lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20130820171816.1b759e87.akpm@linux-foundation.org>
Date:	Tue, 20 Aug 2013 17:18:16 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Wanpeng Li <liwanp@...ux.vnet.ibm.com>
Cc:	Dave Hansen <dave.hansen@...ux.intel.com>,
	Rik van Riel <riel@...hat.com>,
	Fengguang Wu <fengguang.wu@...el.com>,
	Joonsoo Kim <iamjoonsoo.kim@....com>,
	Johannes Weiner <hannes@...xchg.org>,
	Tejun Heo <tj@...nel.org>,
	Yasuaki Ishimatsu <isimatu.yasuaki@...fujitsu.com>,
	David Rientjes <rientjes@...gle.com>,
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
	Jiri Kosina <jkosina@...e.cz>, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/4] mm/pgtable: Fix continue to preallocate pmds
 even if failure occurrence

On Wed, 21 Aug 2013 07:39:35 +0800 Wanpeng Li <liwanp@...ux.vnet.ibm.com> wrote:

> >Nope.  If the error path is taken, free_pmds() will free uninitialised
> >items from pmds[], which is a local in pgd_alloc() and contains random
> >stack junk.  The kernel will crash.
> >
> >You could pass an nr_pmds argument to free_pmds(), or zero out the
> >remaining items on the error path.  However, although the current code
> >is a bit kooky, I don't see that it is harmful in any way.
> >
> 
> There is a check in free_pmds():
> 
> if (pmds[i])
> 	free_page((unsigned long)pmds[i]);
> 
> which will avoid the issue you mentioned.

pmds[i] is uninitialized.  It gets allocated
on the stack in pgd_alloc() and does not get zeroed.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ