[Crash-utility] [PATCH] Add support for SLAB OBJFREELIST_SLAB.

Thomas Garnier thgarnie at google.com
Fri Dec 2 20:55:27 UTC 2016 

On Fri, Dec 2, 2016 at 12:29 PM, Dave Anderson <anderson at redhat.com> wrote:
>
>
> ----- Original Message -----
>> That was quick.
>>
>> Thanks Dave!
>
> Yeah, I was only able to test it for backwards-compatibility on a handful
> of sample pre-4.6 SLAB kernels because RHEL/Fedora uses SLUB, so I'm totally
> trusting your preceding reputation...
>

Haha thanks. It should be fine but if I missed something please
reach-out and I will fix it.

> Thanks again,
>
> Dave
>
>>
>> On Fri, Dec 2, 2016 at 10:59 AM, Dave Anderson <anderson at redhat.com> wrote:
>>
>> >
>> >
>> > ----- Original Message -----
>> > > In this mode, the freelist can be an object and if the slab is full,
>> > > there is no freelist. On the next free, an object is recycled to be used
>> > > as the freelist but not clean-up. This change will go through only
>> > > known freed objects to prevent errors of wrong/corrupt freelist entries.
>> > >
>> > > Related to the linux kernel commit: b03a017bebc403d40aa53a092e79b3
>> > 020786537d.
>> >
>> > Thanks Thomas -- the patch queued for crash-7.1.8:
>> >
>> >   https://github.com/crash-utility/crash/commit/
>> > 59fbaf3e4b030b150f750f5b0ac7dfc3eafaa78f
>> >
>> > Dave
>> >
>> >
>> > > ---
>> > >  memory.c | 30 ++++++++++++++++++++++++------
>> > >  1 file changed, 24 insertions(+), 6 deletions(-)
>> > >
>> > > diff --git a/memory.c b/memory.c
>> > > index 4eac413..774d090 100644
>> > > --- a/memory.c
>> > > +++ b/memory.c
>> > > @@ -9880,6 +9880,7 @@ ignore_cache(struct meminfo *si, char *name)
>> > >  #define SLAB_MAGIC_DESTROYED    0xB2F23C5AUL    /* slab has been
>> > destroyed
>> > >  */
>> > >
>> > >  #define SLAB_CFLGS_BUFCTL       0x020000UL      /* bufctls in own cache
>> > */
>> > > +#define SLAB_CFLGS_OBJFREELIST  0x40000000UL    /* Freelist as an
>> > object */
>> > >
>> > >  #define KMEM_SLAB_ADDR          (1)
>> > >  #define KMEM_BUFCTL_ADDR        (2)
>> > > @@ -12439,11 +12440,13 @@ gather_slab_free_list_percpu(struct meminfo
>> > *si)
>> > >  static void
>> > >  gather_slab_free_list_slab_overload_page(struct meminfo *si)
>> > >  {
>> > > -     int i, active;
>> > > +     int i, active, start_offset;
>> > >       ulong obj, objnr, cnt, freelist;
>> > >       unsigned char *ucharptr;
>> > >       unsigned short *ushortptr;
>> > >       unsigned int *uintptr;
>> > > +     unsigned int cache_flags, overload_active;
>> > > +     ulong slab_overload_page;
>> > >
>> > >       if (CRASHDEBUG(1))
>> > >               fprintf(fp, "slab page: %lx active: %ld si->c_num: %ld\n",
>> > > @@ -12452,12 +12455,19 @@ gather_slab_free_list_slab_
>> > overload_page(struct
>> > > meminfo *si)
>> > >       if (si->s_inuse == si->c_num )
>> > >               return;
>> > >
>> > > -     readmem(si->slab - OFFSET(page_lru) + OFFSET(page_freelist),
>> > > +     slab_overload_page = si->slab - OFFSET(page_lru);
>> > > +     readmem(slab_overload_page + OFFSET(page_freelist),
>> > >               KVADDR, &freelist, sizeof(void *), "page freelist",
>> > >               FAULT_ON_ERROR);
>> > >          readmem(freelist, KVADDR, si->freelist,
>> > >               si->freelist_index_size * si->c_num,
>> > >                  "freelist array", FAULT_ON_ERROR);
>> > > +     readmem(si->cache+OFFSET(kmem_cache_s_flags),
>> > > +             KVADDR, &cache_flags, sizeof(uint),
>> > > +             "kmem_cache_s flags", FAULT_ON_ERROR);
>> > > +        readmem(slab_overload_page + OFFSET(page_active),
>> > > +                KVADDR, &overload_active, sizeof(uint),
>> > > +                "active", FAULT_ON_ERROR);
>> > >
>> > >       BNEG(si->addrlist, sizeof(ulong) * (si->c_num+1));
>> > >       cnt = objnr = 0;
>> > > @@ -12466,14 +12476,22 @@ gather_slab_free_list_slab_
>> > overload_page(struct
>> > > meminfo *si)
>> > >       uintptr = NULL;
>> > >       active = si->s_inuse;
>> > >
>> > > +     /*
>> > > +      * On an OBJFREELIST slab, the object might have been recycled
>> > > +      * and everything before the active count can be random data.
>> > > +      */
>> > > +     start_offset = 0;
>> > > +     if (cache_flags & SLAB_CFLGS_OBJFREELIST)
>> > > +             start_offset = overload_active;
>> > > +
>> > >       switch (si->freelist_index_size)
>> > >       {
>> > > -     case 1: ucharptr = (unsigned char *)si->freelist; break;
>> > > -     case 2: ushortptr = (unsigned short *)si->freelist; break;
>> > > -     case 4: uintptr = (unsigned int *)si->freelist; break;
>> > > +     case 1: ucharptr = (unsigned char *)si->freelist + start_offset;
>> > break;
>> > > +     case 2: ushortptr = (unsigned short *)si->freelist + start_offset;
>> > break;
>> > > +     case 4: uintptr = (unsigned int *)si->freelist + start_offset;
>> > break;
>> > >       }
>> > >
>> > > -     for (i = 0; i < si->c_num; i++) {
>> > > +     for (i = start_offset; i < si->c_num; i++) {
>> > >               switch (si->freelist_index_size)
>> > >               {
>> > >               case 1: objnr = (ulong)*ucharptr++; break;
>> > > --
>> > > 2.8.0.rc3.226.g39d4020
>> > >
>> > > --
>> > > Crash-utility mailing list
>> > > Crash-utility at redhat.com
>> > > https://www.redhat.com/mailman/listinfo/crash-utility
>> > >
>> >
>>
>>
>>
>> --
>> Thomas
>>



-- 
Thomas

More information about the Crash-utility mailing list