drivers/irqchip/irq-gic-v5-irs.c | 3 +++ 1 file changed, 3 insertions(+)
L2 IST table entries are allocated with the kmalloc interface
and their physical addresses are programmed in the GIC (either
IST base address register or L1 IST table entries) but their
virtual addresses are not stored in any kernel data structure
because they are not needed at runtime - the L2 IST table entries
are managed through system instructions but never dereferenced
directly by the driver.
This triggers kmemleak false positive reports:
unreferenced object 0xffff00080039a000 (size 4096):
comm "swapper/0", pid 0, jiffies 4294892296
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 0):
kmemleak_alloc+0x34/0x40
__kmalloc_noprof+0x320/0x464
gicv5_irs_iste_alloc+0x1a4/0x484
gicv5_irq_lpi_domain_alloc+0xe4/0x194
irq_domain_alloc_irqs_parent+0x78/0xd8
gicv5_irq_ipi_domain_alloc+0x180/0x238
irq_domain_alloc_irqs_locked+0x238/0x7d4
__irq_domain_alloc_irqs+0x88/0x114
gicv5_of_init+0x284/0x37c
of_irq_init+0x3b8/0xb18
irqchip_init+0x18/0x40
init_IRQ+0x104/0x164
start_kernel+0x1a4/0x3d4
__primary_switched+0x8c/0x94
Instruct kmemleak to ignore L2 IST table memory allocation
virtual addresses to prevent these false positive reports.
Reported-by: Jinjie Ruan <ruanjinjie@huawei.com>
Closes: https://lore.kernel.org/lkml/cc611dda-d1e4-4793-9bb2-0eaa47277584@huawei.com/
Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Marc Zyngier <maz@kernel.org>
---
drivers/irqchip/irq-gic-v5-irs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/irqchip/irq-gic-v5-irs.c b/drivers/irqchip/irq-gic-v5-irs.c
index ad1435a858a4..e8a576f66366 100644
--- a/drivers/irqchip/irq-gic-v5-irs.c
+++ b/drivers/irqchip/irq-gic-v5-irs.c
@@ -5,6 +5,7 @@
#define pr_fmt(fmt) "GICv5 IRS: " fmt
+#include <linux/kmemleak.h>
#include <linux/log2.h>
#include <linux/of.h>
#include <linux/of_address.h>
@@ -117,6 +118,7 @@ static int __init gicv5_irs_init_ist_linear(struct gicv5_irs_chip_data *irs_data
kfree(ist);
return ret;
}
+ kmemleak_ignore(ist);
return 0;
}
@@ -232,6 +234,7 @@ int gicv5_irs_iste_alloc(const u32 lpi)
kfree(l2ist);
return ret;
}
+ kmemleak_ignore(l2ist);
/*
* Make sure we invalidate the cache line pulled before the IRS
--
2.48.0On Mon, Aug 11, 2025 at 03:50:01PM +0200, Lorenzo Pieralisi wrote: > diff --git a/drivers/irqchip/irq-gic-v5-irs.c b/drivers/irqchip/irq-gic-v5-irs.c > index ad1435a858a4..e8a576f66366 100644 > --- a/drivers/irqchip/irq-gic-v5-irs.c > +++ b/drivers/irqchip/irq-gic-v5-irs.c > @@ -5,6 +5,7 @@ > > #define pr_fmt(fmt) "GICv5 IRS: " fmt > > +#include <linux/kmemleak.h> > #include <linux/log2.h> > #include <linux/of.h> > #include <linux/of_address.h> > @@ -117,6 +118,7 @@ static int __init gicv5_irs_init_ist_linear(struct gicv5_irs_chip_data *irs_data > kfree(ist); > return ret; > } > + kmemleak_ignore(ist); Nit: if you ever respin, please add a short comment on why this is a false positive (easier to see it in the code than the git logs). > > return 0; > } > @@ -232,6 +234,7 @@ int gicv5_irs_iste_alloc(const u32 lpi) > kfree(l2ist); > return ret; > } > + kmemleak_ignore(l2ist); Same here. -- Catalin
On Tue, Aug 26, 2025 at 08:34:27PM +0100, Catalin Marinas wrote: > On Mon, Aug 11, 2025 at 03:50:01PM +0200, Lorenzo Pieralisi wrote: > > diff --git a/drivers/irqchip/irq-gic-v5-irs.c b/drivers/irqchip/irq-gic-v5-irs.c > > index ad1435a858a4..e8a576f66366 100644 > > --- a/drivers/irqchip/irq-gic-v5-irs.c > > +++ b/drivers/irqchip/irq-gic-v5-irs.c > > @@ -5,6 +5,7 @@ > > > > #define pr_fmt(fmt) "GICv5 IRS: " fmt > > > > +#include <linux/kmemleak.h> > > #include <linux/log2.h> > > #include <linux/of.h> > > #include <linux/of_address.h> > > @@ -117,6 +118,7 @@ static int __init gicv5_irs_init_ist_linear(struct gicv5_irs_chip_data *irs_data > > kfree(ist); > > return ret; > > } > > + kmemleak_ignore(ist); > > Nit: if you ever respin, please add a short comment on why this is a > false positive (easier to see it in the code than the git logs). It was merged as-is (have been away for a couple of weeks) but I can send a patch adding the comments to clarify the code as a follow-up. Thanks, Lorenzo > > > > return 0; > > } > > @@ -232,6 +234,7 @@ int gicv5_irs_iste_alloc(const u32 lpi) > > kfree(l2ist); > > return ret; > > } > > + kmemleak_ignore(l2ist); > > Same here. > > -- > Catalin
On Mon, Sep 08, 2025 at 03:26:54PM +0200, Lorenzo Pieralisi wrote: > On Tue, Aug 26, 2025 at 08:34:27PM +0100, Catalin Marinas wrote: > > On Mon, Aug 11, 2025 at 03:50:01PM +0200, Lorenzo Pieralisi wrote: > > > diff --git a/drivers/irqchip/irq-gic-v5-irs.c b/drivers/irqchip/irq-gic-v5-irs.c > > > index ad1435a858a4..e8a576f66366 100644 > > > --- a/drivers/irqchip/irq-gic-v5-irs.c > > > +++ b/drivers/irqchip/irq-gic-v5-irs.c > > > @@ -5,6 +5,7 @@ > > > > > > #define pr_fmt(fmt) "GICv5 IRS: " fmt > > > > > > +#include <linux/kmemleak.h> > > > #include <linux/log2.h> > > > #include <linux/of.h> > > > #include <linux/of_address.h> > > > @@ -117,6 +118,7 @@ static int __init gicv5_irs_init_ist_linear(struct gicv5_irs_chip_data *irs_data > > > kfree(ist); > > > return ret; > > > } > > > + kmemleak_ignore(ist); > > > > Nit: if you ever respin, please add a short comment on why this is a > > false positive (easier to see it in the code than the git logs). > > It was merged as-is (have been away for a couple of weeks) but I can send a > patch adding the comments to clarify the code as a follow-up. No need to. One can always do a git blame ;). -- Catalin
On 2025/8/11 21:50, Lorenzo Pieralisi wrote: > L2 IST table entries are allocated with the kmalloc interface > and their physical addresses are programmed in the GIC (either > IST base address register or L1 IST table entries) but their > virtual addresses are not stored in any kernel data structure > because they are not needed at runtime - the L2 IST table entries > are managed through system instructions but never dereferenced > directly by the driver. > [...] > > Reported-by: Jinjie Ruan <ruanjinjie@huawei.com> > Closes: https://lore.kernel.org/lkml/cc611dda-d1e4-4793-9bb2-0eaa47277584@huawei.com/ > Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org> > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Marc Zyngier <maz@kernel.org> > --- > drivers/irqchip/irq-gic-v5-irs.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/irqchip/irq-gic-v5-irs.c b/drivers/irqchip/irq-gic-v5-irs.c > index ad1435a858a4..e8a576f66366 100644 > --- a/drivers/irqchip/irq-gic-v5-irs.c > +++ b/drivers/irqchip/irq-gic-v5-irs.c > @@ -5,6 +5,7 @@ > > #define pr_fmt(fmt) "GICv5 IRS: " fmt > > +#include <linux/kmemleak.h> > #include <linux/log2.h> > #include <linux/of.h> > #include <linux/of_address.h> > @@ -117,6 +118,7 @@ static int __init gicv5_irs_init_ist_linear(struct gicv5_irs_chip_data *irs_data > kfree(ist); > return ret; > } > + kmemleak_ignore(ist); > > return 0; > } > @@ -232,6 +234,7 @@ int gicv5_irs_iste_alloc(const u32 lpi) > kfree(l2ist); > return ret; > } > + kmemleak_ignore(l2ist); Reviewed-by: Jinjie Ruan <ruanjinjie@huawei.com> > > /* > * Make sure we invalidate the cache line pulled before the IRS
On 2025/8/11 21:50, Lorenzo Pieralisi wrote: > L2 IST table entries are allocated with the kmalloc interface > and their physical addresses are programmed in the GIC (either > IST base address register or L1 IST table entries) but their > virtual addresses are not stored in any kernel data structure > because they are not needed at runtime - the L2 IST table entries > are managed through system instructions but never dereferenced > directly by the driver. > > This triggers kmemleak false positive reports: > > unreferenced object 0xffff00080039a000 (size 4096): > comm "swapper/0", pid 0, jiffies 4294892296 > hex dump (first 32 bytes): > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > backtrace (crc 0): > kmemleak_alloc+0x34/0x40 > __kmalloc_noprof+0x320/0x464 > gicv5_irs_iste_alloc+0x1a4/0x484 > gicv5_irq_lpi_domain_alloc+0xe4/0x194 > irq_domain_alloc_irqs_parent+0x78/0xd8 > gicv5_irq_ipi_domain_alloc+0x180/0x238 > irq_domain_alloc_irqs_locked+0x238/0x7d4 > __irq_domain_alloc_irqs+0x88/0x114 > gicv5_of_init+0x284/0x37c > of_irq_init+0x3b8/0xb18 > irqchip_init+0x18/0x40 > init_IRQ+0x104/0x164 > start_kernel+0x1a4/0x3d4 > __primary_switched+0x8c/0x94 > > Instruct kmemleak to ignore L2 IST table memory allocation > virtual addresses to prevent these false positive reports. > > Reported-by: Jinjie Ruan <ruanjinjie@huawei.com> > Closes: https://lore.kernel.org/lkml/cc611dda-d1e4-4793-9bb2-0eaa47277584@huawei.com/ > Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org> > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Marc Zyngier <maz@kernel.org> > --- > drivers/irqchip/irq-gic-v5-irs.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/irqchip/irq-gic-v5-irs.c b/drivers/irqchip/irq-gic-v5-irs.c > index ad1435a858a4..e8a576f66366 100644 > --- a/drivers/irqchip/irq-gic-v5-irs.c > +++ b/drivers/irqchip/irq-gic-v5-irs.c > @@ -5,6 +5,7 @@ > > #define pr_fmt(fmt) "GICv5 IRS: " fmt > > +#include <linux/kmemleak.h> > #include <linux/log2.h> > #include <linux/of.h> > #include <linux/of_address.h> > @@ -117,6 +118,7 @@ static int __init gicv5_irs_init_ist_linear(struct gicv5_irs_chip_data *irs_data > kfree(ist); > return ret; > } > + kmemleak_ignore(ist); > > return 0; > } > @@ -232,6 +234,7 @@ int gicv5_irs_iste_alloc(const u32 lpi) > kfree(l2ist); > return ret; > } > + kmemleak_ignore(l2ist); Reviewed-by: Zenghui Yu <yuzenghui@huawei.com> Thanks, Zenghui
On Mon, 11 Aug 2025 14:50:01 +0100, Lorenzo Pieralisi <lpieralisi@kernel.org> wrote: > > L2 IST table entries are allocated with the kmalloc interface > and their physical addresses are programmed in the GIC (either > IST base address register or L1 IST table entries) but their > virtual addresses are not stored in any kernel data structure > because they are not needed at runtime - the L2 IST table entries > are managed through system instructions but never dereferenced > directly by the driver. > > This triggers kmemleak false positive reports: > > unreferenced object 0xffff00080039a000 (size 4096): > comm "swapper/0", pid 0, jiffies 4294892296 > hex dump (first 32 bytes): > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ > backtrace (crc 0): > kmemleak_alloc+0x34/0x40 > __kmalloc_noprof+0x320/0x464 > gicv5_irs_iste_alloc+0x1a4/0x484 > gicv5_irq_lpi_domain_alloc+0xe4/0x194 > irq_domain_alloc_irqs_parent+0x78/0xd8 > gicv5_irq_ipi_domain_alloc+0x180/0x238 > irq_domain_alloc_irqs_locked+0x238/0x7d4 > __irq_domain_alloc_irqs+0x88/0x114 > gicv5_of_init+0x284/0x37c > of_irq_init+0x3b8/0xb18 > irqchip_init+0x18/0x40 > init_IRQ+0x104/0x164 > start_kernel+0x1a4/0x3d4 > __primary_switched+0x8c/0x94 > > Instruct kmemleak to ignore L2 IST table memory allocation > virtual addresses to prevent these false positive reports. > > Reported-by: Jinjie Ruan <ruanjinjie@huawei.com> > Closes: https://lore.kernel.org/lkml/cc611dda-d1e4-4793-9bb2-0eaa47277584@huawei.com/ > Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org> > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Marc Zyngier <maz@kernel.org> > --- > drivers/irqchip/irq-gic-v5-irs.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/irqchip/irq-gic-v5-irs.c b/drivers/irqchip/irq-gic-v5-irs.c > index ad1435a858a4..e8a576f66366 100644 > --- a/drivers/irqchip/irq-gic-v5-irs.c > +++ b/drivers/irqchip/irq-gic-v5-irs.c > @@ -5,6 +5,7 @@ > > #define pr_fmt(fmt) "GICv5 IRS: " fmt > > +#include <linux/kmemleak.h> > #include <linux/log2.h> > #include <linux/of.h> > #include <linux/of_address.h> > @@ -117,6 +118,7 @@ static int __init gicv5_irs_init_ist_linear(struct gicv5_irs_chip_data *irs_data > kfree(ist); > return ret; > } > + kmemleak_ignore(ist); > > return 0; > } > @@ -232,6 +234,7 @@ int gicv5_irs_iste_alloc(const u32 lpi) > kfree(l2ist); > return ret; > } > + kmemleak_ignore(l2ist); > > /* > * Make sure we invalidate the cache line pulled before the IRS Acked-by: Marc Zyngier <maz@kernel.org> M. -- Without deviation from the norm, progress is not possible.
The following commit has been merged into the irq/urgent branch of tip:
Commit-ID: 1a2cce5b91eeeac24104cbccd8cd3a4dfbdbaa7a
Gitweb: https://git.kernel.org/tip/1a2cce5b91eeeac24104cbccd8cd3a4dfbdbaa7a
Author: Lorenzo Pieralisi <lpieralisi@kernel.org>
AuthorDate: Mon, 11 Aug 2025 15:50:01 +02:00
Committer: Thomas Gleixner <tglx@linutronix.de>
CommitterDate: Sun, 24 Aug 2025 12:12:53 +02:00
irqchip/gic-v5: Fix kmemleak L2 IST table entries false positives
L2 IST table entries are allocated with the kmalloc interface and their
physical addresses are programmed in the GIC (either IST base address
register or L1 IST table entries) but their virtual addresses are not
stored in any kernel data structure because they are not needed at runtime
- the L2 IST table entries are managed through system instructions but
never dereferenced directly by the driver.
This triggers kmemleak false positive reports:
unreferenced object 0xffff00080039a000 (size 4096):
comm "swapper/0", pid 0, jiffies 4294892296
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 0):
kmemleak_alloc+0x34/0x40
__kmalloc_noprof+0x320/0x464
gicv5_irs_iste_alloc+0x1a4/0x484
gicv5_irq_lpi_domain_alloc+0xe4/0x194
irq_domain_alloc_irqs_parent+0x78/0xd8
gicv5_irq_ipi_domain_alloc+0x180/0x238
irq_domain_alloc_irqs_locked+0x238/0x7d4
__irq_domain_alloc_irqs+0x88/0x114
gicv5_of_init+0x284/0x37c
of_irq_init+0x3b8/0xb18
irqchip_init+0x18/0x40
init_IRQ+0x104/0x164
start_kernel+0x1a4/0x3d4
__primary_switched+0x8c/0x94
Instruct kmemleak to ignore L2 IST table memory allocation virtual
addresses to prevent these false positive reports.
Reported-by: Jinjie Ruan <ruanjinjie@huawei.com>
Signed-off-by: Lorenzo Pieralisi <lpieralisi@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Jinjie Ruan <ruanjinjie@huawei.com>
Reviewed-by: Zenghui Yu <yuzenghui@huawei.com>
Acked-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/all/20250811135001.1333684-1-lpieralisi@kernel.org
Closes: https://lore.kernel.org/lkml/cc611dda-d1e4-4793-9bb2-0eaa47277584@huawei.com/
---
drivers/irqchip/irq-gic-v5-irs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/irqchip/irq-gic-v5-irs.c b/drivers/irqchip/irq-gic-v5-irs.c
index f845415..ffc9773 100644
--- a/drivers/irqchip/irq-gic-v5-irs.c
+++ b/drivers/irqchip/irq-gic-v5-irs.c
@@ -5,6 +5,7 @@
#define pr_fmt(fmt) "GICv5 IRS: " fmt
+#include <linux/kmemleak.h>
#include <linux/log2.h>
#include <linux/of.h>
#include <linux/of_address.h>
@@ -117,6 +118,7 @@ static int __init gicv5_irs_init_ist_linear(struct gicv5_irs_chip_data *irs_data
kfree(ist);
return ret;
}
+ kmemleak_ignore(ist);
return 0;
}
@@ -232,6 +234,7 @@ int gicv5_irs_iste_alloc(const u32 lpi)
kfree(l2ist);
return ret;
}
+ kmemleak_ignore(l2ist);
/*
* Make sure we invalidate the cache line pulled before the IRS© 2016 - 2025 Red Hat, Inc.