Re: [linux-next-20130422] Bug in SLAB?

From: Tetsuo Handa
Date: Fri May 03 2013 - 04:26:55 EST

Next message: Ian Campbell: "Re: [Xen-devel] [PATCH 2/3] xen: move do_stolen_accounting todrivers/xen/time.c"
Previous message: Linus Walleij: "Re: [PATCH 11/42] rtc: rtc-coh901331: remove unnecessary platform_set_drvdata()"
In reply to: Christoph Lameter: "Re: [linux-next-20130422] Bug in SLAB?"
Next in thread: Christoph Lameter: "Re: [linux-next-20130422] Bug in SLAB?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Christoph Lameter wrote:
> I have booted such a configuration just fine. Please have a look at the
> kernel config that I send or send me yours.

OK. Here are complete steps to reproduce using QEMU on CentOS 6.4.

(1) Compile the kernel for x86_32 and run it on QEMU.

$ cd /tmp/
$ wget -O - https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/snapshot/next-20130426.tar.bz2 | tar -jxf -
$ cd next-20130426/
$ wget -O .config http://I-love.SAKURA.ne.jp/tmp/config-3.9-rc8-next-20130422
$ make -sj2 CONFIG_FRAME_POINTER=y CONFIG_DEBUG_INFO=y
$ /usr/libexec/qemu-kvm -no-kvm -cpu pentium3 -m 512 -nographic -kernel arch/x86/boot/bzImage -S -gdb tcp::1234

(2) Attach gdb to the QEMU process from another terminal and continue.

$ gdb /tmp/next-20130426/vmlinux
(gdb) target remote :1234
(gdb) c

Press Ctrl-C after waiting for ten seconds.
You will find that the kernel has panic()ed.

If one of CONFIG_DEBUG_SLAB/CONFIG_DEBUG_SPINLOCK/CONFIG_DEBUG_PAGEALLOC is
changed to n from the config above, the kernel boots fine. But the kernel
triggers oops for very large kmalloc allocations.

>
> Here is a patch that restores the old behavior for SLAB
>
>
>
> Subject: slab: Return NULL for oversized allocations
>
> The inline path seems to have changed the SLAB behavior for very large
> kmalloc allocations. This patch restores the old behavior.
>
> Signed-off-by: Christoph Lameter <cl@xxxxxxxxx>
>

I don't think this patch is sufficient. There are functions (e.g. kstrdup())
which call variant functions (e.g. kmalloc_track_caller()). I think we need to
check size at functions which determine index from size (e.g. kmalloc_slab()).

>
> Index: linux/include/linux/slab_def.h
> ===================================================================
> --- linux.orig/include/linux/slab_def.h 2013-05-02 15:02:45.864728115 -0500
> +++ linux/include/linux/slab_def.h 2013-05-02 15:06:14.940474110 -0500
> @@ -126,6 +126,9 @@ static __always_inline void *kmalloc(siz
> if (!size)
> return ZERO_SIZE_PTR;
>
> + if (size >= KMALLOC_MAX_SIZE)
> + return NULL;
> +

Why not (size > KMALLOC_MAX_SIZE) ?

> i = kmalloc_index(size);
>
> #ifdef CONFIG_ZONE_DMA
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ian Campbell: "Re: [Xen-devel] [PATCH 2/3] xen: move do_stolen_accounting todrivers/xen/time.c"
Previous message: Linus Walleij: "Re: [PATCH 11/42] rtc: rtc-coh901331: remove unnecessary platform_set_drvdata()"
In reply to: Christoph Lameter: "Re: [linux-next-20130422] Bug in SLAB?"
Next in thread: Christoph Lameter: "Re: [linux-next-20130422] Bug in SLAB?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]