Re: [PATCH] memcg: avoid "free" overflow inmemcg_hierarchical_free_pages()

From: Johannes Weiner
Date: Tue Nov 09 2010 - 04:10:53 EST

Next message: Yuanhan Liu: "[PATCH 2/4] tracing: introduce trace_set_clr_module_event"
Previous message: Sergey Senozhatsky: "Re: suspicious rcu_dereference_check() usage splat"
In reply to: Greg Thelen: "[PATCH] memcg: avoid "free" overflow in memcg_hierarchical_free_pages()"
Next in thread: KAMEZAWA Hiroyuki: "Re: [PATCH] memcg: avoid "free" overflow inmemcg_hierarchical_free_pages()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 09, 2010 at 12:54:13AM -0800, Greg Thelen wrote:
> memcg limit and usage values are stored in res_counter, as 64-bit
> numbers, even on 32-bit machines. The "free" variable in
> memcg_hierarchical_free_pages() stores the difference between two
> 64-bit numbers (limit - current_usage), and thus should be stored
> in a 64-bit local rather than a machine defined unsigned long.

It is converted to pages before the assignment, but even that might
overflow on 32-bit if the difference is sufficiently large (> 1<<44).

> Reported-by: Daisuke Nishimura <nishimura@xxxxxxxxxxxxxxxxx>
> Signed-off-by: Greg Thelen <gthelen@xxxxxxxxxx>

Reviewed-by: Johannes Weiner <hannes@xxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Yuanhan Liu: "[PATCH 2/4] tracing: introduce trace_set_clr_module_event"
Previous message: Sergey Senozhatsky: "Re: suspicious rcu_dereference_check() usage splat"
In reply to: Greg Thelen: "[PATCH] memcg: avoid "free" overflow in memcg_hierarchical_free_pages()"
Next in thread: KAMEZAWA Hiroyuki: "Re: [PATCH] memcg: avoid "free" overflow inmemcg_hierarchical_free_pages()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]