linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: Dave Hansen <dave@linux.vnet.ibm.com>
To: Eric B Munson <emunson@mgebm.net>
Cc: arnd@arndb.de, akpm@linux-foundation.org,
	paulmck@linux.vnet.ibm.com, mingo@elte.hu,
	randy.dunlap@oracle.com, josh@joshtriplett.org,
	linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org,
	mgorman@suse.de, linux-mm@kvack.org
Subject: Re: [PATCH] Add debugging boundary check to pfn_to_page
Date: Wed, 08 Jun 2011 13:49:28 -0700	[thread overview]
Message-ID: <1307566168.3048.137.camel@nimitz> (raw)
In-Reply-To: <1307560734-3915-1-git-send-email-emunson@mgebm.net>

On Wed, 2011-06-08 at 15:18 -0400, Eric B Munson wrote:
> -#define __pfn_to_page(pfn)                             \
> -({     unsigned long __pfn = (pfn);                    \
> -       struct mem_section *__sec = __pfn_to_section(__pfn);    \
> -       __section_mem_map_addr(__sec) + __pfn;          \
> +#ifdef CONFIG_DEBUG_MEMORY_MODEL
> +#define __pfn_to_page(pfn)                                             \
> +({     unsigned long __pfn = (pfn);                                    \
> +       struct mem_section *__sec = __pfn_to_section(__pfn);            \
> +       struct page *__page = __section_mem_map_addr(__sec) + __pfn;    \
> +       WARN_ON(__page->flags == 0);                                    \
> +       __page;                                                         \

What was the scenario you're trying to catch here?  If you give a really
crummy __pfn, you'll probably go off the end of one of the mem_section[]
arrays, and get garbage back for __sec.  You might also get a NULL back
from __section_mem_map_addr() if the section is possibly valid, but just
not present on this particular system.

I _think_ the only kind of bug this will catch is if you have a valid
section, with a valid section_mem_map[] but still manage to find
yourself with an 'struct page' unclaimed by any zone and thus
uninitialized.

You could catch a lot more cases by being a bit more paranoid:

void check_pfn(unsigned long pfn)
{
	int nid;
	
	// hacked in from pfn_to_nid:
	// Don't actually do this, add a new helper near pfn_to_nid()
	// Can this even fit in the physnode_map?
	if (pfn / PAGES_PER_ELEMENT > ARRAY_SIZE(physnode_map))
		WARN();

	// Is there a valid nid there?
	nid = pfn_to_nid(pfn);
	if (nid == -1)
		WARN();
	
	// check against NODE_DATA(nid)->node_start_pfn;
	// check against NODE_DATA(nid)->node_spanned_pages;
}
>  })
> +#else
> +#define __pfn_to_page(pfn)                                             \
> +({     unsigned long __pfn = (pfn);                                    \
> +       struct mem_section *__sec = __pfn_to_section(__pfn);            \
> +       __section_mem_map_addr(__sec) + __pfn;  \
> +})
> +#endif /* CONFIG_DEBUG_MEMORY_MODEL */ 

Instead of making a completely new __pfn_to_page() in the debugging
case, I'd probably do something like this:

#ifdef CONFIG_DEBUG_MEMORY_MODEL
#define check_foo(foo) {\
	some_check_here(foo);\
	WARN_ON(foo->flags);\
}
#else
#define check_foo(foo) do{}while(0)
#endif;

#define __pfn_to_page(pfn)                                             \
({     unsigned long __pfn = (pfn);                                    \
       struct mem_section *__sec = __pfn_to_section(__pfn);            \
       struct page *__page = __section_mem_map_addr(__sec) + __pfn;    \
       check_foo(page)							\
       __page;                                                         \
 })

That'll make sure that the two copies of __pfn_to_page() don't
accidentally diverge.  It also makes it a lot easier to read, I think.

-- Dave

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

  parent reply	other threads:[~2011-06-08 23:53 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-06-08 19:18 [PATCH] Add debugging boundary check to pfn_to_page Eric B Munson
2011-06-08 19:31 ` Randy Dunlap
2011-06-08 19:56 ` Paul E. McKenney
2011-06-08 20:49 ` Dave Hansen [this message]
2011-06-10 13:27   ` Eric B Munson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1307566168.3048.137.camel@nimitz \
    --to=dave@linux.vnet.ibm.com \
    --cc=akpm@linux-foundation.org \
    --cc=arnd@arndb.de \
    --cc=emunson@mgebm.net \
    --cc=josh@joshtriplett.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=mgorman@suse.de \
    --cc=mingo@elte.hu \
    --cc=paulmck@linux.vnet.ibm.com \
    --cc=randy.dunlap@oracle.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).