Re: [PATCH v2 19/21] treewide: add checks for the return value of memblock_alloc*()

From: Christophe Leroy
Date: Thu Jan 31 2019 - 02:07:38 EST



Le 31/01/2019 Ã 07:44, Christophe Leroy a ÃcritÂ:


Le 31/01/2019 Ã 07:41, Mike Rapoport a ÃcritÂ:
On Thu, Jan 31, 2019 at 07:07:46AM +0100, Christophe Leroy wrote:


Le 21/01/2019 Ã 09:04, Mike Rapoport a ÃcritÂ:
Add check for the return value of memblock_alloc*() functions and call
panic() in case of error.
The panic message repeats the one used by panicing memblock allocators with
adjustment of parameters to include only relevant ones.

The replacement was mostly automated with semantic patches like the one
below with manual massaging of format strings.

@@
expression ptr, size, align;
@@
ptr = memblock_alloc(size, align);
+ if (!ptr)
+ÂÂÂÂ panic("%s: Failed to allocate %lu bytes align=0x%lx\n", __func__,
size, align);

Signed-off-by: Mike Rapoport <rppt@xxxxxxxxxxxxx>
Reviewed-by: Guo Ren <ren_guo@xxxxxxxxx>ÂÂÂÂÂÂÂÂÂÂÂÂ # c-sky
Acked-by: Paul Burton <paul.burton@xxxxxxxx>ÂÂÂÂÂÂÂÂ # MIPS
Acked-by: Heiko Carstens <heiko.carstens@xxxxxxxxxx> # s390
Reviewed-by: Juergen Gross <jgross@xxxxxxxx>ÂÂÂÂÂÂÂÂ # Xen
---

[...]

diff --git a/mm/sparse.c b/mm/sparse.c
index 7ea5dc6..ad94242 100644
--- a/mm/sparse.c
+++ b/mm/sparse.c

[...]

@@ -425,6 +436,10 @@ static void __init sparse_buffer_init(unsigned long size, int nid)
ÂÂÂÂÂÂÂÂÂ memblock_alloc_try_nid_raw(size, PAGE_SIZE,
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ __pa(MAX_DMA_ADDRESS),
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ MEMBLOCK_ALLOC_ACCESSIBLE, nid);
+ÂÂÂ if (!sparsemap_buf)
+ÂÂÂÂÂÂÂ panic("%s: Failed to allocate %lu bytes align=0x%lx nid=%d from=%lx\n",
+ÂÂÂÂÂÂÂÂÂÂÂÂÂ __func__, size, PAGE_SIZE, nid, __pa(MAX_DMA_ADDRESS));
+

memblock_alloc_try_nid_raw() does not panic (help explicitly says: Does not
zero allocated memory, does not panic if request cannot be satisfied.).

"Does not panic" does not mean it always succeeds.

I agree, but at least here you are changing the behaviour by making it panic explicitly. Are we sure there are not cases where the system could just continue functionning ? Maybe a WARN_ON() would be enough there ?

Looking more in details, it looks like everything is done to live with sparsemap_buf NULL, all functions using it check it so having it NULL shouldn't imply a panic I believe, see code below.

static void *sparsemap_buf __meminitdata;
static void *sparsemap_buf_end __meminitdata;

static void __init sparse_buffer_init(unsigned long size, int nid)
{
WARN_ON(sparsemap_buf); /* forgot to call sparse_buffer_fini()? */
sparsemap_buf =
memblock_alloc_try_nid_raw(size, PAGE_SIZE,
__pa(MAX_DMA_ADDRESS),
MEMBLOCK_ALLOC_ACCESSIBLE, nid);
sparsemap_buf_end = sparsemap_buf + size;
}

static void __init sparse_buffer_fini(void)
{
unsigned long size = sparsemap_buf_end - sparsemap_buf;

if (sparsemap_buf && size > 0)
memblock_free_early(__pa(sparsemap_buf), size);
sparsemap_buf = NULL;
}

void * __meminit sparse_buffer_alloc(unsigned long size)
{
void *ptr = NULL;

if (sparsemap_buf) {
ptr = PTR_ALIGN(sparsemap_buf, size);
if (ptr + size > sparsemap_buf_end)
ptr = NULL;
else
sparsemap_buf = ptr + size;
}
return ptr;
}


Christophe