Re: stable-rc/linux-5.4.y bisection: baseline.login on qemu_arm-virt-gicv2-uefi

19 Apr 2022

On Sun, Apr 17, 2022 at 02:32:03PM -0700, KernelCI bot wrote:
The KernelCI bisection bot found that commit 6026d4032dbbe3 ("arm:
extend pfn_valid to take into account freed memory map alignment")
triggered a regression in v5.4.x on 32 bit ARM with a qemu platform
booting UEFI firmware.  We try to dereference an invalid pointer parsing
the DMI tables:
<1>[    0.084476] 8<--- cut here ---
<1>[    0.084595] Unable to handle kernel paging request at virtual address dfb76000
<1>[    0.084938] pgd = (ptrval)
<1>[    0.085038] [dfb76000] *pgd=5f7fe801, *pte=00000000, *ppte=00000000
...
<4>[    0.093923] [<c0ed6ce8>] (memcpy) from [<c16a06f8>] (dmi_setup+0x60/0x418)
<4>[    0.094204] [<c16a06f8>] (dmi_setup) from [<c16a38d4>] (arm_dmi_init+0x8/0x10)
<4>[    0.094408] [<c16a38d4>] (arm_dmi_init) from [<c0302e9c>] (do_one_initcall+0x50/0x228)
<4>[    0.094619] [<c0302e9c>] (do_one_initcall) from [<c16011e4>] (kernel_init_freeable+0x15c/0x1f8)
<4>[    0.094841] [<c16011e4>] (kernel_init_freeable) from [<c0f028cc>] (kernel_init+0x8/0x10c)
<4>[    0.095057] [<c0f028cc>] (kernel_init) from [<c03010e8>] (ret_from_fork+0x14/0x2c)
This particular bisect is from GICv2 but GICv3 shows the same issue, and
it persists in the latest stable -rc:
https://linux.kernelci.org/test/job/stable-rc/branch/linux-5.4.y/kernel/v5.4...
A quick check seems to show that other stable branches are unaffected.
I've left all the context from the report (including full boot logs and
a Reported-by tag) below:
...


This automated bisection report was sent to you on the basis  *
that you may be involved with the breaking commit it has      *
found.  No manual investigation has been done to verify it,   *
and the root cause of the problem may be somewhere else.      *
                                                          *


If you do send a fix, please include this trailer:            *
Reported-by: "kernelci.org bot" bot@kernelci.org          *
                                                          *


Hope this helps!                                              *


stable-rc/linux-5.4.y bisection: baseline.login on qemu_arm-virt-gicv2-uefi
Summary:
  Start:      e7f5213d755bc Linux 5.4.189
  Plain log:  https://storage.kernelci.org/stable-rc/linux-5.4.y/v5.4.189/arm/multi_v7_def...
  HTML log:   https://storage.kernelci.org/stable-rc/linux-5.4.y/v5.4.189/arm/multi_v7_def...
  Result:     6026d4032dbbe arm: extend pfn_valid to take into account freed memory map alignment
Checks:
  revert:     PASS
  verify:     PASS
Parameters:
  Tree:       stable-rc
  URL:        https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
  Branch:     linux-5.4.y
  Target:     qemu_arm-virt-gicv2-uefi
  CPU arch:   arm
  Lab:        lab-baylibre
  Compiler:   gcc-10
  Config:     multi_v7_defconfig
  Test case:  baseline.login
Breaking commit found:

commit 6026d4032dbbe3d7f4ac2c8daa923fe74dcf41c4
Author: Mike Rapoport rppt@linux.ibm.com
Date:   Mon Dec 13 16:57:09 2021 +0800
arm: extend pfn_valid to take into account freed memory map alignment

commit a4d5613c4dc6d413e0733e37db9d116a2a36b9f3 upstream.
    
    When unused memory map is freed the preserved part of the memory map is
    extended to match pageblock boundaries because lots of core mm
    functionality relies on homogeneity of the memory map within pageblock
    boundaries.
    
    Since pfn_valid() is used to check whether there is a valid memory map
    entry for a PFN, make it return true also for PFNs that have memory map
    entries even if there is no actual memory populated there.
    
    Signed-off-by: Mike Rapoport rppt@linux.ibm.com
    Tested-by: Kefeng Wang wangkefeng.wang@huawei.com
    Tested-by: Tony Lindgren tony@atomide.com
    Link: https://lore.kernel.org/lkml/20210630071211.21011-1-rppt@kernel.org/
    Signed-off-by: Mark-PK Tsai mark-pk.tsai@mediatek.com
    Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org

diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
index 5635bcc419af8..ff2cd985d20e0 100644
--- a/arch/arm/mm/init.c
+++ b/arch/arm/mm/init.c
@@ -176,11 +176,22 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max_low,
 int pfn_valid(unsigned long pfn)
 {
   phys_addr_t addr = __pfn_to_phys(pfn);

unsigned long pageblock_size = PAGE_SIZE * pageblock_nr_pages;

if (__phys_to_pfn(addr) != pfn)
   	return 0;

return memblock_is_map_memory(__pfn_to_phys(pfn));


/*
* If address less than pageblock_size bytes away from a present


* memory chunk there still will be a memory map entry for it


* because we round freed memory map to the pageblock boundaries.


*/


if (memblock_overlaps_region(&memblock.memory,
		     ALIGN_DOWN(addr, pageblock_size),


		     pageblock_size))


return 1;



return 0;

}
 EXPORT_SYMBOL(pfn_valid);
#endif
Git bisection log:

git bisect start
# good: [7f70428f0109470aa9177d1a9e5ce02de736f480] Linux 5.4.165
git bisect good 7f70428f0109470aa9177d1a9e5ce02de736f480
# bad: [e7f5213d755bc34f366d36f08825c0b446117d96] Linux 5.4.189
git bisect bad e7f5213d755bc34f366d36f08825c0b446117d96
# bad: [902528183f4d94945a0c1ed6048d4a5d4e1e712e] mmc: block: fix read single on recovery logic
git bisect bad 902528183f4d94945a0c1ed6048d4a5d4e1e712e
# bad: [c7e4004b38aa7ad482fc46ab76e28879f84ec77e] batman-adv: allow netlink usage in unprivileged containers
git bisect bad c7e4004b38aa7ad482fc46ab76e28879f84ec77e
# bad: [db0c834abbc186bda56b1e13b4eb61f7126c12c5] rndis_host: support Hytera digital radios
git bisect bad db0c834abbc186bda56b1e13b4eb61f7126c12c5
# bad: [0b01c51c4f47f59ad7eb1ea5bac47fab14b188a5] qlcnic: potential dereference null pointer of rx_queue->page_ring
git bisect bad 0b01c51c4f47f59ad7eb1ea5bac47fab14b188a5
# bad: [e7660f9535ade84ea57aed1c55d102bfb23dd2ff] mac80211: fix lookup when adding AddBA extension element
git bisect bad e7660f9535ade84ea57aed1c55d102bfb23dd2ff
# bad: [802a1a8501563714a5fe8824f4ed27fec04a0719] firmware: arm_scpi: Fix string overflow in SCPI genpd driver
git bisect bad 802a1a8501563714a5fe8824f4ed27fec04a0719
# good: [2fb8e4267c47d69d6bada6310607ea3762f6c962] KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req
git bisect good 2fb8e4267c47d69d6bada6310607ea3762f6c962
# good: [492f4d3cde95aadcd1d070db5dd4796ae8019165] memblock: ensure there is no overflow in memblock_overlaps_region()
git bisect good 492f4d3cde95aadcd1d070db5dd4796ae8019165
# bad: [e8ef940326efd17ca7fdd3cb8791c29a24b04f28] Linux 5.4.167
git bisect bad e8ef940326efd17ca7fdd3cb8791c29a24b04f28
# bad: [c97579584fa88df65ff6e4653b175acba154862d] arm: ioremap: don't abuse pfn_valid() to check if pfn is in RAM
git bisect bad c97579584fa88df65ff6e4653b175acba154862d
# bad: [6026d4032dbbe3d7f4ac2c8daa923fe74dcf41c4] arm: extend pfn_valid to take into account freed memory map alignment
git bisect bad 6026d4032dbbe3d7f4ac2c8daa923fe74dcf41c4
# first bad commit: [6026d4032dbbe3d7f4ac2c8daa923fe74dcf41c4] arm: extend pfn_valid to take into account freed memory map alignment
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#25917): https://groups.io/g/kernelci-results/message/25917
Mute This Topic: https://groups.io/mt/90529234/1131744
Group Owner: kernelci-results+owner@groups.io
Unsubscribe: https://groups.io/g/kernelci-results/unsub [broonie@kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-

    

2024

2023

2022

2021

2020

2019

2018

2017

Re: stable-rc/linux-5.4.y bisection: baseline.login on qemu_arm-virt-gicv2-uefi

#endif

# first bad commit: [6026d4032dbbe3d7f4ac2c8daa923fe74dcf41c4] arm: extend pfn_valid to take into account freed memory map alignment