From mboxrd@z Thu Jan 1 00:00:00 1970 From: christophe.leroy@c-s.fr (Christophe Leroy) Date: Thu, 31 Jan 2019 08:07:29 +0100 Subject: [PATCH v2 19/21] treewide: add checks for the return value of memblock_alloc*() In-Reply-To: <8838f7ab-998b-6d78-02a8-a53f8a3619d9@c-s.fr> References: <1548057848-15136-1-git-send-email-rppt@linux.ibm.com> <1548057848-15136-20-git-send-email-rppt@linux.ibm.com> <20190131064139.GB28876@rapoport-lnx> <8838f7ab-998b-6d78-02a8-a53f8a3619d9@c-s.fr> List-ID: Message-ID: To: linux-snps-arc@lists.infradead.org Le 31/01/2019 ? 07:44, Christophe Leroy a ?crit?: > > > Le 31/01/2019 ? 07:41, Mike Rapoport a ?crit?: >> On Thu, Jan 31, 2019@07:07:46AM +0100, Christophe Leroy wrote: >>> >>> >>> Le 21/01/2019 ? 09:04, Mike Rapoport a ?crit?: >>>> Add check for the return value of memblock_alloc*() functions and call >>>> panic() in case of error. >>>> The panic message repeats the one used by panicing memblock >>>> allocators with >>>> adjustment of parameters to include only relevant ones. >>>> >>>> The replacement was mostly automated with semantic patches like the one >>>> below with manual massaging of format strings. >>>> >>>> @@ >>>> expression ptr, size, align; >>>> @@ >>>> ptr = memblock_alloc(size, align); >>>> + if (!ptr) >>>> +???? panic("%s: Failed to allocate %lu bytes align=0x%lx\n", __func__, >>>> size, align); >>>> >>>> Signed-off-by: Mike Rapoport >>>> Reviewed-by: Guo Ren ???????????? # c-sky >>>> Acked-by: Paul Burton ???????? # MIPS >>>> Acked-by: Heiko Carstens # s390 >>>> Reviewed-by: Juergen Gross ???????? # Xen >>>> --- >>> >>> [...] >>> >>>> diff --git a/mm/sparse.c b/mm/sparse.c >>>> index 7ea5dc6..ad94242 100644 >>>> --- a/mm/sparse.c >>>> +++ b/mm/sparse.c >>> >>> [...] >>> >>>> @@ -425,6 +436,10 @@ static void __init sparse_buffer_init(unsigned >>>> long size, int nid) >>>> ????????? memblock_alloc_try_nid_raw(size, PAGE_SIZE, >>>> ????????????????????????? __pa(MAX_DMA_ADDRESS), >>>> ????????????????????????? MEMBLOCK_ALLOC_ACCESSIBLE, nid); >>>> +??? if (!sparsemap_buf) >>>> +??????? panic("%s: Failed to allocate %lu bytes align=0x%lx nid=%d >>>> from=%lx\n", >>>> +????????????? __func__, size, PAGE_SIZE, nid, __pa(MAX_DMA_ADDRESS)); >>>> + >>> >>> memblock_alloc_try_nid_raw() does not panic (help explicitly says: >>> Does not >>> zero allocated memory, does not panic if request cannot be satisfied.). >> >> "Does not panic" does not mean it always succeeds. > > I agree, but at least here you are changing the behaviour by making it > panic explicitly. Are we sure there are not cases where the system could > just continue functionning ? Maybe a WARN_ON() would be enough there ? Looking more in details, it looks like everything is done to live with sparsemap_buf NULL, all functions using it check it so having it NULL shouldn't imply a panic I believe, see code below. static void *sparsemap_buf __meminitdata; static void *sparsemap_buf_end __meminitdata; static void __init sparse_buffer_init(unsigned long size, int nid) { WARN_ON(sparsemap_buf); /* forgot to call sparse_buffer_fini()? */ sparsemap_buf = memblock_alloc_try_nid_raw(size, PAGE_SIZE, __pa(MAX_DMA_ADDRESS), MEMBLOCK_ALLOC_ACCESSIBLE, nid); sparsemap_buf_end = sparsemap_buf + size; } static void __init sparse_buffer_fini(void) { unsigned long size = sparsemap_buf_end - sparsemap_buf; if (sparsemap_buf && size > 0) memblock_free_early(__pa(sparsemap_buf), size); sparsemap_buf = NULL; } void * __meminit sparse_buffer_alloc(unsigned long size) { void *ptr = NULL; if (sparsemap_buf) { ptr = PTR_ALIGN(sparsemap_buf, size); if (ptr + size > sparsemap_buf_end) ptr = NULL; else sparsemap_buf = ptr + size; } return ptr; } Christophe