Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp7479644ybi; Thu, 1 Aug 2019 08:47:58 -0700 (PDT) X-Google-Smtp-Source: APXvYqw34CEyMpSCcwgsDk+9TTtd6go+9Lz7G9jtxhdYZqyVYn9pvEU/qrdJXRfEuaSt5Roh8rta X-Received: by 2002:a63:4846:: with SMTP id x6mr84081419pgk.332.1564674478430; Thu, 01 Aug 2019 08:47:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564674478; cv=none; d=google.com; s=arc-20160816; b=fAsKpdyR1sLDXN4ddYsXuli4HNbswlM4u0B8XDPm/u1aW70vFbH6szR/CWFaBlpD69 YtFfZyP7c9rDSPL4Q9OqEel0yFADTfjByCVCXHeADPwzy9qFWATiO3urGqB+ma2ZNgsL 7qFr+9oBRcBwUssbcKTIe8KTIT4nf68SAN9L5faz3zkOtt70TdsOqTGQJQvV1zCISrhg qNZcTs3xBrFGyeAOXXp9fXjAv2WufOe/PzDaPanRHwNiVKzh8du+ATjIfC8egXHbDB2G ZV/uMCRrsex1H2ekB24bPEP+ePQt6IJ5RW0szQwc12JEgkrqd0ux2N/jrkVmf78psAhg nLZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:mime-version:user-agent:date:message-id:to:subject :from; bh=ksSssSEBKmRTgaAu0W7IM+srXWv7iq/bMHAqLj1WT+w=; b=ByrfU5zGd+qG8EZ5siB+6y4KE3tSfvJigU4CVYpUUmpQkY9Tajmi2+yoK0DRFVaCoi WycnChWHVaiI2L6OaSQ8XWzU5MZPnGNNcGK+qHt/GgXKipRMZpl1hfRxEXsYXtz8jlKY b0l8Uz444kM32VaanV3hahrv8i/4rWZyDFNhbt+wtkFMdWmvHmkD3IfkGYqMU614uFJo NJLT/SLFPgef3pgGVS03nu83ocbxU3a+dakEHDeQjrRPZ7c9suWGZ1u86k1XnJRyKjYS FsyA8GzTmrokVM8gGtc1oBQL88O95ScjXM5AvC4FpilX0wkuh/AmGbn9Sx+QYn2qgnCl Ek6Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g34si32158190pld.266.2019.08.01.08.47.43; Thu, 01 Aug 2019 08:47:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732314AbfHAPC6 (ORCPT + 99 others); Thu, 1 Aug 2019 11:02:58 -0400 Received: from mx1.redhat.com ([209.132.183.28]:44260 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726017AbfHAPC6 (ORCPT ); Thu, 1 Aug 2019 11:02:58 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 687B43092409; Thu, 1 Aug 2019 15:02:57 +0000 (UTC) Received: from localhost.localdomain (ovpn-12-18.pek2.redhat.com [10.72.12.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 62C9A579B4; Thu, 1 Aug 2019 15:02:53 +0000 (UTC) From: lijiang Subject: crash: `kmem -s` reported "kmem: dma-kmalloc-512: slab: ffffe192c0001000 invalid freepointer: e5ffef4e9a040b7e" on a dumped vmcore To: "Lendacky, Thomas" , Dave Young , Lianbo Jiang , "linux-kernel@vger.kernel.org" , Dave Anderson Message-ID: Date: Thu, 1 Aug 2019 23:02:49 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Thu, 01 Aug 2019 15:02:57 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Tom Recently, i ran into a problem about SME and used crash tool to check the vmcore as follow: crash> kmem -s | grep -i invalid kmem: dma-kmalloc-512: slab: ffffe192c0001000 invalid freepointer: e5ffef4e9a040b7e kmem: dma-kmalloc-512: slab: ffffe192c0001000 invalid freepointer: e5ffef4e9a040b7e And the crash tool reported the above error, probably, the main reason is that kernel does not correctly handle the first 640k region when SME is enabled. When SME is enabled, the kernel and initramfs images are loaded into the decrypted memory, and the backup area(first 640k) is also mapped as decrypted, but the first 640k data is copied to the backup area in purgatory(). Please refer to this file: arch/x86/purgatory/purgatory.c ...... static int copy_backup_region(void) { if (purgatory_backup_dest) { memcpy((void *)purgatory_backup_dest, (void *)purgatory_backup_src, purgatory_backup_sz); } return 0; } ...... arch/x86/kernel/machine_kexec_64.c ...... machine_kexec_prepare()-> arch_update_purgatory()-> ..... Actually, the firs 640k area is encrypted in the first kernel when SME is enabled, here kernel copies the first 640k data to the backup area in purgatory(), because the backup area is mapped as decrypted, this copying operation makes that the first 640k data is decrypted(decoded) and saved to the backup area, but probably kernel can not aware of SME in purgatory(), which causes kernel mistakenly read out the first 640k. In addition, i hacked kernel code as follow: diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c index 7bcc92add72c..a51631d36a7a 100644 --- a/fs/proc/vmcore.c +++ b/fs/proc/vmcore.c @@ -377,6 +378,16 @@ static ssize_t __read_vmcore(char *buffer, size_t buflen, loff_t *fpos, m->offset + m->size - *fpos, buflen); start = m->paddr + *fpos - m->offset; + if (m->paddr == 0x73f60000) {//the backup area's start address:0x73f60000 + tmp = read_from_oldmem(buffer, tsz, &start, + userbuf, false); + } else tmp = read_from_oldmem(buffer, tsz, &start, userbuf, mem_encrypt_active()); if (tmp < 0) Here, i used the crash tool to check the vmcore, i can see that the backup area is decrypted, except for the dma-kmalloc-512. So i suspect that kernel did not correctly read out the first 640k data to backup area. Do you happen to know how to deal with the first 640k area in purgatory() when SME is enabled? Any idea? BTW: I' curious the reason why the address of dma-kmalloc-512k always falls into the first 640k region, and i did not see the same issue on another machine. Machine: Serial Number diesel-sys9079-0001 Model AMD Diesel (A0C) CPU AMD EPYC 7601 32-Core Processor Background: On x86_64, the first 640k region is special because of some historical reasons. And kdump kernel will reuse the first 640k region, so kernel will back up(copy) the first 640k region to a backup area in purgatory(), in order not to rewrite the old region(640k) in kdump kernel, which makes sure that kdump can read out the old memory from vmcore. Thanks. Lianbo