lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20070601135422.eab28766.pj@sgi.com>
Date:	Fri, 1 Jun 2007 13:54:22 -0700
From:	Paul Jackson <pj@....com>
To:	Christoph Lameter <clameter@....com>
Cc:	srinivasa@...ibm.com, linux-kernel@...r.kernel.org,
	akpm@...ux-foundation.org, torvalds@...ux-foundation.org,
	vatsa@...ibm.com, dino@...ibm.com, simon.derr@...l.net,
	clameter@...ulhu.engr.sgi.com, rientjes@...gle.com
Subject: Re: [RFC] [PATCH] cpuset operations causes Badness at mm/slab.c:777
 warning

Christoph wrote:
> Then you are deferencing an element in the pidarray that you did not 
> allocate! This is a bug in cpuset code.

Absolutely - as I described in more detail in a reply Jeremy a
few minutes ago.  Thanks for smoking it out.

If, as I suggested in my previous message to which you are
responding:

> Perhaps if you moved the "if (unlikely(n == npids))" test before the
> "pidarray[n++] = p->pid" assignment, it would be safe.

then it looks safe to me, without having to add the bogus "+1" to
the allocated size.  That is, I suspect the following patch fixes
this long standing cpuset bug (warning - white space mangled):

--- kernel/cpuset.c     2006-12-10 12:27:37.000000000 -0800
+++ kernel/cpuset.c.new 2007-06-01 13:53:00.271010074 -0700
@@ -1661,9 +1661,9 @@ static int pid_array_load(pid_t *pidarra

        do_each_thread(g, p) {
                if (p->cpuset == cs) {
-                       pidarray[n++] = p->pid;
                        if (unlikely(n == npids))
                                goto array_full;
+                       pidarray[n++] = p->pid;
                }
        } while_each_thread(g, p);


-- 
                  I won't rest till it's the best ...
                  Programmer, Linux Scalability
                  Paul Jackson <pj@....com> 1.925.600.0401
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ