--- /dev/null
+From ce4d9a1ea35ac5429e822c4106cb2859d5c71f3e Mon Sep 17 00:00:00 2001
+From: "Isaac J. Manjarres" <isaacmanjarres@google.com>
+Date: Wed, 8 Feb 2023 15:20:00 -0800
+Subject: of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem
+
+From: Isaac J. Manjarres <isaacmanjarres@google.com>
+
+commit ce4d9a1ea35ac5429e822c4106cb2859d5c71f3e upstream.
+
+Patch series "Fix kmemleak crashes when scanning CMA regions", v2.
+
+When trying to boot a device with an ARM64 kernel with the following
+config options enabled:
+
+CONFIG_DEBUG_PAGEALLOC=y
+CONFIG_DEBUG_PAGEALLOC_ENABLE_DEFAULT=y
+CONFIG_DEBUG_KMEMLEAK=y
+
+a crash is encountered when kmemleak starts to scan the list of gray
+or allocated objects that it maintains. Upon closer inspection, it was
+observed that these page-faults always occurred when kmemleak attempted
+to scan a CMA region.
+
+At the moment, kmemleak is made aware of CMA regions that are specified
+through the devicetree to be dynamically allocated within a range of
+addresses. However, kmemleak should not need to scan CMA regions or any
+reserved memory region, as those regions can be used for DMA transfers
+between drivers and peripherals, and thus wouldn't contain anything
+useful for kmemleak.
+
+Additionally, since CMA regions are unmapped from the kernel's address
+space when they are freed to the buddy allocator at boot when
+CONFIG_DEBUG_PAGEALLOC is enabled, kmemleak shouldn't attempt to access
+those memory regions, as that will trigger a crash. Thus, kmemleak
+should ignore all dynamically allocated reserved memory regions.
+
+
+This patch (of 1):
+
+Currently, kmemleak ignores dynamically allocated reserved memory regions
+that don't have a kernel mapping. However, regions that do retain a
+kernel mapping (e.g. CMA regions) do get scanned by kmemleak.
+
+This is not ideal for two reasons:
+
+1 kmemleak works by scanning memory regions for pointers to allocated
+ objects to determine if those objects have been leaked or not.
+ However, reserved memory regions can be used between drivers and
+ peripherals for DMA transfers, and thus, would not contain pointers to
+ allocated objects, making it unnecessary for kmemleak to scan these
+ reserved memory regions.
+
+2 When CONFIG_DEBUG_PAGEALLOC is enabled, along with kmemleak, the
+ CMA reserved memory regions are unmapped from the kernel's address
+ space when they are freed to buddy at boot. These CMA reserved regions
+ are still tracked by kmemleak, however, and when kmemleak attempts to
+ scan them, a crash will happen, as accessing the CMA region will result
+ in a page-fault, since the regions are unmapped.
+
+Thus, use kmemleak_ignore_phys() for all dynamically allocated reserved
+memory regions, instead of those that do not have a kernel mapping
+associated with them.
+
+Link: https://lkml.kernel.org/r/20230208232001.2052777-1-isaacmanjarres@google.com
+Link: https://lkml.kernel.org/r/20230208232001.2052777-2-isaacmanjarres@google.com
+Fixes: a7259df76702 ("memblock: make memblock_find_in_range method private")
+Signed-off-by: Isaac J. Manjarres <isaacmanjarres@google.com>
+Acked-by: Mike Rapoport (IBM) <rppt@kernel.org>
+Acked-by: Catalin Marinas <catalin.marinas@arm.com>
+Cc: Frank Rowand <frowand.list@gmail.com>
+Cc: Kirill A. Shutemov <kirill.shtuemov@linux.intel.com>
+Cc: Nick Kossifidis <mick@ics.forth.gr>
+Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Cc: Rob Herring <robh@kernel.org>
+Cc: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
+Cc: Saravana Kannan <saravanak@google.com>
+Cc: <stable@vger.kernel.org> [5.15+]
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/of/of_reserved_mem.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/of/of_reserved_mem.c
++++ b/drivers/of/of_reserved_mem.c
+@@ -47,9 +47,10 @@ static int __init early_init_dt_alloc_re
+ err = memblock_mark_nomap(base, size);
+ if (err)
+ memblock_free(base, size);
+- kmemleak_ignore_phys(base);
+ }
+
++ kmemleak_ignore_phys(base);
++
+ return err;
+ }
+
--- /dev/null
+From 90091c367e74d5b58d9ebe979cc363f7468f58d3 Mon Sep 17 00:00:00 2001
+From: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
+Date: Thu, 5 Aug 2021 19:12:36 +0900
+Subject: selftest/lkdtm: Skip stack-entropy test if lkdtm is not available
+
+From: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
+
+commit 90091c367e74d5b58d9ebe979cc363f7468f58d3 upstream.
+
+Exit with return code 4 if lkdtm is not available like other tests
+in order to properly skip the test.
+
+Signed-off-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Link: https://lore.kernel.org/r/20210805101236.1140381-1-misono.tomohiro@jp.fujitsu.com
+Cc: Andrew Paniakin <apanyaki@amazon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/testing/selftests/lkdtm/stack-entropy.sh | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+--- a/tools/testing/selftests/lkdtm/stack-entropy.sh
++++ b/tools/testing/selftests/lkdtm/stack-entropy.sh
+@@ -4,13 +4,27 @@
+ # Measure kernel stack entropy by sampling via LKDTM's REPORT_STACK test.
+ set -e
+ samples="${1:-1000}"
++TRIGGER=/sys/kernel/debug/provoke-crash/DIRECT
++KSELFTEST_SKIP_TEST=4
++
++# Verify we have LKDTM available in the kernel.
++if [ ! -r $TRIGGER ] ; then
++ /sbin/modprobe -q lkdtm || true
++ if [ ! -r $TRIGGER ] ; then
++ echo "Cannot find $TRIGGER (missing CONFIG_LKDTM?)"
++ else
++ echo "Cannot write $TRIGGER (need to run as root?)"
++ fi
++ # Skip this test
++ exit $KSELFTEST_SKIP_TEST
++fi
+
+ # Capture dmesg continuously since it may fill up depending on sample size.
+ log=$(mktemp -t stack-entropy-XXXXXX)
+ dmesg --follow >"$log" & pid=$!
+ report=-1
+ for i in $(seq 1 $samples); do
+- echo "REPORT_STACK" >/sys/kernel/debug/provoke-crash/DIRECT
++ echo "REPORT_STACK" > $TRIGGER
+ if [ -t 1 ]; then
+ percent=$(( 100 * $i / $samples ))
+ if [ "$percent" -ne "$report" ]; then
projects / thirdparty / kernel / stable-queue.git / commitdiff
