On (24/09/24 14:49), Sergey Senozhatsky wrote:
On (24/09/24 07:21), Christophe JAILLET wrote: [..]
kfree_const() will not work if zram is built as a module. It works only for .rodata for kernel image. [1]
If so, then it is likely that it is not correctly used elsewhere.
https://elixir.bootlin.com/linux/v6.11/source/drivers/dax/kmem.c#L289 https://elixir.bootlin.com/linux/v6.11/source/drivers/firmware/arm_scmi/bus.... https://elixir.bootlin.com/linux/v6.11/source/drivers/input/touchscreen/chip...
icn8505_probe_acpi() uses kfree_const(subsys)...
subsys is returned from acpi_get_subsystem_id() which only does sub = kstrdup(obj->string.pointer, GFP_KERNEL);
However, if acpi_get_subsystem_id() returns an error then icn8505_probe_acpi() does
subsys = "unknown";
and I suspect that kfree_const(subsys) can, in fact, explode?
A trivial test to replicate icn8505_probe_acpi() error path
(zram built as a module)
--- diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index d3329a67e805..5cd65dd7dafa 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -2719,11 +2719,21 @@ static void destroy_devices(void) cpuhp_remove_multi_state(CPUHP_ZCOMP_PREPARE); }
+static void boom(void) +{ + char *str = "unknown"; + + pr_err(":: kfree_const() %s\n", str); + kfree_const(str); +} + static int __init zram_init(void) { struct zram_table_entry zram_te; int ret;
+ boom(); + BUILD_BUG_ON(__NR_ZRAM_PAGEFLAGS > sizeof(zram_te.flags) * 8);
ret = cpuhp_setup_state_multi(CPUHP_ZCOMP_PREPARE, "block/zram:prepare", ---
[ 15.494947] zram: :: kfree_const() unknown [..] [ 15.498085] WARNING: CPU: 5 PID: 420 at mm/slub.c:4690 free_large_kmalloc+0x18/0xb0 [ 15.500393] Modules linked in: zram(+) 842_decompress 842_compress zsmalloc zstd_compress lz4hc_compress lz4_compress zlib_deflate [ 15.503405] CPU: 5 UID: 0 PID: 420 Comm: modprobe Tainted: G N 6.11.0-next-20240920+ #727 [ 15.506013] Tainted: [N]=TEST [ 15.506792] RIP: 0010:free_large_kmalloc+0x18/0xb0 [..] [ 15.531487] Call Trace: [ 15.532102] <TASK> [ 15.532616] ? __warn+0x12d/0x340 [ 15.533409] ? free_large_kmalloc+0x18/0xb0 [ 15.534397] ? free_large_kmalloc+0x18/0xb0 [ 15.535426] ? report_bug+0x170/0x380 [ 15.536365] ? handle_bug+0x5c/0xa0 [ 15.537206] ? exc_invalid_op+0x16/0x40 [ 15.538155] ? asm_exc_invalid_op+0x16/0x20 [ 15.539189] ? free_large_kmalloc+0x18/0xb0 [ 15.540194] init_module+0x25/0xffb [zram] [ 15.541173] do_one_initcall+0x130/0x450 [ 15.542143] ? __cfi_init_module+0x5/0x5 [zram] [ 15.543282] ? stack_depot_save_flags+0x25/0x700 [ 15.544413] ? stack_trace_save+0xb3/0x150 [ 15.545428] ? kasan_save_track+0x3c/0x60 [ 15.546401] ? kasan_save_track+0x2b/0x60 [ 15.547364] ? __kasan_kmalloc+0x6e/0x80 [ 15.548350] ? do_init_module+0x16e/0x890 [ 15.549348] ? __se_sys_finit_module+0x513/0x7e0 [ 15.550437] ? do_syscall_64+0x71/0x110 [ 15.551385] ? entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 15.552662] ? stack_depot_save_flags+0x25/0x700 [ 15.553751] ? stack_trace_save+0xb3/0x150 [ 15.554754] ? __create_object+0x62/0x110 [ 15.555767] ? do_raw_spin_unlock+0x5a/0x950 [ 15.556778] ? __create_object+0x62/0x110 [ 15.557727] ? _raw_spin_unlock_irqrestore+0x31/0x40 [ 15.558928] ? __create_object+0x62/0x110 [ 15.559947] ? kasan_unpoison+0x49/0x70 [ 15.560855] ? __asan_register_globals+0x54/0x70 [ 15.561976] do_init_module+0x36a/0x890 [ 15.562940] __se_sys_finit_module+0x513/0x7e0 [ 15.564034] do_syscall_64+0x71/0x110 [ 15.564948] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [..] [ 15.894538] kernel BUG at include/linux/mm.h:1140! [ 15.895727] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 15.897003] CPU: 5 UID: 0 PID: 420 Comm: modprobe Tainted: G B W N 6.11.0-next-20240920+ #727 [ 15.899215] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 15.900395] RIP: 0010:free_large_kmalloc+0xaa/0xb0 [..] [ 15.924239] Call Trace: [ 15.924836] <TASK> [ 15.925343] ? __die_body+0x66/0xb0 [ 15.926183] ? die+0xa0/0xc0 [ 15.926873] ? do_trap+0xf4/0x2e0 [ 15.927671] ? free_large_kmalloc+0xaa/0xb0 [ 15.928665] ? do_error_trap+0xfc/0x180 [ 15.929567] ? free_large_kmalloc+0xaa/0xb0 [ 15.930550] ? handle_invalid_op+0x4f/0x60 [ 15.931529] ? free_large_kmalloc+0xaa/0xb0 [ 15.932513] ? exc_invalid_op+0x2f/0x40 [ 15.933422] ? asm_exc_invalid_op+0x16/0x20 [ 15.934413] ? free_large_kmalloc+0xaa/0xb0 [ 15.935410] init_module+0x25/0xffb [zram] [ 15.936375] do_one_initcall+0x130/0x450 [ 15.937306] ? __cfi_init_module+0x5/0x5 [zram] [ 15.938550] ? stack_depot_save_flags+0x25/0x700 [ 15.939799] ? stack_trace_save+0xb3/0x150 [ 15.940786] ? kasan_save_track+0x3c/0x60 [ 15.941755] ? kasan_save_track+0x2b/0x60 [ 15.942729] ? __kasan_kmalloc+0x6e/0x80 [ 15.943697] ? do_init_module+0x16e/0x890 [ 15.944665] ? __se_sys_finit_module+0x513/0x7e0 [ 15.945782] ? do_syscall_64+0x71/0x110 [ 15.946716] ? entry_SYSCALL_64_after_hwframe+0x4b/0x53 [ 15.947978] ? stack_depot_save_flags+0x25/0x700 [ 15.949091] ? stack_trace_save+0xb3/0x150 [ 15.950082] ? __create_object+0x62/0x110 [ 15.951052] ? do_raw_spin_unlock+0x5a/0x950 [ 15.952094] ? __create_object+0x62/0x110 [ 15.953064] ? _raw_spin_unlock_irqrestore+0x31/0x40 [ 15.954255] ? __create_object+0x62/0x110 [ 15.955221] ? kasan_unpoison+0x49/0x70 [ 15.956154] ? __asan_register_globals+0x54/0x70 [ 15.957261] do_init_module+0x36a/0x890 [ 15.958199] __se_sys_finit_module+0x513/0x7e0 [ 15.959282] do_syscall_64+0x71/0x110 [ 15.960172] entry_SYSCALL_64_after_hwframe+0x4b/0x53