Re: [PATCH] mm, kasan: don't poison boot memory

From: George Kennedy
Date: Tue Feb 23 2021 - 13:07:03 EST



On 2/23/2021 10:47 AM, Mike Rapoport wrote:
Hi George,

On Tue, Feb 23, 2021 at 09:35:32AM -0500, George Kennedy wrote:
On 2/23/2021 5:33 AM, Mike Rapoport wrote:
(re-added CC)

On Mon, Feb 22, 2021 at 08:24:59PM -0500, George Kennedy wrote:
On 2/22/2021 4:55 PM, Mike Rapoport wrote:
On Mon, Feb 22, 2021 at 01:42:56PM -0500, George Kennedy wrote:
On 2/22/2021 11:13 AM, David Hildenbrand wrote:
On 22.02.21 16:13, George Kennedy wrote:

The PFN 0xbe453 looks a little strange, though. Do we expect ACPI tables
close to 3 GiB ? No idea. Could it be that you are trying to map a wrong
table? Just a guess.

What would be  the correct way to reserve the page so that the above
would not be hit?
I would have assumed that if this is a binary blob, that someone (which
I think would be acpi code) reserved via memblock_reserve() early during
boot.

E.g., see drivers/acpi/tables.c:acpi_table_upgrade()->memblock_reserve().
acpi_table_upgrade() gets called, but bails out before memblock_reserve() is
called. Thus, it appears no pages are getting reserved.
acpi_table_upgrade() does not actually reserve memory but rather open
codes memblock allocation with memblock_find_in_range() +
memblock_reserve(), so it does not seem related anyway.

Do you have by chance a full boot log handy?
Hello Mike,

Are you after the console output? See attached.

It includes my patch to set PG_Reserved along with the dump_page() debug
that David asked for - see: "page:"
So, iBFT is indeed at pfn 0xbe453:

[ 0.077698] ACPI: iBFT 0x00000000BE453000 000800 (v01 BOCHS BXPCFACP 00000000 00000000)
and it's in E820_TYPE_RAM region rather than in ACPI data:

[ 0.000000] BIOS-e820: [mem 0x0000000000810000-0x00000000008fffff] ACPI NVS
[ 0.000000] BIOS-e820: [mem 0x0000000000900000-0x00000000be49afff] usable
[ 0.000000] BIOS-e820: [mem 0x00000000be49b000-0x00000000be49bfff] ACPI data

I could not find anywhere in x86 setup or in ACPI tables parsing the code
that reserves this memory or any other ACPI data for that matter. It could
be that I've missed some copying of the data to statically allocated
initial_tables, but AFAICS any ACPI data that was not marked as such in
e820 tables by BIOS resides in memory that is considered as free.

Close...

Applied the patch, see "[   30.136157] iBFT detected.", but now hit the
following (missing iounmap()? see full console output attached):

diff --git a/drivers/firmware/iscsi_ibft_find.c
b/drivers/firmware/iscsi_ibft_find.c
index 64bb945..2e5e040 100644
--- a/drivers/firmware/iscsi_ibft_find.c
+++ b/drivers/firmware/iscsi_ibft_find.c
@@ -80,6 +80,21 @@ static int __init find_ibft_in_mem(void)
 done:
        return len;
 }
+
+static void __init acpi_find_ibft_region(void)
+{
+       int i;
+       struct acpi_table_header *table = NULL;
+
+       if (acpi_disabled)
+               return;
+
+       for (i = 0; i < ARRAY_SIZE(ibft_signs) && !ibft_addr; i++) {
+               acpi_get_table(ibft_signs[i].sign, 0, &table);
+               ibft_addr = (struct acpi_table_ibft *)table;
Can you try adding

acpi_put_table(table);

here?
Mike,

It now crashes here:

[    0.051019] ACPI: Early table checksum verification disabled
[    0.056721] ACPI: RSDP 0x00000000BFBFA014 000024 (v02 BOCHS )
[    0.057874] ACPI: XSDT 0x00000000BFBF90E8 00004C (v01 BOCHS BXPCFACP 00000001      01000013)
[    0.059590] ACPI: FACP 0x00000000BFBF5000 000074 (v01 BOCHS BXPCFACP 00000001 BXPC 00000001)
[    0.061306] ACPI: DSDT 0x00000000BFBF6000 00238D (v01 BOCHS BXPCDSDT 00000001 BXPC 00000001)
[    0.063006] ACPI: FACS 0x00000000BFBFD000 000040
[    0.063938] ACPI: APIC 0x00000000BFBF4000 000090 (v01 BOCHS BXPCAPIC 00000001 BXPC 00000001)
[    0.065638] ACPI: HPET 0x00000000BFBF3000 000038 (v01 BOCHS BXPCHPET 00000001 BXPC 00000001)
[    0.067335] ACPI: BGRT 0x00000000BE49B000 000038 (v01 INTEL EDK2     00000002      01000013)
[    0.069030] ACPI: iBFT 0x00000000BE453000 000800 (v01 BOCHS BXPCFACP 00000000      00000000)
[    0.070734] XXX acpi_find_ibft_region:
[    0.071468] XXX iBFT, status=0
[    0.072073] XXX about to call acpi_put_table()... ibft_addr=ffffffffff240000
[    0.073449] XXX acpi_find_ibft_region(EXIT):
PANIC: early exception 0x0e IP 10:ffffffff9259f439 error 0 cr2 0xffffffffff240004
[    0.075711] CPU: 0 PID: 0 Comm: swapper Not tainted 5.11.0-34a2105 #8
[    0.076983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015
[    0.078579] RIP: 0010:find_ibft_region+0x470/0x577
[    0.079541] Code: f1 40 0f 9e c6 84 c9 0f 95 c1 40 84 ce 75 11 83 e0 07 38 c2 0f 9e c1 84 d2 0f 95 c0 84 c1 74 0a be 04 00 00 00 e8 37 f8 5f ef <8b> 5b 04 4c 89 fa b8 ff ff 37 00 48 c1 ea 03 48 c1 e0 2a 81 c3 ff
[    0.083207] RSP: 0000:ffffffff8fe07ca8 EFLAGS: 00010046 ORIG_RAX: 0000000000000000
[    0.084709] RAX: 0000000000000000 RBX: ffffffffff240000 RCX: ffffffff815fcf01
[    0.086109] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffffff240004
[    0.087509] RBP: ffffffff8fe07d60 R08: fffffbfff1fc0f21 R09: fffffbfff1fc0f21
[    0.088911] R10: ffffffff8fe07907 R11: fffffbfff1fc0f20 R12: ffffffff8fe07d38
[    0.090310] R13: 0000000000000001 R14: 0000000000000001 R15: ffffffff8fe07e80
[    0.091716] FS:  0000000000000000(0000) GS:ffffffff92409000(0000) knlGS:0000000000000000
[    0.093304] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.094435] CR2: ffffffffff240004 CR3: 0000000027630000 CR4: 00000000000006a0
[    0.095843] Call Trace:
[    0.096345]  ? acpi_table_init+0x3eb/0x428
[    0.097164]  ? dmi_id_init+0x871/0x871
[    0.097912]  ? early_memunmap+0x22/0x27
[    0.098683]  ? smp_scan_config+0x20e/0x230
[    0.099500]  setup_arch+0xd3e/0x181d
[    0.100221]  ? reserve_standard_io_resources+0x3e/0x3e
[    0.101265]  ? __sanitizer_cov_trace_pc+0x21/0x50
[    0.102203]  ? vprintk_func+0xe9/0x200
[    0.102953]  ? printk+0xac/0xd4
[    0.103589]  ? record_print_text.cold.38+0x16/0x16
[    0.104540]  ? write_comp_data+0x2f/0x90
[    0.105325]  ? __sanitizer_cov_trace_pc+0x21/0x50
[    0.106262]  start_kernel+0x6c/0x474
[    0.106981]  x86_64_start_reservations+0x37/0x39
[    0.107902]  x86_64_start_kernel+0x7b/0x7e
[    0.108722]  secondary_startup_64_no_verify+0xb0/0xbb


Added debug to dump out the ibft_addr:

[root@gkennedy-20210107-1202 linux-upwork]# git diff
diff --git a/drivers/firmware/iscsi_ibft_find.c b/drivers/firmware/iscsi_ibft_find.c
index 2e5e040..a246373 100644
--- a/drivers/firmware/iscsi_ibft_find.c
+++ b/drivers/firmware/iscsi_ibft_find.c
@@ -83,16 +83,22 @@ static int __init find_ibft_in_mem(void)

 static void __init acpi_find_ibft_region(void)
 {
-       int i;
+       int i, status;
        struct acpi_table_header *table = NULL;
-
+printk(KERN_ERR "XXX acpi_find_ibft_region:\n");
        if (acpi_disabled)
                return;

        for (i = 0; i < ARRAY_SIZE(ibft_signs) && !ibft_addr; i++) {
-               acpi_get_table(ibft_signs[i].sign, 0, &table);
-               ibft_addr = (struct acpi_table_ibft *)table;
+               status = acpi_get_table(ibft_signs[i].sign, 0, &table);
+               printk(KERN_ERR "XXX %s, status=%x\n", ibft_signs[i].sign, status);
+               if (ACPI_SUCCESS(status)) {
+                       ibft_addr = (struct acpi_table_ibft *)table;
+                       printk(KERN_ERR "XXX about to call acpi_put_table()... ibft_addr=%llx\n", (u64)ibft_addr);
+                       acpi_put_table(table);
+               }
        }
+printk(KERN_ERR "XXX acpi_find_ibft_region(EXIT):\n");
 }

 /*
(END)

George

+       }
+}
+