lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <AANLkTikmNc7qqDzoff_3i_FRbG=pmOC7TG3eeZnmvaTD@mail.gmail.com>
Date:	Thu, 28 Oct 2010 08:59:42 -0700
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Eric Dumazet <eric.dumazet@...il.com>, Mel Gorman <mel@....ul.ie>,
	Christoph Lameter <cl@...ux.com>,
	Lee Schermerhorn <lee.schermerhorn@...com>,
	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Tejun Heo <tj@...nel.org>, Peter Zijlstra <peterz@...radead.org>,
	Brian Gerst <brgerst@...il.com>, x86@...nel.org,
	linux-kernel@...r.kernel.org, mingo@...e.hu
Subject: Re: [PATCH] numa: fix slab_node(MPOL_BIND)

Hmm. More people added to the discussion..

This code seems to go back all the way to commit 19770b32609b: "mm:
filter based on a nodemask as well as a gfp_mask". Which was back in
April 2008. and got merged into 2.6.26.

And I'd be happy to commit it (in fact, I was going to), but when
looking for other uses of first_zones_zonelist(), I found
local_memory_node() which does the exact same thing: ignore the return
value, and unconditionally dereference the resulting 'zone' variable.

And so does - although less obviously - mm/vmscan.c for the
wait_iff_confgested() thing.

So are those buggy too, since first_zones_zonelist() can apparently return NULL?

Please advise...

                  Linus

On Wed, Oct 27, 2010 at 10:33 AM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> Le mercredi 27 octobre 2010 à 18:07 +0200, Eric Dumazet a écrit :
>
>> So I tried following experiment :
>>
>> # swapoff
>> # numactl --membind=0 swapon -a
>> # grep swap /proc/vmallocinfo
>> 0xf9bf3000-0xf9cf4000 1052672 sys_swapon+0x4aa/0xb24 pages=256 vmalloc N0=256
>> # swapoff -a
>> # numactl --membind=1 swapon -a
>>
>> <<FREEZE>>
>>
>
> Crash in fact, not freeze, in slab_node()
>
> Problem is : we dereference a NULL zone pointer.
>
> (node 1 has HighMem only)
>
> Following patch seems to solve the problem for me
>
> # swapoff -a
> # numactl --membind=1 swapon -a
> # grep swap /proc/vmallocinfo
> 0xf9da5000-0xf9ea6000 1052672 sys_swapon+0x3f9/0xa34 pages=256 vmalloc N1=256
>
>
> Thanks
>
>
> [PATCH] numa: fix slab_node(MPOL_BIND)
>
> When a node contains only HighMem memory, slab_node(MPOL_BIND)
> dereferences a NULL pointer.
>
> Signed-off-by: Eric Dumazet <eric.dumazet@...il.com>
> ---
>  mm/mempolicy.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/mempolicy.c b/mm/mempolicy.c
> index 81a1276..4a57f13 100644
> --- a/mm/mempolicy.c
> +++ b/mm/mempolicy.c
> @@ -1597,7 +1597,7 @@ unsigned slab_node(struct mempolicy *policy)
>                (void)first_zones_zonelist(zonelist, highest_zoneidx,
>                                                        &policy->v.nodes,
>                                                        &zone);
> -               return zone->node;
> +               return zone ? zone->node : numa_node_id();
>        }
>
>        default:
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ