Re: [PATCH 2.6.14-rc2-mm2] core remove PageReserved

From: Nick Piggin
Date: Tue Oct 11 2005 - 09:40:27 EST

Next message: Alan Cox: "[RFC PATCH] 1/2 EDAC (Core Code)"
Previous message: Junichi Uekawa: "Re: Bug#322309: Debian woody dpkg no longer works with recent linux kernel."
In reply to: Hugh Dickins: "Re: [PATCH 2.6.14-rc2-mm2] core remove PageReserved"
Next in thread: Nick Piggin: "Re: [PATCH 2.6.14-rc2-mm2] core remove PageReserved"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hugh Dickins wrote:

On Tue, 11 Oct 2005, Nick Piggin wrote:

Alan Cox wrote:

32000 processes each with 2G mapped as zero pages appears to allow the
refcount to overflow ?

That's right (though I count only 8192 required with 4K page size) -
close to impossible on 32-bit architectures, though not so the 64-bit
ones, which still use 32-bits for count and mapcount.

It needs 16GB of page table space to get the mapcount to go negative,
or if we refine the atomic_add_negative test, 32GB of page table space
to wrap (I'm assuming an 8-byte PAE page table entries for each unit
of mapcount, since we're well beyond the 4GB non-PAE limit).

Do we actually need to worry about i386 above 32GB in the x86_64 era?

Considering we already run on 64-bit systems with terabytes of
memory and people don't seem to be breaking down your door for
a fix (that I know of), I'd say no :)

I was a bit worried about this too, but Hugh didn't think it was a
really big a deal - I guess because the real solution for the refcount
overflow on 64-bit is to expand the refcount type.

Yes, and I'm imagining some scheme of sharing _count and _mapcount in
a single atomic64, since we don't want to expand struct page for this.
Implement that shortly, unless we find a way to eliminate _mapcount
instead.

But Alan's overflow issue is not new, it's not brought on refcounting
the ZERO_PAGE: sys_remap_file_pages already allows a file page to be
mapped multiple times in single process, without the constriction of
needing lots of vm_area_struct space. ZERO_PAGE is just more obvious.

Right. As a security issue it is nothing new, though probably it will
be eaiser for big 64-bit systems to _unintentionally_ wrap the ZERO_PAGE
refcount.

--
SUSE Labs, Novell Inc.

Send instant messages to your online friends http://au.messenger.yahoo.com -
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "[RFC PATCH] 1/2 EDAC (Core Code)"
Previous message: Junichi Uekawa: "Re: Bug#322309: Debian woody dpkg no longer works with recent linux kernel."
In reply to: Hugh Dickins: "Re: [PATCH 2.6.14-rc2-mm2] core remove PageReserved"
Next in thread: Nick Piggin: "Re: [PATCH 2.6.14-rc2-mm2] core remove PageReserved"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]