Received: by 2002:a25:824b:0:0:0:0:0 with SMTP id d11csp1865050ybn;
        Thu, 26 Sep 2019 03:25:29 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwf6mluu0jtV/CFCYRvlN44224Urj66otDjix0VX4KwPwGvVt6+BLW3fAU6Krk+4toAmyx7
X-Received: by 2002:a50:d084:: with SMTP id v4mr2765482edd.48.1569493529789;
        Thu, 26 Sep 2019 03:25:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1569493529; cv=none;
        d=google.com; s=arc-20160816;
        b=juie1kKIM8BjI42Zf26ZuH5b/Ej30Vd2VK8xGMgLHSUBrQd7nTh8fK2yRqr05c5qUt
         O86TcKDhLPJB01G1hOz81AqGjQ/4nDhaktdcxMCpAA5CGp6+nDAda+4vSOLzGpORSZB1
         +8+xswUieBXcymGxi90Yx/PIU+8dR3IeIxbvsXLzPxFgMAC5hXAZ1ib7n5UGZov071tg
         8Vm01RoI+fxgSgnmPDrlS8VfkGKcs2RLdnJlwp5JDj9C6HncEz/2a4BvOYTrtlUFXg1e
         vST9gYOqyHuwYLyzmWUo5USPfjw/Mz3mEpgS93JelMn1sOVTfqr6qG9fMohG2JPmpFDE
         dPrw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=KaXwsUuxQNoBdPavLLbKNi1RzLWa+hxF63SJbL6YL9s=;
        b=guKmJ/RIBLVfUEoAdpr7TX64wkvjV5+pyNGtFFfcHEtic6mfKjX48a2PitSdvaPpsC
         Bmt3KILRFGTAwKuHh94D2revLl6JygJLLbi6Eud8Po6xawMatH9JCsRP+43o+8qn7jM6
         /RTR3UEXGTMELIVdkY28OO/Z/VHCyQKx+ApEJHI/8zNb4R+qAkllxLgnLDeyFZD7/5KV
         mcl63SmGSJp9Z1buIBEHTRb50EUvCyh+y6USf5Lv31oKjDqQY5zRwgTLTM41tFsEykAS
         ynt6mkWmGPBhF19wpuiZ+Zx/SC5EynuHiHU4F4y0FwkPGolIJgEWG10myHjAq9vs9VFF
         T37w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k32si1105597ede.244.2019.09.26.03.25.06;
        Thu, 26 Sep 2019 03:25:29 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731178AbfIZHnP (ORCPT <rfc822;vinadhy@gmail.com> + 99 others);
        Thu, 26 Sep 2019 03:43:15 -0400
Received: from mx2.suse.de ([195.135.220.15]:38512 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1728870AbfIZHnP (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 26 Sep 2019 03:43:15 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id 319C0AE65;
        Thu, 26 Sep 2019 07:43:13 +0000 (UTC)
Date:   Thu, 26 Sep 2019 09:43:12 +0200
From:   Michal Hocko <mhocko@kernel.org>
To:     David Hildenbrand <david@redhat.com>
Cc:     Alastair D'Silva <alastair@au1.ibm.com>, alastair@d-silva.org,
        Andrew Morton <akpm@linux-foundation.org>,
        Oscar Salvador <osalvador@suse.de>,
        Pavel Tatashin <pasha.tatashin@soleen.com>,
        Dan Williams <dan.j.williams@intel.com>, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4] memory_hotplug: Add a bounds check to __add_pages
Message-ID: <20190926074312.GD20255@dhcp22.suse.cz>
References: <20190926013406.16133-1-alastair@au1.ibm.com>
 <20190926013406.16133-2-alastair@au1.ibm.com>
 <8e00cf16-76b9-6655-86b6-288b454d6fe5@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <8e00cf16-76b9-6655-86b6-288b454d6fe5@redhat.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu 26-09-19 09:12:50, David Hildenbrand wrote:
> On 26.09.19 03:34, Alastair D'Silva wrote:
> > From: Alastair D'Silva <alastair@d-silva.org>
> > 
> > On PowerPC, the address ranges allocated to OpenCAPI LPC memory
> > are allocated from firmware. These address ranges may be higher
> > than what older kernels permit, as we increased the maximum
> > permissable address in commit 4ffe713b7587
> > ("powerpc/mm: Increase the max addressable memory to 2PB"). It is
> > possible that the addressable range may change again in the
> > future.
> > 
> > In this scenario, we end up with a bogus section returned from
> > __section_nr (see the discussion on the thread "mm: Trigger bug on
> > if a section is not found in __section_nr").
> > 
> > Adding a check here means that we fail early and have an
> > opportunity to handle the error gracefully, rather than rumbling
> > on and potentially accessing an incorrect section.
> > 
> > Further discussion is also on the thread ("powerpc: Perform a bounds
> > check in arch_add_memory")
> > http://lkml.kernel.org/r/20190827052047.31547-1-alastair@au1.ibm.com
> > 
> > Signed-off-by: Alastair D'Silva <alastair@d-silva.org>
> > ---
> >  mm/memory_hotplug.c | 20 ++++++++++++++++++++
> >  1 file changed, 20 insertions(+)
> > 
> > diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c
> > index c73f09913165..212804c0f7f5 100644
> > --- a/mm/memory_hotplug.c
> > +++ b/mm/memory_hotplug.c
> > @@ -278,6 +278,22 @@ static int check_pfn_span(unsigned long pfn, unsigned long nr_pages,
> >  	return 0;
> >  }
> >  
> > +static int check_hotplug_memory_addressable(unsigned long pfn,
> > +					    unsigned long nr_pages)
> > +{
> > +	unsigned long max_addr = ((pfn + nr_pages) << PAGE_SHIFT) - 1;
> > +
> > +	if (max_addr >> MAX_PHYSMEM_BITS) {
> > +		WARN(1,
> > +		     "Hotplugged memory exceeds maximum addressable address, range=%#lx-%#lx, maximum=%#lx\n",
> > +		     pfn << PAGE_SHIFT, max_addr,
> > +		     (1ul << (MAX_PHYSMEM_BITS + 1)) - 1);
> > +		return -E2BIG;
> > +	}
> > +
> > +	return 0;
> > +}
> > +
> >  /*
> >   * Reasonably generic function for adding memory.  It is
> >   * expected that archs that support memory hotplug will
> > @@ -291,6 +307,10 @@ int __ref __add_pages(int nid, unsigned long pfn, unsigned long nr_pages,
> >  	unsigned long nr, start_sec, end_sec;
> >  	struct vmem_altmap *altmap = restrictions->altmap;
> >  
> > +	err = check_hotplug_memory_addressable(pfn, nr_pages);
> > +	if (err)
> > +		return err;
> > +
> >  	if (altmap) {
> >  		/*
> >  		 * Validate altmap is within bounds of the total request
> > 
> 
> 
> I know Michal suggested this, but I still prefer checking early instead
> of when we're knees-deep into adding of memory.

What is your concern here? Unwinding the state should be pretty
straightfoward from this failure path.

-- 
Michal Hocko
SUSE Labs