From: Eric Dumazet Chasing some invalid accesses to .init zone, I found that free_init_pages() was properly freeing the pages but virtual was still usable. A poisoning (memset(page, 0xcc, PAGE_SIZE)) was done but this is not reliable. A new config option DEBUG_INITDATA is introduced to mark this initdata as not present at all so that buggy code can trigger a fault. This option is not meant for production machines because it may split one or two huge page (2MB or 4MB) into small pages and thus slow down kernel a bit. (After that we could map non possible cpu percpu data to the initial percpudata that is included in .init and discarded in free_initmem()) Signed-off-by: Eric Dumazet Signed-off-by: Andrew Morton --- arch/i386/Kconfig.debug | 12 ++++++++++++ arch/i386/mm/init.c | 11 +++++++++++ 2 files changed, 23 insertions(+) diff -puN arch/i386/Kconfig.debug~i386-instead-of-poisoning-init-zone-change-protection arch/i386/Kconfig.debug --- devel/arch/i386/Kconfig.debug~i386-instead-of-poisoning-init-zone-change-protection 2006-02-10 02:13:04.000000000 -0800 +++ devel-akpm/arch/i386/Kconfig.debug 2006-02-10 02:13:04.000000000 -0800 @@ -61,6 +61,18 @@ config DEBUG_RODATA portion of the kernel code won't be covered by a 2MB TLB anymore. If in doubt, say "N". +config DEBUG_INITDATA + bool "Read/Write protect kernel init data structures" + depends on DEBUG_KERNEL + help + The init data is normally freed when kernel has booted. + Some code may still try to read or write to data in this area. + If you say Y here, the kernel will mark this zone as not readable + or writeable at all. Buggy code will then fault. + This option may have a slight performance impact because a + portion of the kernel code won't be covered by a 2MB TLB anymore. + If in doubt, say "N". + config 4KSTACKS bool "Use 4Kb for kernel stacks instead of 8Kb" depends on DEBUG_KERNEL diff -puN arch/i386/mm/init.c~i386-instead-of-poisoning-init-zone-change-protection arch/i386/mm/init.c --- devel/arch/i386/mm/init.c~i386-instead-of-poisoning-init-zone-change-protection 2006-02-10 02:13:04.000000000 -0800 +++ devel-akpm/arch/i386/mm/init.c 2006-02-10 02:13:06.000000000 -0800 @@ -750,11 +750,22 @@ void free_init_pages(char *what, unsigne for (addr = begin; addr < end; addr += PAGE_SIZE) { ClearPageReserved(virt_to_page(addr)); init_page_count(virt_to_page(addr)); +#ifdef CONFIG_DEBUG_INITDATA + /* + * Unmap the page, and leak it. So any further accesses will + * oops. + */ + change_page_attr(virt_to_page(addr), 1, __pgprot(0)); +#else memset((void *)addr, 0xcc, PAGE_SIZE); free_page(addr); totalram_pages++; +#endif } printk(KERN_INFO "Freeing %s: %ldk freed\n", what, (end - begin) >> 10); +#ifdef CONFIG_DEBUG_INITDATA + global_flush_tlb(); +#endif } void free_initmem(void) _