1. 16 Apr, 2008 1 commit
    • Ingo Molnar's avatar
      mm: sparsemem memory_present() fix · bead9a3a
      Ingo Molnar authored
      Fix memory corruption and crash on 32-bit x86 systems.
      
      If a !PAE x86 kernel is booted on a 32-bit system with more than 4GB of
      RAM, then we call memory_present() with a start/end that goes outside
      the scope of MAX_PHYSMEM_BITS.
      
      That causes this loop to happily walk over the limit of the sparse
      memory section map:
      
          for (pfn = start; pfn < end; pfn += PAGES_PER_SECTION) {
                      unsigned long section = pfn_to_section_nr(pfn);
                      struct mem_section *ms;
      
                      sparse_index_init(section, nid);
                      set_section_nid(section, nid);
      
                      ms = __nr_to_section(section);
                      if (!ms->section_mem_map)
                              ms->section_mem_map = sparse_encode_early_nid(nid) |
      			                                SECTION_MARKED_PRESENT;
      
      'ms' will be out of bounds and we'll corrupt a small amount of memory by
      encoding the node ID and writing SECTION_MARKED_PRESENT (==0x1) over it.
      
      The corruption might happen when encoding a non-zero node ID, or due to
      the SECTION_MARKED_PRESENT which is 0x1:
      
      	mmzone.h:#define	SECTION_MARKED_PRESENT	(1UL<<0)
      
      The fix is to sanity check anything the architecture passes to
      sparsemem.
      
      This bug seems to be rather old (as old as sparsemem support itself),
      but the exact incarnation depended on random details like configs, which
      made this bug more prominent in v2.6.25-to-be.
      
      An additional enhancement might be to print a warning about ignored or
      trimmed memory ranges.
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      Tested-by: default avatarChristoph Lameter <clameter@sgi.com>
      Cc: Pekka Enberg <penberg@cs.helsinki.fi>
      Cc: Mel Gorman <mel@csn.ul.ie>
      Cc: Nick Piggin <npiggin@suse.de>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Rafael J. Wysocki <rjw@sisk.pl>
      Cc: Yinghai Lu <Yinghai.Lu@sun.com>
      Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      bead9a3a
  2. 15 Apr, 2008 7 commits
  3. 14 Apr, 2008 18 commits
  4. 13 Apr, 2008 10 commits
  5. 12 Apr, 2008 4 commits