On Mon, Dec 01, 2014 at 09:14:40AM +0900, Yasuaki Ishimatsu wrote: > (2014/12/01 7:16), Paul Mackerras wrote: > >The bounds check for nodeid in ____cache_alloc_node gives false > >positives on machines where the node IDs are not contiguous, leading > >to a panic at boot time. For example, on a POWER8 machine the node > >IDs are typically 0, 1, 16 and 17. This means that num_online_nodes() > >returns 4, so when ____cache_alloc_node is called with nodeid = 16 the > >VM_BUG_ON triggers. > > Do you have the call trace? If you have it, please add it in the description. I can get it easily enough. > >To fix this, we instead compare the nodeid with MAX_NUMNODES, and > >additionally make sure it isn't negative (since nodeid is an int). > >The check is there mainly to protect the array dereference in the > >get_node() call in the next line, and the array being dereferenced is > >of size MAX_NUMNODES. If the nodeid is in range but invalid, the > >BUG_ON in the next line will catch that. > > > >Signed-off-by: Paul Mackerras <paulus@xxxxxxxxx> > > Do you need to backport it into -stable kernels? It does need to go to stable, yes, for 3.10 and later. > >--- > >diff --git a/mm/slab.c b/mm/slab.c > >index eb2b2ea..f34e053 100644 > >--- a/mm/slab.c > >+++ b/mm/slab.c > >@@ -3076,7 +3076,7 @@ static void *____cache_alloc_node(struct kmem_cache *cachep, gfp_t flags, > > void *obj; > > int x; > > > > >- VM_BUG_ON(nodeid > num_online_nodes()); > >+ VM_BUG_ON(nodeid < 0 || nodeid >= MAX_NUMNODES); > > How about use: > VM_BUG_ON(!node_online(nodeid)); That would not be better, since node_online() doesn't bounds-check its argument. > When allocating the memory, the node of the memory being allocated must be > online. But your code cannot check the condition. The following two lines: > > n = get_node(cachep, nodeid); > > BUG_ON(!n); effectively check that condition already, as I tried to explain in the commit message. Regards, Paul. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>