Revision b13bc35193d9e7a8c050a24928ca5c9e7c9a009b authored by Qian Cai on 01 February 2019, 22:20:51 UTC, committed by Linus Torvalds on 01 February 2019, 23:46:23 UTC
On an arm64 ThunderX2 server, the first kmemleak scan would crash [1]
with CONFIG_DEBUG_VM_PGFLAGS=y due to page_to_nid() found a pfn that is
not directly mapped (MEMBLOCK_NOMAP). Hence, the page->flags is
uninitialized.
This is due to the commit 9f1eb38e0e11 ("mm, kmemleak: little
optimization while scanning") starts to use pfn_to_online_page() instead
of pfn_valid(). However, in the CONFIG_MEMORY_HOTPLUG=y case,
pfn_to_online_page() does not call memblock_is_map_memory() while
pfn_valid() does.
Historically, the commit 68709f45385a ("arm64: only consider memblocks
with NOMAP cleared for linear mapping") causes pages marked as nomap
being no long reassigned to the new zone in memmap_init_zone() by
calling __init_single_page().
Since the commit 2d070eab2e82 ("mm: consider zone which is not fully
populated to have holes") introduced pfn_to_online_page() and was
designed to return a valid pfn only, but it is clearly broken on arm64.
Therefore, let pfn_to_online_page() call pfn_valid_within(), so it can
handle nomap thanks to the commit f52bb98f5ade ("arm64: mm: always
enable CONFIG_HOLES_IN_ZONE"), while it will be optimized away on
architectures where have no HOLES_IN_ZONE.
[1]
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000006
Mem abort info:
ESR = 0x96000005
Exception class = DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
Data abort info:
ISV = 0, ISS = 0x00000005
CM = 0, WnR = 0
Internal error: Oops: 96000005 [#1] SMP
CPU: 60 PID: 1408 Comm: kmemleak Not tainted 5.0.0-rc2+ #8
pstate: 60400009 (nZCv daif +PAN -UAO)
pc : page_mapping+0x24/0x144
lr : __dump_page+0x34/0x3dc
sp : ffff00003a5cfd10
x29: ffff00003a5cfd10 x28: 000000000000802f
x27: 0000000000000000 x26: 0000000000277d00
x25: ffff000010791f56 x24: ffff7fe000000000
x23: ffff000010772f8b x22: ffff00001125f670
x21: ffff000011311000 x20: ffff000010772f8b
x19: fffffffffffffffe x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000
x15: 0000000000000000 x14: ffff802698b19600
x13: ffff802698b1a200 x12: ffff802698b16f00
x11: ffff802698b1a400 x10: 0000000000001400
x9 : 0000000000000001 x8 : ffff00001121a000
x7 : 0000000000000000 x6 : ffff0000102c53b8
x5 : 0000000000000000 x4 : 0000000000000003
x3 : 0000000000000100 x2 : 0000000000000000
x1 : ffff000010772f8b x0 : ffffffffffffffff
Process kmemleak (pid: 1408, stack limit = 0x(____ptrval____))
Call trace:
page_mapping+0x24/0x144
__dump_page+0x34/0x3dc
dump_page+0x28/0x4c
kmemleak_scan+0x4ac/0x680
kmemleak_scan_thread+0xb4/0xdc
kthread+0x12c/0x13c
ret_from_fork+0x10/0x18
Code: d503201f f9400660 36000040 d1000413 (f9400661)
---[ end trace 4d4bd7f573490c8e ]---
Kernel panic - not syncing: Fatal exception
SMP: stopping secondary CPUs
Kernel Offset: disabled
CPU features: 0x002,20000c38
Memory Limit: none
---[ end Kernel panic - not syncing: Fatal exception ]---
Link: http://lkml.kernel.org/r/20190122132916.28360-1-cai@lca.pw
Fixes: 9f1eb38e0e11 ("mm, kmemleak: little optimization while scanning")
Signed-off-by: Qian Cai <cai@lca.pw>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Oscar Salvador <osalvador@suse.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent eeb0efd
| File | Mode | Size |
|---|---|---|
| kasan | ||
| Kconfig | -rw-r--r-- | 24.6 KB |
| Kconfig.debug | -rw-r--r-- | 3.8 KB |
| Makefile | -rw-r--r-- | 3.5 KB |
| backing-dev.c | -rw-r--r-- | 27.0 KB |
| balloon_compaction.c | -rw-r--r-- | 5.5 KB |
| cleancache.c | -rw-r--r-- | 9.9 KB |
| cma.c | -rw-r--r-- | 14.1 KB |
| cma.h | -rw-r--r-- | 573 bytes |
| cma_debug.c | -rw-r--r-- | 4.5 KB |
| compaction.c | -rw-r--r-- | 58.8 KB |
| debug.c | -rw-r--r-- | 5.9 KB |
| debug_page_ref.c | -rw-r--r-- | 1.4 KB |
| dmapool.c | -rw-r--r-- | 13.7 KB |
| early_ioremap.c | -rw-r--r-- | 6.8 KB |
| fadvise.c | -rw-r--r-- | 5.3 KB |
| failslab.c | -rw-r--r-- | 1.4 KB |
| filemap.c | -rw-r--r-- | 91.9 KB |
| frame_vector.c | -rw-r--r-- | 6.4 KB |
| frontswap.c | -rw-r--r-- | 14.2 KB |
| gup.c | -rw-r--r-- | 51.2 KB |
| gup_benchmark.c | -rw-r--r-- | 2.8 KB |
| highmem.c | -rw-r--r-- | 11.7 KB |
| hmm.c | -rw-r--r-- | 33.2 KB |
| huge_memory.c | -rw-r--r-- | 81.7 KB |
| hugetlb.c | -rw-r--r-- | 132.7 KB |
| hugetlb_cgroup.c | -rw-r--r-- | 10.9 KB |
| hwpoison-inject.c | -rw-r--r-- | 3.2 KB |
| init-mm.c | -rw-r--r-- | 1.2 KB |
| internal.h | -rw-r--r-- | 16.9 KB |
| interval_tree.c | -rw-r--r-- | 3.1 KB |
| khugepaged.c | -rw-r--r-- | 48.0 KB |
| kmemleak-test.c | -rw-r--r-- | 3.2 KB |
| kmemleak.c | -rw-r--r-- | 60.0 KB |
| ksm.c | -rw-r--r-- | 88.3 KB |
| list_lru.c | -rw-r--r-- | 14.6 KB |
| maccess.c | -rw-r--r-- | 3.3 KB |
| madvise.c | -rw-r--r-- | 22.9 KB |
| memblock.c | -rw-r--r-- | 56.4 KB |
| memcontrol.c | -rw-r--r-- | 169.7 KB |
| memfd.c | -rw-r--r-- | 7.8 KB |
| memory-failure.c | -rw-r--r-- | 52.1 KB |
| memory.c | -rw-r--r-- | 123.6 KB |
| memory_hotplug.c | -rw-r--r-- | 48.1 KB |
| mempolicy.c | -rw-r--r-- | 71.7 KB |
| mempool.c | -rw-r--r-- | 15.5 KB |
| memtest.c | -rw-r--r-- | 2.8 KB |
| migrate.c | -rw-r--r-- | 76.1 KB |
| mincore.c | -rw-r--r-- | 6.7 KB |
| mlock.c | -rw-r--r-- | 22.6 KB |
| mm_init.c | -rw-r--r-- | 4.8 KB |
| mmap.c | -rw-r--r-- | 100.0 KB |
| mmu_context.c | -rw-r--r-- | 1.3 KB |
| mmu_gather.c | -rw-r--r-- | 6.3 KB |
| mmu_notifier.c | -rw-r--r-- | 11.5 KB |
| mmzone.c | -rw-r--r-- | 2.4 KB |
| mprotect.c | -rw-r--r-- | 15.6 KB |
| mremap.c | -rw-r--r-- | 18.5 KB |
| msync.c | -rw-r--r-- | 2.6 KB |
| nommu.c | -rw-r--r-- | 47.6 KB |
| oom_kill.c | -rw-r--r-- | 31.2 KB |
| page-writeback.c | -rw-r--r-- | 84.2 KB |
| page_alloc.c | -rw-r--r-- | 230.2 KB |
| page_counter.c | -rw-r--r-- | 6.6 KB |
| page_ext.c | -rw-r--r-- | 11.1 KB |
| page_idle.c | -rw-r--r-- | 5.5 KB |
| page_io.c | -rw-r--r-- | 10.5 KB |
| page_isolation.c | -rw-r--r-- | 8.7 KB |
| page_owner.c | -rw-r--r-- | 15.1 KB |
| page_poison.c | -rw-r--r-- | 2.8 KB |
| page_vma_mapped.c | -rw-r--r-- | 7.6 KB |
| pagewalk.c | -rw-r--r-- | 8.7 KB |
| percpu-internal.h | -rw-r--r-- | 5.9 KB |
| percpu-km.c | -rw-r--r-- | 3.0 KB |
| percpu-stats.c | -rw-r--r-- | 5.7 KB |
| percpu-vm.c | -rw-r--r-- | 10.3 KB |
| percpu.c | -rw-r--r-- | 84.6 KB |
| pgtable-generic.c | -rw-r--r-- | 5.3 KB |
| process_vm_access.c | -rw-r--r-- | 10.0 KB |
| quicklist.c | -rw-r--r-- | 2.4 KB |
| readahead.c | -rw-r--r-- | 16.4 KB |
| rmap.c | -rw-r--r-- | 53.7 KB |
| rodata_test.c | -rw-r--r-- | 1.4 KB |
| shmem.c | -rw-r--r-- | 104.0 KB |
| slab.c | -rw-r--r-- | 110.6 KB |
| slab.h | -rw-r--r-- | 14.6 KB |
| slab_common.c | -rw-r--r-- | 38.9 KB |
| slob.c | -rw-r--r-- | 16.2 KB |
| slub.c | -rw-r--r-- | 142.3 KB |
| sparse-vmemmap.c | -rw-r--r-- | 6.6 KB |
| sparse.c | -rw-r--r-- | 21.0 KB |
| swap.c | -rw-r--r-- | 28.6 KB |
| swap_cgroup.c | -rw-r--r-- | 5.2 KB |
| swap_slots.c | -rw-r--r-- | 9.4 KB |
| swap_state.c | -rw-r--r-- | 21.7 KB |
| swapfile.c | -rw-r--r-- | 95.8 KB |
| truncate.c | -rw-r--r-- | 26.3 KB |
| usercopy.c | -rw-r--r-- | 9.5 KB |
| userfaultfd.c | -rw-r--r-- | 16.0 KB |
| util.c | -rw-r--r-- | 19.5 KB |
| vmacache.c | -rw-r--r-- | 2.7 KB |
| vmalloc.c | -rw-r--r-- | 69.7 KB |
| vmpressure.c | -rw-r--r-- | 13.9 KB |
| vmscan.c | -rw-r--r-- | 123.9 KB |
| vmstat.c | -rw-r--r-- | 51.8 KB |
| workingset.c | -rw-r--r-- | 19.2 KB |
| z3fold.c | -rw-r--r-- | 30.6 KB |
| zbud.c | -rw-r--r-- | 18.2 KB |
| zpool.c | -rw-r--r-- | 10.7 KB |
| zsmalloc.c | -rw-r--r-- | 60.4 KB |
| zswap.c | -rw-r--r-- | 34.7 KB |
Computing file changes ...
