| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Feb 2013 15:04:17 -0800
From: Andrew Morton <akpm@...ux-foundation.org>
To: Tang Chen <tangchen@...fujitsu.com>
Cc: rientjes@...gle.com, len.brown@...el.com, benh@...nel.crashing.org,
paulus@...ba.org, cl@...ux.com, minchan.kim@...il.com,
kosaki.motohiro@...fujitsu.com, isimatu.yasuaki@...fujitsu.com,
wujianguo@...wei.com, wency@...fujitsu.com, hpa@...or.com,
linfeng@...fujitsu.com, laijs@...fujitsu.com, mgorman@...e.de,
yinghai@...nel.org, glommer@...allels.com, x86@...nel.org,
linux-mm@...ck.org, linux-kernel@...r.kernel.org,
linuxppc-dev@...ts.ozlabs.org, linux-acpi@...r.kernel.org,
linux-s390@...r.kernel.org, linux-sh@...r.kernel.org,
linux-ia64@...r.kernel.org, cmetcalf@...era.com,
sparclinux@...r.kernel.org
Subject: Re: [PATCH v6 08/15] memory-hotplug: Common APIs to support page
tables hot-remove
On Wed, 9 Jan 2013 17:32:32 +0800
Tang Chen <tangchen@...fujitsu.com> wrote:
> +static void __meminit
> +remove_pagetable(unsigned long start, unsigned long end, bool direct)
> +{
> + unsigned long next;
> + pgd_t *pgd;
> + pud_t *pud;
> + bool pgd_changed = false;
> +
> + for (; start < end; start = next) {
> + pgd = pgd_offset_k(start);
> + if (!pgd_present(*pgd))
> + continue;
> +
> + next = pgd_addr_end(start, end);
> +
> + pud = (pud_t *)map_low_page((pud_t *)pgd_page_vaddr(*pgd));
> + remove_pud_table(pud, start, next, direct);
> + if (free_pud_table(pud, pgd))
> + pgd_changed = true;
> + unmap_low_page(pud);
> + }
> +
> + if (pgd_changed)
> + sync_global_pgds(start, end - 1);
> +
> + flush_tlb_all();
> +}
This generates a compiler warning saying that `next' may be used
uninitialised.
The warning is correct. If we take that `continue' on the first pass
through the loop, the "start = next" will copy uninitialised data into
`start'.
Is this the correct fix?
--- a/arch/x86/mm/init_64.c~memory-hotplug-common-apis-to-support-page-tables-hot-remove-fix-fix-fix-fix-fix-fix-fix
+++ a/arch/x86/mm/init_64.c
@@ -993,12 +993,12 @@ remove_pagetable(unsigned long start, un
bool pgd_changed = false;
for (; start < end; start = next) {
+ next = pgd_addr_end(start, end);
+
pgd = pgd_offset_k(start);
if (!pgd_present(*pgd))
continue;
- next = pgd_addr_end(start, end);
-
pud = (pud_t *)pgd_page_vaddr(*pgd);
remove_pud_table(pud, start, next, direct);
if (free_pud_table(pud, pgd))
_
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists