Re: [PATCH] efi/memreserve: deal with memreserve entries in unmapped memory
On 06/10/2019 08:05 AM, Ard Biesheuvel wrote:
> Ensure that the EFI memreserve entries can be accessed, even if they
> are located in memory that the kernel (e.g., a crashkernel) omits from
> the linear map.
>
> Reported-by: Jonathan Richardson
> Signed-off-by: Ard Biesheuvel
> ---
> drivers/firmware/efi/efi.c | 12 ++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
> index 16b2137d117c..4b7cf7bc0ded 100644
> --- a/drivers/firmware/efi/efi.c
> +++ b/drivers/firmware/efi/efi.c
> @@ -1009,14 +1009,16 @@ int __ref efi_mem_reserve_persistent(phys_addr_t
> addr, u64 size)
>
> /* first try to find a slot in an existing linked list entry */
> for (prsv = efi_memreserve_root->next; prsv; prsv = rsv->next) {
> - rsv = __va(prsv);
> + rsv = memremap(prsv, sizeof(*rsv), MEMREMAP_WB);
> index = atomic_fetch_add_unless(&rsv->count, 1, rsv->size);
> if (index < rsv->size) {
> rsv->entry[index].base = addr;
> rsv->entry[index].size = size;
>
> + memunmap(rsv);
> return 0;
> }
> + memunmap(rsv);
> }
>
> /* no slot found - allocate a new linked list entry */
> @@ -1024,7 +1026,13 @@ int __ref efi_mem_reserve_persistent(phys_addr_t addr,
> u64 size)
> if (!rsv)
> return -ENOMEM;
>
> - rsv->size = EFI_MEMRESERVE_COUNT(PAGE_SIZE);
> + /*
> + * The memremap() call above assumes that a linux_efi_memreserve entry
> + * never crosses a page boundary, so let's ensure that this remains true
> + * even when kexec'ing a 4k pages kernel from a >4k pages kernel, by
> + * using SZ_4K explicitly in the size calculation below.
> + */
> + rsv->size = EFI_MEMRESERVE_COUNT(SZ_4K);
> atomic_set(&rsv->count, 1);
> rsv->entry[0].base = addr;
> rsv->entry[0].size = size;
>
Thanks for the fix. Tested and reviewed.
Reviewed-by: Jonathan Richardson
Re: gicv3-its driver crashes in crash dump kernel
On 06/07/2019 03:49 AM, Ard Biesheuvel wrote: > On Thu, 6 Jun 2019 at 23:52, Jonathan Richardson > wrote: >> >> On 06/06/2019 02:07 PM, Bhupesh Sharma wrote: >>> Hi, >>> >>> On Thu, Jun 6, 2019 at 3:45 AM Jonathan Richardson >>> wrote: >>>> >>>> Hi, >>>> >>>> As of the 5.0 kernel we're seeing the crash dump kernel crash when the >>>> gicv3-its driver calls gic_reserve_range(): >>>> >>>> root@bcm958804a8040c:~# echo c > /proc/sysrq-trigger >>>> [ 2285.405357] sysrq: SysRq : Trigger a crash >>>> [ 2285.409592] Kernel panic - not syncing: sysrq triggered crash >>>> [ 2285.415521] CPU: 0 PID: 4064 Comm: sh Kdump: loaded Tainted: G O 5.0.0 >>>> #1 >>>> [ 2285.423867] Hardware name: BRCM BRCM-SR/BRCM-SR, BIOS 0.1 Apr 26 2019 >>>> [ 2285.430510] Call trace: >>>> [ 2285.433041] dump_backtrace+0x0/0x1a0 >>>> [ 2285.436818] show_stack+0x14/0x20 >>>> [ 2285.440237] dump_stack+0x90/0xb4 >>>> [ 2285.443657] panic+0x13c/0x2ec >>>> [ 2285.446807] sysrq_handle_crash+0x14/0x18 >>>> [ 2285.450942] __handle_sysrq+0xa4/0x190 >>>> [ 2285.454808] write_sysrq_trigger+0x64/0x80 >>>> [ 2285.459034] proc_reg_write+0x60/0xa8 >>>> [ 2285.462812] __vfs_write+0x30/0x180 >>>> [ 2285.466409] vfs_write+0xa4/0x1b8 >>>> [ 2285.469827] ksys_write+0x60/0xd8 >>>> [ 2285.473246] __arm64_sys_write+0x14/0x20 >>>> [ 2285.477292] el0_svc_common+0x60/0x100 >>>> [ 2285.481158] el0_svc_handler+0x2c/0x88 >>>> [ 2285.485025] el0_svc+0x8/0xc >>>> [ 2285.488001] SMP: stopping secondary CPUs >>>> [ 2285.492349] Starting crashdump kernel... >>>> [ 2285.496395] Bye! >>>> [ 0.00] Booting Linux on physical CPU 0x00 [0x410fd083] >>>> [ 0.00] Linux version 5.0.0 (oe-user@oe-host) (gcc version 7.3.0 >>>> (GCC)) #1 SMP Fri Apr 26 03:06:15 UTC9 >>>> [ 0.00] Machine model: Stingray PS1100R (BCM958804A8040) >>>> [ 0.00] earlycon: uart8250_log0 at MMIO32 0x68a1 (options >>>> '') >>>> [ 0.00] printk: bootconsole [uart8250_log0] enabled >>>> [ 0.00] Malformed early option 'loglevel' >>>> [ 0.00] efi: Getting EFI parameters from FDT: >>>> [ 0.00] efi: EFI v2.70 by EDK II >>>> [ 0.00] efi: SMBIOS=0x85cd SMBIOS 3.0=0x85a2 ACPI >>>> 2.0=0x85d9 MEMATTR=0x89352018 MEMRE >>>> [ 0.00] cannot allocate crashkernel (size:0x2000) >>>> [ 0.00] Reserving 2KB of memory at 0xffdff000 for elfcorehdr >>>> [ 0.00] cma: Failed to reserve 1024 MiB >>>> [ 0.00] psci: probing for conduit method from DT. >>>> I: GICv3 without legacy support detected. ARM GICV3 driver initialized in >>>> EL3 >>>> 0.00] psci: PSCIv1.1 detected in firmware. >>>> [ 0.00] psci: Using standard PSCI v0.2 function IDs >>>> [ 0.00] psci: MIGRATE_INFO_TYPE not supported. >>>> [ 0.00] psci: SMC Calling Convention v1.1 >>>> [ 0.00] random: get_random_bytes called from start_kernel+0xa8/0x3ec >>>> with crng_init=0 >>>> [ 0.00] percpu: Embedded 23 pages/cpu @(ptrval) s53784 r8192 >>>> d32232 u94208 >>>> [ 0.00] Detected PIPT I-cache on CPU0 >>>> [ 0.00] CPU features: detected: EL2 vector hardening >>>> [ 0.00] Speculative Store Bypass Disable mitigation not required >>>> [ 0.00] Built 1 zonelists, mobility grouping on. Total pages: 130974 >>>> [ 0.00] Kernel command line: FS2:\Image.1 root=/dev/mmcblk0p3 rw >>>> rootwait earlycon=uart8250_log,mmio1 >>>> [ 0.00] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes) >>>> [ 0.00] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes) >>>> [ 0.00] Memory: 472776K/532212K available (9340K kernel code, 734K >>>> rwdata, 3412K rodata, 832K init, 35) >>>> [ 0.00] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=8, Nodes=1 >>>> [ 0.00] rcu: Hierarchical RCU implementation. >>>> [ 0.00] rcu: RCU event tracing is enabled. >>>> [ 0.00] rcu: RCU calculated value of scheduler-enlistment delay is 25 >>>> jiffies. >>>> [ 0.00] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0 >>>> [ 0.00] GICv3: GIC: Using split EOI/Deactivate mode >
Re: gicv3-its driver crashes in crash dump kernel
On 06/06/2019 02:07 PM, Bhupesh Sharma wrote: > Hi, > > On Thu, Jun 6, 2019 at 3:45 AM Jonathan Richardson > wrote: >> >> Hi, >> >> As of the 5.0 kernel we're seeing the crash dump kernel crash when the >> gicv3-its driver calls gic_reserve_range(): >> >> root@bcm958804a8040c:~# echo c > /proc/sysrq-trigger >> [ 2285.405357] sysrq: SysRq : Trigger a crash >> [ 2285.409592] Kernel panic - not syncing: sysrq triggered crash >> [ 2285.415521] CPU: 0 PID: 4064 Comm: sh Kdump: loaded Tainted: G O 5.0.0 #1 >> [ 2285.423867] Hardware name: BRCM BRCM-SR/BRCM-SR, BIOS 0.1 Apr 26 2019 >> [ 2285.430510] Call trace: >> [ 2285.433041] dump_backtrace+0x0/0x1a0 >> [ 2285.436818] show_stack+0x14/0x20 >> [ 2285.440237] dump_stack+0x90/0xb4 >> [ 2285.443657] panic+0x13c/0x2ec >> [ 2285.446807] sysrq_handle_crash+0x14/0x18 >> [ 2285.450942] __handle_sysrq+0xa4/0x190 >> [ 2285.454808] write_sysrq_trigger+0x64/0x80 >> [ 2285.459034] proc_reg_write+0x60/0xa8 >> [ 2285.462812] __vfs_write+0x30/0x180 >> [ 2285.466409] vfs_write+0xa4/0x1b8 >> [ 2285.469827] ksys_write+0x60/0xd8 >> [ 2285.473246] __arm64_sys_write+0x14/0x20 >> [ 2285.477292] el0_svc_common+0x60/0x100 >> [ 2285.481158] el0_svc_handler+0x2c/0x88 >> [ 2285.485025] el0_svc+0x8/0xc >> [ 2285.488001] SMP: stopping secondary CPUs >> [ 2285.492349] Starting crashdump kernel... >> [ 2285.496395] Bye! >> [ 0.00] Booting Linux on physical CPU 0x00 [0x410fd083] >> [ 0.00] Linux version 5.0.0 (oe-user@oe-host) (gcc version 7.3.0 (GCC)) >> #1 SMP Fri Apr 26 03:06:15 UTC9 >> [ 0.00] Machine model: Stingray PS1100R (BCM958804A8040) >> [ 0.00] earlycon: uart8250_log0 at MMIO32 0x68a1 (options '') >> [ 0.00] printk: bootconsole [uart8250_log0] enabled >> [ 0.00] Malformed early option 'loglevel' >> [ 0.00] efi: Getting EFI parameters from FDT: >> [ 0.00] efi: EFI v2.70 by EDK II >> [ 0.00] efi: SMBIOS=0x85cd SMBIOS 3.0=0x85a2 ACPI 2.0=0x85d9 >> MEMATTR=0x89352018 MEMRE >> [ 0.00] cannot allocate crashkernel (size:0x2000) >> [ 0.00] Reserving 2KB of memory at 0xffdff000 for elfcorehdr >> [ 0.00] cma: Failed to reserve 1024 MiB >> [ 0.00] psci: probing for conduit method from DT. >> I: GICv3 without legacy support detected. ARM GICV3 driver initialized in EL3 >> 0.00] psci: PSCIv1.1 detected in firmware. >> [ 0.00] psci: Using standard PSCI v0.2 function IDs >> [ 0.00] psci: MIGRATE_INFO_TYPE not supported. >> [ 0.00] psci: SMC Calling Convention v1.1 >> [ 0.00] random: get_random_bytes called from start_kernel+0xa8/0x3ec >> with crng_init=0 >> [ 0.00] percpu: Embedded 23 pages/cpu @(ptrval) s53784 r8192 >> d32232 u94208 >> [ 0.00] Detected PIPT I-cache on CPU0 >> [ 0.00] CPU features: detected: EL2 vector hardening >> [ 0.00] Speculative Store Bypass Disable mitigation not required >> [ 0.00] Built 1 zonelists, mobility grouping on. Total pages: 130974 >> [ 0.00] Kernel command line: FS2:\Image.1 root=/dev/mmcblk0p3 rw >> rootwait earlycon=uart8250_log,mmio1 >> [ 0.00] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes) >> [ 0.00] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes) >> [ 0.00] Memory: 472776K/532212K available (9340K kernel code, 734K >> rwdata, 3412K rodata, 832K init, 35) >> [ 0.00] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=8, Nodes=1 >> [ 0.00] rcu: Hierarchical RCU implementation. >> [ 0.00] rcu: RCU event tracing is enabled. >> [ 0.00] rcu: RCU calculated value of scheduler-enlistment delay is 25 >> jiffies. >> [ 0.00] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0 >> [ 0.00] GICv3: GIC: Using split EOI/Deactivate mode >> [ 0.00] GICv3: Distributor has no Range Selector support >> [ 0.00] GICv3: no VLPI support, no direct LPI support >> [ 0.00] GICv3: CPU0: found redistributor 0 region 0:0x63e0 >> [ 0.00] ITS [mem 0x63c2-0x63c2] >> [ 0.00] ITS@0x63c2: allocated 65536 Devices @fd48 (flat, >> esz 8, psz 64K, shr 0) >> [ 0.00] ITS: using cache flushing for cmd queue >> [ 0.00] Unable to handle kernel paging request at virtual address >> 800975c36004 >> [ 0.00] Mem abort info: >> [ 0.00] ESR = 0x9605 >> [ 0.00] Exception class = DABT (current EL), IL = 32 bits >> [ 0.00] SET = 0, FnV = 0 >> [ 0.00] EA = 0, S1PTW = 0 >
gicv3-its driver crashes in crash dump kernel
Hi, As of the 5.0 kernel we're seeing the crash dump kernel crash when the gicv3-its driver calls gic_reserve_range(): root@bcm958804a8040c:~# echo c > /proc/sysrq-trigger [ 2285.405357] sysrq: SysRq : Trigger a crash [ 2285.409592] Kernel panic - not syncing: sysrq triggered crash [ 2285.415521] CPU: 0 PID: 4064 Comm: sh Kdump: loaded Tainted: G O 5.0.0 #1 [ 2285.423867] Hardware name: BRCM BRCM-SR/BRCM-SR, BIOS 0.1 Apr 26 2019 [ 2285.430510] Call trace: [ 2285.433041] dump_backtrace+0x0/0x1a0 [ 2285.436818] show_stack+0x14/0x20 [ 2285.440237] dump_stack+0x90/0xb4 [ 2285.443657] panic+0x13c/0x2ec [ 2285.446807] sysrq_handle_crash+0x14/0x18 [ 2285.450942] __handle_sysrq+0xa4/0x190 [ 2285.454808] write_sysrq_trigger+0x64/0x80 [ 2285.459034] proc_reg_write+0x60/0xa8 [ 2285.462812] __vfs_write+0x30/0x180 [ 2285.466409] vfs_write+0xa4/0x1b8 [ 2285.469827] ksys_write+0x60/0xd8 [ 2285.473246] __arm64_sys_write+0x14/0x20 [ 2285.477292] el0_svc_common+0x60/0x100 [ 2285.481158] el0_svc_handler+0x2c/0x88 [ 2285.485025] el0_svc+0x8/0xc [ 2285.488001] SMP: stopping secondary CPUs [ 2285.492349] Starting crashdump kernel... [ 2285.496395] Bye! [ 0.00] Booting Linux on physical CPU 0x00 [0x410fd083] [ 0.00] Linux version 5.0.0 (oe-user@oe-host) (gcc version 7.3.0 (GCC)) #1 SMP Fri Apr 26 03:06:15 UTC9 [ 0.00] Machine model: Stingray PS1100R (BCM958804A8040) [ 0.00] earlycon: uart8250_log0 at MMIO32 0x68a1 (options '') [ 0.00] printk: bootconsole [uart8250_log0] enabled [ 0.00] Malformed early option 'loglevel' [ 0.00] efi: Getting EFI parameters from FDT: [ 0.00] efi: EFI v2.70 by EDK II [ 0.00] efi: SMBIOS=0x85cd SMBIOS 3.0=0x85a2 ACPI 2.0=0x85d9 MEMATTR=0x89352018 MEMRE [ 0.00] cannot allocate crashkernel (size:0x2000) [ 0.00] Reserving 2KB of memory at 0xffdff000 for elfcorehdr [ 0.00] cma: Failed to reserve 1024 MiB [ 0.00] psci: probing for conduit method from DT. I: GICv3 without legacy support detected. ARM GICV3 driver initialized in EL3 0.00] psci: PSCIv1.1 detected in firmware. [ 0.00] psci: Using standard PSCI v0.2 function IDs [ 0.00] psci: MIGRATE_INFO_TYPE not supported. [ 0.00] psci: SMC Calling Convention v1.1 [ 0.00] random: get_random_bytes called from start_kernel+0xa8/0x3ec with crng_init=0 [ 0.00] percpu: Embedded 23 pages/cpu @(ptrval) s53784 r8192 d32232 u94208 [ 0.00] Detected PIPT I-cache on CPU0 [ 0.00] CPU features: detected: EL2 vector hardening [ 0.00] Speculative Store Bypass Disable mitigation not required [ 0.00] Built 1 zonelists, mobility grouping on. Total pages: 130974 [ 0.00] Kernel command line: FS2:\Image.1 root=/dev/mmcblk0p3 rw rootwait earlycon=uart8250_log,mmio1 [ 0.00] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes) [ 0.00] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes) [ 0.00] Memory: 472776K/532212K available (9340K kernel code, 734K rwdata, 3412K rodata, 832K init, 35) [ 0.00] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=8, Nodes=1 [ 0.00] rcu: Hierarchical RCU implementation. [ 0.00] rcu: RCU event tracing is enabled. [ 0.00] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies. [ 0.00] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0 [ 0.00] GICv3: GIC: Using split EOI/Deactivate mode [ 0.00] GICv3: Distributor has no Range Selector support [ 0.00] GICv3: no VLPI support, no direct LPI support [ 0.00] GICv3: CPU0: found redistributor 0 region 0:0x63e0 [ 0.00] ITS [mem 0x63c2-0x63c2] [ 0.00] ITS@0x63c2: allocated 65536 Devices @fd48 (flat, esz 8, psz 64K, shr 0) [ 0.00] ITS: using cache flushing for cmd queue [ 0.00] Unable to handle kernel paging request at virtual address 800975c36004 [ 0.00] Mem abort info: [ 0.00] ESR = 0x9605 [ 0.00] Exception class = DABT (current EL), IL = 32 bits [ 0.00] SET = 0, FnV = 0 [ 0.00] EA = 0, S1PTW = 0 [ 0.00] Data abort info: [ 0.00] ISV = 0, ISS = 0x0005 [ 0.00] CM = 0, WnR = 0 [ 0.00] swapper pgtable: 4k pages, 48-bit VAs, pgdp = (ptrval) [ 0.00] [800975c36004] pgd=ffdf8003, pud= [ 0.00] Internal error: Oops: 9605 [#1] SMP [ 0.00] Modules linked in: [ 0.00] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.0.0 #1 [ 0.00] Hardware name: Stingray PS1100R (BCM958804A8040) (DT) [ 0.00] pstate: 6085 (nZCv daIf -PAN -UAO) [ 0.00] pc : efi_mem_reserve_persistent+0x60/0x1b8 [ 0.00] lr : efi_mem_reserve_persistent+0x1a0/0x1b8 [ 0.00] sp : 10dd3c30 [ 0.00] x29: 10dd3c30 x28: 80007d409200 [ 0.00] x27: 10eca000 x26: 0008 [ 0.00] x25: 1006 x24: [ 0.00] x23: 0001 x22: 10c96000 [ 0.00] x21: fd45 x20: 000100
