Re: [PATCH] x86/mm: fix a crash with kmemleak_scan()

From: Catalin Marinas
Date: Wed Apr 24 2019 - 04:08:51 EST


On Tue, Apr 23, 2019 at 12:58:11PM -0400, Qian Cai wrote:
> The first kmemleak_scan() after boot would trigger a crash below because
>
> kernel_init
> free_initmem
> mem_encrypt_free_decrypted_mem
> free_init_pages
>
> unmapped some memory inside the .bss with DEBUG_PAGEALLOC=y. Since
> kmemleak_init() will register the .data/.bss sections (only register
> .data..ro_after_init if not within .data) and then kmemleak_scan() will
> scan those address and dereference them looking for pointer referencing.
> If free_init_pages() free and unmap pages in those sections,
> kmemleak_scan() will trigger a crash if referencing one of those
> addresses.
>
> BUG: unable to handle kernel paging request at ffffffffbd402000
> CPU: 12 PID: 325 Comm: kmemleak Not tainted 5.1.0-rc4+ #4
> RIP: 0010:scan_block+0x58/0x160
> Call Trace:
> scan_gray_list+0x1d9/0x280
> kmemleak_scan+0x485/0xad0
> kmemleak_scan_thread+0x9f/0xc4
> kthread+0x1d2/0x1f0
> ret_from_fork+0x35/0x40
>
> Since kmemleak_free_part() is tolerant to unknown objects (not tracked by
> kmemleak), it is fine to call it from free_init_pages() even if not all
> address ranges passed to this function are known to kmemleak.
>
> Signed-off-by: Qian Cai <cai@xxxxxx>

Reviewed-by: Catalin Marinas <catalin.marinas@xxxxxxx>