lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64N.0609212108360.30543@attu1.cs.washington.edu>
Date:	Thu, 21 Sep 2006 21:09:48 -0700 (PDT)
From:	David Rientjes <rientjes@...washington.edu>
To:	Andrew Morton <akpm@...l.org>
cc:	KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>,
	kmannth@...ibm.com, linux-kernel@...r.kernel.org,
	clameter@...r.sgi.com
Subject: Re: [BUG] i386 2.6.18 cpu_up: attempt to bring up CPU 4 failed :
 kernel BUG at mm/slab.c:2698!

On Thu, 21 Sep 2006, Andrew Morton wrote:

> On Fri, 22 Sep 2006 12:30:45 +0900
> KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com> wrote:
> 
> > Before kfree(), we should check zone_pcp() is not boot_pageset[].
> > 
> > Signed-Off-By KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>
> > 
> > Index: linux-2.6.18/mm/page_alloc.c
> > ===================================================================
> > --- linux-2.6.18.orig/mm/page_alloc.c	2006-09-20 12:42:06.000000000 +0900
> > +++ linux-2.6.18/mm/page_alloc.c	2006-09-22 12:22:03.000000000 +0900
> > @@ -1844,9 +1844,11 @@
> >  
> >  	for_each_zone(zone) {
> >  		struct per_cpu_pageset *pset = zone_pcp(zone, cpu);
> > -
> > -		zone_pcp(zone, cpu) = NULL;
> > -		kfree(pset);
> > +		/* When canceled, zone_pcp still points to boot_pageset[] */
> > +		if (zone_pcp(zone, cpu) != &boot_pageset[cpu]) {
> > +			zone_pcp(zone, cpu) = NULL;
> > +			kfree(pset);
> > +		}
> >  	}
> >  }
> 
> Oh, I see what you mean.
> 
> Oh well, zeroing them all out in process_zones() will work.

The _only_ time zone_pcp is slab allocated is through process_zones().  So 
if we have an error on kmalloc_node for that zone_pcp, all previous 
allocations are freed and process_zones() fails for that cpu.

We are guaranteed that the process_zones() for cpu 0 succeeds, otherwise 
the pageset notifier isn't registered.  On CPU_UP_PREPARE for cpu 4 in 
this case, process_zones() fails because we couldn't kmalloc the 
per_cpu_pageset and we return NOTIFY_BAD.  This prints the failed message 
in the report and then CPU_UP_CANCELED is sent back to the notifier which 
attempts to kfree the zone that was never kmalloc'd.

The fix will work except for the case that zone_pcp is never set to NULL 
as it should be.

		David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ