From: Marcelo Tosatti <marcelo.tosatti@cyclades.com>
To: Stas Sergeev <stsp@aknet.ru>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Bug in VM accounting code, probably exploitable
Date: Thu, 20 May 2004 16:43:59 -0300 [thread overview]
Message-ID: <20040520194358.GE19922@logos.cnet> (raw)
In-Reply-To: <40A12E83.7030209@aknet.ru>
On Tue, May 11, 2004 at 11:50:27PM +0400, Stas Sergeev wrote:
>
> Hello.
>
> As far as I know, if overcommit is
> disabled, the OOM kill should never
> happen.
> It seems to be the bug in the linux
> kernel though (any version I think,
> probably also including 2.4.x), which
> makes it possible to overcommit almost
> arbitrary and provoke an OOM kill
> afterwards.
> Attached is a program that demonstrates
> the bug. Don't forget to "swapoff -a"
> before starting it, or touching pages
> will take eternity. And the amount of
> RAM must be <1Gb, or the prog will not
> work:)
>
> On 2.4.25 I get:
> ---
> May 11 22:28:18 lin kernel: __alloc_pages: 0-order allocation failed
> (gfp=0x1d2/0)
> May 11 22:28:20 lin syslogd: /var/log/debug: Cannot allocate memory
> May 11 22:28:18 lin kernel: VM: killing process mozilla-bin
> May 11 22:28:18 lin kernel: __alloc_pages: 0-order allocation failed
> (gfp=0x1f0/0)
> May 11 22:28:20 lin kernel: __alloc_pages: 0-order allocation failed
> (gfp=0x1d2/0)
> May 11 22:28:21 lin kernel: __alloc_pages: 0-order allocation failed
> (gfp=0x1d2/0)
> May 11 22:28:21 lin kernel: VM: killing process X
> May 11 22:28:21 lin gnome-name-server[1254]: input condition is: 0x11,
> exiting
> May 11 22:29:00 lin kernel: __alloc_pages: 0-order allocation failed
> (gfp=0x1d2/0)
> May 11 22:29:00 lin kernel: VM: killing process overc_test
> ---
> As you can see, the program caused many
> other processes to be killed, before it
> died itself.
About v2.4, can you try v2.4.26 with CONFIG_OOM_KILLER=y ?
As for the overcommit, I think it has always been "broken"? (its always
possible to overcommit).
next prev parent reply other threads:[~2004-05-20 19:43 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-11 19:50 Bug in VM accounting code, probably exploitable Stas Sergeev
2004-05-11 20:45 ` Hugh Dickins
2004-05-20 19:43 ` Marcelo Tosatti [this message]
2004-05-22 12:46 ` Stas Sergeev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040520194358.GE19922@logos.cnet \
--to=marcelo.tosatti@cyclades.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stsp@aknet.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.