From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754506AbdESRgf (ORCPT ); Fri, 19 May 2017 13:36:35 -0400 Received: from foss.arm.com ([217.140.101.70]:46988 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750783AbdESRgc (ORCPT ); Fri, 19 May 2017 13:36:32 -0400 Date: Fri, 19 May 2017 18:35:29 +0100 From: Catalin Marinas To: "Luis R. Rodriguez" Cc: Steven Rostedt , Kees Cook , Stephen Smalley , Ingo Molnar , Andy Lutomirski , Michal Hocko , Vlastimil Babka , Andrew Morton , "Eric W. Biederman" , Mateusz Guzik , LKML Subject: Re: next-20170515: WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:236 note_page+0x630/0x7e0 Message-ID: <20170519173529.GC19522@e104818-lin.cambridge.arm.com> References: <20170515220650.GD17314@wotan.suse.de> <20170515221505.GE17314@wotan.suse.de> <20170517164017.GP17314@wotan.suse.de> <20170519004414.GD8951@wotan.suse.de> <20170519030802.GE8951@wotan.suse.de> <20170519154016.GH8951@wotan.suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170519154016.GH8951@wotan.suse.de> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 19, 2017 at 05:40:16PM +0200, Luis R. Rodriguez wrote: > If the following is a legit forced way to get query the kernel to ask it > who owns a page then perhaps this technique can be used in the future to > figure out who the hell caused this. Catalin, can you confirm? In this > case this is perhaps not a leaked page but I am trying to abuse the > kmemleak debugfs API to query who allocated the page. Is that fine? > > [ 0.916771] WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:235 note_page+0x63c/0x7e0 > [ 0.917636] x86/mm: Found insecure W+X mapping at address ffffffffc03d5000/0xffffffffc03d5000 > [ 0.918502] Modules linked in: > [ 0.918819] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.11.0-mcgrof-force-config #340 > [ 0.919631] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014 > [ 0.920011] Call Trace: > [ 0.920011] dump_stack+0x63/0x81 > [ 0.920011] __warn+0xcb/0xf0 > [ 0.920011] warn_slowpath_fmt+0x5a/0x80 > [ 0.920011] note_page+0x63c/0x7e0 > [ 0.920011] ptdump_walk_pgd_level_core+0x3b1/0x460 > [ 0.920011] ? 0xffffffff86c00000 > [ 0.920011] ptdump_walk_pgd_level_checkwx+0x17/0x20 > [ 0.920011] mark_rodata_ro+0xf4/0x100 > [ 0.920011] ? rest_init+0x80/0x80 > [ 0.920011] kernel_init+0x2a/0x100 > [ 0.920011] ret_from_fork+0x2c/0x40 > [ 0.925474] ---[ end trace dca00cd779490a2b ]--- > [ 0.925959] x86/mm: Checked W+X mappings: FAILED, 1 W+X pages found. > > echo dump=0xffffffffc03d5000 > /sys/kernel/debug/kmemleak > dmesg | tail > > [ 49.209565] kmemleak: Object 0xffffffffc03d5000 (size 335): > [ 49.210814] kmemleak: comm "swapper/0", pid 1, jiffies 4294892440 > [ 49.212148] kmemleak: min_count = 2 > [ 49.212852] kmemleak: count = 0 > [ 49.213363] kmemleak: flags = 0x1 > [ 49.213363] kmemleak: checksum = 0 > [ 49.213363] kmemleak: backtrace: > [ 49.213363] kmemleak_alloc+0x4a/0xa0 > [ 49.213363] __vmalloc_node_range+0x20a/0x2b0 > [ 49.213363] module_alloc+0x67/0xc0 > [ 49.213363] arch_ftrace_update_trampoline+0xba/0x260 > [ 49.213363] ftrace_startup+0x90/0x210 > [ 49.213363] register_ftrace_function+0x4b/0x60 > [ 49.213363] arm_kprobe+0x84/0xe0 > [ 49.213363] register_kprobe+0x56e/0x5b0 > [ 49.213363] init_test_probes+0x61/0x560 > [ 49.213363] init_kprobes+0x1e3/0x206 > [ 49.213363] do_one_initcall+0x52/0x1a0 > [ 49.213363] kernel_init_freeable+0x178/0x200 > [ 49.213363] kernel_init+0xe/0x100 > [ 49.213363] ret_from_fork+0x2c/0x40 > [ 49.213363] 0xffffffffffffffff You could as well use kmemleak this way since it tracks the memory allocations. However, it doesn't track alloc_pages and also doesn't track mapping existing pages (vmap etc.) -- Catalin