Re: oops in slab/leaks_show

From: Joonsoo Kim
Date: Mon Mar 10 2014 - 22:58:21 EST

Next message: Davidlohr Bueso: "Re: [PATCHSET 0/9] perf tools: Update on filtered entries' percentage output (v7)"
Previous message: Alexei Starovoitov: "Re: [PATCH v8 net-next 1/3] filter: add Extended BPF interpreter and converter"
In reply to: Dave Jones: "Re: oops in slab/leaks_show"
Next in thread: Joonsoo Kim: "Re: oops in slab/leaks_show"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 10, 2014 at 09:24:55PM -0400, Dave Jones wrote:
> On Tue, Mar 11, 2014 at 10:01:35AM +0900, Joonsoo Kim wrote:
> > On Tue, Mar 11, 2014 at 09:35:00AM +0900, Joonsoo Kim wrote:
> > > On Fri, Mar 07, 2014 at 11:18:30AM -0600, Christoph Lameter wrote:
> > > > Joonsoo recently changed the handling of the freelist in SLAB. CCing him.
> > > >
> > > > > I pretty much always use SLUB for my fuzzing boxes, but thought I'd give SLAB a try
> > > > > for a change.. It blew up when something tried to read /proc/slab_allocators
> > > > > (Just cat it, and you should see the oops below)
> > >
> > > Hello, Dave.
> > >
> > > Today, I did a test on v3.13 which contains all my changes on the handling of
> > > the freelist in SLAB and couldn't trigger oops by just 'cat /proc/slab_allocators'.
> > >
> > > So I look at the code and find that there is race window if there is multiple users
> > > doing 'cat /proc/slab_allocators'. Did your test do that?
> >
> > Opps, sorry. I am misunderstanding something. Maybe there is no race.
> > Anyway, How do you test it?
>
> 1. build kernel with CONFIG_SLAB=y.
> 2. boot kernel
> 3. cat /proc/slab_allocators

Okay. I reproduce it with CONFIG_DEBUG_PAGEALLOC=y.

I look at the code and find that the problem doesn't come from my patches.
I think that it is long-lived bug. Let me explain it.

'cat /proc/slab_allocators' checks all allocated objects for all slabs.
The problem is that it considers objects in cpu slab caches as allocated objects.
These objects in cpu slab caches are unmapped if CONFIG_DEBUG_PAGEALLOC=y, so when we
try to access it to get the caller information, oops would be triggered.

I will think more deeply how to fix this problem.
If I am missing something, please let me know.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Davidlohr Bueso: "Re: [PATCHSET 0/9] perf tools: Update on filtered entries' percentage output (v7)"
Previous message: Alexei Starovoitov: "Re: [PATCH v8 net-next 1/3] filter: add Extended BPF interpreter and converter"
In reply to: Dave Jones: "Re: oops in slab/leaks_show"
Next in thread: Joonsoo Kim: "Re: oops in slab/leaks_show"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]