Bug 216156
| Summary: | [bisected] kmemleak: Not scanning unknown object at 0xc00000007f000000 | ||
|---|---|---|---|
| Product: | Platform Specific/Hardware | Reporter: | Erhard F. (erhard_f) |
| Component: | PPC-64 | Assignee: | platform_ppc-64 |
| Status: | CLOSED CODE_FIX | ||
| Severity: | normal | CC: | michael |
| Priority: | P1 | ||
| Hardware: | PPC-64 | ||
| OS: | Linux | ||
| Kernel Version: | 5.19-rc3 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
| Attachments: |
dmesg (5.19-rc3, PowerMac G5 11,2)
kernel .config (5.19-rc3, PowerMac G5 11,2) cat /sys/kernel/debug/kmemleak dmesg (6.0-rc2, PowerMac G5 11,2) kernel .config (6.0-rc2, PowerMac G5 11,2) dmesg (6.1-rc5, PowerMac G5 11,2) kernel .config (6.1-rc5, PowerMac G5 11,2) dmesg (6.5-rc6, PowerMac G5 11,2) kernel .config (6.5-rc6, PowerMac G5 11,2) bisect.log kernel .config (5.18, PowerMac G5 11,2) |
||
Created attachment 301231 [details]
kernel .config (5.19-rc3, PowerMac G5 11,2)
Created attachment 301232 [details] cat /sys/kernel/debug/kmemleak Apart from that kmemleak shows a lot of hits. Only this patch was applied on top of 5.19-rc3 to prevent bug #216095: diff --git a/drivers/of/platform.c b/drivers/of/platform.c index 3507095a69f6..a70ff9df5cb9 100644 --- a/drivers/of/platform.c +++ b/drivers/of/platform.c @@ -556,7 +556,7 @@ static int __init of_platform_default_populate_init(void) if (!of_get_property(node, "linux,opened", NULL) || !of_get_property(node, "linux,boot-display", NULL)) continue; - dev = of_platform_device_create(node, "of-display", NULL); + dev = of_platform_device_create(node, NULL, NULL); if (WARN_ON(!dev)) return -ENOMEM; boot_display = node; @@ -565,7 +565,7 @@ static int __init of_platform_default_populate_init(void) for_each_node_by_type(node, "display") { if (!of_get_property(node, "linux,opened", NULL) || node == boot_display) continue; - of_platform_device_create(node, "of-display", NULL); + of_platform_device_create(node, NULL, NULL); } } else { For the "WARNING: CPU: 0 PID: 232 at include/linux/skbuff.h:2911 .rtl8169_features_check+0x290/0x4f0" later in the dmesg I openend bug #216157 in doubt whether this is ppc64 specific. Created attachment 301653 [details]
dmesg (6.0-rc2, PowerMac G5 11,2)
Reinvestigating on v6.0-rc2. kmemleak does no longer show any leaks but the "Not scanning unknown object at 0xc00000007f000000" is still there:
[...]
PowerMac motherboard: PowerMac G5 Dual Core
ioremap() called early from .btext_map+0x64/0x100. Use early_ioremap() instead
ioremap() called early from .iommu_init_early_dart+0x274/0x968. Use early_ioremap() instead
kmemleak: Not scanning unknown object at 0xc00000007f000000
CPU: 0 PID: 0 Comm: swapper Tainted: G T 6.0.0-rc2-PMacG5+ #2
Call Trace:
[c00000000257bb00] [c0000000008f8eb4] .dump_stack_lvl+0xb0/0x124 (unreliable)
[c00000000257bb90] [c00000000041ef48] .kmemleak_no_scan+0x118/0x130
[c00000000257bc10] [c00000000201e6e4] .iommu_init_early_dart+0x304/0x968
[c00000000257bd40] [c00000000201f92c] .pmac_probe+0x1ac/0x218
[c00000000257bde0] [c00000000200b284] .setup_arch+0x1a4/0x70c
[c00000000257beb0] [c000000002004d34] .start_kernel+0x13c/0xd2c
[c00000000257bf90] [c00000000000c608] start_here_common+0x1c/0x94
DART table allocated at: (____ptrval____)
DART IOMMU initialized for U4 type chipset
Using PowerMac machine description
printk: bootconsole [udbg0] enabled
CPU maps initialized for 1 thread per core
[...]
Created attachment 301654 [details]
kernel .config (6.0-rc2, PowerMac G5 11,2)
Created attachment 303178 [details]
dmesg (6.1-rc5, PowerMac G5 11,2)
Still there in 6.1-rc5.
hash-mmu: Initializing hash mmu with SLB
Linux version 6.1.0-rc5-PMacG5 (root@T1000) (gcc (Gentoo 12.2.1_p20221008 p1) 12.2.1 20221008, GNU ld (Gentoo 2.39 p5) 2.39.0) #2 SMP Mon Nov 14 17:51:54 CET 2022
ioremap() called early from .pmac_feature_init+0x22c/0x107c. Use early_ioremap() instead
ioremap() called early from .pmac_feature_init+0x2b0/0x107c. Use early_ioremap() instead
Found U4 memory controller & host bridge @ 0xf8000000 revision: 0x42
Mapped at 0xc0003e0080000000
ioremap() called early from .probe_one_macio+0x3a8/0x60c. Use early_ioremap() instead
Found a Shasta mac-io controller, rev: 0, mapped at 0x(____ptrval____)
PowerMac motherboard: PowerMac G5 Dual Core
ioremap() called early from .btext_map+0x64/0xf0. Use early_ioremap() instead
ioremap() called early from .iommu_init_early_dart+0x294/0x978. Use early_ioremap() instead
kmemleak: Not scanning unknown object at 0xc00000007f000000
CPU: 0 PID: 0 Comm: swapper Tainted: G T 6.1.0-rc5-PMacG5 #2
Call Trace:
[c0000000013e3b10] [c000000000b4e7c0] .dump_stack_lvl+0x7c/0xd8 (unreliable)
[c0000000013e3ba0] [c000000000321048] .kmemleak_no_scan+0x118/0x130
[c0000000013e3c20] [c00000000101bd2c] .iommu_init_early_dart+0x324/0x978
[c0000000013e3d50] [c00000000101d064] .pmac_probe+0x1b0/0x21c
[c0000000013e3df0] [c00000000100af7c] .setup_arch+0x198/0x6f0
[c0000000013e3eb0] [c000000001004cac] .start_kernel+0xdc/0xb68
[c0000000013e3f90] [c00000000000c7f8] start_here_common+0x1c/0x20
DART table allocated at: (____ptrval____)
DART IOMMU initialized for U4 type chipset
Hardware name: PowerMac11,2 PPC970MP 0x440101 PowerMac
printk: bootconsole [udbg0] enabled
CPU maps initialized for 1 thread per core
[...]
Created attachment 303179 [details]
kernel .config (6.1-rc5, PowerMac G5 11,2)
Created attachment 304914 [details]
dmesg (6.5-rc6, PowerMac G5 11,2)
Kernel 6.5-rc6 still affected.
[...]
PowerMac motherboard: PowerMac G5 Dual Core
ioremap() called early from btext_map+0x6c/0xf0. Use early_ioremap() instead
ioremap() called early from iommu_init_early_dart+0x270/0x948. Use early_ioremap() instead
kmemleak: Not scanning unknown object at 0xc00000007f000000
CPU: 0 PID: 0 Comm: swapper Tainted: G T 6.5.0-rc6-PMacG5-dirty #1
Call Trace:
[c00000000241fc70] [c000000000ff726c] dump_stack_lvl+0xb0/0x11c (unreliable)
[c00000000241fcb0] [c00000000048fdc8] kmemleak_no_scan+0x118/0x130
[c00000000241fd20] [c000000002021ad0] iommu_init_early_dart+0x300/0x948
[c00000000241fe30] [c000000002022bf8] pmac_probe+0x1b8/0x228
[c00000000241fe80] [c00000000200ec24] setup_arch+0x270/0x7d4
[c00000000241ff30] [c000000002004f14] start_kernel+0xc0/0x850
[c00000000241ffe0] [c00000000000cb48] start_here_common+0x1c/0x20
DART table allocated at: (____ptrval____)
DART IOMMU initialized for U4 type chipset
Hardware name: PowerMac11,2 PPC970MP 0x440101 PowerMac
printk: bootconsole [udbg0] enabled
CPU maps initialized for 1 thread per core
[...]
Created attachment 304915 [details]
kernel .config (6.5-rc6, PowerMac G5 11,2)
Finally had some time to bisect this issue. # git bisect bad 23c2d497de21f25898fbea70aeb292ab8acc8c94 is the first bad commit commit 23c2d497de21f25898fbea70aeb292ab8acc8c94 Author: Patrick Wang <patrick.wang.shcn@gmail.com> Date: Thu Apr 14 19:14:04 2022 -0700 mm: kmemleak: take a full lowmem check in kmemleak_*_phys() The kmemleak_*_phys() apis do not check the address for lowmem's min boundary, while the caller may pass an address below lowmem, which will trigger an oops: # echo scan > /sys/kernel/debug/kmemleak Unable to handle kernel paging request at virtual address ff5fffffffe00000 Oops [#1] Modules linked in: CPU: 2 PID: 134 Comm: bash Not tainted 5.18.0-rc1-next-20220407 #33 Hardware name: riscv-virtio,qemu (DT) epc : scan_block+0x74/0x15c ra : scan_block+0x72/0x15c epc : ffffffff801e5806 ra : ffffffff801e5804 sp : ff200000104abc30 gp : ffffffff815cd4e8 tp : ff60000004cfa340 t0 : 0000000000000200 t1 : 00aaaaaac23954cc t2 : 00000000000003ff s0 : ff200000104abc90 s1 : ffffffff81b0ff28 a0 : 0000000000000000 a1 : ff5fffffffe01000 a2 : ffffffff81b0ff28 a3 : 0000000000000002 a4 : 0000000000000001 a5 : 0000000000000000 a6 : ff200000104abd7c a7 : 0000000000000005 s2 : ff5fffffffe00ff9 s3 : ffffffff815cd998 s4 : ffffffff815d0e90 s5 : ffffffff81b0ff28 s6 : 0000000000000020 s7 : ffffffff815d0eb0 s8 : ffffffffffffffff s9 : ff5fffffffe00000 s10: ff5fffffffe01000 s11: 0000000000000022 t3 : 00ffffffaa17db4c t4 : 000000000000000f t5 : 0000000000000001 t6 : 0000000000000000 status: 0000000000000100 badaddr: ff5fffffffe00000 cause: 000000000000000d scan_gray_list+0x12e/0x1a6 kmemleak_scan+0x2aa/0x57e kmemleak_write+0x32a/0x40c full_proxy_write+0x56/0x82 vfs_write+0xa6/0x2a6 ksys_write+0x6c/0xe2 sys_write+0x22/0x2a ret_from_syscall+0x0/0x2 The callers may not quite know the actual address they pass(e.g. from devicetree). So the kmemleak_*_phys() apis should guarantee the address they finally use is in lowmem range, so check the address for lowmem's min boundary. Link: https://lkml.kernel.org/r/20220413122925.33856-1-patrick.wang.shcn@gmail.com Signed-off-by: Patrick Wang <patrick.wang.shcn@gmail.com> Acked-by: Catalin Marinas <catalin.marinas@arm.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> mm/kmemleak.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) And indeed if I revert 23c2d497de21f25898fbea70aeb292ab8acc8c94 (on top of 5.19 as mm/kmemleak.c differs too much in later kernels) the "kmemleak: Not scanning unknown object at 0xc00000007f000000" is gone. Created attachment 305197 [details]
bisect.log
Created attachment 305198 [details]
kernel .config (5.18, PowerMac G5 11,2)
Thanks for the bisect.
I think I see what's happening. pmac_probe() is called before mem_topology_setup(), so the min/max PFN variables are still zero. That causes kmemleak_alloc_phys() to ignore the allocation, because the checks against the PFN fail. Then kmemleak_no_scan() can't find the allocation and prints that warning.
Can you try this, it moves the kmemleak_no_scan() call later:
diff --git a/arch/powerpc/sysdev/dart_iommu.c b/arch/powerpc/sysdev/dart_iommu.c
index 98096bbfd62e..3883cb8a747e 100644
--- a/arch/powerpc/sysdev/dart_iommu.c
+++ b/arch/powerpc/sysdev/dart_iommu.c
@@ -243,9 +243,6 @@ static void __init allocate_dart(void)
if (!dart_tablebase)
panic("Failed to allocate 16MB below 2GB for DART table\n");
- /* There is no point scanning the DART space for leaks*/
- kmemleak_no_scan((void *)dart_tablebase);
-
/* Allocate a spare page to map all invalid DART pages. We need to do
* that to work around what looks like a problem with the HT bridge
* prefetching into invalid pages and corrupting data
@@ -435,6 +432,9 @@ static int __init iommu_init_late_dart(void)
if (!dart_tablebase)
return 0;
+ // There is no point scanning the DART table for leaks.
+ kmemleak_no_scan(dart_tablebase);
+
ppc_md.iommu_restore = iommu_dart_restore;
return 0;
Thanks for having a look at the issue! Applied your patch on top of v6.5.6 but it didn't work out. Now I get: [...] drmem: No dynamic reconfiguration memory found ata5.00: ATAPI: HL-DT-STDVD-RAM GH22NP20, 2.00, max UDMA/66 kmemleak: Not scanning unknown object at 0xc00000007f000000 ata5.01: CFA: DeLOCK 54143 512MB, 100511E, max UDMA/66 CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.5.6-PMacG5-dirty #1 ata5.01: 1009008 sectors, multi 1: LBA Hardware name: PowerMac11,2 PPC970MP 0x440101 PowerMac Call Trace: [c0000000030ebbd0] [c000000000c2adac] dump_stack_lvl+0x70/0xa0 (unreliable) [c0000000030ebc00] [c0000000003125d0] kmemleak_no_scan+0xf0/0x110 [c0000000030ebc70] [c000000001011594] iommu_init_late_dart+0x28/0x5c [c0000000030ebc90] [c00000000000d6f8] do_one_initcall+0x68/0x2f8 [c0000000030ebd60] [c000000001004534] kernel_init_freeable+0x2d8/0x358 [c0000000030ebdf0] [c00000000000dc18] kernel_init+0x28/0x180 [c0000000030ebe50] [c00000000000bf94] ret_from_kernel_user_thread+0x14/0x1c --- interrupt: 0 at 0x0 NIP: 0000000000000000 LR: 0000000000000000 CTR: 0000000000000000 REGS: c0000000030ebe80 TRAP: 0000 Not tainted (6.5.6-PMacG5-dirty) MSR: 0000000000000000 <> CR: 00000000 XER: 00000000 IRQMASK: 0 GPR00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR04: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR12: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR28: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ata1: SATA link down (SStatus 4 SControl 300) NIP [0000000000000000] 0x0 LR [0000000000000000] 0x0 --- interrupt: 0 Loading compiled-in X.509 certificates kmemleak: Kernel memory leak detector initialized (mem pool available: 15788) kmemleak: Automatic memory scanning thread started debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers Btrfs loaded, zoned=no, fsverity=no [...] Yeah, facepalm. Calling kmemleak_no_scan() later doesn't help, because it's the early allocation that is ignored, leading to the warning.
So we can just drop the call to kmemleak_no_scan(), the table won't be scanned because kmemleak ignores it because it thinks it's outside of the valid PFN ranges.
eg:
diff --git a/arch/powerpc/sysdev/dart_iommu.c b/arch/powerpc/sysdev/dart_iommu.c
index 98096bbfd62e..3883cb8a747e 100644
--- a/arch/powerpc/sysdev/dart_iommu.c
+++ b/arch/powerpc/sysdev/dart_iommu.c
@@ -243,9 +243,6 @@ static void __init allocate_dart(void)
if (!dart_tablebase)
panic("Failed to allocate 16MB below 2GB for DART table\n");
- /* There is no point scanning the DART space for leaks*/
- kmemleak_no_scan((void *)dart_tablebase);
-
/* Allocate a spare page to map all invalid DART pages. We need to do
* that to work around what looks like a problem with the HT bridge
* prefetching into invalid pages and corrupting data
Your newest patch fixes the issue. Thanks! Just noticed the issue is still there in v6.9-rc4. Does some side effects prevented the patch to get upstream or was it overlooked? ;) [..] Page orders: linear mapping = 12, virtual = 12, io = 12 hash-mmu: Initializing hash mmu with SLB Linux version 6.9.0-rc4-PMacG5-dirty (root@T1000) (gcc (Gentoo 13.2.1_p20240210 p14) 13.2.1 20240210, GNU ld (Gentoo 2.42 p3) 2.42.0) #1 SMP Fri Apr 19 01:23:36 CEST 2024 ioremap() called early from pmac_feature_init+0x5e8/0x12d8. Use early_ioremap() instead ioremap() called early from pmac_feature_init+0x1040/0x12d8. Use early_ioremap() instead Found U4 memory controller & host bridge @ 0xf8000000 revision: 0x42 Mapped at 0xc0003e0080000000 ioremap() called early from probe_one_macio+0x3e4/0x6cc. Use early_ioremap() instead Found a Shasta mac-io controller, rev: 0, mapped at 0x(____ptrval____) PowerMac motherboard: PowerMac G5 Dual Core ioremap() called early from btext_map+0x6c/0xf0. Use early_ioremap() instead ioremap() called early from iommu_init_early_dart+0x174/0xac4. Use early_ioremap() instead kmemleak: Not scanning unknown object at 0xc00000007f000000 CPU: 0 PID: 0 Comm: swapper Not tainted 6.9.0-rc4-PMacG5-dirty #1 Call Trace: [c0000000022f3c50] [c000000000d6524c] dump_stack_lvl+0x84/0x10c (unreliable) [c0000000022f3c80] [c000000000379118] kmemleak_no_scan+0x118/0x12c [c0000000022f3cf0] [c000000002029110] iommu_init_early_dart+0x1e4/0xac4 [c0000000022f3e00] [c00000000202a3d8] pmac_probe+0x158/0x290 [c0000000022f3e60] [c000000002011608] setup_arch+0x2b0/0xa18 [c0000000022f3f30] [c00000000200613c] start_kernel+0x98/0x81c [c0000000022f3fe0] [c00000000000c848] start_here_common+0x1c/0x20 DART table allocated at: (____ptrval____) DART IOMMU initialized for U4 type chipset Hardware name: PowerMac11,2 PPC970MP 0x440101 PowerMac printk: legacy bootconsole [udbg0] enabled CPU maps initialized for 1 thread per core (thread shift is 0) Allocated 1040 bytes for 2 pacas ----------------------------------------------------- phys_mem_size = 0x400000000 dcache_bsize = 0x80 icache_bsize = 0x80 cpu_features = 0x00000100900c218a possible = 0x001ffbebfbffb18f always = 0x0000000000000180 cpu_user_features = 0xdc080000 0x00000000 mmu_features = 0x0c008001 firmware_features = 0x0000000000000000 vmalloc start = 0xc0003d0000000000 IO start = 0xc0003e0000000000 vmemmap start = 0xc0003f0000000000 hash-mmu: ppc64_pft_size = 0x0 hash-mmu: htab_hash_mask = 0x1fffff ----------------------------------------------------- This should be fixed by 4ccae23609f5 ("powerpc/dart: Drop unnecessary call to kmemleak_no_scan()")
in v6.10-rc1.
Please reopen if not.
|
Created attachment 301230 [details] dmesg (5.19-rc3, PowerMac G5 11,2) Happens every boot with kmemleak enabled: [...] PowerMac motherboard: PowerMac G5 Dual Core ioremap() called early from .btext_map+0x64/0xc0. Use early_ioremap() instead ioremap() called early from .iommu_init_early_dart+0x260/0x924. Use early_ioremap() instead kmemleak: Not scanning unknown object at 0xc00000007f000000 CPU: 0 PID: 0 Comm: swapper Not tainted 5.19.0-rc3-PMacG5+ #2 Call Trace: [c00000000113faf0] [c0000000006c03d0] .dump_stack_lvl+0x7c/0xc4 (unreliable) [c00000000113fb80] [c0000000002dff90] .kmemleak_no_scan+0xe0/0x100 [c00000000113fc00] [c000000000d487e8] .iommu_init_early_dart+0x2f0/0x924 [c00000000113fd40] [c000000000d49984] .pmac_probe+0x1b0/0x20c [c00000000113fde0] [c000000000d36ee8] .setup_arch+0x1b8/0x674 [c00000000113feb0] [c000000000d316f4] .start_kernel+0xdc/0xb74 [c00000000113ff90] [c00000000000c5d8] start_here_common+0x1c/0x44 DART table allocated at: (____ptrval____) DART IOMMU initialized for U4 type chipset Using PowerMac machine description printk: bootconsole [udbg0] enabled CPU maps initialized for 1 thread per core [...]