Re: WARNING: at mm/slub.c:3357, kernel BUG at mm/slub.c:3413

[Eric Dumazet]

Le mardi 22 novembre 2011 Ã 10:20 -0600, Christoph Lameter a Ãcrit :
> Argh. The Redzoning (and the general object pad initialization) is outside
> of the slab_lock now. So I get wrong positives on those now. That
> is already in 3.1 as far as I know. To solve that we would have to cover a
> much wider area in the alloc and free with the slab lock.
> 
> But I do not get the count mismatches that you saw. Maybe related to
> preemption. Will try that next.

Also I note the checks (redzoning and all features) that should be done
in kfree() are only done on slow path ???
f
...
stat(s, FREE_SLOWPATH);

if (kmem_cache_debug(s) && !free_debug_processing(s, page, x, addr))
...

This is unfortunate...


I am considering adding a "quarantine" capability : each cpu will
maintain in its struct kmem_cache_cpu a FIFO list of "s->quarantine_max"
freed objects.

So it should be easier to track use after free bugs, setting
quarantine_max to a big value.



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/