From nobody Fri Mar 21 13:25:17 2025 X-Original-To: current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZK38x6NMJz5rDJM for ; Fri, 21 Mar 2025 13:25:21 +0000 (UTC) (envelope-from bz@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZK38x5Sdcz3ltP; Fri, 21 Mar 2025 13:25:21 +0000 (UTC) (envelope-from bz@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1742563521; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=+UxKW42geBEFLIMFjjT4dhCchFM5FzX2JFd5ZDjmCHc=; b=nr/6y71BKg7VT0kQi1HZp9egGcD3WetU1ZdrLyrckuig4o4uoZR+sEgzb7TIWCVWAKcYV/ 1R7PSwwGMvnt7Q1fjNn76HMjR7Me5/ygXShGrP0C7jPH/flYL6SIw41hnZEl03v1Qxrl0P gsDg6xxa+24dzvxUGVUZ/6PmaH9hb/d/68GDxg6zWLe5OLXbY4LDOjO30I9HHmSUcN5H6j /IQ1QlbVtz1b7trgG1XjUxF9SzNNwlhgD7JZ/mdEfEulXZIJF6hiCRmwHHOZY2I+jSgAZb PqDEY/hyYLsTTk9P5CIAXKNL9TuobM/M1Wkz7RLlbcLqD8pAz8Vq2ECSu+V8ZA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1742563521; a=rsa-sha256; cv=none; b=GeVwHODJAdby2xo5Ydgof/ph8XS2usprno5TRu1y8/Ie5r0fzAGv5S1UIejFr5TzyReI0S WJflRQX3FGXZ/VF3Jajjgu64FFuS75C2MZ2hIiQPSjOY3F/Y4jOoWe0EhURmy8fEXA2zLf ZaviUORZY7LYXIfpb+9e8JOnbyG6tfqt8kXZWijBA3AFCje0k4c9OHPG/6v2OQsXOde8ev TyD4lMMTMcfZLad3lKJDRX/m1dqpRhPLG8VuFqX52BCYMl/wq2eI0vlXI2xDAUd4ltbGKD lShYEfA0/sOCKaukD1ir6Dm7Lle50p/0mGVIUTTE20XOpGpf4Oe0RNnXvRCFKw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1742563521; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=+UxKW42geBEFLIMFjjT4dhCchFM5FzX2JFd5ZDjmCHc=; b=cVmuIOlE2+7ZiCra/Zp/9mRgPRoKWkg5V9o/08JohNqM5RRohKqKVrx5RF2+i7LJfUOmKT tY34v3nBr18pMP1r7isEzcDwTpprHSU5t4vwiSNESVLYpOtbJZ5xCcW2EJTuj5banla6zV qX8B5qVci4PAnJuAB/kqsqESv66pmv1EUBVcZjCc6qFtqVl0iZgZUM9Q/0w0eODNBtgq69 HM95rcS+MbHaLKDStxJfWjP2uyKrG7X9gmwSL+XzWPKFejXX65+1eMLKQzXCW2sOJZYDNx uwz7Q6tqH2Xi1Ml1957VFMoLip8N9KTiKlVJKVq1Xt41y9nju2MKsxUXyQtJPA== Received: from mx-01.divo.sbone.de (mx-01.divo.sbone.de [IPv6:2003:a:140a:2200:6:594:fffe:19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (prime256v1) client-digest SHA256) (Client CN "mx-01.divo.sbone.de", Issuer "E5" (verified OK)) (Authenticated sender: bz/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4ZK38x3y15zp0c; Fri, 21 Mar 2025 13:25:21 +0000 (UTC) (envelope-from bz@freebsd.org) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:1025]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by mx-01.divo.sbone.de (Postfix) with ESMTPS id 7BBAFA64805; Fri, 21 Mar 2025 13:25:17 +0000 (UTC) Received: from content-filter.t4-02.sbone.de (content-filter.t4-02.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:2742]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id B95AE2D029E0; Fri, 21 Mar 2025 13:25:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:4902:0:7404:2:1025]) by content-filter.t4-02.sbone.de (content-filter.t4-02.sbone.de [IPv6:fde9:577b:c1a9:4902:0:7404:2:2742]) (amavisd-new, port 10024) with ESMTP id 4WH1Moi_xzbW; Fri, 21 Mar 2025 13:25:18 +0000 (UTC) Received: from strong-rtwn1.sbone.de (strong-rtwn1.sbone.de [IPv6:fde9:577b:c1a9:4902:821f:2ff:feef:e8d5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 3C8742D029D8; Fri, 21 Mar 2025 13:25:18 +0000 (UTC) Date: Fri, 21 Mar 2025 13:25:17 +0000 (UTC) From: "Bjoern A. Zeeb" To: Gleb Smirnoff cc: David Wolfskill , current@freebsd.org, Mark Johnston , Konstantin Belousov , John Baldwin Subject: Re: Possible video driver issue after main-n275966-d2a55e6a9348 -> main-n275975-5963423232e8 In-Reply-To: Message-ID: <5p208nr9-so82-9971-070n-pp2ssq4np31s@serrofq.bet> References: <01qqq28n-p1s3-n82q-9n1s-7o900ro5n62q@SerrOFQ.bet> X-OpenPGP-Key-Id: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII On Fri, 21 Mar 2025, Gleb Smirnoff wrote: > On Thu, Mar 20, 2025 at 07:52:19PM +0000, Bjoern A. Zeeb wrote: > B> He's hitting a ... somewhere in i915kms.ko (here's the two instances I > B> have): > B> REDZONE: Buffer underflow detected. 16 bytes corrupted before 0xfffffe089bc65000 (262148 bytes allocated). > B> REDZONE: Buffer underflow detected. 16 bytes corrupted before 0xfffffe08a7e70000 (262148 bytes allocated). > > I looked a bit into the problem and it actually seems very trivial to me. > Please re-check my observations. > > A contigmalloc(9) allocation doesn't get redzone protection, see kern_malloc.c. > But free(9) always does contigmalloc check. This makes deprecation of > contigfree(9) incompatible with redzone(9). And looks like > 19df0c5abcb9d4e951e610b6de98d4d8a00bd5f9 is our first bump into this sad fact. > > Added reviewers of d1bdc2821fcd416ab9b238580386eb605a6128d0 to Cc. Wow how did we run 8 months in main and stable/14 with this and another 100+ contigmallocs in base inckl. all wifi skbs for rtw88 and others, hyperv, iommu, vmm, busdma bounce code, qat, virtio, netmap, ... are these all (but skbuffs) alloc once and never really free again calls? I thought REDZONE uses a 0x42 pattern to guard and I am sure I do run debug kernels (main/GENERIC) for development. I should have hit that from day one. I ran 78 millions packet through the skbuff code using contigmalloc the other day. In addition to fixing, can someone explain why this didn't go kaboom? Ok, I found the answer: % grep -r DEBUG_REDZONE sys/*/conf/ sys/conf/std.debug sys/conf/NOTES sys/conf/NOTES:# DEBUG_REDZONE enables buffer underflows and buffer overflows detection for sys/conf/NOTES:options DEBUG_REDZONE I went and checked as I was sure it was in kernel configs before; but I see that was only mips (at least for 13.0 which was the oldest branch I had around). Sigh, my fault as probably no one ever tested this then as no one boots LINT kernels. And also explains why Trond said iwlwifi also wasn't happy. Thanks a lot for spotting this, I honestly didn't think about looking there anymore after exercising 8 months of conntigmalloc. But also means it is only a bug if someone turns on REDZONE and otherwise no problem at all. Lots of joy, Bjoern PS: it had another positive thing from drm-kmod hopefully as I discovered other things while debugging but that belongs elsewhere. -- Bjoern A. Zeeb r15:7