From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D90A5C5B552 for ; Mon, 9 Jun 2025 10:33:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 45FA96B0093; Mon, 9 Jun 2025 06:33:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4373D6B0095; Mon, 9 Jun 2025 06:33:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 34CE46B0096; Mon, 9 Jun 2025 06:33:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 12EC56B0093 for ; Mon, 9 Jun 2025 06:33:14 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 8E90C161824 for ; Mon, 9 Jun 2025 10:33:13 +0000 (UTC) X-FDA: 83535499866.28.CC8D91B Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com [209.85.218.45]) by imf04.hostedemail.com (Postfix) with ESMTP id 8E3FA4000A for ; Mon, 9 Jun 2025 10:33:11 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=neon.tech header.s=google header.b=GCR59BSo; spf=pass (imf04.hostedemail.com: domain of sharnoff@neon.tech designates 209.85.218.45 as permitted sender) smtp.mailfrom=sharnoff@neon.tech; dmarc=pass (policy=reject) header.from=neon.tech ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1749465191; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=lBu8kuZvvCSzpdGghFUoBWtGE52FjZ5YKPo2P5tgTyg=; b=6ihrq8LK1ki0K9GHyPVbiyEuNzewcToDGub3l/MVyoR3BCoO+6mUMbNMTx3hmwIQcADHro szeXsJftTMsWutZZckIuGCZUvjiK/EdBHQqK5hHL3239PHhiYA90RBfFvUCVrFfVJ1B0av nRB63nUrx3S5rgjk72Jv2cCqHqGF/yI= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1749465191; a=rsa-sha256; cv=none; b=rSznoApwPn/BIAO01DAatBo5nNhpaMnLunj6QBeaYCsK+wRzdTF0NFrCcnN0yKqe5LWVPa bCPVW20Iu4PLfdOs474ahsecE0nvwgJqujYmvSW0MH3uMtnDnQpHndtET2PHsLRCtCgx0x b3GPRaMYjQm9Rn9+YbwrMMaEh5K3dCA= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=neon.tech header.s=google header.b=GCR59BSo; spf=pass (imf04.hostedemail.com: domain of sharnoff@neon.tech designates 209.85.218.45 as permitted sender) smtp.mailfrom=sharnoff@neon.tech; dmarc=pass (policy=reject) header.from=neon.tech Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-ade5b8aab41so160739666b.0 for ; Mon, 09 Jun 2025 03:33:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neon.tech; s=google; t=1749465190; x=1750069990; darn=kvack.org; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:from:subject:user-agent:mime-version:date:message-id:from:to :cc:subject:date:message-id:reply-to; bh=lBu8kuZvvCSzpdGghFUoBWtGE52FjZ5YKPo2P5tgTyg=; b=GCR59BSozTv7bfvQh1m0SSA+BswLWIcM8hOStWGbrjc4a/aP+z/X0/FvnYd2kFHxH/ EyXtu7zDh1sU8zMVRoCg2rElvM1N8iImbJPvGaCVQQRhcDFVNM1myGxrfJ42UalAmDm9 yoNTi3LzgbcYwmK2jVs9lu7C6Q7/AbvS3ULW0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749465190; x=1750069990; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:from:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=lBu8kuZvvCSzpdGghFUoBWtGE52FjZ5YKPo2P5tgTyg=; b=IEbceBE9c/VfiJzN7nDz60+Fl94r/82Iv8zQbJiLeDQ3MVGpRljzhJ6+UmkPJh+ME2 lkNccjXwOdnmvNHw4Y5Ya2gNArRVKojU9JkuqLWF7eQNRemaY1S/LW8u1TlYWi/1Xx6v mPIDlS/M9NYCIlZ8To8SO43/b1X4FNikd0QtFQnzP/Hy0PaC8xCL7u9+GJSf7IaJ5zgZ TBWu5Zuxd5hUfpKrrTke3wziNWE6OA14+6q/BOSbUfucOWfCPQ4H6dSVj4yzabP9S0Lm 1f2c6koDFYlzQ6iJmpzMDgDCYJQQ+ost2YGZQOYBVtCyuzJ32Da8hpar8sZ0kfQKuvaR hdAw== X-Forwarded-Encrypted: i=1; AJvYcCVhC02VcJUimiulYXlJSnPzVybupeYNFANAAT3iiz0M2vEjtpcTMkrV1f15O53eqigxEuNqOUPweA==@kvack.org X-Gm-Message-State: AOJu0YylFFXk0zoIAcuVJza+1zEamj6sREYBwUPq3QiSw4Q1FBsvFMHM N4Uk7l89ER0FKJGkxHYjnVcfQAhebh6vwRdKjl4HwXBYX6ucrVZr0qRMeDvNKpxp1xM= X-Gm-Gg: ASbGncsFylvIsp272uARQ944HR6GTbh2OvztEONTvrALWVFnKHyw6qtgUt/hKBoKW0y Ypu2wkrAWJHb1Uo2tlHs2NKb3wRs7Y23QKS8urz6ytpCTDTfmMwpWSOQbCLCLbHc2w6+CQ5w9Qn sRlfNGqFV8di9qM7wo7KoTp7vLmBLdt62gx+cHO8vVvDa7XmA4WLy1kZqLODyC3heIW4/6VJeJp LOfzOMaMd2PRV7rTRKW5z+5/Nxlnl1J+mpyk+tBkFXcpE2gi4z2NXoShcHU1m7IcCdxPwCN74us /zgA+e8UmKq3GLMlgYqI/wAIp25TwAxkatVJ86tNhYfQxGEcVyiG8YhBkfHtPUlQHQ== X-Google-Smtp-Source: AGHT+IET/MjJOpwtKEOcmp2sX2qbmXuXjYHPY1IfD9t0XmO2IC+RQuqVgbzY4NxJxG9gfxQmtKq9eQ== X-Received: by 2002:a17:907:d1a:b0:ade:44da:d2cc with SMTP id a640c23a62f3a-ade44db0121mr741710966b.31.1749465189726; Mon, 09 Jun 2025 03:33:09 -0700 (PDT) Received: from [192.168.86.142] ([84.65.228.220]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ade1dc1c44dsm535714766b.104.2025.06.09.03.33.08 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 09 Jun 2025 03:33:09 -0700 (PDT) Message-ID: <25c5e747-107f-4450-8eb0-11b2f0dab14d@neon.tech> Date: Mon, 9 Jun 2025 11:33:08 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: [PATCH v2 1/2] x86/mm: Handle alloc failure in phys_*_init() From: Em Sharnoff To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-mm@kvack.org Cc: Ingo Molnar , "H. Peter Anvin" , Dave Hansen , Andy Lutomirski , Peter Zijlstra , Thomas Gleixner , Borislav Petkov , "Edgecombe, Rick P" , Oleg Vasilev , Arthur Petukhovsky , Stefan Radig , Misha Sakhnov References: <0ce5e150-19e0-457f-bec3-ee031c0be7e7@neon.tech> Content-Language: en-US In-Reply-To: <0ce5e150-19e0-457f-bec3-ee031c0be7e7@neon.tech> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 8E3FA4000A X-Stat-Signature: 6rdozzkw46nawpjf55j9e844jq4crx5k X-Rspam-User: X-HE-Tag: 1749465191-791235 X-HE-Meta: U2FsdGVkX1/G4w8JVovas6IRCsjGtjI/CR4jKMTR1nA4gJUyGlYZjp4dgBgKRbuvvHh+lHeskR6pYwV6NQVct301q2pdGlWwYWVdITu1XR/m6JTPyzt+T/0qbGODK6PrVikkTbMJss+Xhsc4C27vyjR9PdfziJHEJU/aC6rge34weATVSqj2cG8SILCNtcKHBDY2d6znMBjH3k+ZheEepfymq4FlZsreCS0YuSfgfc1Z4SBrnnI9tLmiN8t4irPPb80wvFoIvf+1AAlknGlQnSZqEfL5uQVLxjXY5jn++sbfMct6Nt1pg/UHw79jW2vyjgwrX7g8yujIGTR32EG2wqvesZBf9WUMeZAVwTJoPcc9k2pwVsU6fjJhVJTnJgLOPkS7sBXsCGrmMnuFfsK++SdAJQOkALyXZ2he1xoijbKeBRr0xAPBgzF0sV0AV392T7+1jBSw7vMVSozSExfyN62+4AH449LfEAIB/ScWQusprhU0nO+sGkNvakjyvVILW0DrykvrL1c+MAO6J5Li/2eYav2aoqaCCecy4PfYntkjHhZMs7pxSwp41O0EZrl+LRI6UaxE2yn99+kVnUhvF72v8EdexIs3Wu0ZRY6Hbh+ghzGQsxEFDIVnnHMSLSaGd43/y6yF8621K9JGAjNQqgofVxKHkpAnHM5FPTrE9bNqvv1g+JatWRQrUByU25+EFJxGBonkdy+nlNvQPHAOLorEK/6s1NieRgo1xehUuiQFoNwP2wqz1pSFVYo0OlaO8BZpUmFQz6IUA136mvHCiTsbSebsglviZoTQfez46golNc8ksWc0tSK5OnBrdqwNg1WKyOnlxvIM633xCN6171PSrTTwE+/PS6Go8IBHTSNAFzDRnDsn3gRHqMmpQprulHQSqqTuCCFSSBeQByF7Zay0IuPCFTEMcokEeP+77DSR9XkNyetg5dFRtQwGXxmc7eZffHOZ0NoQwwLAmiS ZhszGCCq 6+mwX7gRnl44DOlsEy1JEaS60cPTKLiyhYQgkHERq+1Q7qGFtKwraqry5ypvf38JUNNeLRwsmRQTyu5TcXi6BWEukMWAc0luPua55637IdwDkIa1gVceqIkK65yDCL8MLpL/AD1Iw8aH4ek/o8cIsuA6z6ARjUEcCgq6cGDkuz1bnKccJxybcbylmNPO3U9XC3DDo8KwXp8JEVJw50uP3XaoXn6j4yZNWdHJG2D0iqj8mA81LTOS5uJnZEcGMaau/uSPtVBODwCxUyy3TWcjDdL4dXz9pa79BbG7i0NJgETHf5Q4HkgxnIh1MqefzXTLqAEpYcMInrdQKB0sysU7jH1WnTIVqwgFg3ZcTTV7v4b1hcdrEnJPDowoBaZNFOqrON2e3/ryYJFbQLuSkNC5yQ/kKIQkrAXR/qVJHVQLBzrwGfXxMTeIUdz/Y5Dp2dv0Nm/C7 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: During memory hotplug, allocation failures in phys_*_init() aren't handled, which results in a null pointer dereference, if they occur. To handle that, change phys_pud_init() and similar functions to return allocation errors via ERR_PTR() and check for that in arch_add_memory(). Signed-off-by: Em Sharnoff --- Changelog: - v2: switch from special-casing zero value to using ERR_PTR() --- arch/x86/mm/init.c | 6 ++++- arch/x86/mm/init_64.c | 54 +++++++++++++++++++++++++++++++++++++++---- 2 files changed, 55 insertions(+), 5 deletions(-) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index bfa444a7dbb0..82dd5ce03dd6 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -533,6 +533,7 @@ bool pfn_range_is_mapped(unsigned long start_pfn, unsigned long end_pfn) * Setup the direct mapping of the physical memory at PAGE_OFFSET. * This runs before bootmem is initialized and gets pages directly from * the physical memory. To access them they are temporarily mapped. + * Allocation errors are returned with ERR_PTR. */ unsigned long __ref init_memory_mapping(unsigned long start, unsigned long end, pgprot_t prot) @@ -547,10 +548,13 @@ unsigned long __ref init_memory_mapping(unsigned long start, memset(mr, 0, sizeof(mr)); nr_range = split_mem_range(mr, 0, start, end); - for (i = 0; i < nr_range; i++) + for (i = 0; i < nr_range; i++) { ret = kernel_physical_mapping_init(mr[i].start, mr[i].end, mr[i].page_size_mask, prot); + if (IS_ERR(ret)) + return ret; + } add_pfn_range_mapped(start >> PAGE_SHIFT, ret >> PAGE_SHIFT); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index 7c4f6f591f2b..3ab261aa8eff 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -502,7 +502,8 @@ phys_pte_init(pte_t *pte_page, unsigned long paddr, unsigned long paddr_end, /* * Create PMD level page table mapping for physical addresses. The virtual * and physical address have to be aligned at this level. - * It returns the last physical address mapped. + * It returns the last physical address mapped. Allocation errors are + * returned with ERR_PTR. */ static unsigned long __meminit phys_pmd_init(pmd_t *pmd_page, unsigned long paddr, unsigned long paddr_end, @@ -572,7 +573,14 @@ phys_pmd_init(pmd_t *pmd_page, unsigned long paddr, unsigned long paddr_end, } pte = alloc_low_page(); + if (!pte) + return (unsigned long)ERR_PTR(-ENOMEM); paddr_last = phys_pte_init(pte, paddr, paddr_end, new_prot, init); + /* + * phys_{ppmd,pud,p4d}_init return allocation errors via ERR_PTR. + * phys_pte_init makes no allocations, so should not error. + */ + BUG_ON(IS_ERR(paddr_last)); spin_lock(&init_mm.page_table_lock); pmd_populate_kernel_init(&init_mm, pmd, pte, init); @@ -586,7 +594,8 @@ phys_pmd_init(pmd_t *pmd_page, unsigned long paddr, unsigned long paddr_end, * Create PUD level page table mapping for physical addresses. The virtual * and physical address do not have to be aligned at this level. KASLR can * randomize virtual addresses up to this level. - * It returns the last physical address mapped. + * It returns the last physical address mapped. Allocation errors are + * returned with ERR_PTR. */ static unsigned long __meminit phys_pud_init(pud_t *pud_page, unsigned long paddr, unsigned long paddr_end, @@ -623,6 +632,8 @@ phys_pud_init(pud_t *pud_page, unsigned long paddr, unsigned long paddr_end, paddr_end, page_size_mask, prot, init); + if (IS_ERR(paddr_last)) + return paddr_last; continue; } /* @@ -658,12 +669,22 @@ phys_pud_init(pud_t *pud_page, unsigned long paddr, unsigned long paddr_end, } pmd = alloc_low_page(); + if (!pmd) + return (unsigned long)ERR_PTR(-ENOMEM); paddr_last = phys_pmd_init(pmd, paddr, paddr_end, page_size_mask, prot, init); + /* + * We might have IS_ERR(paddr_last) if allocation failed, but we should + * still update pud before bailing, so that subsequent retries can pick + * up on progress (here and in phys_pmd_init) without leaking pmd. + */ spin_lock(&init_mm.page_table_lock); pud_populate_init(&init_mm, pud, pmd, init); spin_unlock(&init_mm.page_table_lock); + + if (IS_ERR(paddr_last)) + return paddr_last; } update_page_count(PG_LEVEL_1G, pages); @@ -707,16 +728,26 @@ phys_p4d_init(p4d_t *p4d_page, unsigned long paddr, unsigned long paddr_end, pud = pud_offset(p4d, 0); paddr_last = phys_pud_init(pud, paddr, __pa(vaddr_end), page_size_mask, prot, init); + if (IS_ERR(paddr_last)) + return paddr_last; continue; } pud = alloc_low_page(); + if (!pud) + return (unsigned long)ERR_PTR(-ENOMEM); paddr_last = phys_pud_init(pud, paddr, __pa(vaddr_end), page_size_mask, prot, init); spin_lock(&init_mm.page_table_lock); p4d_populate_init(&init_mm, p4d, pud, init); spin_unlock(&init_mm.page_table_lock); + + /* + * Bail only after updating p4d to keep progress from pud across retries. + */ + if (IS_ERR(paddr_last)) + return paddr_last; } return paddr_last; @@ -748,10 +779,14 @@ __kernel_physical_mapping_init(unsigned long paddr_start, __pa(vaddr_end), page_size_mask, prot, init); + if (IS_ERR(paddr_last)) + return paddr_last; continue; } p4d = alloc_low_page(); + if (!p4d) + return (unsigned long)ERR_PTR(-ENOMEM); paddr_last = phys_p4d_init(p4d, __pa(vaddr), __pa(vaddr_end), page_size_mask, prot, init); @@ -763,6 +798,13 @@ __kernel_physical_mapping_init(unsigned long paddr_start, (pud_t *) p4d, init); spin_unlock(&init_mm.page_table_lock); + + /* + * Bail only after updating pgd/p4d to keep progress from p4d across retries. + */ + if (IS_ERR(paddr_last)) + return paddr_last; + pgd_changed = true; } @@ -777,7 +819,8 @@ __kernel_physical_mapping_init(unsigned long paddr_start, * Create page table mapping for the physical memory for specific physical * addresses. Note that it can only be used to populate non-present entries. * The virtual and physical addresses have to be aligned on PMD level - * down. It returns the last physical address mapped. + * down. It returns the last physical address mapped. Allocation errors are + * returned with ERR_PTR. */ unsigned long __meminit kernel_physical_mapping_init(unsigned long paddr_start, @@ -980,8 +1023,11 @@ int arch_add_memory(int nid, u64 start, u64 size, { unsigned long start_pfn = start >> PAGE_SHIFT; unsigned long nr_pages = size >> PAGE_SHIFT; + unsigned long ret = 0; - init_memory_mapping(start, start + size, params->pgprot); + ret = init_memory_mapping(start, start + size, params->pgprot); + if (IS_ERR(ret)) + return (int)PTR_ERR(ret); return add_pages(nid, start_pfn, nr_pages, params); } -- 2.39.5