On Thu, 6 Apr 2006 09:18:45 -0700 John Z. Bohach wrote:
Re: mem= causes oops (was Re: BIOS causes (exposes?) modprobe (load_module) kernel oops)
> I found the root cause, but don't know if its worth fixing. If the board has more than
> 32 PCI busses on it, the mptable bus array will overwrite its bounds for the PCI busses,
> and stomp on anything that's after it. In this case, what got stomped on is the PAGE_KERNEL_EXEC
> variable, which changed the bit-field settings for the page tables (cleared the 'present' bit,
> and screwed up the rest), hence accounting for the page fault.
Well, > 32 busses or just one busid value >= 32.
> This can only happen if there are more than 32 PCI busses, so I'd say its an _extremely_ rare
> condition on a desktop system. At any rate, the fix would simply be to change the value of the
> #define in the mptable.h header file (I forget which exactly, but its easy to find) from 32 to 256.
> The side effect of that is that the kernel data area would grow, and mostly be a total waste,
> since I can't fathom a desktop system with more than 32 PCI busses. On arch's where more than
> 32 PCI busses are likely, the #define is already 256.
I think that the kernel init code should detect and prevent the
data corruption. Here's a patch to do that, by ignoring busses
whose busid value is too large.
~~~
From: Randy Dunlap <[email protected]>
Prevent possible table overflow and unknown data corruption.
Code is in an __init section so it will be discarded after init.
Signed-off-by: Randy Dunlap <[email protected]>
---
arch/i386/kernel/mpparse.c | 7 +++++++
1 files changed, 7 insertions(+)
--- linux-2617-rc1.orig/arch/i386/kernel/mpparse.c
+++ linux-2617-rc1/arch/i386/kernel/mpparse.c
@@ -249,6 +249,13 @@ static void __init MP_bus_info (struct m
mpc_oem_bus_info(m, str, translation_table[mpc_record]);
+ if (m->mpc_busid >= MAX_MP_BUSSES) {
+ printk(KERN_WARNING "MP table busid value (%d) for bustype %s "
+ " is too large, max. supported is %d\n",
+ m->mpc_busid, str, MAX_MP_BUSSES - 1);
+ return;
+ }
+
if (strncmp(str, BUSTYPE_ISA, sizeof(BUSTYPE_ISA)-1) == 0) {
mp_bus_id_to_type[m->mpc_busid] = MP_BUS_ISA;
} else if (strncmp(str, BUSTYPE_EISA, sizeof(BUSTYPE_EISA)-1) == 0) {
---
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]