,
	Pekka Enberg <penberg@kernel.org>
Subject: Re: kmemleak or crc32_le  bug?
Date: Mon, 10 Feb 2014 17:56:50 +0000	[thread overview]
Message-ID: <20140210175650.GA25309@arm.com> (raw)
In-Reply-To: <52F3B2A1.4080702@itwm.fraunhofer.de>

On Thu, Feb 06, 2014 at 05:04:49PM +0100, Bernd Schubert wrote:
> I'm frequently getting 
> 
> UG: unable to handle kernel paging request at ffff880f87550dc0
> IP: [<ffffffff813016d0>] crc32_le+0x30/0x110
> 
> called from kmemleak, see bottom of the message.
...
> With the "Cannot allocate a kmemleak_object structure" messages, 

Just curious, is the free memory low when this happens?

> somehow looks like object is not proper initialized, but update_checksum()
> checks for that. Hmm, I'm not sure about kmemcheck_shadow_lookup(), 
> especially about
> 
> > 	if (!virt_addr_valid(address))
> > 		return NULL;
> 
> So is the test 
> 
> > 	shadow = kmemcheck_shadow_lookup(addr);
> > 	if (!shadow)
> > 		return true;
> 
> right here? Shouldn't that be 'return false'?

Are you using kmemcheck and kmemleak together?

I don't think update_checksum() is called on the object being allocated
but possibly on an object being freed when kmemleak_scan() is running.
This is generally a safe operation because of the object locks in
kmemleak_scan() but when an error condition just occurred (like kmemleak
not being able to allocate memory), kmemleak gets disabled and
kmemleak_free() no longer passes the information down to update the
object's flags. At this point, the running kmemleak_scan() potentially
reads unmmapped objects.

I need to think a bit more about this. Thanks for reporting.

-- 
Catalin

     prev parent reply	other threads:[~2014-02-10 17:56 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-06 16:04 kmemleak or crc32_le bug? Bernd Schubert
2014-02-10 17:56 ` Catalin Marinas [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140210175650.GA25309@arm.com \
    --to=catalin.marinas@arm.com \
    --cc=bernd.schubert@itwm.fraunhofer.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=penberg@kernel.org \
    --cc=vegardno@ifi.uio.no \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox