From: Alastair D'Silva <[email protected]>
This series adds bounds checks for hotplugged memory, ensuring that
it is within the physically addressable range (for platforms that
define MAX_(POSSIBLE_)PHYSMEM_BITS.
This allows for early failure, rather than attempting to access
bogus section numbers.
Changelog:
V4:
- Relocate call to __add_pages
- Add a warning when the addressable check fails
V3:
- Perform the addressable check before we take the hotplug lock
V2:
- Don't use MAX_POSSIBLE_PHYSMEM_BITS as it's wider that what
may be available
Alastair D'Silva (1):
memory_hotplug: Add a bounds check to __add_pages
mm/memory_hotplug.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
--
2.21.0
From: Alastair D'Silva <[email protected]>
On PowerPC, the address ranges allocated to OpenCAPI LPC memory
are allocated from firmware. These address ranges may be higher
than what older kernels permit, as we increased the maximum
permissable address in commit 4ffe713b7587
("powerpc/mm: Increase the max addressable memory to 2PB"). It is
possible that the addressable range may change again in the
future.
In this scenario, we end up with a bogus section returned from
__section_nr (see the discussion on the thread "mm: Trigger bug on
if a section is not found in __section_nr").
Adding a check here means that we fail early and have an
opportunity to handle the error gracefully, rather than rumbling
on and potentially accessing an incorrect section.
Further discussion is also on the thread ("powerpc: Perform a bounds
check in arch_add_memory")
http://lkml.kernel.org/r/[email protected]
Signed-off-by: Alastair D'Silva <[email protected]>
---
mm/memory_hotplug.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c
index c73f09913165..212804c0f7f5 100644
--- a/mm/memory_hotplug.c
+++ b/mm/memory_hotplug.c
@@ -278,6 +278,22 @@ static int check_pfn_span(unsigned long pfn, unsigned long nr_pages,
return 0;
}
+static int check_hotplug_memory_addressable(unsigned long pfn,
+ unsigned long nr_pages)
+{
+ unsigned long max_addr = ((pfn + nr_pages) << PAGE_SHIFT) - 1;
+
+ if (max_addr >> MAX_PHYSMEM_BITS) {
+ WARN(1,
+ "Hotplugged memory exceeds maximum addressable address, range=%#lx-%#lx, maximum=%#lx\n",
+ pfn << PAGE_SHIFT, max_addr,
+ (1ul << (MAX_PHYSMEM_BITS + 1)) - 1);
+ return -E2BIG;
+ }
+
+ return 0;
+}
+
/*
* Reasonably generic function for adding memory. It is
* expected that archs that support memory hotplug will
@@ -291,6 +307,10 @@ int __ref __add_pages(int nid, unsigned long pfn, unsigned long nr_pages,
unsigned long nr, start_sec, end_sec;
struct vmem_altmap *altmap = restrictions->altmap;
+ err = check_hotplug_memory_addressable(pfn, nr_pages);
+ if (err)
+ return err;
+
if (altmap) {
/*
* Validate altmap is within bounds of the total request
--
2.21.0
Hi Alastair,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on linus/master]
[cannot apply to v5.3 next-20190925]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Alastair-D-Silva/memory_hotplug-Add-a-bounds-check-to-__add_pages/20190926-094437
config: i386-randconfig-g004-201938 (attached as .config)
compiler: gcc-7 (Debian 7.4.0-13) 7.4.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <[email protected]>
All warnings (new ones prefixed by >>):
mm/memory_hotplug.c: In function 'check_hotplug_memory_addressable':
>> mm/memory_hotplug.c:286:15: warning: right shift count >= width of type [-Wshift-count-overflow]
if (max_addr >> MAX_PHYSMEM_BITS) {
^~
In file included from arch/x86/include/asm/bug.h:83:0,
from include/linux/bug.h:5,
from include/linux/mmdebug.h:5,
from include/linux/mm.h:9,
from mm/memory_hotplug.c:9:
>> mm/memory_hotplug.c:290:13: warning: left shift count >= width of type [-Wshift-count-overflow]
(1ul << (MAX_PHYSMEM_BITS + 1)) - 1);
^
include/asm-generic/bug.h:112:21: note: in definition of macro '__WARN_printf_taint'
do { __warn_printk(arg); __WARN_TAINT(taint); } while (0)
^~~
include/asm-generic/bug.h:135:3: note: in expansion of macro '__WARN_printf'
__WARN_printf(format); \
^~~~~~~~~~~~~
>> mm/memory_hotplug.c:287:3: note: in expansion of macro 'WARN'
WARN(1,
^~~~
vim +286 mm/memory_hotplug.c
280
281 static int check_hotplug_memory_addressable(unsigned long pfn,
282 unsigned long nr_pages)
283 {
284 unsigned long max_addr = ((pfn + nr_pages) << PAGE_SHIFT) - 1;
285
> 286 if (max_addr >> MAX_PHYSMEM_BITS) {
> 287 WARN(1,
288 "Hotplugged memory exceeds maximum addressable address, range=%#lx-%#lx, maximum=%#lx\n",
289 pfn << PAGE_SHIFT, max_addr,
> 290 (1ul << (MAX_PHYSMEM_BITS + 1)) - 1);
291 return -E2BIG;
292 }
293
294 return 0;
295 }
296
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation