From: Lars Ellenberg <lars.ellenberg@linbit.com>
To: PaX Team <pageexec@freemail.hu>
Cc: drbd-dev@lists.linbit.com
Subject: Re: [Drbd-dev] drbd 8.4.3: refcounter overflow on re-sync
Date: Wed, 24 Sep 2014 18:31:06 +0200 [thread overview]
Message-ID: <20140924163106.GH7118@soda.linbit> (raw)
In-Reply-To: <5422E9F6.18603.4C8D74DA@pageexec.freemail.hu>
On Wed, Sep 24, 2014 at 05:57:42PM +0200, PaX Team wrote:
> On 24 Sep 2014 at 14:50, Lars Ellenberg wrote:
>
> > So what PAX really is doing is redefine "atomic_add" and similar to
> > basically become a no-op, if it would overflow.
>
> correct.
> > Might help with debugging. Not with much else.
>
> not correct ;)
> so in short: this is not for debugging, this doesn't replace one bug
> with another, but it does prevent real life exploitation of refcount
> overflow bugs.
It won't make things "work". It probably makes things crash in less
obscure ways, though, I give you that.
> > Anyways, now that I know PAX is really just keeping that counter
> > at a fixed value of INT_MAX in this case, and nothing else,
> > what would have caused DRBD to disconnect/reconnect?
>
> perhaps it's a consequence of the reaction from the kernel on the overflow
> which is equivalent to a SIGKILL with all that it implies (files and network
> connections get closed, etc).
That would be the result of the _ASM_EXTABLE()?
or what causes that "reaction"?
As the process in question in *this* case is a drbd kernel thread, it
does not much care about that KILL. It notices, clears it, and lives on.
But how would KILL'ing an innocent userland process improve the overall
situation? Being a user land process, it cannot possibly be blamed for
an in-kernel counter overflow, so why even kill it?
Lars
next prev parent reply other threads:[~2014-09-24 16:31 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-19 9:49 [Drbd-dev] drbd 8.4.3: refcounter overflow on re-sync Marc Schiffbauer
2014-09-19 14:48 ` Lars Ellenberg
2014-09-19 15:16 ` Marc Schiffbauer
2014-09-23 11:03 ` Lars Ellenberg
2014-09-23 17:08 ` Marc Schiffbauer
2014-09-24 10:04 ` Lars Ellenberg
2014-09-23 18:14 ` Marc Schiffbauer
2014-09-24 10:14 ` Lars Ellenberg
2014-09-24 12:50 ` Lars Ellenberg
2014-09-24 15:57 ` PaX Team
2014-09-24 16:31 ` Lars Ellenberg [this message]
2014-09-24 18:07 ` PaX Team
2014-09-24 21:50 ` Lars Ellenberg
2014-09-24 23:25 ` PaX Team
2014-09-25 0:07 ` Lars Ellenberg
2014-09-27 0:45 ` PaX Team
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140924163106.GH7118@soda.linbit \
--to=lars.ellenberg@linbit.com \
--cc=drbd-dev@lists.linbit.com \
--cc=pageexec@freemail.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.