Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Message-ID: <d98c05cde18e6f64afa98d6d771399c8e4883eb8.camel@d-silva.org>
Subject: Re: [PATCH v4] memory_hotplug: Add a bounds check to __add_pages
From:   "Alastair D'Silva" <alastair@d-silva.org>
To:     Oscar Salvador <osalvador@suse.de>
Cc:     Andrew Morton <akpm@linux-foundation.org>,
        Michal Hocko <mhocko@suse.com>,
        David Hildenbrand <david@redhat.com>,
        Pavel Tatashin <pasha.tatashin@soleen.com>,
        Dan Williams <dan.j.williams@intel.com>, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org
Date:   Fri, 27 Sep 2019 15:14:05 +1000
In-Reply-To: <20190926075307.GB17200@linux>
References: <20190926013406.16133-1-alastair@au1.ibm.com>
         <20190926013406.16133-2-alastair@au1.ibm.com>
         <20190926075307.GB17200@linux>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.32.4 (3.32.4-1.fc30) 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

On Thu, 2019-09-26 at 09:53 +0200, Oscar Salvador wrote:
> On Thu, Sep 26, 2019 at 11:34:05AM +1000, Alastair D'Silva wrote:
> > From: Alastair D'Silva <alastair@d-silva.org>
> > 
> > On PowerPC, the address ranges allocated to OpenCAPI LPC memory
> > are allocated from firmware. These address ranges may be higher
> > than what older kernels permit, as we increased the maximum
> > permissable address in commit 4ffe713b7587
> > ("powerpc/mm: Increase the max addressable memory to 2PB"). It is
> > possible that the addressable range may change again in the
> > future.
> > 
> > In this scenario, we end up with a bogus section returned from
> > __section_nr (see the discussion on the thread "mm: Trigger bug on
> > if a section is not found in __section_nr").
> > 
> > Adding a check here means that we fail early and have an
> > opportunity to handle the error gracefully, rather than rumbling
> > on and potentially accessing an incorrect section.
> > 
> > Further discussion is also on the thread ("powerpc: Perform a
> > bounds
> > check in arch_add_memory")
> > http://lkml.kernel.org/r/20190827052047.31547-1-alastair@au1.ibm.com
> > 
> > Signed-off-by: Alastair D'Silva <alastair@d-silva.org>
> 
> Reviewed-by: Oscar Salvador <osalvador@suse.de>
> 
> Just a nit-picking below:
> 
> > ---
> >  mm/memory_hotplug.c | 20 ++++++++++++++++++++
> >  1 file changed, 20 insertions(+)
> > 
> > diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c
> > index c73f09913165..212804c0f7f5 100644
> > --- a/mm/memory_hotplug.c
> > +++ b/mm/memory_hotplug.c
> > @@ -278,6 +278,22 @@ static int check_pfn_span(unsigned long pfn,
> > unsigned long nr_pages,
> >  	return 0;
> >  }
> >  
> > +static int check_hotplug_memory_addressable(unsigned long pfn,
> > +					    unsigned long nr_pages)
> > +{
> > +	unsigned long max_addr = ((pfn + nr_pages) << PAGE_SHIFT) - 1;
> 
> I would use PFN_PHYS instead:
> 
> 	unsigned long max_addr = PFN_PHYS(pfn + nr_pages) - 1;
> 
> > +
> > +	if (max_addr >> MAX_PHYSMEM_BITS) {
> > +		WARN(1,
> > +		     "Hotplugged memory exceeds maximum addressable
> > address, range=%#lx-%#lx, maximum=%#lx\n",
> > +		     pfn << PAGE_SHIFT, max_addr,
> 
> Same here.
> 
> > +		     (1ul << (MAX_PHYSMEM_BITS + 1)) - 1);
> 
> I would use a local variable to hold this computation.
> 
> > +		return -E2BIG;
> > +	}
> > +
> > +	return 0;


Looks like I'll have to do another spin to change that to a ull anyway,
so I'll implement those suggestions.

-- 
Alastair D'Silva           mob: 0423 762 819
skype: alastair_dsilva    
Twitter: @EvilDeece
blog: http://alastair.d-silva.org