Re: PGD mumap bug
Jakub Jelinek (jj@sunsite.ms.mff.cuni.cz)
Tue, 2 Jun 1998 13:32:32 +0200 (MET DST)
> I've been investigating the PTE "bug" that was released on bugtraq
> last week. I've determined that there is a bug in the mumap process.
>
> Specifically you can run the exploit program (just does an mmap and
> munmap for each 4MB page in the process VMA) and hit Shift-Scrollock
> and watch the free pages fluctuate (the process uses 783 GFP_KERNEL
> pages, even though it's called munmap for every mapping).
>
> The problem is this:
>
> mmap simply sets up a number of page table entries to alias a chunk
> of memory to a file/device/etc. When munmap is called, it calls
> zap_page_range on the mmap. The problem is that when zap_page_range
> is called, the pgd for that segment is not unallocated once it becomes
> unused. So, you have a superfluous, unused pgd for each 4MB chunk
> in the 3GB VMA of the process. I've tried hacking zap_page_range
> and munmap to free the pgd, but all I succeed in doing is getting
> a real fast reboot when init starts ;(
I'm working on a solution for this, in fact not for the sake of free memory,
but to increase exit speed. I'll see if that ever might get accepted.
Stay tuned.
Cheers,
Jakub
___________________________________________________________________
Jakub Jelinek | jj@sunsite.mff.cuni.cz | http://sunsite.mff.cuni.cz
Administrator of SunSITE Czech Republic, MFF, Charles University
___________________________________________________________________
Ultralinux - first 64bit OS to take full power of the UltraSparc
Linux version 2.1.103 on a sparc64 machine (498.80 BogoMips).
___________________________________________________________________
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu