Re: [linux-next-20130422] Bug in SLAB?

Fri, 03 May 2013 01:28:02 -0700 

Christoph Lameter wrote:
> I have booted such a configuration just fine. Please have a look at the
> kernel config that I send or send me yours.

OK. Here are complete steps to reproduce using QEMU on CentOS 6.4.

(1) Compile the kernel for x86_32 and run it on QEMU.

  $ cd /tmp/
  $ wget -O - 
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/snapshot/next-20130426.tar.bz2
 | tar -jxf -
  $ cd next-20130426/
  $ wget -O .config http://I-love.SAKURA.ne.jp/tmp/config-3.9-rc8-next-20130422
  $ make -sj2 CONFIG_FRAME_POINTER=y CONFIG_DEBUG_INFO=y
  $ /usr/libexec/qemu-kvm -no-kvm -cpu pentium3 -m 512 -nographic -kernel 
arch/x86/boot/bzImage -S -gdb tcp::1234

(2) Attach gdb to the QEMU process from another terminal and continue.

  $ gdb /tmp/next-20130426/vmlinux
  (gdb) target remote :1234
  (gdb) c

    Press Ctrl-C after waiting for ten seconds.
    You will find that the kernel has panic()ed.

If one of CONFIG_DEBUG_SLAB/CONFIG_DEBUG_SPINLOCK/CONFIG_DEBUG_PAGEALLOC is
changed to n from the config above, the kernel boots fine. But the kernel
triggers oops for very large kmalloc allocations.

> 
> Here is a patch that restores the old behavior for SLAB
> 
> 
> 
> Subject: slab: Return NULL for oversized allocations
> 
> The inline path seems to have changed the SLAB behavior for very large
> kmalloc allocations. This patch restores the old behavior.
> 
> Signed-off-by: Christoph Lameter <c...@linux.com>
> 

I don't think this patch is sufficient. There are functions (e.g. kstrdup())
which call variant functions (e.g. kmalloc_track_caller()). I think we need to
check size at functions which determine index from size (e.g. kmalloc_slab()).

> 
> Index: linux/include/linux/slab_def.h
> ===================================================================
> --- linux.orig/include/linux/slab_def.h       2013-05-02 15:02:45.864728115 
> -0500
> +++ linux/include/linux/slab_def.h    2013-05-02 15:06:14.940474110 -0500
> @@ -126,6 +126,9 @@ static __always_inline void *kmalloc(siz
>               if (!size)
>                       return ZERO_SIZE_PTR;
> 
> +             if (size >= KMALLOC_MAX_SIZE)
> +                     return NULL;
> +

Why not (size > KMALLOC_MAX_SIZE) ?

>               i = kmalloc_index(size);
> 
>  #ifdef CONFIG_ZONE_DMA
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to