[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190418095015.GB18646@arrakis.emea.arm.com>
Date: Thu, 18 Apr 2019 10:50:15 +0100
From: Catalin Marinas <catalin.marinas@....com>
To: Borislav Petkov <bp@...en8.de>
Cc: Qian Cai <cai@....pw>, dave.hansen@...ux.intel.com,
luto@...nel.org, peterz@...radead.org, tglx@...utronix.de,
mingo@...hat.com, x86@...nel.org, linux-kernel@...r.kernel.org,
Brijesh Singh <brijesh.singh@....com>
Subject: Re: [PATCH] x86/mm/mem_encrypt: fix a crash with kmemleak_scan
On Thu, Apr 18, 2019 at 09:45:10AM +0200, Borislav Petkov wrote:
> On Tue, Apr 16, 2019 at 08:38:30PM -0400, Qian Cai wrote:
> > kmemleak_init() will register the data/bss sections (only register
> > .data..ro_after_init if not within .data) and then kmemleak_scan() will scan
> > those address and dereference them looking for pointer referencing. If
> > free_init_pages() free and unmap pages in those sections, kmemleak_scan() will
> > trigger a crash if referencing one of those addresses.
> >
> > I checked other x86 free_init_pages() call sites and don't see anything obvious
> > where another place to free an address in those sections.
>
> And why is .bss/.data special and why does it need that special handling
> by kmemleak?
Kmemleak is basically a tri-colour marking tracing garbage collector [1]
but without automatic freeing. It relies on a graph of references
(pointers) between various objects and the root of such graph is the
.bss/.data.
free_init_pages() is called on memory regions outside .bss/.data like
smp_locks, initrd, kernel init text which kmemleak does not track
anyway. That said, kmemleak_free_part() is tolerant to unknown pointers,
so we could call it directly from free_init_pages().
> There must be some rule or a heuristic why kmemleak does that. Is that
> documented somewhere?
There is Documentation/dev-tools/kmemleak.rst briefly mentioning the
tracing garbage collector (although the Wikipedia link is no longer
valid, it should be replaced with [1]). It doesn't, however, state why
.bss/.data are special.
--
Catalin
[1] https://en.wikipedia.org/wiki/Tracing_garbage_collection#Tri-color_marking
Powered by blists - more mailing lists