lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 28 Jan 2014 15:10:18 +0800
From:	Tang Chen <tangchen@...fujitsu.com>
To:	Dave Jones <davej@...hat.com>,
	David Rientjes <rientjes@...gle.com>, tglx@...utronix.de,
	mingo@...hat.com, hpa@...or.com, akpm@...ux-foundation.org,
	zhangyanfei@...fujitsu.com, guz.fnst@...fujitsu.com,
	x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] numa, mem-hotplug: Fix stack overflow in numa when seting
 kernel nodes to unhotpluggable.


Hi Dave,

I think here is the overflow problem. Not the stackoverflow,
but the array index overflow.

Please have a look at the following path:

numa_init()
  |---> numa_register_memblks()
  |      |---> memblock_set_node(memory)		set correct nid in memblock.memory
  |      |---> memblock_set_node(reserved)	set correct nid in 
memblock.reserved
  |      |......
  |      |---> setup_node_data()
  |             |---> memblock_alloc_nid()	here, nid is set to 
MAX_NUMNODES (1024)
  |......
  |---> numa_clear_kernel_node_hotplug()
         |---> node_set()			here, we have an index 1024, and overflowed

For now, I think this is the first problem you mentioned.

Will send a new patch to fix it and do more tests.

Thanks.

On 01/28/2014 01:31 PM, Tang Chen wrote:
> On 01/28/2014 12:47 PM, Dave Jones wrote:
>> On Tue, Jan 28, 2014 at 12:47:11PM +0800, Tang Chen wrote:
>> > On 01/28/2014 11:55 AM, Dave Jones wrote:
>> > > On Tue, Jan 28, 2014 at 11:24:37AM +0800, Tang Chen wrote:
>> > >
>> > > > > I did a bisect with the patch above applied each step of the way.
>> > > > > This time I got a plausible looking result....
>> > > >
>> > > > I cannot reproduce this. Would you please share how to reproduce
>> it ?
>> > > > Or does it just happen during the booting ?
>> > >
>> > > Just during boot. Very early. So early in fact, I have no logging
>> facilities
>> > > like usb-serial, just what is on vga console.
>> > >
>> > > If you want me to add some printk's, I can add a while (1); before
>> > > the part that oopses so we can diagnose further..
>> >
>> > Sure. Would you please do that for me ? Maybe we can find something in
>> > the early log.
>>
>> I was hoping you'd have suggestions what you'd like me to dump ;-)
>
>
> I think I found something.
>
> Since I can reproduce the first problem on 3.10, I found some memory
> ranges in memblock
> have nid = 1024. When we use node_set(), it will crash.
>
> I'll see if we have the same problem on the latest kernel.
>
> [ 0.000000] NUMA: Initialized distance table, cnt=2
> [ 0.000000] NUMA: Warning: node ids are out of bound, from=-1 to=-1
> distance=10
> [ 0.000000] NUMA: Node 0 [mem 0x00000000-0x7fffffff] + [mem
> 0x100000000-0x47fffffff] -> [mem 0x00000000-0x47fffffff]
> [ 0.000000] Initmem setup node 0 [mem 0x00000000-0x47fffffff]
> [ 0.000000] NODE_DATA [mem 0x47ffd9000-0x47fffffff]
> [ 0.000000] Initmem setup node 1 [mem 0x480000000-0x87fffffff]
> [ 0.000000] NODE_DATA [mem 0x87ffbb000-0x87ffe1fff]
> [ 0.000000] AAAA: i = 0, nid = 0
> [ 0.000000] AAAA: i = 1, nid = 0
> [ 0.000000] AAAA: i = 2, nid = 0
> [ 0.000000] AAAA: i = 3, nid = 0
> [ 0.000000] AAAA: i = 4, nid = 1024
> [ 0.000000] AAAA: i = 5, nid = 1024
> [ 0.000000] AAAA: i = 6, nid = 1
> [ 0.000000] AAAA: i = 7, nid = 1
> [ 0.000000] Reserving 128MB of memory at 704MB for crashkernel (System
> RAM: 32406MB)
> [ 0.000000] [ffffea0000000000-ffffea0011ffffff] PMD ->
> [ffff880470200000-ffff88047fdfffff] on node 0
> [ 0.000000] [ffffea0012000000-ffffea0021ffffff] PMD ->
> [ffff88086f600000-ffff88087f5fffff] on node 1
> [ 0.000000] Zone ranges:
> [ 0.000000] DMA [mem 0x00001000-0x00ffffff]
> [ 0.000000] DMA32 [mem 0x01000000-0xffffffff]
> [ 0.000000] Normal [mem 0x100000000-0x87fffffff]
> [ 0.000000] Movable zone start for each node
> [ 0.000000] Early memory node ranges
> [ 0.000000] node 0: [mem 0x00001000-0x00098fff]
> [ 0.000000] node 0: [mem 0x00100000-0x696f7fff]
> [ 0.000000] node 0: [mem 0x100000000-0x47fffffff]
> [ 0.000000] node 1: [mem 0x480000000-0x87fffffff]
>
> Thanks.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ