Re: "WARNING: CPU: 0 PID: 67 at arch/x86/mm/ioremap.c:461 iounmap+0xda/0xe0" at initializing PCMCIA serial card (Thinkpad T60, v6.12-rc2)

From: Erhard Furtner
Date: Tue Oct 15 2024 - 11:03:29 EST


On Wed, 9 Oct 2024 19:15:07 +0200
Erhard Furtner <erhard_f@xxxxxxxxxxx> wrote:

> On kernel v6.12-rc2 this warning shows up when my PCMCIA serial card gets initialized on my Thinkpad T60:
>
> [...]
> pcmcia_socket pcmcia_socket0: pccard: PCMCIA card inserted into slot 0
> pcmcia_socket pcmcia_socket0: cs: memory probe 0xe46d0000-0xe7ffffff:
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 67 at arch/x86/mm/ioremap.c:461 iounmap+0xda/0xe0
> Modules linked in:
> CPU: 0 UID: 0 PID: 67 Comm: pccardd Tainted: G W 6.12.0-rc2-P3 #3
> Tainted: [W]=WARN
> Hardware name: LENOVO 2007F2G/2007F2G, BIOS 79ETE7WW (2.27 ) 03/21/2011
> EIP: iounmap+0xda/0xe0
> Code: c7 75 2b 89 f8 e8 6a 27 16 00 5e 5f 5b 5d 31 c0 31 c9 31 d2 c3 56 68 9c 8e 92 c9 e8 e8 c3 73 00 83 c4 08 e8 3c 33 74 00 eb e0 <0f> 0b eb dc 0f 0b 55 89 e5 56 89 c6 25 00 f0 ff ff 31 d2 b9 00 10
> EAX: f7dfe000 EBX: c1b7b578 ECX: 00000000 EDX: 00000000
> ESI: 00000000 EDI: c1a95e40 EBP: c1a95e10 ESP: c1a95e04
> DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010286
> CR0: 80050033 CR2: ffbff000 CR3: 09b7c000 CR4: 000006f0
> Call Trace:
> ? show_regs+0x4e/0x5c
> ? __warn+0x87/0xdc
> ? iounmap+0xda/0xe0
> ? report_bug+0x94/0x108
> ? exc_overflow+0x3c/0x3c
> ? handle_bug+0x41/0x60
> ? exc_invalid_op+0x17/0x40
> ? handle_exception+0x101/0x101
> ? exc_overflow+0x3c/0x3c
> ? iounmap+0xda/0xe0
> ? exc_overflow+0x3c/0x3c
> ? iounmap+0xda/0xe0
> readable+0x69/0xb8
> ? do_mem_probe+0x190/0x190
> do_validate_mem+0x8a/0x154
> do_mem_probe+0xa8/0x190
> ? do_mem_probe+0x190/0x190
> pcmcia_nonstatic_validate_mem+0x45/0x80
> ? do_mem_probe+0x190/0x190
> ? readable+0xb8/0xb8
> pcmcia_validate_mem+0x14/0x1c
> pcmcia_card_add+0x3c/0xb0
> pcmcia_bus_add+0x3a/0x44
> socket_insert+0xc7/0xcc
> pccardd+0x143/0x370
> kthread+0xc4/0xd0
> ? pcmcia_register_socket+0x28c/0x28c
> ? kthread_blkcg+0x24/0x24
> ? kthread_blkcg+0x24/0x24
> ret_from_fork+0x31/0x3c
> ret_from_fork_asm+0x12/0x18
> entry_INT80_32+0xf0/0xf0
> ---[ end trace 0000000000000000 ]---
> excluding 0xe4df4000-0xe5185fff 0xe5fce000-0xe635ffff 0xe6e16000-0xe71a7fff 0xe7ff0000-0xe8381fff
> pcmcia (null): pcmcia: registering new device pcmcia(null) (IRQ: 16)
> serial_cs 0.0: trying to set up [0x0279:0x950b] (pfc: 0, multi: 2, quirk: c980f7c0)
> 0.0: ttyS4 at I/O 0xa108 (irq = 16, base_baud = 115200) is a 16450
> [...]

I successfully bisected the issue back to:

# git bisect bad
50c6dbdfd16e312382842198a7919341ad480e05 is the first bad commit
commit 50c6dbdfd16e312382842198a7919341ad480e05 (HEAD)
Author: Max Ramanouski <max8rr8@xxxxxxxxx>
Date: Sun Aug 25 01:01:11 2024 +0300

x86/ioremap: Improve iounmap() address range checks

Allowing iounmap() on memory that was not ioremap()'d in the first
place is obviously a bad idea. There is currently a feeble attempt to
avoid errant iounmap()s by checking to see if the address is below
"high_memory". But that's imprecise at best because there are plenty
of high addresses that are also invalid to call iounmap() on.

Thankfully, there is a more precise helper: is_ioremap_addr(). x86
just does not use it in iounmap().

Restrict iounmap() to addresses in the ioremap region, by using
is_ioremap_addr(). This aligns x86 closer to the generic iounmap()
implementation.

Additionally, add a warning in case there is an attempt to iounmap()
invalid memory. This replaces an existing silent return and will
help alert folks to any incorrect usage of iounmap().

Due to VMALLOC_START on i386 not being present in asm/pgtable.h,
include for asm/vmalloc.h had to be added to include/linux/ioremap.h.

[ dhansen: tweak subject and changelog ]

Signed-off-by: Max Ramanouski <max8rr8@xxxxxxxxx>
Signed-off-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
Reviewed-by: Christoph Hellwig <hch@xxxxxx>
Reviewed-by: Alistair Popple <apopple@xxxxxxxxxx>
Link: https://lore.kernel.org/all/20240824220111.84441-1-max8rr8%40gmail.com

arch/x86/mm/ioremap.c | 3 ++-
include/linux/ioremap.h | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)


And indeed reverting 50c6dbdfd16e312382842198a7919341ad480e05 on top of v6.12-rc3 makes the warning disappear.

Regards,
Erhard