lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 30 Apr 2009 18:10:13 +0400
From:	Anton Vorontsov <avorontsov@...mvista.com>
To:	Nick Piggin <npiggin@...e.de>
Cc:	Pekka Enberg <penberg@...helsinki.fi>,
	Stephen Rothwell <sfr@...b.auug.org.au>,
	Christoph Lameter <cl@...ux-foundation.org>,
	linux-kernel <linux-kernel@...r.kernel.org>,
	linuxppc-dev@...abs.org, linux-next@...r.kernel.org
Subject: Re: Next April 28: boot failure on PowerPC with SLQB

On Thu, Apr 30, 2009 at 03:05:42PM +0200, Nick Piggin wrote:
[...]
> ---
> SLQB: fix dumb early allocation cache
> 
> The dumb early allocation cache had a bug where it could allow allocation
> to go past the end of a page, which could cause crashes or random memory
> corruption. Fix this and simplify the logic.
> 
> Signed-off-by: Nick Piggin <npiggin@...e.de>
> ---
>  mm/slqb.c |   19 +++++++++++--------
>  1 file changed, 11 insertions(+), 8 deletions(-)
> 
> Index: linux-2.6/mm/slqb.c
> ===================================================================
> --- linux-2.6.orig/mm/slqb.c
> +++ linux-2.6/mm/slqb.c
> @@ -2185,8 +2185,11 @@ static void *kmem_cache_dyn_array_alloc(
>  {
>  	size_t size = sizeof(void *) * ids;
>  
> +	BUG_ON(!size);
> +
>  	if (unlikely(!slab_is_available())) {
>  		static void *nextmem;
> +		static size_t nextleft;
>  		void *ret;
>  
>  		/*
> @@ -2194,16 +2197,16 @@ static void *kmem_cache_dyn_array_alloc(
>  		 * never get freed by definition so we can do it rather
>  		 * simply.
>  		 */
> -		if (!nextmem) {
> -			nextmem = alloc_pages_exact(size, GFP_KERNEL);
> -			if (!nextmem)
> -				return NULL;
> +		if (size > nextleft) {
> +                        nextmem = alloc_pages_exact(size, GFP_KERNEL);
> +                        if (!nextmem)
> +                                return NULL;

Cosmetic issue: spaces instead of tabs are used on these
three lines.

> +			nextleft = roundup(size, PAGE_SIZE);
>  		}
> +
>  		ret = nextmem;
> -		nextmem = (void *)((unsigned long)ret + size);
> -		if ((unsigned long)ret >> PAGE_SHIFT !=
> -				(unsigned long)nextmem >> PAGE_SHIFT)
> -			nextmem = NULL;
> +		nextleft -= size;
> +		nextmem += size;
>  		memset(ret, 0, size);
>  		return ret;
>  	} else {

-- 
Anton Vorontsov
email: cbouatmailru@...il.com
irc://irc.freenode.net/bd2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ