lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090104111159.GB7632@localhost>
Date:	Sun, 4 Jan 2009 14:11:59 +0300
From:	Cyrill Gorcunov <gorcunov@...il.com>
To:	Jiri Slaby <jirislaby@...il.com>
Cc:	david@...g.hm, Andi Kleen <andi@...stfloor.org>,
	LKML <linux-kernel@...r.kernel.org>, yhlu.kernel@...il.com
Subject: Re: early exception error

[Jiri Slaby - Sun, Jan 04, 2009 at 01:24:03AM +0100]
| On 01/03/2009 10:24 PM, Cyrill Gorcunov wrote:
| > [Cyrill Gorcunov - Sat, Jan 03, 2009 at 10:03:16PM +0300]
| > | (list restored)
| > | 
| > | [david@...g.hm - Sat, Jan 03, 2009 at 11:19:00AM -0800]
| > | ...
| > | >>>
| > | >>> two new screenshots at http://linux.lang.hm/linux
| > | >>>
| > | >>> 36 is a boot with just earlyprintk=vga
| > | >>> 37 is a boot with numa=noacpi
| > | >>> I also put the vmlinux file there, I'll put the System.map and config
| > | >>> there later (I did enable kernel_debug on this build as well)
| > | >>>
| > | >>> David Lang
| > | >>>
| > | >>
| > | >> David, I can't find vmlinux neither .config?
| > | >> Maybe they have hidden attribute?
| > | 
| > | ok, according to failing address we've a BUG_ON
| > | triggered
| > | 
| > | ---
| > | (gdb) l *0xffffffff8096452a
| > | 0xffffffff8096452a is in alloc_bootmem_core (mm/bootmem.c:442).
| > | 437		unsigned long fallback = 0;
| > | 438		unsigned long min, max, start, sidx, midx, step;
| > | 439	
| > | 440		BUG_ON(!size);
| > | 441		BUG_ON(align & (align - 1));
| > | 442		BUG_ON(limit && goal + size > limit);
| > | 443	
| > | 444		if (!bdata->node_bootmem_map)
| > | 445			return NULL;
| > | 446	
| > | (gdb) 
| > | ---
| > | 
| > | so we're in attempt to overrun 'limit'.
| > | Hmm...
| > | 
| > | 		- Cyrill -
| > 
| > Hardly possible that we trigger BUG here since I don't
| > see BUG: on the photo. Investigating.
| 
| Hint: line 442 in 2.6.28 is
| if (!bdata->node_bootmem_map)
| ;)
| 
| It's:
| 0xffffffff8096452a <alloc_bootmem_core+69>:     cmpq   $0x0,0x10(%rbp)
| and hence cr2 is 10.
| 
| node_data[nid] is NULL... But both of them are set up. Maybe too high nid (and
| pnum in sparse_init)?
|

It seems to be true!

What is worse we have a number of __nr_to_section users which
don't check for NULL returned and secondly

static inline struct mem_section *__nr_to_section(unsigned long nr)
{
	if (!mem_section[SECTION_NR_TO_ROOT(nr)])
		return NULL;
	return &mem_section[SECTION_NR_TO_ROOT(nr)][nr & SECTION_ROOT_MASK];
}

SECTION_NR_TO_ROOT is not modulo operation so we could run out of
mem_section[NR_SECTION_ROOTS].

David I'll cook some testing patch shortly.
Many thanks to Jiri!

		- Cyrill -
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ