From: Marcelo Tosatti <marcelo.tosatti@cyclades.com>
To: Stas Sergeev <stsp@aknet.ru>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Bug in VM accounting code, probably exploitable
Date: Thu, 20 May 2004 16:43:59 -0300 [thread overview]
Message-ID: <20040520194358.GE19922@logos.cnet> (raw)
In-Reply-To: <40A12E83.7030209@aknet.ru>
On Tue, May 11, 2004 at 11:50:27PM +0400, Stas Sergeev wrote:
>
> Hello.
>
> As far as I know, if overcommit is
> disabled, the OOM kill should never
> happen.
> It seems to be the bug in the linux
> kernel though (any version I think,
> probably also including 2.4.x), which
> makes it possible to overcommit almost
> arbitrary and provoke an OOM kill
> afterwards.
> Attached is a program that demonstrates
> the bug. Don't forget to "swapoff -a"
> before starting it, or touching pages
> will take eternity. And the amount of
> RAM must be <1Gb, or the prog will not
> work:)
>
> On 2.4.25 I get:
> ---
> May 11 22:28:18 lin kernel: __alloc_pages: 0-order allocation failed
> (gfp=0x1d2/0)
> May 11 22:28:20 lin syslogd: /var/log/debug: Cannot allocate memory
> May 11 22:28:18 lin kernel: VM: killing process mozilla-bin
> May 11 22:28:18 lin kernel: __alloc_pages: 0-order allocation failed
> (gfp=0x1f0/0)
> May 11 22:28:20 lin kernel: __alloc_pages: 0-order allocation failed
> (gfp=0x1d2/0)
> May 11 22:28:21 lin kernel: __alloc_pages: 0-order allocation failed
> (gfp=0x1d2/0)
> May 11 22:28:21 lin kernel: VM: killing process X
> May 11 22:28:21 lin gnome-name-server[1254]: input condition is: 0x11,
> exiting
> May 11 22:29:00 lin kernel: __alloc_pages: 0-order allocation failed
> (gfp=0x1d2/0)
> May 11 22:29:00 lin kernel: VM: killing process overc_test
> ---
> As you can see, the program caused many
> other processes to be killed, before it
> died itself.
About v2.4, can you try v2.4.26 with CONFIG_OOM_KILLER=y ?
As for the overcommit, I think it has always been "broken"? (its always
possible to overcommit).
next prev parent reply other threads:[~2004-05-20 19:43 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-11 19:50 Bug in VM accounting code, probably exploitable Stas Sergeev
2004-05-11 20:45 ` Hugh Dickins
2004-05-20 19:43 ` Marcelo Tosatti [this message]
2004-05-22 12:46 ` Stas Sergeev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040520194358.GE19922@logos.cnet \
--to=marcelo.tosatti@cyclades.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stsp@aknet.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox