lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <465545FB.2080801@linux.vnet.ibm.com>
Date:	Thu, 24 May 2007 13:29:55 +0530
From:	Balbir Singh <balbir@...ux.vnet.ibm.com>
To:	Pavel Emelianov <xemul@...ru>
CC:	Andrew Morton <akpm@...l.org>, Paul Menage <menage@...gle.com>,
	Srivatsa Vaddagiri <vatsa@...ibm.com>,
	Balbir Singh <balbir@...ibm.com>, devel@...nvz.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Kirill Korotaev <dev@...ru>,
	Chandra Seetharaman <sekharan@...ibm.com>,
	Cedric Le Goater <clg@...ibm.com>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Rohit Seth <rohitseth@...gle.com>,
	Linux Containers <containers@...ts.osdl.org>,
	Linux Memory Management List <linux-mm@...ck.org>
Subject: Re: [PATCH 8/8] Per-container pages reclamation

Pavel Emelianov wrote:
>> Index: linux-2.6.20/mm/rss_container.c
>> ===================================================================
>> --- linux-2.6.20.orig/mm/rss_container.c	2007-05-15 05:13:46.000000000 -0700
>> +++ linux-2.6.20/mm/rss_container.c	2007-05-16 20:45:45.000000000 -0700
>> @@ -212,6 +212,7 @@ void container_rss_del(struct page_conta
>>  
>>  	css_put(&rss->css);
>>  	kfree(pc);
>> +	init_page_container(page);
> 
> This hunk is bad.
> See, when the page drops its mapcount to 0 it may be reused right
> after this if it belongs to a file map - another CPU can touch it.
> Thus you're risking to reset the wrong container.
> 
> The main idea if the accounting is that you cannot trust the
> page_container(page) value after the page's mapcount became 0.
> 

Good catch, I'll move the initialization to free_hot_cold_page().
I'm attaching a new patch. I've also gotten rid of the unused
variable page in container_rss_del().

I've compile and boot tested the fix

-- 
	Thanks,
	Balbir Singh
	Linux Technology Center
	IBM, ISTL

View attachment "rss-fix-lru-race.patch" of type "text/x-patch" (2618 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ