Re: [PATCH 2.6.14-rc2-mm2] core remove PageReserved

Hugh Dickins wrote:

On Tue, 11 Oct 2005, Nick Piggin wrote:

Alan Cox wrote:

32000 processes each with 2G mapped as zero pages appears to allow the
refcount to overflow ?


That's right (though I count only 8192 required with 4K page size) -
close to impossible on 32-bit architectures, though not so the 64-bit
ones, which still use 32-bits for count and mapcount.



It needs 16GB of page table space to get the mapcount to go negative,
or if we refine the atomic_add_negative test, 32GB of page table space
to wrap (I'm assuming an 8-byte PAE page table entries for each unit
of mapcount, since we're well beyond the 4GB non-PAE limit).

Do we actually need to worry about i386 above 32GB in the x86_64 era?


Considering we already run on 64-bit systems with terabytes of
memory and people don't seem to be breaking down your door for
a fix (that I know of), I'd say no :)

I was a bit worried about this too, but Hugh didn't think it was a
really big a deal - I guess because the real solution for the refcount
overflow on 64-bit is to expand the refcount type.



Yes, and I'm imagining some scheme of sharing _count and _mapcount in
a single atomic64, since we don't want to expand struct page for this.
Implement that shortly, unless we find a way to eliminate _mapcount
instead.

But Alan's overflow issue is not new, it's not brought on refcounting
the ZERO_PAGE: sys_remap_file_pages already allows a file page to be
mapped multiple times in single process, without the constriction of
needing lots of vm_area_struct space.  ZERO_PAGE is just more obvious.


Right. As a security issue it is nothing new, though probably it will
be eaiser for big 64-bit systems to _unintentionally_ wrap the ZERO_PAGE
refcount.

--
SUSE Labs, Novell Inc.

Send instant messages to your online friends http://au.messenger.yahoo.com-

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [PATCH 2.6.14-rc2-mm2] core remove PageReserved
  - From: Nick Piggin <[email protected]>

References:
- [PATCH 2.6.14-rc2-mm2] core remove PageReserved
  - From: Nick Piggin <[email protected]>
- Re: [PATCH 2.6.14-rc2-mm2] core remove PageReserved
  - From: Alan Cox <[email protected]>
- Re: [PATCH 2.6.14-rc2-mm2] core remove PageReserved
  - From: Nick Piggin <[email protected]>
- Re: [PATCH 2.6.14-rc2-mm2] core remove PageReserved
  - From: Hugh Dickins <[email protected]>

Prev by Date: Re: Bug#322309: Debian woody dpkg no longer works with recent linux kernel.
Next by Date: [RFC PATCH] 1/2 EDAC (Core Code)
Previous by thread: Re: [PATCH 2.6.14-rc2-mm2] core remove PageReserved
Next by thread: Re: [PATCH 2.6.14-rc2-mm2] core remove PageReserved
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]