[Crash-utility] [PATCH] Fix for "kmem <addr>" for kernels configured with CONFIG_SLUB and SLAB_RED_ZONE.
Dave Anderson
anderson at redhat.com
Fri Feb 3 19:47:19 UTC 2017
----- Original Message -----
>
> OK, I understand. Let me work on a new "set redzone on/off" environment
> variable that can be toggled on-and-off during runtime.
>
> But I believe I see a problem in do_slab_slub(). When it is checking for free
> objects to display as FREE / [ALLOCATED], it will never find it in 4.6+ kernels
> with a red_left_pad. Note below, when it checks whether (p == q), the "q" address
> is the "shifted" address seen by the kmalloc() caller, and will never match the
> base object address "p", so "is_free" never gets set:
>
> for (p = vaddr; p < vaddr + objects * si->size; p += si->size) {
> hq_open();
> is_free = FALSE;
> /* Search an object on both of freelist and cpu_freelist */
> ulong lists[] = { freelist, cpu_freelist, };
> for (i = 0; i < sizeof(lists) / sizeof(lists[0]); i++) {
> for (is_free = 0, q = lists[i]; q;
> q = get_freepointer(si, (void *)q)) {
>
> if (q == BADADDR) {
> hq_close();
> return FALSE;
> }
> if (q & PAGE_MAPPING_ANON)
> break;
> === never can match ===> if (p == q) {
> is_free = TRUE;
> goto found_object;
> }
> if (!hq_enter(q)) {
> hq_close();
> error(INFO, "%s: slab: %lx duplicate
> freelist object: %lx\n",
> si->curname, si->slab, q);
> return FALSE;
> }
> }
> }
> found_object:
> ...
>
> Do you agree?
Ah -- I see that your first patch modified vaddr *before* the code segment
above. That would work in the case where the adjusted red-zone address
is used. But in order to handle both cases, the patch will need to be
adjusted for when the base address is used unmodified.
Dave
More information about the Crash-utility
mailing list