Re: [RFC][PATCH 2/7] RSS controller core

From: Eric W. Biederman
Date: Thu Mar 15 2007 - 20:57:29 EST

Next message: Jean Tourrilhes: "[PATCH 2.6.20] pwc : Cisco VT Camera support"
Previous message: Thomas Glanzmann: "Re: sky2 PHY setup"
In reply to: Dave Hansen: "Re: [RFC][PATCH 2/7] RSS controller core"
Next in thread: Mel Gorman: "Re: [RFC][PATCH 2/7] RSS controller core"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> writes:

>> stuff is happening by comparing page->count and page->_mapcount, but it
>> certainly wouldn't be conclusive. But, does this kind of nonsense even
>> happen in practice?
>
> "Is it useful for me as a bad guy to make it happen ?"

To create a DOS attack.

- Allocate some memory you know your victim will want in the future,
(shared libraries and the like).
- Wait until your victim is using the memory you allocated.
- Terminate your memory resource group.
- Victim is pushed over memory limits by your exiting.
- Victim can no longer allocate memory
- Victim dies

It's not quite that easy unless your victim calls mlockall(MCL_FUTURE),
but the potential is clearly there.

Am I missing something? Or is this fundamental to any first touch scenario?

I just know I have problems with first touch because it is darn hard to
reason about.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jean Tourrilhes: "[PATCH 2.6.20] pwc : Cisco VT Camera support"
Previous message: Thomas Glanzmann: "Re: sky2 PHY setup"
In reply to: Dave Hansen: "Re: [RFC][PATCH 2/7] RSS controller core"
Next in thread: Mel Gorman: "Re: [RFC][PATCH 2/7] RSS controller core"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]