lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1223387841.26330.36.camel@lappy.programming.kicks-ass.net>
Date:	Tue, 07 Oct 2008 15:57:20 +0200
From:	Peter Zijlstra <a.p.zijlstra@...llo.nl>
To:	Matt Mackall <mpm@...enic.com>
Cc:	linux-mm <linux-mm@...ck.org>,
	Nick Piggin <nickpiggin@...oo.com.au>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Ingo Molnar <mingo@...e.hu>,
	linux-kernel <linux-kernel@...r.kernel.org>
Subject: [BUG] SLOB's krealloc() seems bust

My test box would crash 50% of the bootups like so:

[   12.002323] BUG: unable to handle kernel paging request at ffff88047bdd513c              
[   12.003310] IP: [<ffffffff80261f17>] load_module+0x6c8/0x1b2a                            
[   12.003310] PGD 202063 PUD 0                                                             
[   12.003310] Oops: 0000 [1] PREEMPT SMP
[   12.003310] CPU 0
[   12.003310] Modules linked in: kvm_amd kvm sg sr_mod serio_raw k8temp floppy pcspkr button cdrom shpchp
[   12.003310] Pid: 1219, comm: modprobe Not tainted 2.6.27-rc9 #452

Which points us to the percpu_modalloc() code.

After adding some printk's to get some insight into the matter I got the
following:

[   10.058055] percpu_modalloc: pcpu_size: ffff88007d82c0e8 size: 8 align: 8 name: kvm_amd  
[   10.066042] percpu_modalloc: pcpu_size[0] = -37536 ptr: ffffffff80757000 extra: 0        
[   10.073505] percpu_modalloc: pcpu_size[1] = 8192 ptr: ffffffff807602a0 extra: 0          
[   10.080795] split_block: pcpu_size: ffff88007d82c0e8 i: 1 size: 8                        
[   10.086875] split_block: pcpu_size: ffff88007bdd5140                                     
[   10.091828] split_block: pcpu_size[0] = 2078109024                                       
[   10.096607] split_block: pcpu_size[1] = -30720                                           
[   10.101039] split_block: pcpu_size[0] = 2078109024                                       
[   10.105817] split_block: pcpu_size[1] = -30720                                           
[   10.110249] split_block: pcpu_size[2] = -30720                                           
[   10.114682] split_block: pcpu_size[1] = 8 pcpu_size[2] = -30728   

Which basically shows us that the content of the pcpu_size[] array got
corrupted after the krealloc() call in split_block().

Which made me look at which slab allocator I had selected, which turned
out to be SLOB (from testing the network swap stuff).

Flipping it back to SLUB seems to cure the issue...

Will put poking at SLOB on the todo list somewhere, feel free to beat me
to it ;-)

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ