Hello Liang,

On Sat, Mar 16, 2019 at 11:55 AM Martin Blumenstingl
<martin.blumensti...@googlemail.com> wrote:
[...]
> > Martin, Now i am not sure whether NFC driver leads to kernel panic when
> > calling kmem_cache_alloc_trace.
> thank you for confirming that it works for you on GXL
>
> I'm not sure that this is a NFC driver problem.
> after enabling CONFIG_SLAB_FREELIST_HARDENED in my kernel config the
> crash moves. it's now crashing in slub.c's kfree() at
> BUG_ON(!PageCompound(page));
I added some debug prints in meson_nfc_read_buf() to get some details
about the info buffer before the crash,
format is: meson_nfc_read_buf <virtual address> <physical address>

during my first test three different addresses are used:
- meson_nfc_read_buf e9e6c640 0x29e6c640 (works fine)
- meson_nfc_read_buf e9e6c680 0x29e6c680 (works fine)
- meson_nfc_read_buf ee39a34b 0x2e39a34b (crashes during kfree)

so I tried playing around with the allocation size (see the attached
patch) and changed it to:
  kzalloc(PER_INFO_BYTE + 64, GFP_KERNEL)
this results in the following addresses being used:
- meson_nfc_read_buf e9ea4280 0x29ea4280 (works fine)
- meson_nfc_read_buf e9ea4300 0x29ea4300 (works fine)
(there is no crash anymore)

Liang, are there any special requirements on the "info address" like
the alignment?
also do you know why the PER_INFO_BYTE buffer is allocated dynamically
in meson_nfc_read_buf() instead of allocating it at initialization?
I'm not saying that it should be changed! I'm curious because there's
per-meson_nfc_nand_chip info and data buffers which are allocated at
initialization time.


meson_nfc_read_buf debug log with PER_INFO_BYTE allocation:
[    2.032914] meson_nfc_read_buf e9e6c640 0x29e6c640
[    2.033005] meson_nfc_dma_buffer_setup 0x29e6c640
[    2.037717] meson_nfc_read_buf: about to kfree info
[    2.042535] meson_nfc_read_buf: kfree'd info
[    2.046794] meson_nfc_read_buf e9e6c640 0x29e6c640
[    2.051552] meson_nfc_dma_buffer_setup 0x29e6c640
[    2.056261] meson_nfc_read_buf: about to kfree info
[    2.061086] meson_nfc_read_buf: kfree'd info
[    2.065356] meson_nfc_read_buf e9e6c680 0x29e6c680
[    2.070102] meson_nfc_dma_buffer_setup 0x29e6c680
[    2.074810] meson_nfc_read_buf: about to kfree info
[    2.079635] meson_nfc_read_buf: kfree'd info
[    2.083978] meson_nfc_read_buf e9e6c640 0x29e6c640
[    2.088684] meson_nfc_dma_buffer_setup 0x29e6c640
[    2.093334] meson_nfc_read_buf: about to kfree info
[    2.098199] meson_nfc_read_buf: kfree'd info
[    2.102446] meson_nfc_read_buf e9e6c640 0x29e6c640
[    2.107208] meson_nfc_dma_buffer_setup 0x29e6c640
[    2.111883] meson_nfc_read_buf: about to kfree info
[    2.116765] meson_nfc_read_buf: kfree'd info
[    2.120996] meson_nfc_read_buf e9e6c640 0x29e6c640
[    2.125762] meson_nfc_dma_buffer_setup 0x29e6c640
[    2.130433] meson_nfc_read_buf: about to kfree info
[    2.135294] meson_nfc_read_buf: kfree'd info
[    2.139545] Could not find a valid ONFI parameter page, trying
bit-wise majority to recover it
[    2.148173] ONFI parameter recovery failed, aborting
[    2.153058] meson_nfc_read_buf e9e6c680 0x29e6c680
[    2.157831] meson_nfc_dma_buffer_setup 0x29e6c680
[    2.162527] meson_nfc_read_buf: about to kfree info
[    2.167369] meson_nfc_read_buf: kfree'd info
[    2.171611] meson_nfc_read_buf ee39a34b 0x2e39a34b
[    2.176383] meson_nfc_dma_buffer_setup 0x2e39a34b
[    2.181076] meson_nfc_read_buf: about to kfree info
[    2.185932] ------------[ cut here ]------------
[    2.190503] kernel BUG at mm/slub.c:3950!
[    2.194491] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
...

meson_nfc_read_buf debug log with PER_INFO_BYTE+64 allocation:
[    2.033019] meson_nfc_read_buf e9ea4280 0x29ea4280
[    2.033112] meson_nfc_dma_buffer_setup 0x29ea4280
[    2.037847] meson_nfc_read_buf: about to kfree info
[    2.042642] meson_nfc_read_buf: kfree'd info
[    2.046909] meson_nfc_read_buf e9ea4280 0x29ea4280
[    2.051659] meson_nfc_dma_buffer_setup 0x29ea4280
[    2.056374] meson_nfc_read_buf: about to kfree info
[    2.061192] meson_nfc_read_buf: kfree'd info
[    2.065461] meson_nfc_read_buf e9ea4280 0x29ea4280
[    2.070208] meson_nfc_dma_buffer_setup 0x29ea4280
[    2.074922] meson_nfc_read_buf: about to kfree info
[    2.079742] meson_nfc_read_buf: kfree'd info
[    2.084087] meson_nfc_read_buf e9ea4280 0x29ea4280
[    2.088789] meson_nfc_dma_buffer_setup 0x29ea4280
[    2.093440] meson_nfc_read_buf: about to kfree info
[    2.098303] meson_nfc_read_buf: kfree'd info
[    2.102553] meson_nfc_read_buf e9ea4280 0x29ea4280
[    2.107316] meson_nfc_dma_buffer_setup 0x29ea4280
[    2.111990] meson_nfc_read_buf: about to kfree info
[    2.116870] meson_nfc_read_buf: kfree'd info
[    2.121103] meson_nfc_read_buf e9ea4280 0x29ea4280
[    2.125868] meson_nfc_dma_buffer_setup 0x29ea4280
[    2.130540] meson_nfc_read_buf: about to kfree info
[    2.135400] meson_nfc_read_buf: kfree'd info
[    2.139652] Could not find a valid ONFI parameter page, trying
bit-wise majority to recover it
[    2.148276] ONFI parameter recovery failed, aborting
[    2.153165] meson_nfc_read_buf e9ea4280 0x29ea4280
[    2.157938] meson_nfc_dma_buffer_setup 0x29ea4280
[    2.162634] meson_nfc_read_buf: about to kfree info
[    2.167475] meson_nfc_read_buf: kfree'd info
[    2.171717] meson_nfc_read_buf e9ea4280 0x29ea4280
[    2.176489] meson_nfc_dma_buffer_setup 0x29ea4280
[    2.181183] meson_nfc_read_buf: about to kfree info
[    2.186025] meson_nfc_read_buf: kfree'd info
[    2.190265] nand: device found, Manufacturer ID: 0xad, Chip ID: 0xde
[    2.196598] nand: Hynix NAND 8GiB 3,3V 8-bit
[    2.200840] nand: 8192 MiB, MLC, erase size: 4096 KiB, page size:
16384, OOB size: 1280
[    2.208829] meson_nfc_read_buf e9ea4300 0x29ea4300
[    2.213581] meson_nfc_dma_buffer_setup 0x29ea4300
[    2.218291] meson_nfc_read_buf: about to kfree info
[    2.223115] meson_nfc_read_buf: kfree'd info
[    2.227374] ------------[ cut here ]------------
[    2.231968] WARNING: CPU: 1 PID: 1 at
drivers/mtd/nand/raw/nand_base.c:5503 nand_scan_with_ids+0x1718/0x171c
[    2.241760] No oob scheme defined for oobsize 1280
...
(the "No oob scheme defined for oobsize 1280" message is expected)


Regards
Martin
diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c
index b49a45f255f8..cdc426cd0a43 100644
--- a/drivers/mtd/nand/raw/meson_nand.c
+++ b/drivers/mtd/nand/raw/meson_nand.c
@@ -493,6 +493,7 @@ static int meson_nfc_dma_buffer_setup(struct nand_chip *nand, u8 *databuf,
 
 	if (infobuf) {
 		nfc->iaddr = dma_map_single(nfc->dev, infobuf, infolen, dir);
+		printk("%s 0x%08x\n", __func__, nfc->iaddr);
 		ret = dma_mapping_error(nfc->dev, nfc->iaddr);
 		if (ret) {
 			dev_err(nfc->dev, "DMA mapping error\n");
@@ -528,10 +529,10 @@ static int meson_nfc_read_buf(struct nand_chip *nand, u8 *buf, int len)
 	u32 cmd;
 	u8 *info;
 
-	info = kzalloc(PER_INFO_BYTE, GFP_KERNEL);
+	info = kzalloc(PER_INFO_BYTE + 64, GFP_KERNEL);
 	if (!info)
 		return -ENOMEM;
-
+printk("%s %px 0x%08x\n", __func__, info, virt_to_phys(info));
 	ret = meson_nfc_dma_buffer_setup(nand, buf, len, info,
 					 PER_INFO_BYTE, DMA_FROM_DEVICE);
 	if (ret)
@@ -545,7 +546,9 @@ static int meson_nfc_read_buf(struct nand_chip *nand, u8 *buf, int len)
 	meson_nfc_dma_buffer_release(nand, len, PER_INFO_BYTE, DMA_FROM_DEVICE);
 
 out:
+printk("%s: about to kfree info\n", __func__);
 	kfree(info);
+printk("%s: kfree'd info\n", __func__);
 
 	return ret;
 }

Reply via email to