Message ID | 20240722035701.696874-4-ruanjinjie@huawei.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | crash: Fix crash memory reserve exceed system memory bug | expand |
Hi, On Mon, Jul 22, 2024 at 11:57:01AM +0800, Jinjie Ruan wrote: > Similar with x86_32, on Riscv32 Qemu "virt" machine with 1GB memory, the > crash kernel "crashkernel=4G" is ok as below: > crashkernel reserved: 0x00000000bf400000 - 0x00000001bf400000 (4096 MB) > > The cause is that the crash_size is parsed and printed with "unsigned long > long" data type which is 8 bytes but allocated used with "phys_addr_t" > which is 4 bytes in memblock_phys_alloc_range(). > > Fix it by checking if the crash_size is greater than system RAM size and > warn out as parse_crashkernel_mem() do it if so. > > After this patch, it fails and there is no above confusing reserve > success info. > > Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> > --- > arch/riscv/mm/init.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c > index bfa2dea95354..5d66a4937fcd 100644 > --- a/arch/riscv/mm/init.c > +++ b/arch/riscv/mm/init.c > @@ -1381,6 +1381,11 @@ static void __init arch_reserve_crashkernel(void) > if (ret) > return; > > + if (crash_size >= memblock_phys_mem_size()) { > + pr_warn("Crashkernel: invalid size."); > + return; > + } > + What the point of adding three identical checks right after the call to parse_crashkernel()? This check should be there and parse_crashkernel() should return error in this case. > reserve_crashkernel_generic(cmdline, crash_size, crash_base, > low_size, high); > } > -- > 2.34.1 >
On 2024/7/22 14:38, Mike Rapoport wrote: > Hi, > > On Mon, Jul 22, 2024 at 11:57:01AM +0800, Jinjie Ruan wrote: >> Similar with x86_32, on Riscv32 Qemu "virt" machine with 1GB memory, the >> crash kernel "crashkernel=4G" is ok as below: >> crashkernel reserved: 0x00000000bf400000 - 0x00000001bf400000 (4096 MB) >> >> The cause is that the crash_size is parsed and printed with "unsigned long >> long" data type which is 8 bytes but allocated used with "phys_addr_t" >> which is 4 bytes in memblock_phys_alloc_range(). >> >> Fix it by checking if the crash_size is greater than system RAM size and >> warn out as parse_crashkernel_mem() do it if so. >> >> After this patch, it fails and there is no above confusing reserve >> success info. >> >> Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> >> --- >> arch/riscv/mm/init.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c >> index bfa2dea95354..5d66a4937fcd 100644 >> --- a/arch/riscv/mm/init.c >> +++ b/arch/riscv/mm/init.c >> @@ -1381,6 +1381,11 @@ static void __init arch_reserve_crashkernel(void) >> if (ret) >> return; >> >> + if (crash_size >= memblock_phys_mem_size()) { >> + pr_warn("Crashkernel: invalid size."); >> + return; >> + } >> + > > What the point of adding three identical checks right after the call to > parse_crashkernel()? Maybe you are right, the original version checks in parse_crashkernel (), but there's a problem. > > This check should be there and parse_crashkernel() should return error in > this case. Thank you very much, I'll fix it like this in v5. > >> reserve_crashkernel_generic(cmdline, crash_size, crash_base, >> low_size, high); >> } >> -- >> 2.34.1 >> >
On 2024/7/22 14:38, Mike Rapoport wrote: > Hi, > > On Mon, Jul 22, 2024 at 11:57:01AM +0800, Jinjie Ruan wrote: >> Similar with x86_32, on Riscv32 Qemu "virt" machine with 1GB memory, the >> crash kernel "crashkernel=4G" is ok as below: >> crashkernel reserved: 0x00000000bf400000 - 0x00000001bf400000 (4096 MB) >> >> The cause is that the crash_size is parsed and printed with "unsigned long >> long" data type which is 8 bytes but allocated used with "phys_addr_t" >> which is 4 bytes in memblock_phys_alloc_range(). >> >> Fix it by checking if the crash_size is greater than system RAM size and >> warn out as parse_crashkernel_mem() do it if so. >> >> After this patch, it fails and there is no above confusing reserve >> success info. >> >> Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> >> --- >> arch/riscv/mm/init.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c >> index bfa2dea95354..5d66a4937fcd 100644 >> --- a/arch/riscv/mm/init.c >> +++ b/arch/riscv/mm/init.c >> @@ -1381,6 +1381,11 @@ static void __init arch_reserve_crashkernel(void) >> if (ret) >> return; >> >> + if (crash_size >= memblock_phys_mem_size()) { >> + pr_warn("Crashkernel: invalid size."); >> + return; >> + } >> + > > What the point of adding three identical checks right after the call to > parse_crashkernel()? > > This check should be there and parse_crashkernel() should return error in > this case. Hi, Mike How about the folling rough patch? --- a/kernel/crash_reserve.c +++ b/kernel/crash_reserve.c @@ -313,7 +313,7 @@ int __init parse_crashkernel(char *cmdline, if (high && ret == -ENOENT) { ret = __parse_crashkernel(cmdline, 0, crash_size, crash_base, suffix_tbl[SUFFIX_HIGH]); - if (ret || !*crash_size) + if (ret || !*crash_size || crash_size >= system_ram) return -EINVAL; /* @@ -332,7 +332,7 @@ int __init parse_crashkernel(char *cmdline, *high = true; } #endif - if (!*crash_size) + if (!*crash_size || crash_size >= system_ram) ret = -EINVAL; > >> reserve_crashkernel_generic(cmdline, crash_size, crash_base, >> low_size, high); >> } >> -- >> 2.34.1 >> >
On Mon, Jul 22, 2024 at 03:08:29PM +0800, Jinjie Ruan wrote: > > > On 2024/7/22 14:38, Mike Rapoport wrote: > > Hi, > > > > On Mon, Jul 22, 2024 at 11:57:01AM +0800, Jinjie Ruan wrote: > >> Similar with x86_32, on Riscv32 Qemu "virt" machine with 1GB memory, the > >> crash kernel "crashkernel=4G" is ok as below: > >> crashkernel reserved: 0x00000000bf400000 - 0x00000001bf400000 (4096 MB) > >> > >> The cause is that the crash_size is parsed and printed with "unsigned long > >> long" data type which is 8 bytes but allocated used with "phys_addr_t" > >> which is 4 bytes in memblock_phys_alloc_range(). > >> > >> Fix it by checking if the crash_size is greater than system RAM size and > >> warn out as parse_crashkernel_mem() do it if so. > >> > >> After this patch, it fails and there is no above confusing reserve > >> success info. > >> > >> Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> > >> --- > >> arch/riscv/mm/init.c | 5 +++++ > >> 1 file changed, 5 insertions(+) > >> > >> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c > >> index bfa2dea95354..5d66a4937fcd 100644 > >> --- a/arch/riscv/mm/init.c > >> +++ b/arch/riscv/mm/init.c > >> @@ -1381,6 +1381,11 @@ static void __init arch_reserve_crashkernel(void) > >> if (ret) > >> return; > >> > >> + if (crash_size >= memblock_phys_mem_size()) { > >> + pr_warn("Crashkernel: invalid size."); > >> + return; > >> + } > >> + > > > > What the point of adding three identical checks right after the call to > > parse_crashkernel()? > > > > This check should be there and parse_crashkernel() should return error in > > this case. > > Hi, Mike > > How about the folling rough patch? > > --- a/kernel/crash_reserve.c > +++ b/kernel/crash_reserve.c > @@ -313,7 +313,7 @@ int __init parse_crashkernel(char *cmdline, > if (high && ret == -ENOENT) { > ret = __parse_crashkernel(cmdline, 0, crash_size, > crash_base, suffix_tbl[SUFFIX_HIGH]); > - if (ret || !*crash_size) > + if (ret || !*crash_size || crash_size >= system_ram) > return -EINVAL; > > /* > @@ -332,7 +332,7 @@ int __init parse_crashkernel(char *cmdline, > *high = true; > } > #endif > - if (!*crash_size) > + if (!*crash_size || crash_size >= system_ram) > ret = -EINVAL; > Why no simply diff --git a/kernel/crash_reserve.c b/kernel/crash_reserve.c index 5b2722a93a48..64312709877d 100644 --- a/kernel/crash_reserve.c +++ b/kernel/crash_reserve.c @@ -336,6 +336,9 @@ int __init parse_crashkernel(char *cmdline, if (!*crash_size) ret = -EINVAL; + if (*crash_size >= system_ram) + ret = -EINVAL; + return ret; } > > > >> reserve_crashkernel_generic(cmdline, crash_size, crash_base, > >> low_size, high); > >> } > >> -- > >> 2.34.1 > >> > >
On 2024/7/22 15:23, Mike Rapoport wrote: > On Mon, Jul 22, 2024 at 03:08:29PM +0800, Jinjie Ruan wrote: >> >> >> On 2024/7/22 14:38, Mike Rapoport wrote: >>> Hi, >>> >>> On Mon, Jul 22, 2024 at 11:57:01AM +0800, Jinjie Ruan wrote: >>>> Similar with x86_32, on Riscv32 Qemu "virt" machine with 1GB memory, the >>>> crash kernel "crashkernel=4G" is ok as below: >>>> crashkernel reserved: 0x00000000bf400000 - 0x00000001bf400000 (4096 MB) >>>> >>>> The cause is that the crash_size is parsed and printed with "unsigned long >>>> long" data type which is 8 bytes but allocated used with "phys_addr_t" >>>> which is 4 bytes in memblock_phys_alloc_range(). >>>> >>>> Fix it by checking if the crash_size is greater than system RAM size and >>>> warn out as parse_crashkernel_mem() do it if so. >>>> >>>> After this patch, it fails and there is no above confusing reserve >>>> success info. >>>> >>>> Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> >>>> --- >>>> arch/riscv/mm/init.c | 5 +++++ >>>> 1 file changed, 5 insertions(+) >>>> >>>> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c >>>> index bfa2dea95354..5d66a4937fcd 100644 >>>> --- a/arch/riscv/mm/init.c >>>> +++ b/arch/riscv/mm/init.c >>>> @@ -1381,6 +1381,11 @@ static void __init arch_reserve_crashkernel(void) >>>> if (ret) >>>> return; >>>> >>>> + if (crash_size >= memblock_phys_mem_size()) { >>>> + pr_warn("Crashkernel: invalid size."); >>>> + return; >>>> + } >>>> + >>> >>> What the point of adding three identical checks right after the call to >>> parse_crashkernel()? >>> >>> This check should be there and parse_crashkernel() should return error in >>> this case. >> >> Hi, Mike >> >> How about the folling rough patch? >> >> --- a/kernel/crash_reserve.c >> +++ b/kernel/crash_reserve.c >> @@ -313,7 +313,7 @@ int __init parse_crashkernel(char *cmdline, >> if (high && ret == -ENOENT) { >> ret = __parse_crashkernel(cmdline, 0, crash_size, >> crash_base, suffix_tbl[SUFFIX_HIGH]); >> - if (ret || !*crash_size) >> + if (ret || !*crash_size || crash_size >= system_ram) >> return -EINVAL; >> >> /* >> @@ -332,7 +332,7 @@ int __init parse_crashkernel(char *cmdline, >> *high = true; >> } >> #endif >> - if (!*crash_size) >> + if (!*crash_size || crash_size >= system_ram) >> ret = -EINVAL; >> > > Why no simply > > diff --git a/kernel/crash_reserve.c b/kernel/crash_reserve.c > index 5b2722a93a48..64312709877d 100644 > --- a/kernel/crash_reserve.c > +++ b/kernel/crash_reserve.c > @@ -336,6 +336,9 @@ int __init parse_crashkernel(char *cmdline, > if (!*crash_size) > ret = -EINVAL; > > + if (*crash_size >= system_ram) > + ret = -EINVAL; > + > return ret; This is good, thank you! > } > > >>> >>>> reserve_crashkernel_generic(cmdline, crash_size, crash_base, >>>> low_size, high); >>>> } >>>> -- >>>> 2.34.1 >>>> >>> >
diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c index bfa2dea95354..5d66a4937fcd 100644 --- a/arch/riscv/mm/init.c +++ b/arch/riscv/mm/init.c @@ -1381,6 +1381,11 @@ static void __init arch_reserve_crashkernel(void) if (ret) return; + if (crash_size >= memblock_phys_mem_size()) { + pr_warn("Crashkernel: invalid size."); + return; + } + reserve_crashkernel_generic(cmdline, crash_size, crash_base, low_size, high); }
Similar with x86_32, on Riscv32 Qemu "virt" machine with 1GB memory, the crash kernel "crashkernel=4G" is ok as below: crashkernel reserved: 0x00000000bf400000 - 0x00000001bf400000 (4096 MB) The cause is that the crash_size is parsed and printed with "unsigned long long" data type which is 8 bytes but allocated used with "phys_addr_t" which is 4 bytes in memblock_phys_alloc_range(). Fix it by checking if the crash_size is greater than system RAM size and warn out as parse_crashkernel_mem() do it if so. After this patch, it fails and there is no above confusing reserve success info. Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> --- arch/riscv/mm/init.c | 5 +++++ 1 file changed, 5 insertions(+)