| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Feb 2007 11:24:57 -0500 From: David Woodhouse <dwmw2@...radead.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, linuxppc-dev@...abs.org, john stultz <johnstul@...ibm.com> Subject: Re: Make sure we populate the initroot filesystem late enough On Sun, 2007-02-25 at 20:13 -0800, Linus Torvalds wrote: > > On Sun, 25 Feb 2007, David Woodhouse wrote: > > > > > Can you try adding something like > > > > > > memset(start, 0xf0, end - start); > > > > Yeah, I did that before giving up on it for the day and going in search > > of dinner. It changes the failure mode to a BUG() in > > cache_free_debugcheck(), at line 2876 of mm/slab.c > > Ok, that's just strange. In this case I hadn't left the 'return' in free_initrd_mem(). I was poisoning the pages and then returning them to the pool as usual. If I poison the pages and _don't_ return them to the pool, it boots fine. PageReserved is set on every page in the initrd region; total page_count() is equal to the number of pages (which doesn't _necessarily_ mean that page_count() for every page is equal to 1 but it's a strong hint that that's the case). Looking in /dev/mem after it boots, I see that my poison is still present throughout the whole region. > One obvious thing to do would be to remove all the "__initdata" entries in > mm/slab.c.. This is biting us long before we call free_initmem(). > But I'd also like to see the full backtrace for the BUG_ON(), > in case that gives any clues at all. I'll see if I can find a camera. > > It smells like the pages weren't actually reserved in the first place > > and we were blithely allocating them. The only problem with that theory > > is that the initrd doesn't seem to be getting corrupted -- and if we > > were handing out its pages like that then surely _something_ would have > > scribbled on it before we tried to read it. > > Yeah, I don't think it's necessarily initrd itself, I'd be more inclined > to think that the reason you see this change with the initrd unpacking is > simply that it does a lot of allocations for the initrd files, so I think > it is only indirectly involved - just because it ends up being a slab > user. Whatever happens, initrd as a 'slab user' is fine. The crashes happen _later_, when someone else is using the memory which used to belong to the initrd. In that 'BUG at slab.c:2876' I mentioned above, r3 was within the initrd region. As I said, I'll try to find a camera. -- dwmw2 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists