From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ozlabs.org (ozlabs.org [IPv6:2401:3900:2:1::2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3DD131A0550 for ; Mon, 1 Dec 2014 16:02:15 +1100 (AEDT) Message-ID: <1417410134.16178.2.camel@concordia> Subject: Re: [PATCH v2] slab: Fix nodeid bounds check for non-contiguous node IDs From: Michael Ellerman To: Paul Mackerras Date: Mon, 01 Dec 2014 16:02:14 +1100 In-Reply-To: <20141201042844.GB11234@drongo> References: <20141201042844.GB11234@drongo> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Cc: linuxppc-dev@ozlabs.org, linux-kernel@vger.kernel.org, Pekka Enberg , linux-mm@kvack.org, David Rientjes , Joonsoo Kim , Andrew Morton , Christoph Lameter List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , On Mon, 2014-12-01 at 15:28 +1100, Paul Mackerras wrote: > The bounds check for nodeid in ____cache_alloc_node gives false > positives on machines where the node IDs are not contiguous, leading > to a panic at boot time. For example, on a POWER8 machine the node > IDs are typically 0, 1, 16 and 17. This means that num_online_nodes() > returns 4, so when ____cache_alloc_node is called with nodeid = 16 the > VM_BUG_ON triggers, like this: ... > > To fix this, we instead compare the nodeid with MAX_NUMNODES, and > additionally make sure it isn't negative (since nodeid is an int). > The check is there mainly to protect the array dereference in the > get_node() call in the next line, and the array being dereferenced is > of size MAX_NUMNODES. If the nodeid is in range but invalid (for > example if the node is off-line), the BUG_ON in the next line will > catch that. When did this break? How come we only just noticed? Also needs: Cc: stable@vger.kernel.org cheers