Re: [RFC] [PATCH] cpuset operations causes Badness at mm/slab.c:777warning

From: Christoph Lameter
Date: Fri Jun 01 2007 - 19:17:31 EST

Next message: Russell King: "Re: [PATCH RT] Fix NR_syscalls in ARM"
Previous message: Rafael J. Wysocki: "Re: 2.6.22-rc3 hibernate(?) fails totally - regression"
In reply to: Andrew Morton: "Re: [RFC] [PATCH] cpuset operations causes Badness at mm/slab.c:777warning"
Next in thread: Christoph Lameter: "Re: [RFC] [PATCH] cpuset operations causes Badness at mm/slab.c:777warning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> So a kmalloc(62) would get upped to 66, so we allocate from size-128
> and put the number 62 at bytes 124-127 and we poison bytes 62-123?

Hmmm... We are going rapidly here. This is a patch that I am testing right
now. It right adjust the object and the patch is manageable:

SLUB mm-only: Right align kmalloc objects to trigger overwrite detection

Right align kmalloc objects if they are less than the full kmalloc slab size.
This will move the object to be flush with the end of the object in order
to allow the easy detection of writes / reads after the end of the kmalloc
object.

Without slub_debug overwrites will destroy the free pointer of the next object
or the next object. Read will yield garbage that is likely zero.

With slub_debug redzone checks will be triggered. Reads will read redzone
poison.

This patch is only for checking things out. There are issues:

1. Alignment of kmalloc objects may now be different. In particular
objects whose size is not a multiple of wordsize may be not word alignmed.

2. __kmalloc and kfree need to touch an additional cacheline in
struct kmem_cache thereby reducing performance.

3. An object allocated via kmalloc may no longer be freed via kmem_cache_free.

So we need to figure out some may to make this configurable. Preferably
runtime configurable.

Signed-off-by: Christoph Lameter <clameter@xxxxxxx>

---
include/linux/slub_def.h | 22 +++++++++++++++++++---
mm/slub.c | 11 ++++++++---
2 files changed, 27 insertions(+), 6 deletions(-)

Index: slub/include/linux/slub_def.h
===================================================================
--- slub.orig/include/linux/slub_def.h 2007-06-01 15:56:42.000000000 -0700
+++ slub/include/linux/slub_def.h 2007-06-01 16:00:03.000000000 -0700
@@ -120,6 +120,19 @@ static inline struct kmem_cache *kmalloc
return &kmalloc_caches[index];
}

+static inline unsigned long kmalloc_size(size_t size)
+{
+ int index = kmalloc_index(size);
+
+ if (index >= KMALLOC_SHIFT_LOW)
+ return 1 << index;
+
+ if (index == 2)
+ return 192;
+ return 96;
+}
+
+
#ifdef CONFIG_ZONE_DMA
#define SLUB_DMA __GFP_DMA
#else
@@ -135,7 +148,8 @@ static inline void *kmalloc(size_t size,
if (!s)
return NULL;

- return kmem_cache_alloc(s, flags);
+ return kmem_cache_alloc(s, flags)
+ + kmalloc_size(size) - size;
} else
return __kmalloc(size, flags);
}
@@ -148,7 +162,8 @@ static inline void *kzalloc(size_t size,
if (!s)
return NULL;

- return kmem_cache_zalloc(s, flags);
+ return kmem_cache_zalloc(s, flags)
+ + kmalloc_size(size) - size;
} else
return __kzalloc(size, flags);
}
@@ -159,7 +174,8 @@ extern void *__kmalloc_node(size_t size,
static inline void *kmalloc_node(size_t size, gfp_t flags, int node)
{
if (__builtin_constant_p(size) && !(flags & SLUB_DMA)) {
- struct kmem_cache *s = kmalloc_slab(size);
+ struct kmem_cache *s = kmalloc_slab(size) +
+ kmalloc_size(size) - size;

if (!s)
return NULL;
Index: slub/mm/slub.c
===================================================================
--- slub.orig/mm/slub.c 2007-06-01 15:51:05.000000000 -0700
+++ slub/mm/slub.c 2007-06-01 16:15:21.000000000 -0700
@@ -2283,9 +2283,10 @@ static struct kmem_cache *get_slab(size_
void *__kmalloc(size_t size, gfp_t flags)
{
struct kmem_cache *s = get_slab(size, flags);
+ int offset = size - s->size;

if (s)
- return slab_alloc(s, flags, -1, __builtin_return_address(0));
+ return slab_alloc(s, flags, -1, __builtin_return_address(0)) + offset;
return NULL;
}
EXPORT_SYMBOL(__kmalloc);
@@ -2294,9 +2295,10 @@ EXPORT_SYMBOL(__kmalloc);
void *__kmalloc_node(size_t size, gfp_t flags, int node)
{
struct kmem_cache *s = get_slab(size, flags);
+ int offset = size - s->size;

if (s)
- return slab_alloc(s, flags, node, __builtin_return_address(0));
+ return slab_alloc(s, flags, node, __builtin_return_address(0)) + offset;
return NULL;
}
EXPORT_SYMBOL(__kmalloc_node);
@@ -2337,6 +2339,7 @@ void kfree(const void *x)
{
struct kmem_cache *s;
struct page *page;
+ unsigned long addr = (unsigned long) x;

if (!x)
return;
@@ -2344,7 +2347,9 @@ void kfree(const void *x)
page = virt_to_head_page(x);
s = page->slab;

- slab_free(s, page, (void *)x, __builtin_return_address(0));
+ addr &= ~((unsigned long)s->size - 1);
+
+ slab_free(s, page, (void *)addr, __builtin_return_address(0));
}
EXPORT_SYMBOL(kfree);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Russell King: "Re: [PATCH RT] Fix NR_syscalls in ARM"
Previous message: Rafael J. Wysocki: "Re: 2.6.22-rc3 hibernate(?) fails totally - regression"
In reply to: Andrew Morton: "Re: [RFC] [PATCH] cpuset operations causes Badness at mm/slab.c:777warning"
Next in thread: Christoph Lameter: "Re: [RFC] [PATCH] cpuset operations causes Badness at mm/slab.c:777warning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]