| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Jun 2014 11:19:09 +0200
From: Vlastimil Babka <vbabka@...e.cz>
To: x86@...nel.org
Cc: linux-kernel@...r.kernel.org, Vlastimil Babka <vbabka@...e.cz>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>
Subject: [PATCH] x86-32: do not populate physnode_map for nodes without NODE_DATA
BUG: unable to handle kernel paging request at 000010bc
IP: [<c031c4f9>] compaction_alloc+0xa9/0x1b0
*pdpt = 000000003651e001 *pde = 0000000000000000
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: cfi_drv(O) reiserfs ses enclosure usb_storage fuse binfmt_misc nfsv3 nfs_acl nfsv4 nfs fscache lockd sunrpc snd_hda_codec_hdmi nikal(PO) memainUSB(O) memainPCI(O) ppdev parport_pc lp parport intel_powerclamp kvm_intel kvm crc32_pclmul aesni_intel ablk_helper cryptd lrw aes_i586 xts gf128mul pcspkr serio_raw snd_hda_codec_realtek mptctl snd_hda_intel snd_hda_codec snd_hwdep joydev snd_pcm firewire_ohci iTCO_wdt firewire_core iTCO_vendor_support crc_itu_t snd_timer nouveau snd hp_wmi ttm sparse_keymap drm_kms_helper rfkill soundcore drm i7core_edac snd_page_alloc mxm_wmi video edac_core wmi acpi_cpufreq mperf dm_mod autofs4 af_packet loop sg tpm_tis tpm tpm_bios coretemp crc32c_intel gpio_ich mptsas mptscsih mptbase scsi_transport_sas tg3 libphy lpc_ich sr_mod cdrom mfd_core ptp pps_core nvidiafb fb_ddc i2c_algo_bit vgastate shpchp button processor thermal_sys
CPU: 5 PID: 10087 Comm: kwin Tainted: P O 3.11.10-60.ge7b4603-desktop #1
Hardware name: Hewlett-Packard HP Z800 Workstation/0AECh, BIOS 786G5 v03.54 11/02/2011
task: f69b20f0 ti: efda6000 task.ti: efda6000
EIP: 0060:[<c031c4f9>] EFLAGS: 00210202 CPU: 5
EIP is at compaction_alloc+0xa9/0x1b0
EAX: 00000000 EBX: efda7d6c ECX: 000371fe EDX: 00168e02
ESI: 001a0000 EDI: 00000000 EBP: 00000000 ESP: efda7c90
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
CR0: 80050033 CR2: 000010bc CR3: 2e7ef000 CR4: 000007f0
Stack:
efda7d6c 00037e00 00038220 f6389700 001a0000 00038220 f30e944c c031c450
f30e945c f30e9438 c0346cd6 efda7d8c efda7d9c efda7d74 c031c450 efda7d6c
00000000 00000000 00000020 efda7d74 00000000 00000000 00000000 00000000
Call Trace:
[<c0346cd6>] migrate_pages+0x96/0x590
[<c031d198>] compact_zone+0x298/0x410
[<c031d5f7>] try_to_compact_pages+0x127/0x180
[<c0714f82>] __alloc_pages_direct_compact+0x91/0x18f
[<c03076ee>] __alloc_pages_nodemask+0x4ce/0x870
[<c033d7eb>] alloc_pages_vma+0x7b/0x130
[<c034bf93>] do_huge_pmd_anonymous_page+0x173/0x440
[<c032474d>] handle_mm_fault+0x32d/0x6d0
[<c071ff25>] __do_page_fault+0x1a5/0x540
[<c071da1f>] error_code+0x67/0x6c
[<b535532f>] 0xb535532e
Code: 3b 6b 14 72 0f e9 03 01 00 00 3b 7b 14 90 8d 74 26 00 73 68 89 f0 c1 e8 0e 0f be 80 60 38 b2 c0 85 c0 78 4c 8b 04 85 40 38 b2 c0 <8b> 90 bc 10 00 00 03 90 b4 10 00 00 39 f2 76 35 89 f2 2b 90 b4
EIP: [<c031c4f9>] compaction_alloc+0xa9/0x1b0 SS:ESP 0068:efda7c90
CR2: 00000000000010bc
---[ end trace a53e5e76bb90d371 ]---
The error occurs in isolate_freepages() calling pfn_valid() on a pfn that's
one past the end of last zone in Node 0, and should be the first pfn of the
first zone in Node 1. Dmesg reveals that NODE_DATA for Node 1 has not been
allocated, yet physnode_map was populated for Node 1, so pfn_valid() accesses
a NULL pointer in node_data[1].
This particular kernel was missing commit f3d815cb85 ("x86/mm/numa: Fix 32-bit
kernel NUMA boot") which would make NODE_DATA allocated. However, even with
that commit the code allows a situation where NODE_DATA is not allocated for a
node, and therefore physnode_map should not be populated for the node.
This patch checks if NODE_DATA is non-NULL before populating physnode_map for
the node.
Reported-and-tested-by: Martin Konold <external.martin.konold@...bosch.com>
Link: https://bugzilla.novell.com/show_bug.cgi?id=881727
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: Ingo Molnar <mingo@...hat.com>
Cc: H. Peter Anvin <hpa@...or.com>
Signed-off-by: Vlastimil Babka <vbabka@...e.cz>
---
arch/x86/mm/numa_32.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/x86/mm/numa_32.c b/arch/x86/mm/numa_32.c
index 47b6436..cc933ca 100644
--- a/arch/x86/mm/numa_32.c
+++ b/arch/x86/mm/numa_32.c
@@ -50,6 +50,11 @@ void memory_present(int nid, unsigned long start, unsigned long end)
printk(KERN_INFO "Node: %d, start_pfn: %lx, end_pfn: %lx\n",
nid, start, end);
+ if (!NODE_DATA(nid)) {
+ printk(KERN_INFO "Node %d has no NODE_DATA, not populating "
+ "physnode_map\n", nid);
+ return;
+ }
printk(KERN_DEBUG " Setting physnode_map array to node %d for pfns:\n", nid);
printk(KERN_DEBUG " ");
start = round_down(start, PAGES_PER_SECTION);
--
1.8.4.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists