lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 21 Jan 2019 19:42:35 +0200
From:   Mike Rapoport <rppt@...ux.ibm.com>
To:     Rob Herring <robh+dt@...nel.org>
Cc:     Catalin Marinas <catalin.marinas@....com>,
        Robin Murphy <robin.murphy@....com>,
        Marc Gonzalez <marc.w.gonzalez@...e.fr>,
        Frank Rowand <frowand.list@...il.com>,
        Marek Szyprowski <m.szyprowski@...sung.com>,
        Bjorn Andersson <bjorn.andersson@...aro.org>,
        Mark Rutland <mark.rutland@....com>,
        Arnd Bergmann <arnd@...db.de>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        Oscar Salvador <osalvador@...e.de>,
        Wei Yang <richard.weiyang@...il.com>,
        Michal Hocko <mhocko@...e.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Sri Krishna chowdary <schowdary@...dia.com>,
        Qian Cai <cai@....pw>, LKML <linux-kernel@...r.kernel.org>
Subject: Re: kmemleak panic

On Mon, Jan 21, 2019 at 09:42:07AM -0600, Rob Herring wrote:
> +Mike Rapoport
> 
> On Mon, Jan 21, 2019 at 8:37 AM Catalin Marinas <catalin.marinas@....com> wrote:
> >
> > On Mon, Jan 21, 2019 at 07:35:11AM -0600, Rob Herring wrote:
> > > On Mon, Jan 21, 2019 at 6:19 AM Robin Murphy <robin.murphy@....com> wrote:
> > > >
> > > > On 21/01/2019 11:57, Marc Gonzalez wrote:
> > > > [...]
> > > > > # echo dump=0xffffffc021e00000 > /sys/kernel/debug/kmemleak
> > > > > kmemleak: Object 0xffffffc021e00000 (size 2097152):
> > > > > kmemleak:   comm "swapper/0", pid 0, jiffies 4294892296
> > > > > kmemleak:   min_count = 0
> > > > > kmemleak:   count = 0
> > > > > kmemleak:   flags = 0x1
> > > > > kmemleak:   checksum = 0
> > > > > kmemleak:   backtrace:
> > > > >       kmemleak_alloc_phys+0x48/0x60
> > > > >       memblock_alloc_range_nid+0x8c/0xa4
> > > > >       memblock_alloc_base_nid+0x4c/0x60
> > > > >       __memblock_alloc_base+0x3c/0x4c
> > > > >       early_init_dt_alloc_reserved_memory_arch+0x54/0xa4
> > > > >       fdt_init_reserved_mem+0x308/0x3ec
> > > > >       early_init_fdt_scan_reserved_mem+0x88/0xb0
> > > > >       arm64_memblock_init+0x1dc/0x254
> > > > >       setup_arch+0x1c8/0x4ec
> > > > >       start_kernel+0x84/0x44c
> > > > >       0xffffffffffffffff
> > > >
> > > > OK, so via the __va(phys) call in kmemleak_alloc_phys(), you end up with
> > > > the linear map address of a no-map reservation, which unsurprisingly
> > > > turns out not to be mapped. Is there a way to tell kmemleak that it
> > > > can't scan within a particular object?
> > >
> > > There was this patch posted[1]. I never got a reply, so it hasn't been applied.
> > >
> > > https://patchwork.ozlabs.org/patch/995367/
> >
> > Thanks Rob, I wasn't aware of this patch (or I just missed it at the
> > time).
> >
> > I wonder whether kmemleak should simply remove ranges passed to
> > memblock_remove(), or at least mark them as no-scan.

I'm not sure that would be possible. Normal use of memblock_remove() is as
a counterpart of memblock_add() which does not involve kmemleak.
As memblock_remove() essentially hides range of the physical memory from
the system, it's not clear how it can communicate to kmemleak what region
should not be scanned.

> Seems reasonable to me, but of course that impacts a lot of other
> cases. Maybe Mike R has some thoughts?

If I understood correctly, the trouble comes from no-map range allocated in 
early_init_dt_alloc_reserved_memory_arch().

There's indeed imbalance, because memblock_alloc() does kmemleak_alloc(), but
memblock_remove() does not do kmemleak_free().

I think the best way is to replace __memblock_alloc_base() with
memblock_find_in_range(), e.g something like:


diff --git a/drivers/of/of_reserved_mem.c b/drivers/of/of_reserved_mem.c
index 1977ee0adcb1..6807a1cffe55 100644
--- a/drivers/of/of_reserved_mem.c
+++ b/drivers/of/of_reserved_mem.c
@@ -37,21 +37,16 @@ int __init __weak early_init_dt_alloc_reserved_memory_arch(phys_addr_t size,
 	 */
 	end = !end ? MEMBLOCK_ALLOC_ANYWHERE : end;
 	align = !align ? SMP_CACHE_BYTES : align;
-	base = __memblock_alloc_base(size, align, end);
+	base = memblock_find_in_range(size, align, start, end);
 	if (!base)
 		return -ENOMEM;
 
-	/*
-	 * Check if the allocated region fits in to start..end window
-	 */
-	if (base < start) {
-		memblock_free(base, size);
-		return -ENOMEM;
-	}
-
 	*res_base = base;
 	if (nomap)
 		return memblock_remove(base, size);
+	else
+		return memblock_reserve(base, size);
+
 	return 0;
 }
 
 
> Rob
> 

-- 
Sincerely yours,
Mike.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ