Re: [PATCH, V2] i386: instead of poisoning .init zone, change protection bits to force a fault

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Eric Dumazet <dada1@cosmosbay.com>
To: Andrew Morton <akpm@osdl.org>
Cc: bcrl@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH, V2] i386: instead of poisoning .init zone, change protection bits to force a fault
Date: Mon, 06 Feb 2006 10:02:02 +0100	[thread overview]
Message-ID: <43E7108A.8030001@cosmosbay.com> (raw)
In-Reply-To: <20060204144111.7e33569f.akpm@osdl.org>

Andrew Morton a écrit :
> Eric Dumazet <dada1@cosmosbay.com> wrote:
>>
>> Chasing some invalid accesses to .init zone, I found that free_init_pages() 
>> was properly freeing the pages but virtual was still usable.
>>
>> A poisoning (memset(page, 0xcc, PAGE_SIZE)) was done but this is not reliable.
>>
>> A new config option DEBUG_INITDATA is introduced to mark this initdata as not 
>> present at all so that buggy code can trigger a fault.
>>
>> This option is not meant for production machines because it may split one or 
>> two huge page (2MB or 4MB) into small pages and thus slow down kernel a bit.
>>
>> (After that we could map non possible cpu percpu data to the initial 
>> percpudata that is included in .init and discarded in free_initmem())
>>
>> ...
>>
>> --- a/arch/i386/mm/init.c	2006-01-25 10:17:24.000000000 +0100
>> +++ b/arch/i386/mm/init.c	2006-01-29 22:38:53.000000000 +0100
>> @@ -750,11 +750,18 @@
>>  	for (addr = begin; addr < end; addr += PAGE_SIZE) {
>>  		ClearPageReserved(virt_to_page(addr));
>>  		set_page_count(virt_to_page(addr), 1);
>> +#ifdef CONFIG_DEBUG_INITDATA
>> +		change_page_attr(virt_to_page(addr), 1, __pgprot(0));
>> +#else
>>  		memset((void *)addr, 0xcc, PAGE_SIZE);
>> +#endif
>>  		free_page(addr);
>>  		totalram_pages++;
>>  	}
>>  	printk(KERN_INFO "Freeing %s: %ldk freed\n", what, (end - begin) >> 10);
>> +#ifdef CONFIG_DEBUG_INITDATA
>> +	global_flush_tlb();
>> +#endif
>>  }
>>  
> 
> This doesn't seem very pointful.
> 
> We unmap the page, then return it to the page allocator.  Then someone
> reallocates the page, tries to use it and goes oops.
> 
> If CONFIG_DEBUG_PAGEALLOC is also set, the kernel will remap the page when
> it's allocated and everything works OK.  So this patch requires
> CONFIG_DEBUG_PAGEALLOC.
> 
> But if CONFIG_DEBUG_PAGEALLOC is set, we'll have unmapped that page in
> free_page() _anyway_, so why bother using this patch?
> 
> The only enhancement I can think of here is to not free the page, so it's
> permanently leaked and permanently unmapped.
> 
> --- devel/arch/i386/mm/init.c~i386-instead-of-poisoning-init-zone-change-protection-fix	2006-02-04 14:33:33.000000000 -0800
> +++ devel-akpm/arch/i386/mm/init.c	2006-02-04 14:34:07.000000000 -0800
> @@ -751,11 +751,15 @@ void free_init_pages(char *what, unsigne
>  		ClearPageReserved(virt_to_page(addr));
>  		set_page_count(virt_to_page(addr), 1);
>  #ifdef CONFIG_DEBUG_INITDATA
> +		/*
> +		 * Unmap the page, and leak it.  So any further accesses will
> +		 * oops.
> +		 */
>  		change_page_attr(virt_to_page(addr), 1, __pgprot(0));
>  #else
>  		memset((void *)addr, 0xcc, PAGE_SIZE);
> -#endif
>  		free_page(addr);
> +#endif
>  		totalram_pages++;
>  	}
>  	printk(KERN_INFO "Freeing %s: %ldk freed\n", what, (end - begin) >> 10);

I wonder if you dont have to move the 'totalram_pages++;' next to the 
free_page(addr) call (ie inside the #else/#endif block)

Eric

next prev parent reply	other threads:[~2006-02-06  9:02 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-01-29  6:26 [PATCH] i386: Add a temporary to make put_user more type safe Eric W. Biederman
2006-01-29  6:39 ` Andrew Morton
2006-01-29  6:49   ` Eric W. Biederman
2006-01-29  7:51     ` Andrew Morton
     [not found]       ` <200601291620.28291.ioe-lkml@rameria.de>
2006-01-29 19:33         ` Andrew Morton
2006-01-29 20:04           ` [PATCH] i386: instead of poisoning .init zone, change protection bits to force a fault Eric Dumazet
2006-01-29 20:05             ` Benjamin LaHaise
2006-01-29 20:28               ` Eric Dumazet
2006-01-29 20:56               ` [PATCH, V2] " Eric Dumazet
2006-01-30  9:03                 ` Questions about alloc_large_system_hash() and TLB entries Eric Dumazet
2006-01-30  9:22                   ` David S. Miller
2006-01-30 10:22                     ` Eric Dumazet
2006-02-04 22:41                 ` [PATCH, V2] i386: instead of poisoning .init zone, change protection bits to force a fault Andrew Morton
2006-02-05 17:03                   ` Eric Dumazet
2006-02-05 19:42                     ` Andrew Morton
2006-02-06  8:53                       ` Eric Dumazet
2006-02-06  9:02                   ` Eric Dumazet [this message]
2006-02-06  9:28                     ` Andrew Morton
2006-02-06 10:07                       ` Eric Dumazet
2006-02-06 10:16                         ` Andrew Morton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43E7108A.8030001@cosmosbay.com \
    --to=dada1@cosmosbay.com \
    --cc=akpm@osdl.org \
    --cc=bcrl@kvack.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox