Re: [PATCH v7 1/1] memory_hotplug: Add a bounds check to __add_pages
On Tue 01-10-19 10:46:15, Alastair D'Silva wrote: > From: Alastair D'Silva > > On PowerPC, the address ranges allocated to OpenCAPI LPC memory > are allocated from firmware. These address ranges may be higher > than what older kernels permit, as we increased the maximum > permissable address in commit 4ffe713b7587 > ("powerpc/mm: Increase the max addressable memory to 2PB"). It is > possible that the addressable range may change again in the > future. > > In this scenario, we end up with a bogus section returned from > __section_nr (see the discussion on the thread "mm: Trigger bug on > if a section is not found in __section_nr"). > > Adding a check here means that we fail early and have an > opportunity to handle the error gracefully, rather than rumbling > on and potentially accessing an incorrect section. > > Further discussion is also on the thread ("powerpc: Perform a bounds > check in arch_add_memory") > http://lkml.kernel.org/r/20190827052047.31547-1-alast...@au1.ibm.com > > Signed-off-by: Alastair D'Silva I am sorry to come late to the party. This looks better. Acked-by: Michal Hocko Thanks! > --- > mm/memory_hotplug.c | 20 > 1 file changed, 20 insertions(+) > > diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c > index c73f09913165..5af9f4466ad1 100644 > --- a/mm/memory_hotplug.c > +++ b/mm/memory_hotplug.c > @@ -278,6 +278,22 @@ static int check_pfn_span(unsigned long pfn, unsigned > long nr_pages, > return 0; > } > > +static int check_hotplug_memory_addressable(unsigned long pfn, > + unsigned long nr_pages) > +{ > + const u64 max_addr = PFN_PHYS(pfn + nr_pages) - 1; > + > + if (max_addr >> MAX_PHYSMEM_BITS) { > + const u64 max_allowed = (1ull << (MAX_PHYSMEM_BITS + 1)) - 1; > + WARN(1, > + "Hotplugged memory exceeds maximum addressable address, > range=%#llx-%#llx, maximum=%#llx\n", > + (u64)PFN_PHYS(pfn), max_addr, max_allowed); > + return -E2BIG; > + } > + > + return 0; > +} > + > /* > * Reasonably generic function for adding memory. It is > * expected that archs that support memory hotplug will > @@ -291,6 +307,10 @@ int __ref __add_pages(int nid, unsigned long pfn, > unsigned long nr_pages, > unsigned long nr, start_sec, end_sec; > struct vmem_altmap *altmap = restrictions->altmap; > > + err = check_hotplug_memory_addressable(pfn, nr_pages); > + if (err) > + return err; > + > if (altmap) { > /* >* Validate altmap is within bounds of the total request > -- > 2.21.0 -- Michal Hocko SUSE Labs
RE: [PATCH v7 1/1] memory_hotplug: Add a bounds check to __add_pages
On Wed, 2019-10-02 at 15:14 -0700, Andrew Morton wrote: > On Tue, 1 Oct 2019 11:49:47 +0200 David Hildenbrand > wrote: > > > > @@ -278,6 +278,22 @@ static int check_pfn_span(unsigned long pfn, > > > unsigned long nr_pages, > > > return 0; > > > } > > > > > > +static int check_hotplug_memory_addressable(unsigned long pfn, > > > + unsigned long nr_pages) > > > +{ > > > + const u64 max_addr = PFN_PHYS(pfn + nr_pages) - 1; > > > + > > > + if (max_addr >> MAX_PHYSMEM_BITS) { > > > + const u64 max_allowed = (1ull << (MAX_PHYSMEM_BITS + > > > 1)) - 1; > > > + WARN(1, > > > + "Hotplugged memory exceeds maximum addressable > > > address, range=%#llx-%#llx, maximum=%#llx\n", > > > + (u64)PFN_PHYS(pfn), max_addr, max_allowed); > > > + return -E2BIG; > > > + } > > > + > > > + return 0; > > > +} > > > + > > > /* > > > * Reasonably generic function for adding memory. It is > > > * expected that archs that support memory hotplug will > > > @@ -291,6 +307,10 @@ int __ref __add_pages(int nid, unsigned long > > > pfn, unsigned long nr_pages, > > > unsigned long nr, start_sec, end_sec; > > > struct vmem_altmap *altmap = restrictions->altmap; > > > > > > + err = check_hotplug_memory_addressable(pfn, nr_pages); > > > + if (err) > > > + return err; > > > + > > > if (altmap) { > > > /* > > >* Validate altmap is within bounds of the total > > > request > > > > > > > I actually wanted to give my RB to v7, not v6 :) > > > > Given that check_hotplug_memory_addressable() is now static, I'll > assume that the old [2/2] > mm-add-a-bounds-check-in-devm_memremap_pages.patch is now obsolete. > Yes, please ignore that whole series. > From: Alastair D'Silva > Subject: mm/memremap.c: add a bounds check in devm_memremap_pages() > > The call to check_hotplug_memory_addressable() validates that the > memory > is fully addressable. > > Without this call, it is possible that we may remap pages that is not > physically addressable, resulting in bogus section numbers being > returned > from __section_nr(). > > Link: > https://urldefense.proofpoint.com/v2/url?u=http-3A__lkml.kernel.org_r_20190917010752.28395-2D3-2Dalastair-40au1.ibm.com=DwICAg=jf_iaSHvJObTbx-siA1ZOg=cT4tgeEQ0Ll3SIlZDHE5AEXyKy6uKADMtf9_Eb7-vec=pVid6q3tQNfU2PQborLw8oYmNm9naF133dZ8AJ5lW9A=51ZuQa-kwRu8vW9vt5OgxjaIMWm4_n-aqp5xMSdkI4k= > > Signed-off-by: Alastair D'Silva > Acked-by: David Hildenbrand > Cc: Dan Williams > Cc: Ira Weiny > Cc: Jason Gunthorpe > Cc: Logan Gunthorpe > Cc: Michal Hocko > Cc: Oscar Salvador > Cc: Pavel Tatashin > Cc: Qian Cai > Cc: Wei Yang > Signed-off-by: Andrew Morton > --- > > mm/memremap.c |5 + > 1 file changed, 5 insertions(+) > > --- a/mm/memremap.c~mm-add-a-bounds-check-in-devm_memremap_pages > +++ a/mm/memremap.c > @@ -185,6 +185,11 @@ void *memremap_pages(struct dev_pagemap > int error, is_ram; > bool need_devmap_managed = true; > > + error = check_hotplug_memory_addressable(res->start, > + resource_size(res)); > + if (error) > + return ERR_PTR(error); > + > switch (pgmap->type) { > case MEMORY_DEVICE_PRIVATE: > if (!IS_ENABLED(CONFIG_DEVICE_PRIVATE)) { > _ > -- Alastair D'Silva Open Source Developer Linux Technology Centre, IBM Australia mob: 0423 762 819
Re: [PATCH v7 1/1] memory_hotplug: Add a bounds check to __add_pages
On Tue, 1 Oct 2019 11:49:47 +0200 David Hildenbrand wrote: > > @@ -278,6 +278,22 @@ static int check_pfn_span(unsigned long pfn, unsigned > > long nr_pages, > > return 0; > > } > > > > +static int check_hotplug_memory_addressable(unsigned long pfn, > > + unsigned long nr_pages) > > +{ > > + const u64 max_addr = PFN_PHYS(pfn + nr_pages) - 1; > > + > > + if (max_addr >> MAX_PHYSMEM_BITS) { > > + const u64 max_allowed = (1ull << (MAX_PHYSMEM_BITS + 1)) - 1; > > + WARN(1, > > +"Hotplugged memory exceeds maximum addressable address, > > range=%#llx-%#llx, maximum=%#llx\n", > > +(u64)PFN_PHYS(pfn), max_addr, max_allowed); > > + return -E2BIG; > > + } > > + > > + return 0; > > +} > > + > > /* > > * Reasonably generic function for adding memory. It is > > * expected that archs that support memory hotplug will > > @@ -291,6 +307,10 @@ int __ref __add_pages(int nid, unsigned long pfn, > > unsigned long nr_pages, > > unsigned long nr, start_sec, end_sec; > > struct vmem_altmap *altmap = restrictions->altmap; > > > > + err = check_hotplug_memory_addressable(pfn, nr_pages); > > + if (err) > > + return err; > > + > > if (altmap) { > > /* > > * Validate altmap is within bounds of the total request > > > > I actually wanted to give my RB to v7, not v6 :) > Given that check_hotplug_memory_addressable() is now static, I'll assume that the old [2/2] mm-add-a-bounds-check-in-devm_memremap_pages.patch is now obsolete. From: Alastair D'Silva Subject: mm/memremap.c: add a bounds check in devm_memremap_pages() The call to check_hotplug_memory_addressable() validates that the memory is fully addressable. Without this call, it is possible that we may remap pages that is not physically addressable, resulting in bogus section numbers being returned from __section_nr(). Link: http://lkml.kernel.org/r/20190917010752.28395-3-alast...@au1.ibm.com Signed-off-by: Alastair D'Silva Acked-by: David Hildenbrand Cc: Dan Williams Cc: Ira Weiny Cc: Jason Gunthorpe Cc: Logan Gunthorpe Cc: Michal Hocko Cc: Oscar Salvador Cc: Pavel Tatashin Cc: Qian Cai Cc: Wei Yang Signed-off-by: Andrew Morton --- mm/memremap.c |5 + 1 file changed, 5 insertions(+) --- a/mm/memremap.c~mm-add-a-bounds-check-in-devm_memremap_pages +++ a/mm/memremap.c @@ -185,6 +185,11 @@ void *memremap_pages(struct dev_pagemap int error, is_ram; bool need_devmap_managed = true; + error = check_hotplug_memory_addressable(res->start, +resource_size(res)); + if (error) + return ERR_PTR(error); + switch (pgmap->type) { case MEMORY_DEVICE_PRIVATE: if (!IS_ENABLED(CONFIG_DEVICE_PRIVATE)) { _
Re: [PATCH v7 1/1] memory_hotplug: Add a bounds check to __add_pages
On 01.10.19 02:46, Alastair D'Silva wrote: > From: Alastair D'Silva > > On PowerPC, the address ranges allocated to OpenCAPI LPC memory > are allocated from firmware. These address ranges may be higher > than what older kernels permit, as we increased the maximum > permissable address in commit 4ffe713b7587 > ("powerpc/mm: Increase the max addressable memory to 2PB"). It is > possible that the addressable range may change again in the > future. > > In this scenario, we end up with a bogus section returned from > __section_nr (see the discussion on the thread "mm: Trigger bug on > if a section is not found in __section_nr"). > > Adding a check here means that we fail early and have an > opportunity to handle the error gracefully, rather than rumbling > on and potentially accessing an incorrect section. > > Further discussion is also on the thread ("powerpc: Perform a bounds > check in arch_add_memory") > http://lkml.kernel.org/r/20190827052047.31547-1-alast...@au1.ibm.com > > Signed-off-by: Alastair D'Silva > --- > mm/memory_hotplug.c | 20 > 1 file changed, 20 insertions(+) > > diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c > index c73f09913165..5af9f4466ad1 100644 > --- a/mm/memory_hotplug.c > +++ b/mm/memory_hotplug.c > @@ -278,6 +278,22 @@ static int check_pfn_span(unsigned long pfn, unsigned > long nr_pages, > return 0; > } > > +static int check_hotplug_memory_addressable(unsigned long pfn, > + unsigned long nr_pages) > +{ > + const u64 max_addr = PFN_PHYS(pfn + nr_pages) - 1; > + > + if (max_addr >> MAX_PHYSMEM_BITS) { > + const u64 max_allowed = (1ull << (MAX_PHYSMEM_BITS + 1)) - 1; > + WARN(1, > + "Hotplugged memory exceeds maximum addressable address, > range=%#llx-%#llx, maximum=%#llx\n", > + (u64)PFN_PHYS(pfn), max_addr, max_allowed); > + return -E2BIG; > + } > + > + return 0; > +} > + > /* > * Reasonably generic function for adding memory. It is > * expected that archs that support memory hotplug will > @@ -291,6 +307,10 @@ int __ref __add_pages(int nid, unsigned long pfn, > unsigned long nr_pages, > unsigned long nr, start_sec, end_sec; > struct vmem_altmap *altmap = restrictions->altmap; > > + err = check_hotplug_memory_addressable(pfn, nr_pages); > + if (err) > + return err; > + > if (altmap) { > /* >* Validate altmap is within bounds of the total request > I actually wanted to give my RB to v7, not v6 :) Reviewed-by: David Hildenbrand -- Thanks, David / dhildenb
[PATCH v7 1/1] memory_hotplug: Add a bounds check to __add_pages
From: Alastair D'Silva On PowerPC, the address ranges allocated to OpenCAPI LPC memory are allocated from firmware. These address ranges may be higher than what older kernels permit, as we increased the maximum permissable address in commit 4ffe713b7587 ("powerpc/mm: Increase the max addressable memory to 2PB"). It is possible that the addressable range may change again in the future. In this scenario, we end up with a bogus section returned from __section_nr (see the discussion on the thread "mm: Trigger bug on if a section is not found in __section_nr"). Adding a check here means that we fail early and have an opportunity to handle the error gracefully, rather than rumbling on and potentially accessing an incorrect section. Further discussion is also on the thread ("powerpc: Perform a bounds check in arch_add_memory") http://lkml.kernel.org/r/20190827052047.31547-1-alast...@au1.ibm.com Signed-off-by: Alastair D'Silva --- mm/memory_hotplug.c | 20 1 file changed, 20 insertions(+) diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index c73f09913165..5af9f4466ad1 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -278,6 +278,22 @@ static int check_pfn_span(unsigned long pfn, unsigned long nr_pages, return 0; } +static int check_hotplug_memory_addressable(unsigned long pfn, + unsigned long nr_pages) +{ + const u64 max_addr = PFN_PHYS(pfn + nr_pages) - 1; + + if (max_addr >> MAX_PHYSMEM_BITS) { + const u64 max_allowed = (1ull << (MAX_PHYSMEM_BITS + 1)) - 1; + WARN(1, +"Hotplugged memory exceeds maximum addressable address, range=%#llx-%#llx, maximum=%#llx\n", +(u64)PFN_PHYS(pfn), max_addr, max_allowed); + return -E2BIG; + } + + return 0; +} + /* * Reasonably generic function for adding memory. It is * expected that archs that support memory hotplug will @@ -291,6 +307,10 @@ int __ref __add_pages(int nid, unsigned long pfn, unsigned long nr_pages, unsigned long nr, start_sec, end_sec; struct vmem_altmap *altmap = restrictions->altmap; + err = check_hotplug_memory_addressable(pfn, nr_pages); + if (err) + return err; + if (altmap) { /* * Validate altmap is within bounds of the total request -- 2.21.0