| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080321200030.GD16179@elte.hu>
Date: Fri, 21 Mar 2008 21:00:31 +0100
From: Ingo Molnar <mingo@...e.hu>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Yinghai Lu <yhlu.kernel@...il.com>, andi@...stfloor.org,
ak@...e.de, clameter@....com, linux-kernel@...r.kernel.org,
y-goto@...fujitsu.com, kamezawa.hiroyu@...fujitsu.com
Subject: Re: [PATCH] mm: fix boundary checking in free_bootmem_core
* Andrew Morton <akpm@...ux-foundation.org> wrote:
> diff -puN mm/bootmem.c~mm-fix-boundary-checking-in-free_bootmem_core mm/bootmem.c
> --- a/mm/bootmem.c~mm-fix-boundary-checking-in-free_bootmem_core
> +++ a/mm/bootmem.c
> @@ -125,6 +125,7 @@ static int __init reserve_bootmem_core(b
> BUG_ON(!size);
> BUG_ON(PFN_DOWN(addr) >= bdata->node_low_pfn);
> BUG_ON(PFN_UP(addr + size) > bdata->node_low_pfn);
> + BUG_ON(addr < bdata->node_boot_start);
>
> sidx = PFN_DOWN(addr - bdata->node_boot_start);
> eidx = PFN_UP(addr + size - bdata->node_boot_start);
> @@ -156,21 +157,31 @@ static void __init free_bootmem_core(boo
> unsigned long sidx, eidx;
> unsigned long i;
>
> + BUG_ON(!size);
> +
> + /* out range */
> + if (addr + size < bdata->node_boot_start ||
> + PFN_DOWN(addr) > bdata->node_low_pfn)
> + return;
> /*
> * round down end of usable mem, partially free pages are
> * considered reserved.
> */
> - BUG_ON(!size);
> - BUG_ON(PFN_DOWN(addr + size) > bdata->node_low_pfn);
>
> - if (addr < bdata->last_success)
> + if (addr >= bdata->node_boot_start && addr < bdata->last_success)
> bdata->last_success = addr;
>
> /*
> - * Round up the beginning of the address.
> + * Round up to index to the range.
> */
> - sidx = PFN_UP(addr) - PFN_DOWN(bdata->node_boot_start);
> + if (PFN_UP(addr) > PFN_DOWN(bdata->node_boot_start))
> + sidx = PFN_UP(addr) - PFN_DOWN(bdata->node_boot_start);
> + else
> + sidx = 0;
> +
> eidx = PFN_DOWN(addr + size - bdata->node_boot_start);
> + if (eidx > bdata->node_low_pfn - PFN_DOWN(bdata->node_boot_start))
> + eidx = bdata->node_low_pfn - PFN_DOWN(bdata->node_boot_start);
>
> for (i = sidx; i < eidx; i++) {
> if (unlikely(!test_and_clear_bit(i, bdata->node_bootmem_map)))
> @@ -421,7 +432,9 @@ int __init reserve_bootmem(unsigned long
>
> void __init free_bootmem(unsigned long addr, unsigned long size)
> {
> - free_bootmem_core(NODE_DATA(0)->bdata, addr, size);
> + bootmem_data_t *bdata;
> + list_for_each_entry(bdata, &bdata_list, list)
> + free_bootmem_core(bdata, addr, size);
> }
>
> unsigned long __init free_all_bootmem(void)
note, this combination is quite well tested now, on various x86 systems,
small and large alike, and about a 100 randconfigs booted up.
Acked-by: Ingo Molnar <mingo@...e.hu>
Tested-by: Ingo Molnar <mingo@...e.hu>
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists