<div dir="ltr">That was quick.<div><br></div><div>Thanks Dave!</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Dec 2, 2016 at 10:59 AM, Dave Anderson <span dir="ltr"><<a href="mailto:anderson@redhat.com" target="_blank">anderson@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
----- Original Message -----<br>
> In this mode, the freelist can be an object and if the slab is full,<br>
> there is no freelist. On the next free, an object is recycled to be used<br>
> as the freelist but not clean-up. This change will go through only<br>
> known freed objects to prevent errors of wrong/corrupt freelist entries.<br>
><br>
> Related to the linux kernel commit: b03a017bebc403d40aa53a092e79b3<wbr>020786537d.<br>
<br>
</span>Thanks Thomas -- the patch queued for crash-7.1.8:<br>
<br>
<a href="https://github.com/crash-utility/crash/commit/59fbaf3e4b030b150f750f5b0ac7dfc3eafaa78f" rel="noreferrer" target="_blank">https://github.com/crash-<wbr>utility/crash/commit/<wbr>59fbaf3e4b030b150f750f5b0ac7df<wbr>c3eafaa78f</a><br>
<br>
Dave<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
> ---<br>
> memory.c | 30 ++++++++++++++++++++++++------<br>
> 1 file changed, 24 insertions(+), 6 deletions(-)<br>
><br>
> diff --git a/memory.c b/memory.c<br>
> index 4eac413..774d090 100644<br>
> --- a/memory.c<br>
> +++ b/memory.c<br>
> @@ -9880,6 +9880,7 @@ ignore_cache(struct meminfo *si, char *name)<br>
> #define SLAB_MAGIC_DESTROYED 0xB2F23C5AUL /* slab has been destroyed<br>
> */<br>
><br>
> #define SLAB_CFLGS_BUFCTL 0x020000UL /* bufctls in own cache */<br>
> +#define SLAB_CFLGS_OBJFREELIST 0x40000000UL /* Freelist as an object */<br>
><br>
> #define KMEM_SLAB_ADDR (1)<br>
> #define KMEM_BUFCTL_ADDR (2)<br>
> @@ -12439,11 +12440,13 @@ gather_slab_free_list_percpu(<wbr>struct meminfo *si)<br>
> static void<br>
> gather_slab_free_list_slab_<wbr>overload_page(struct meminfo *si)<br>
> {<br>
> - int i, active;<br>
> + int i, active, start_offset;<br>
> ulong obj, objnr, cnt, freelist;<br>
> unsigned char *ucharptr;<br>
> unsigned short *ushortptr;<br>
> unsigned int *uintptr;<br>
> + unsigned int cache_flags, overload_active;<br>
> + ulong slab_overload_page;<br>
><br>
> if (CRASHDEBUG(1))<br>
> fprintf(fp, "slab page: %lx active: %ld si->c_num: %ld\n",<br>
> @@ -12452,12 +12455,19 @@ gather_slab_free_list_slab_<wbr>overload_page(struct<br>
> meminfo *si)<br>
> if (si->s_inuse == si->c_num )<br>
> return;<br>
><br>
> - readmem(si->slab - OFFSET(page_lru) + OFFSET(page_freelist),<br>
> + slab_overload_page = si->slab - OFFSET(page_lru);<br>
> + readmem(slab_overload_page + OFFSET(page_freelist),<br>
> KVADDR, &freelist, sizeof(void *), "page freelist",<br>
> FAULT_ON_ERROR);<br>
> readmem(freelist, KVADDR, si->freelist,<br>
> si->freelist_index_size * si->c_num,<br>
> "freelist array", FAULT_ON_ERROR);<br>
> + readmem(si->cache+OFFSET(kmem_<wbr>cache_s_flags),<br>
> + KVADDR, &cache_flags, sizeof(uint),<br>
> + "kmem_cache_s flags", FAULT_ON_ERROR);<br>
> + readmem(slab_overload_page + OFFSET(page_active),<br>
> + KVADDR, &overload_active, sizeof(uint),<br>
> + "active", FAULT_ON_ERROR);<br>
><br>
> BNEG(si->addrlist, sizeof(ulong) * (si->c_num+1));<br>
> cnt = objnr = 0;<br>
> @@ -12466,14 +12476,22 @@ gather_slab_free_list_slab_<wbr>overload_page(struct<br>
> meminfo *si)<br>
> uintptr = NULL;<br>
> active = si->s_inuse;<br>
><br>
> + /*<br>
> + * On an OBJFREELIST slab, the object might have been recycled<br>
> + * and everything before the active count can be random data.<br>
> + */<br>
> + start_offset = 0;<br>
> + if (cache_flags & SLAB_CFLGS_OBJFREELIST)<br>
> + start_offset = overload_active;<br>
> +<br>
> switch (si->freelist_index_size)<br>
> {<br>
> - case 1: ucharptr = (unsigned char *)si->freelist; break;<br>
> - case 2: ushortptr = (unsigned short *)si->freelist; break;<br>
> - case 4: uintptr = (unsigned int *)si->freelist; break;<br>
> + case 1: ucharptr = (unsigned char *)si->freelist + start_offset; break;<br>
> + case 2: ushortptr = (unsigned short *)si->freelist + start_offset; break;<br>
> + case 4: uintptr = (unsigned int *)si->freelist + start_offset; break;<br>
> }<br>
><br>
> - for (i = 0; i < si->c_num; i++) {<br>
> + for (i = start_offset; i < si->c_num; i++) {<br>
> switch (si->freelist_index_size)<br>
> {<br>
> case 1: objnr = (ulong)*ucharptr++; break;<br>
> --<br>
> 2.8.0.rc3.226.g39d4020<br>
><br>
</div></div><span class="HOEnZb"><font color="#888888">> --<br>
> Crash-utility mailing list<br>
> <a href="mailto:Crash-utility@redhat.com">Crash-utility@redhat.com</a><br>
> <a href="https://www.redhat.com/mailman/listinfo/crash-utility" rel="noreferrer" target="_blank">https://www.redhat.com/<wbr>mailman/listinfo/crash-utility</a><br>
><br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Thomas</div>
</div>