From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Qian Cai <cai@lca.pw>,
Borislav Petkov <bp@suse.de>,
Catalin Marinas <catalin.marinas@arm.com>,
Andy Lutomirski <luto@kernel.org>,
Brijesh Singh <brijesh.singh@amd.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>, x86-ml <x86@kernel.org>
Subject: [PATCH 4.19 96/99] x86/mm: Fix a crash with kmemleak_scan()
Date: Mon, 6 May 2019 16:33:09 +0200 [thread overview]
Message-ID: <20190506143102.536637385@linuxfoundation.org> (raw)
In-Reply-To: <20190506143053.899356316@linuxfoundation.org>
From: Qian Cai <cai@lca.pw>
commit 0d02113b31b2017dd349ec9df2314e798a90fa6e upstream.
The first kmemleak_scan() call after boot would trigger the crash below
because this callpath:
kernel_init
free_initmem
mem_encrypt_free_decrypted_mem
free_init_pages
unmaps memory inside the .bss when DEBUG_PAGEALLOC=y.
kmemleak_init() will register the .data/.bss sections and then
kmemleak_scan() will scan those addresses and dereference them looking
for pointer references. If free_init_pages() frees and unmaps pages in
those sections, kmemleak_scan() will crash if referencing one of those
addresses:
BUG: unable to handle kernel paging request at ffffffffbd402000
CPU: 12 PID: 325 Comm: kmemleak Not tainted 5.1.0-rc4+ #4
RIP: 0010:scan_block
Call Trace:
scan_gray_list
kmemleak_scan
kmemleak_scan_thread
kthread
ret_from_fork
Since kmemleak_free_part() is tolerant to unknown objects (not tracked
by kmemleak), it is fine to call it from free_init_pages() even if not
all address ranges passed to this function are known to kmemleak.
[ bp: Massage. ]
Fixes: b3f0907c71e0 ("x86/mm: Add .bss..decrypted section to hold shared variables")
Signed-off-by: Qian Cai <cai@lca.pw>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190423165811.36699-1-cai@lca.pw
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/mm/init.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -6,6 +6,7 @@
#include <linux/bootmem.h> /* for max_low_pfn */
#include <linux/swapfile.h>
#include <linux/swapops.h>
+#include <linux/kmemleak.h>
#include <asm/set_memory.h>
#include <asm/e820/api.h>
@@ -767,6 +768,11 @@ void free_init_pages(char *what, unsigne
if (debug_pagealloc_enabled()) {
pr_info("debug: unmapping init [mem %#010lx-%#010lx]\n",
begin, end - 1);
+ /*
+ * Inform kmemleak about the hole in the memory since the
+ * corresponding pages will be unmapped.
+ */
+ kmemleak_free_part((void *)begin, end - begin);
set_memory_np(begin, (end - begin) >> PAGE_SHIFT);
} else {
/*
next prev parent reply other threads:[~2019-05-06 14:43 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-06 14:31 [PATCH 4.19 00/99] 4.19.41-stable review Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 01/99] iwlwifi: fix driver operation for 5350 Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 02/99] mwifiex: Make resume actually do something useful again on SDIO cards Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 03/99] mac80211: dont attempt to rename ERR_PTR() debugfs dirs Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 04/99] i2c: synquacer: fix enumeration of slave devices Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 05/99] i2c: imx: correct the method of getting private data in notifier_call Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 06/99] i2c: Remove unnecessary call to irq_find_mapping Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 07/99] i2c: Clear client->irq in i2c_device_remove Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 08/99] i2c: Allow recovery of the initial IRQ by an I2C client device Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 09/99] i2c: Prevent runtime suspend of adapter when Host Notify is required Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 10/99] ALSA: hda/realtek - Add new Dell platform for headset mode Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 11/99] ALSA: hda/realtek - Fixed Dell AIO speaker noise Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 12/99] ALSA: hda/realtek - Apply the fixup for ASUS Q325UAR Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 13/99] USB: yurex: Fix protection fault after device removal Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 14/99] USB: w1 ds2490: Fix bug caused by improper use of altsetting array Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 15/99] USB: dummy-hcd: Fix failure to give back unlinked URBs Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 16/99] usb: usbip: fix isoc packet num validation in get_pipe Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 17/99] USB: core: Fix unterminated string returned by usb_string() Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 18/99] USB: core: Fix bug caused by duplicate interface PM usage counter Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 19/99] nvme-loop: init nvmet_ctrl fatal_err_work when allocate Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 20/99] efi: Fix debugobjects warning on efi_rts_work Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 21/99] arm64: dts: rockchip: fix rk3328-roc-cc gmac2io tx/rx_delay Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 22/99] HID: logitech: check the return value of create_singlethread_workqueue Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 23/99] HID: debug: fix race condition with between rdesc_show() and device removal Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 24/99] rtc: cros-ec: Fail suspend/resume if wake IRQ cant be configured Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 25/99] rtc: sh: Fix invalid alarm warning for non-enabled alarm Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 26/99] batman-adv: Reduce claim hash refcnt only for removed entry Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 27/99] batman-adv: Reduce tt_local " Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 28/99] batman-adv: Reduce tt_global " Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 29/99] batman-adv: fix warning in function batadv_v_elp_get_throughput Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 30/99] ARM: dts: rockchip: Fix gpu opp node names for rk3288 Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 31/99] reset: meson-audio-arb: Fix missing .owner setting of reset_controller_dev Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 32/99] igb: Fix WARN_ONCE on runtime suspend Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 33/99] riscv: fix accessing 8-byte variable from RV32 Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 34/99] HID: quirks: Fix keyboard + touchpad on Lenovo Miix 630 Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 35/99] net: hns3: fix compile error Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 36/99] net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 37/99] bonding: show full hw address in sysfs for slave entries Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 38/99] net: stmmac: use correct DMA buffer size in the RX descriptor Greg Kroah-Hartman
2019-05-08 0:10 ` Nobuhiro Iwamatsu
2019-05-08 6:35 ` Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 39/99] net: stmmac: ratelimit RX error logs Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 40/99] net: stmmac: dont stop NAPI processing when dropping a packet Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 41/99] net: stmmac: dont overwrite discard_frame status Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 42/99] net: stmmac: fix dropping of multi-descriptor RX frames Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 43/99] net: stmmac: dont log oversized frames Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 44/99] jffs2: fix use-after-free on symlink traversal Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 45/99] debugfs: " Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 46/99] mfd: twl-core: Disable IRQ while suspended Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 47/99] block: use blk_free_flush_queue() to free hctx->fq in blk_mq_init_hctx Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 48/99] rtc: da9063: set uie_unsupported when relevant Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 49/99] HID: input: add mapping for Assistant key Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 50/99] vfio/pci: use correct format characters Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 51/99] scsi: core: add new RDAC LENOVO/DE_Series device Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 52/99] scsi: storvsc: Fix calculation of sub-channel count Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 53/99] arm/mach-at91/pm : fix possible object reference leak Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 54/99] arm64: fix wrong check of on_sdei_stack in nmi context Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 55/99] net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 56/99] net: hns: Use NAPI_POLL_WEIGHT for hns driver Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 57/99] net: hns: Fix probabilistic memory overwrite when HNS driver initialized Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 58/99] net: hns: fix ICMP6 neighbor solicitation messages discard problem Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 59/99] net: hns: Fix WARNING when remove HNS driver with SMMU enabled Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 60/99] libcxgb: fix incorrect ppmax calculation Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 61/99] KVM: SVM: prevent DBG_DECRYPT and DBG_ENCRYPT overflow Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 62/99] kmemleak: powerpc: skip scanning holes in the .bss section Greg Kroah-Hartman
2019-05-07 7:58 ` Nobuhiro Iwamatsu
2019-05-07 12:51 ` Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 63/99] hugetlbfs: fix memory leak for resv_map Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 64/99] sh: fix multiple function definition build errors Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 65/99] xsysace: Fix error handling in ace_setup Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 66/99] fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 67/99] ARM: orion: dont use using 64-bit DMA masks Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 68/99] ARM: iop: " Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 69/99] block: pass no-op callback to INIT_WORK() Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 70/99] perf/x86/amd: Update generic hardware cache events for Family 17h Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 71/99] Bluetooth: btusb: request wake pin with NOAUTOEN Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 72/99] Bluetooth: mediatek: fix up an error path to restore bdev->tx_state Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 73/99] clk: qcom: Add missing freq for usb30_master_clk on 8998 Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 74/99] staging: iio: adt7316: allow adt751x to use internal vref for all dacs Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 75/99] staging: iio: adt7316: fix the dac read calculation Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 76/99] staging: iio: adt7316: fix the dac write calculation Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 77/99] scsi: RDMA/srpt: Fix a credit leak for aborted commands Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 78/99] ASoC: Intel: bytcr_rt5651: Revert "Fix DMIC map headsetmic mapping" Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 79/99] ASoC: wm_adsp: Correct handling of compressed streams that restart Greg Kroah-Hartman
2019-05-07 8:44 ` Nobuhiro Iwamatsu
2019-05-07 12:49 ` Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 80/99] ASoC: stm32: fix sai driver name initialisation Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 81/99] platform/x86: intel_pmc_core: Fix PCH IP name Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 82/99] platform/x86: intel_pmc_core: Handle CFL regmap properly Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 83/99] IB/core: Unregister notifier before freeing MAD security Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 84/99] IB/core: Fix potential memory leak while creating MAD agents Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 85/99] IB/core: Destroy QP if XRC QP fails Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 86/99] Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 87/99] Input: stmfts - acknowledge that setting brightness is a blocking call Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 88/99] gpio: mxc: add check to return defer probe if clock tree NOT ready Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 89/99] selinux: avoid silent denials in permissive mode under RCU walk Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 90/99] selinux: never allow relabeling on context mounts Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 91/99] mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 92/99] powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 93/99] x86/mce: Improve error message when kernel cannot recover, p2 Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 94/99] clk: x86: Add system specific quirk to mark clocks as critical Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 95/99] x86/mm/KASLR: Fix the size of the direct mapping section Greg Kroah-Hartman
2019-05-06 14:33 ` Greg Kroah-Hartman [this message]
2019-05-06 14:33 ` [PATCH 4.19 97/99] x86/mm/tlb: Revert "x86/mm: Align TLB invalidation info" Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 98/99] i2c: i2c-stm32f7: Fix SDADEL minimum formula Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 99/99] media: v4l2: i2c: ov7670: Fix PLL bypass register values Greg Kroah-Hartman
2019-05-07 9:49 ` [PATCH 4.19 00/99] 4.19.41-stable review Naresh Kamboju
2019-05-07 12:44 ` Jon Hunter
2019-05-07 18:39 ` Guenter Roeck
2019-05-07 19:27 ` kernelci.org bot
2019-05-07 20:22 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190506143102.536637385@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bp@suse.de \
--cc=brijesh.singh@amd.com \
--cc=cai@lca.pw \
--cc=catalin.marinas@arm.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).