Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1480943imm;
        Wed, 1 Aug 2018 17:15:44 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpfHb6bJeFid1uj3MXcNJWcybRtWVNnXT5LHFVefT+fBLzWNqjSm3LG8eaBRy21fhJmrhYsm
X-Received: by 2002:a17:902:d88d:: with SMTP id b13-v6mr399723plz.314.1533168944511;
        Wed, 01 Aug 2018 17:15:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1533168944; cv=none;
        d=google.com; s=arc-20160816;
        b=T09nbBg4xmFQ+WpRZELDYfgHsvYt+vK32M44eDO+bdgRCwVKTLa9hHmzJFzDFnPi+I
         LCKovXVIgrzXJUmEezRz0UsC9pIgmCIugPVBz+VdI5ZMxdR+fiehj0y7qofRzFfkTHtS
         NqznyaLFU6x2Vl7LDhJ+7cIT/MslS9+5sjLMw8+HT0/YaFcjk3Z9gFU9ZOPFTnzwHFzp
         f4S8ZBKIQN/DFD5vSW3zybtf/DMvhMMW8d/t6dmy6mPauAhUwAVON2n59oW1tMK0FbmI
         r+kjqLCUv4mhbS78LE/tqZ6qpgMx+yMQmeOSPLbnGmrADwmz5W7/OEQz2xm0nzTcRhWM
         rDoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:cc:to:from:date
         :arc-authentication-results;
        bh=Pse3oJ18gxZ+5E0PY9CUrhrpZ7HSnPM+ZuaSC3MF5aQ=;
        b=myFHDlbYxyu1XxB4Ry3k1JqoNv47LkuS26RS8Axeu+F+jF/p3X0I2B2XHADr9d3Jw1
         qC2EEJIWocJk7fV94O17vU2tNpthlqTCrzTHK7l541//CBFF9/ZPDF7Gx4BaUZBDJGuf
         31wXNB2rCQ3T8v2Hj/GzG+p4pHbw+UM9RP8MoXrDctxmY6eU8VNaFwodQRJhfrrP5KSP
         UDQJ10h9Zd7yWom2NAK+rCG5veKB5npmKG7odUIn1R4NIwEurZmKt6Jylt95tsDmxYhp
         BB8aaY0n6M7ulMPySPkKsjvQQegAA7JQcF7dtv81FjtWV7qB0CclJZCSUPtCS+h6id9A
         z1sg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b5-v6si417892pfa.116.2018.08.01.17.15.29;
        Wed, 01 Aug 2018 17:15:44 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731021AbeHBCCi (ORCPT <rfc822;krseo358@gmail.com> + 99 others);
        Wed, 1 Aug 2018 22:02:38 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:50906 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726796AbeHBCCh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 1 Aug 2018 22:02:37 -0400
Received: from akpm3.svl.corp.google.com (unknown [104.133.9.92])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 62208910;
        Thu,  2 Aug 2018 00:14:15 +0000 (UTC)
Date:   Wed, 1 Aug 2018 17:14:14 -0700
From:   Andrew Morton <akpm@linux-foundation.org>
To:     Jeremy Linton <jeremy.linton@arm.com>
Cc:     linux-mm@kvack.org, cl@linux.com, penberg@kernel.org,
        rientjes@google.com, iamjoonsoo.kim@lge.com, mhocko@suse.com,
        vbabka@suse.cz, Punit.Agrawal@arm.com, Lorenzo.Pieralisi@arm.com,
        linux-arm-kernel@lists.infradead.org, bhelgaas@google.com,
        linux-kernel@vger.kernel.org
Subject: Re: [RFC 0/2] harden alloc_pages against bogus nid
Message-Id: <20180801171414.30e54a106733ccaaa566388d@linux-foundation.org>
In-Reply-To: <d9f8e9d1-2fb8-6016-5081-7e3213b23ed4@arm.com>
References: <20180801200418.1325826-1-jeremy.linton@arm.com>
        <20180801145020.8c76a490c1bf9bef5f87078a@linux-foundation.org>
        <d9f8e9d1-2fb8-6016-5081-7e3213b23ed4@arm.com>
X-Mailer: Sylpheed 3.6.0 (GTK+ 2.24.31; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 1 Aug 2018 17:56:46 -0500 Jeremy Linton <jeremy.linton@arm.com> wrote:

> Hi,
> 
> On 08/01/2018 04:50 PM, Andrew Morton wrote:
> > On Wed,  1 Aug 2018 15:04:16 -0500 Jeremy Linton <jeremy.linton@arm.com> wrote:
> > 
> >> The thread "avoid alloc memory on offline node"
> >>
> >> https://lkml.org/lkml/2018/6/7/251
> >>
> >> Asked at one point why the kzalloc_node was crashing rather than
> >> returning memory from a valid node. The thread ended up fixing
> >> the immediate causes of the crash but left open the case of bad
> >> proximity values being in DSDT tables without corrisponding
> >> SRAT/SLIT entries as is happening on another machine.
> >>
> >> Its also easy to fix that, but we should also harden the allocator
> >> sufficiently that it doesn't crash when passed an invalid node id.
> >> There are a couple possible ways to do this, and i've attached two
> >> separate patches which individually fix that problem.
> >>
> >> The first detects the offline node before calling
> >> the new_slab code path when it becomes apparent that the allocation isn't
> >> going to succeed. The second actually hardens node_zonelist() and
> >> prepare_alloc_pages() in the face of NODE_DATA(nid) returning a NULL
> >> zonelist. This latter case happens if the node has never been initialized
> >> or is possibly out of range. There are other places (NODE_DATA &
> >> online_node) which should be checking if the node id's are > MAX_NUMNODES.
> >>
> > 
> > What is it that leads to a caller requesting memory from an invalid
> > node?  A race against offlining?  If so then that's a lack of
> > appropriate locking, isn't it?
> 
> There were a couple unrelated cases, both having to do with the PXN 
> associated with a PCI port. The first case AFAIK, the domain wasn't 
> really invalid if the entire SRAT was parsed and nodes created even when 
> there weren't associated CPUs. The second case (a different machine) is 
> simply a PXN value that is completely invalid (no associated 
> SLIT/SRAT/etc entries) due to firmware making a mistake when a socket 
> isn't populated.
> 
> There have been a few other suggested or merged patches for the 
> individual problems above, this set is just an attempt at avoiding a 
> full crash if/when another similar problem happens.

Please add the above info to the changelog.

> 
> > 
> > I don't see a problem with emitting a warning and then selecting a
> > different node so we can keep running.  But we do want that warning, so
> > we can understand the root cause and fix it?
> 
> Yes, we do want to know when an invalid id is passed, i will add the 
> VM_WARN in the first one.
> 
> The second one I wasn't sure about as failing prepare_alloc_pages() 
> generates a couple of error messages, but the system then continues 
> operation.
> 
> I guess my question though is which method (or both/something else?) is 
> the preferred way to harden this up?

The first patch looked neater.  Can we get a WARN_ON in there as well?