This mail is an automated notification from the patch tracker of the project: The GNU Hurd.
/**************************************************************************/ [patch #3347] Full Item Snapshot: URL: <http://savannah.gnu.org/patch/?func=detailitem&item_id=3347> Project: The GNU Hurd Submitted by: Neal H. Walfield On: Tue 09/07/04 at 15:10 Category: GNU Mach Priority: 7 - High Resolution: None Privacy: Public Assigned to: None Originator Email: Status: Open Summary: Double free and memory loss probing partition table Original Submission: While GNU Mach reads the partition table, the second assert in linux/dev/glue:free_pages is triggered. This particular assert checks for double frees. I have traced the problem back to getblk and __brelse: if linux_auto_config is true (which it is when partitions are being probed), a static buffer is used to hold the BH structure. If getblk is called a second time (i.e. before the first block is released), the buffer is overriden. This results in a double free, a memory leak (as the buffer in the first BH is never released) and a consistency problem as code which uses the first buffer will now see different data. This is the case in linux/dev/drivers/block/genhd.c:msdos_partition which calls bread then, before freeing the block, calls extended_partition which also calls bread. In reality, there is no reason to not use kalloc and kfree here. In kern/statup.c:setup_main, we see that vm_mem_bootstrap which calls kmem_init is called long before linux/dev/init/main.c:linux_init is invoked by i386/i386at/machine_init:machine_init. This attached patch changes getblk and __brelse to always use kalloc and kfree and adds asserts to kern/kalloc.c to make sure that kalloc, kfree and kget are only called after kmem_init has been called. Apply the patch using -p0 ChangeLog: 2004-09-07 Neal H. Walfield <[EMAIL PROTECTED]> * linux/dev/glue/block.c (__brelse): Unconditionally kfree BH. (getblk): Unconditionally kalloc BH. * kern/kalloc.c [!NDEBUG] (kalloc_init_called): New static variable. (kalloc_init): Assert that kalloc_init_called is zero. [! NDEBUG] Set kalloc_init_called to 1 on success. (kalloc): Assert that kalloc_init_called is non-zero. (kget): Likewise. (kfree): Likewise. File Attachments ------------------- ------------------------------------------------------- Date: Tue 09/07/04 at 15:10 Name: double-free.diff Size: 3.18KB By: neal http://savannah.gnu.org/patch/download.php?item_id=3347&item_file_id=3647 For detailed info, follow this link: <http://savannah.gnu.org/patch/?func=detailitem&item_id=3347> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ _______________________________________________ Bug-hurd mailing list [EMAIL PROTECTED] http://lists.gnu.org/mailman/listinfo/bug-hurd
