lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20080814.012004.193702132.davem@davemloft.net>
Date:	Thu, 14 Aug 2008 01:20:04 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	linuxppc-dev@...abs.org
CC:	linux-kernel@...r.kernel.org, michael@...erman.id.au
Subject: bug in lmb_enforce_memory_limit()


I just mentioned this to Ben H. on IRC and promised I would report it
here. :-)

The first loop over lmb.memory in this function interprets the
memory_limit as a raw size limit, and that's fine so far.

But the second loop over lmb.reserved interprets this value
instead as an "address limit."

I haven't cobbled together a fix myself, but probably the way to do
this is, when we're about break out of the first loop over lmb.memory,
walk through the now-trimmed memory blobs and trim those from
lmb.reserved, one by one.

This bug got introduced by:

   commit 2babf5c2ec2f2d5de3e38d20f7df7fd815fd10c9
   Author: Michael Ellerman <michael@...erman.id.au>
   Date:   Wed May 17 18:00:46 2006 +1000

       [PATCH] powerpc: Unify mem= handling

back when LMB was still a powerpc local item. :-)

This led me to another bug which probably a lot of platforms are
effected by.

If you do this command line memory limiting, and the kernel was placed
by the boot loader into physical ram (say at the end of the available
physical memory) that gets trimmed out by the command line option, we
hang or crash right as we boot into userspace because freeing up
initmem ends up freeing invalid page structs.

I think, on sparc64, instead of adding all kinds of complicated logic
to free_initmem() I'm simply going to only poison the pages and
not free them at all if cmdline_memory_size has been set.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ