Bug#477270: linux-2.6: slab-fix-bootstrap-on-memoryless-node.patch causes memory corruption

Mon, 21 Apr 2008 23:57:25 -0700 

Package: linux-2.6
Version: 2.6.24-5~etchnhalf.1
Severity: grave
Tags: patch
Justification: causes non-serious data loss


slab-fix-bootstrap-on-memoryless-node.patch (commit 
556a169dab38b5100df6f4a45b655dddd3db94c1) in the etchnhalf kernel 
introduces a condition that causes memory corruption in UML (as I have 
experienced), ES7000 nodes (as Daniel Yeisley mention in the fix I will 
mention in a moment), and possibly other scenarios.  In my case, 
"openssl speed rsa1024" returns this:

 Doing 1024 bit private rsa's for 10s: 2249 1024 bit private RSA's in 3.91s
 Doing 1024 bit public rsa's for 10s: RSA verify failure
 12706:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is 
not 01:rsa_pk1.c:100:
 12706:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check 
failed:rsa_eay.c:708:
 1 1024 bit public RSA's in 1.98s

in SKAS4 immediately, or in SKAS3 after a random amount of uptime.  
Though I have yet to notice any "real" data loss as the result of 
corruption.

Commit ec1f5eeeb5a79a0d48036de649a3498da42db565 (attached) fixes this.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
--- Begin Message --- 
slab: fix cache_cache bootstrap in kmem_cache_init()

Commit 556a169dab38b5100df6f4a45b655dddd3db94c1 ("slab: fix bootstrap on
memoryless node") introduced bootstrap-time cache_cache list3s for all nodes
but forgot that initkmem_list3 needs to be accessed by [somevalue + node]. This
patch fixes list_add() corruption in mm/slab.c seen on the ES7000.

Cc: Mel Gorman <[EMAIL PROTECTED]>
Cc: Olaf Hering <[EMAIL PROTECTED]>
Cc: Christoph Lameter <[EMAIL PROTECTED]>
Signed-off-by: Dan Yeisley <[EMAIL PROTECTED]>
Signed-off-by: Pekka Enberg <[EMAIL PROTECTED]>
Signed-off-by: Christoph Lameter <[EMAIL PROTECTED]>
---

diff --git a/mm/slab.c b/mm/slab.c
index bb4070e..04b308c 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -1481,7 +1481,7 @@ void __init kmem_cache_init(void)
        list_add(&cache_cache.next, &cache_chain);
        cache_cache.colour_off = cache_line_size();
        cache_cache.array[smp_processor_id()] = &initarray_cache.cache;
-       cache_cache.nodelists[node] = &initkmem_list3[CACHE_CACHE];
+       cache_cache.nodelists[node] = &initkmem_list3[CACHE_CACHE + node];
 
        /*
         * struct kmem_cache size depends on nr_node_ids, which
@@ -1602,7 +1602,7 @@ void __init kmem_cache_init(void)
                int nid;
 
                for_each_online_node(nid) {
-                       init_list(&cache_cache, &initkmem_list3[CACHE_CACHE], 
nid);
+                       init_list(&cache_cache, &initkmem_list3[CACHE_CACHE + 
nid], nid);
 
                        init_list(malloc_sizes[INDEX_AC].cs_cachep,
                                  &initkmem_list3[SIZE_AC + nid], nid);

--- End Message ---

Reply via email to