[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#477270: linux-2.6: slab-fix-bootstrap-on-memoryless-node.patch causes memory corruption



Package: linux-2.6
Version: 2.6.24-5~etchnhalf.1
Severity: grave
Tags: patch
Justification: causes non-serious data loss


slab-fix-bootstrap-on-memoryless-node.patch (commit 
556a169dab38b5100df6f4a45b655dddd3db94c1) in the etchnhalf kernel 
introduces a condition that causes memory corruption in UML (as I have 
experienced), ES7000 nodes (as Daniel Yeisley mention in the fix I will 
mention in a moment), and possibly other scenarios.  In my case, 
"openssl speed rsa1024" returns this:

 Doing 1024 bit private rsa's for 10s: 2249 1024 bit private RSA's in 3.91s
 Doing 1024 bit public rsa's for 10s: RSA verify failure
 12706:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
 12706:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:708:
 1 1024 bit public RSA's in 1.98s

in SKAS4 immediately, or in SKAS3 after a random amount of uptime.  
Though I have yet to notice any "real" data loss as the result of 
corruption.

Commit ec1f5eeeb5a79a0d48036de649a3498da42db565 (attached) fixes this.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
--- Begin Message ---
slab: fix cache_cache bootstrap in kmem_cache_init()

Commit 556a169dab38b5100df6f4a45b655dddd3db94c1 ("slab: fix bootstrap on
memoryless node") introduced bootstrap-time cache_cache list3s for all nodes
but forgot that initkmem_list3 needs to be accessed by [somevalue + node]. This
patch fixes list_add() corruption in mm/slab.c seen on the ES7000.

Cc: Mel Gorman <mel@csn.ul.ie>
Cc: Olaf Hering <olaf@aepfle.de>
Cc: Christoph Lameter <clameter@sgi.com>
Signed-off-by: Dan Yeisley <dan.yeisley@unisys.com>
Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Christoph Lameter <clameter@sgi.com>
---

diff --git a/mm/slab.c b/mm/slab.c
index bb4070e..04b308c 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -1481,7 +1481,7 @@ void __init kmem_cache_init(void)
 	list_add(&cache_cache.next, &cache_chain);
 	cache_cache.colour_off = cache_line_size();
 	cache_cache.array[smp_processor_id()] = &initarray_cache.cache;
-	cache_cache.nodelists[node] = &initkmem_list3[CACHE_CACHE];
+	cache_cache.nodelists[node] = &initkmem_list3[CACHE_CACHE + node];
 
 	/*
 	 * struct kmem_cache size depends on nr_node_ids, which
@@ -1602,7 +1602,7 @@ void __init kmem_cache_init(void)
 		int nid;
 
 		for_each_online_node(nid) {
-			init_list(&cache_cache, &initkmem_list3[CACHE_CACHE], nid);
+			init_list(&cache_cache, &initkmem_list3[CACHE_CACHE + nid], nid);
 
 			init_list(malloc_sizes[INDEX_AC].cs_cachep,
 				  &initkmem_list3[SIZE_AC + nid], nid);


--- End Message ---

Reply to: