<div dir="ltr">MH,<div><br></div><div>Let me give a bit of background of the issue.</div><div><br></div><div>We are facing an issue where 4 bytes of physical memory is getting corrupted (set to 0) at a fixed offset.</div><div>This offset is always fixed 0x00A4DDC0 (PFN: 0xA4D). The problem manifests in form of SIGILL for some random user-space application where its text area is corrupted. At this moment we are not able to identify who is causing the corruption. While we continue to investigate that (no HW breakpoint support :(), I thought we could at least mask the problem since we know the corruption is always occurring at a fixed offset.</div><div>Therefore we want to reserve the memory so that kernel does not give it to anyone.</div><div>We tried passing it via kernel command-line parameter (using memblock) but did not see it working. Finally we modified the function early_reserve_mem_dt() in file "linux-3.12.19/arch/powerpc/kernel/prom.c" to directly reserve the memory. </div><div><div><br></div><div>base1 = 0xA4D000; size1=0x1000;</div><div>memblock_reserve(base1, size1);<br></div></div><div><br></div><div>To check if reservation is working and to monitor the corruption we wrote a kernel module that does a ioremap to page 0xA4D. We then poison it with fixed data. What we found was that, in few runs, this memory was intact and in few others it would change. We tried both memblock_reserve() as well as memblock_remove(). Unfortunately we continue to get the SIGILL at the same offset.</div><div>Is there any other way to block a physical memory page?</div><div><br></div><div>ioremap code (relevant lines):</div><div>static char* sigill_mon_addr;<br></div><div>#define ADDR_TEST 0xA4D00<br></div><div>sigill_mon_addr = (char*)ioremap(ADDR_TEST, 4096);<br></div><div><br></div><div>-Thanks</div><div>Nikhil</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 15, 2016 at 5:35 AM, Min-Hua Chen <span dir="ltr"><<a href="mailto:orca.chen@gmail.com" target="_blank">orca.chen@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Wed, Sep 14, 2016 at 3:17 PM, Nikhil Utane <span dir="ltr"><<a href="mailto:nikhil.subscribed@gmail.com" target="_blank">nikhil.subscribed@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thank You MH Chen for your response.<div><br></div><div>So does that mean with memblock_reserve(), a kernel module can call phys_to_virt(), create a linear mapping and modify that memory?</div><div>Where as with memblock_remove(), a kernel module can call ioremap() and then modify the memory?</div></div></blockquote><div><br></div></span><div>Not really. It depends on the wether the reserved memory is in a linear mapping range. For example, arm32 only creates linear mapping</div><div>within 1GB range because arm32 has only 1GB of kernel space virtual memory. arm64 creates linear mapping for a large range</div><div>of memory (depends on ARM64_VA_BITS_xx). </div><div><br></div><div>for memblock_remove() memory, You can use ioremap() to access the memory.</div><span class=""><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>What would explain that only in some runs the memory is modified and in some runs it is not (for both the functions)? Shouldn't this reserved/removed memory never be modified unless someone is directly trying to write to that specific page?</div><div><br></div></div></blockquote><div><br></div></span><div>They should not be modified. How do you write to the reserved memory? Can you post the source code?</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>-MH</div></font></span><span class=""><div> </div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div></div><div>-Regards</div><span><font color="#888888"><div>Nikhil</div></font></span></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Sep 11, 2016 at 6:08 AM, Min-Hua Chen <span dir="ltr"><<a href="mailto:orca.chen@gmail.com" target="_blank">orca.chen@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Nikhil,<div><br></div><div>memblock_reserve() adds a given memory to the "memblock.reserved" list, it ends up to mark the given range of pages as "reserved". It means the pages are reserved and will not be allocated to other users. The kernel still can see the pages, create linear mappings on them, even access them by linear mappings. </div><div><br></div><div>memblock_remove() removes a given memory from the "memblock.memory" list, it ends to removed from kernel's memory management system. The memory will not have page structure, no linear mapping on them. It prevents the memory from CPU accessing by the linear address. To access the memory (by CPU), you must use ioremap() to create a mapping to them.</div><div><br></div><div><br></div><div>MH Chen</div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Fri, Sep 9, 2016 at 5:29 PM, Nikhil Utane <span dir="ltr"><<a href="mailto:nikhil.subscribed@gmail.com" target="_blank">nikhil.subscribed@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div class="gmail_extra"><span style="color:rgb(36,39,41);font-family:arial,"helvetica neue",helvetica,sans-serif;font-size:15px;line-height:19.5px">Hi,</span></div><span><div class="gmail_extra"><span style="color:rgb(36,39,41);font-family:arial,"helvetica neue",helvetica,sans-serif;font-size:15px;line-height:19.5px"><br></span></div><div class="gmail_extra"><span style="color:rgb(36,39,41);font-family:arial,"helvetica neue",helvetica,sans-serif;font-size:15px;line-height:19.5px">I want to reserve a physical memory page with a fixed PFN. I do not want this page to be used by anyone else. I am calling memblock_reserve() to supposedly reserve the page. I am writing some content into this page. What I see is that during some runs the content of this page is modified (either fully or sometimes partially). In few runs, I see it as intact. Is it expected that even after calling memblock_reserve() the kernel can allocate this physical page for any other purpose? How is memblock_remove() different from memblock_reserve? I tried reading up but didn't see any useful information. What I understood is memblock_remove will completely remove from kernel's allocation mechanism. Should I then be using remove instead of reserve? </span><br></div><div class="gmail_extra"><span style="color:rgb(36,39,41);font-family:arial,"helvetica neue",helvetica,sans-serif;font-size:15px;line-height:19.5px"><br></span></div><div class="gmail_extra"><span style="color:rgb(36,39,41);font-family:arial,"helvetica neue",helvetica,sans-serif;font-size:15px;line-height:19.5px">-Thanks</span></div><div class="gmail_extra"><span style="color:rgb(36,39,41);font-family:arial,"helvetica neue",helvetica,sans-serif;font-size:15px;line-height:19.5px">Nikhil</span></div></span></div>
<br></div></div>______________________________<wbr>_________________<br>
Kernelnewbies mailing list<br>
<a href="mailto:Kernelnewbies@kernelnewbies.org" target="_blank">Kernelnewbies@kernelnewbies.or<wbr>g</a><br>
<a href="https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies" rel="noreferrer" target="_blank">https://lists.kernelnewbies.or<wbr>g/mailman/listinfo/kernelnewbi<wbr>es</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></span></div><br></div></div>
</blockquote></div><br></div>