* [PATCH v5 0/1] Add bounds check for Hotplugged memory @ 2019-09-30 2:21 Alastair D'Silva 2019-09-30 2:21 ` [PATCH v5 1/1] memory_hotplug: Add a bounds check to __add_pages Alastair D'Silva 0 siblings, 1 reply; 3+ messages in thread From: Alastair D'Silva @ 2019-09-30 2:21 UTC (permalink / raw) To: alastair Cc: Andrew Morton, Oscar Salvador, Michal Hocko, David Hildenbrand, Pavel Tatashin, Dan Williams, linux-mm, linux-kernel From: Alastair D'Silva <alastair@d-silva.org> This series adds bounds checks for hotplugged memory, ensuring that it is within the physically addressable range (for platforms that define MAX_(POSSIBLE_)PHYSMEM_BITS. This allows for early failure, rather than attempting to access bogus section numbers. Changelog: V5: - Factor out calculation into max_allowed var - Declare unchanging vars as const - Use PFN_PHYS macro instead of shifting by PAGE_SHIFT V4: - Relocate call to __add_pages - Add a warning when the addressable check fails V3: - Perform the addressable check before we take the hotplug lock V2: - Don't use MAX_POSSIBLE_PHYSMEM_BITS as it's wider that what may be available Alastair D'Silva (1): memory_hotplug: Add a bounds check to __add_pages mm/memory_hotplug.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) -- 2.21.0 ^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH v5 1/1] memory_hotplug: Add a bounds check to __add_pages 2019-09-30 2:21 [PATCH v5 0/1] Add bounds check for Hotplugged memory Alastair D'Silva @ 2019-09-30 2:21 ` Alastair D'Silva 2019-09-30 5:53 ` Alastair D'Silva 0 siblings, 1 reply; 3+ messages in thread From: Alastair D'Silva @ 2019-09-30 2:21 UTC (permalink / raw) To: alastair Cc: Andrew Morton, Oscar Salvador, Michal Hocko, David Hildenbrand, Pavel Tatashin, Dan Williams, linux-mm, linux-kernel From: Alastair D'Silva <alastair@d-silva.org> On PowerPC, the address ranges allocated to OpenCAPI LPC memory are allocated from firmware. These address ranges may be higher than what older kernels permit, as we increased the maximum permissable address in commit 4ffe713b7587 ("powerpc/mm: Increase the max addressable memory to 2PB"). It is possible that the addressable range may change again in the future. In this scenario, we end up with a bogus section returned from __section_nr (see the discussion on the thread "mm: Trigger bug on if a section is not found in __section_nr"). Adding a check here means that we fail early and have an opportunity to handle the error gracefully, rather than rumbling on and potentially accessing an incorrect section. Further discussion is also on the thread ("powerpc: Perform a bounds check in arch_add_memory") http://lkml.kernel.org/r/20190827052047.31547-1-alastair@au1.ibm.com Signed-off-by: Alastair D'Silva <alastair@d-silva.org> --- mm/memory_hotplug.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index c73f09913165..1909607da640 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -278,6 +278,22 @@ static int check_pfn_span(unsigned long pfn, unsigned long nr_pages, return 0; } +static int check_hotplug_memory_addressable(unsigned long pfn, + unsigned long nr_pages) +{ + const u64 max_addr = PFN_PHYS(pfn + nr_pages) - 1; + + if (max_addr >> MAX_PHYSMEM_BITS) { + const u64 max_allowed = (1ull << (MAX_PHYSMEM_BITS + 1)) - 1; + WARN(1, + "Hotplugged memory exceeds maximum addressable address, range=%#lx-%#lx, maximum=%#lx\n", + PFN_PHYS(pfn), max_addr, max_allowed); + return -E2BIG; + } + + return 0; +} + /* * Reasonably generic function for adding memory. It is * expected that archs that support memory hotplug will @@ -291,6 +307,10 @@ int __ref __add_pages(int nid, unsigned long pfn, unsigned long nr_pages, unsigned long nr, start_sec, end_sec; struct vmem_altmap *altmap = restrictions->altmap; + err = check_hotplug_memory_addressable(pfn, nr_pages); + if (err) + return err; + if (altmap) { /* * Validate altmap is within bounds of the total request -- 2.21.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v5 1/1] memory_hotplug: Add a bounds check to __add_pages 2019-09-30 2:21 ` [PATCH v5 1/1] memory_hotplug: Add a bounds check to __add_pages Alastair D'Silva @ 2019-09-30 5:53 ` Alastair D'Silva 0 siblings, 0 replies; 3+ messages in thread From: Alastair D'Silva @ 2019-09-30 5:53 UTC (permalink / raw) To: Alastair D'Silva Cc: Andrew Morton, Oscar Salvador, Michal Hocko, David Hildenbrand, Pavel Tatashin, Dan Williams, linux-mm, linux-kernel On Mon, 2019-09-30 at 12:21 +1000, Alastair D'Silva wrote: > From: Alastair D'Silva <alastair@d-silva.org> > > On PowerPC, the address ranges allocated to OpenCAPI LPC memory > are allocated from firmware. These address ranges may be higher > than what older kernels permit, as we increased the maximum > permissable address in commit 4ffe713b7587 > ("powerpc/mm: Increase the max addressable memory to 2PB"). It is > possible that the addressable range may change again in the > future. > > In this scenario, we end up with a bogus section returned from > __section_nr (see the discussion on the thread "mm: Trigger bug on > if a section is not found in __section_nr"). > > Adding a check here means that we fail early and have an > opportunity to handle the error gracefully, rather than rumbling > on and potentially accessing an incorrect section. > > Further discussion is also on the thread ("powerpc: Perform a bounds > check in arch_add_memory") > http://lkml.kernel.org/r/20190827052047.31547-1-alastair@au1.ibm.com > > Signed-off-by: Alastair D'Silva <alastair@d-silva.org> > --- > mm/memory_hotplug.c | 20 ++++++++++++++++++++ > 1 file changed, 20 insertions(+) > > diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c > index c73f09913165..1909607da640 100644 > --- a/mm/memory_hotplug.c > +++ b/mm/memory_hotplug.c > @@ -278,6 +278,22 @@ static int check_pfn_span(unsigned long pfn, > unsigned long nr_pages, > return 0; > } > > +static int check_hotplug_memory_addressable(unsigned long pfn, > + unsigned long nr_pages) > +{ > + const u64 max_addr = PFN_PHYS(pfn + nr_pages) - 1; > + > + if (max_addr >> MAX_PHYSMEM_BITS) { > + const u64 max_allowed = (1ull << (MAX_PHYSMEM_BITS + > 1)) - 1; > + WARN(1, > + "Hotplugged memory exceeds maximum addressable > address, range=%#lx-%#lx, maximum=%#lx\n", Gah, these should all be %#llx. > + PFN_PHYS(pfn), max_addr, max_allowed); > + return -E2BIG; > + } > + > + return 0; > +} > + > /* > * Reasonably generic function for adding memory. It is > * expected that archs that support memory hotplug will > @@ -291,6 +307,10 @@ int __ref __add_pages(int nid, unsigned long > pfn, unsigned long nr_pages, > unsigned long nr, start_sec, end_sec; > struct vmem_altmap *altmap = restrictions->altmap; > > + err = check_hotplug_memory_addressable(pfn, nr_pages); > + if (err) > + return err; > + > if (altmap) { > /* > * Validate altmap is within bounds of the total > request ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-09-30 5:54 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-09-30 2:21 [PATCH v5 0/1] Add bounds check for Hotplugged memory Alastair D'Silva 2019-09-30 2:21 ` [PATCH v5 1/1] memory_hotplug: Add a bounds check to __add_pages Alastair D'Silva 2019-09-30 5:53 ` Alastair D'Silva
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).