Re: [patch] x86, pat: freeing invalid memtype messages

[Xiaotian Feng]

On 06/19/2010 01:57 AM, Marcin Slusarz wrote:
> On Fri, Jun 18, 2010 at 02:47:45PM +0800, Xiaotian Feng wrote:
> > On 06/18/2010 12:17 AM, Marcin Slusarz wrote:
> > > On Thu, Jun 17, 2010 at 03:45:59PM +0200, Dan Carpenter wrote:
> > > > Commit 20413f27163 "x86, pat: Fix memory leak in free_memtype" added an
> > > > error message in free_memtype() if rbt_memtype_erase() returns NULL.
> > > > The problem is that if CONFIG_X86_PAT is enabled, we use a different
> > > > implimentation of rbt_memtype_erase() that always returns NULL.
> > > >
> > > > I've modified rbt_memtype_erase() to return an ERR_PTR() on errors and
> > > > made free_memtype() check for that instead.
> > > >
> > > > Addresses:  https://bugzilla.kernel.org/show_bug.cgi?id=16205
> > > >
> > > > Signed-off-by: Dan Carpenter<error27@xxxxxxxxx>
> > >
> > > This patch is probably ok, but it does not address my bug.
> > > I have CONFIG_X86_PAT=y, so rbt_memtype_erase does not always return NULL.
> >
> > Could you please try boot with kernel parameter "debugpat", and
> > show me the output of reserve_memtype/free_memtype ?
>
>
> http://kadu.net/~joi/kernel/2010.06.09/2.6.35-rc3-debugpat.txt

That's quite weird, from the above log:

[    1.787891] reserve_memtype added 0xbf799000-0xbf79a000, track uncached-minus, req uncached-minus, ret uncached-minus
[    1.791029] free_memtype request 0xbf799000-0xbf79a000
[    1.791822] reserve_memtype added 0xbf799000-0xbf79a000, track uncached-minus, req uncached-minus, ret uncached-minus
[    1.794998] swapper:1 freeing invalid memtype bf799000-bf79a000
[    1.795795] reserve_memtype added 0xbf799000-0xbf79a000, track uncached-minus, req uncached-minus, ret uncached-minus
[    1.798979] free_memtype request 0xbf799000-0xbf79a000
[    1.799775] Overlap at 0xbf799000-0xbf79a000

[   22.271353] reserve_memtype added 0xd0a40000-0xd0a50000, track write-combining, req write-combining, ret write-combining
[   22.275707] free_memtype request 0xd0a40000-0xd0a50000
[   23.209570] reserve_memtype added 0xd0a40000-0xd0a50000, track write-combining, req write-combining, ret write-combining
[   23.213888] X:2538 freeing invalid memtype d0a40000-d0a50000
[   23.214065] reserve_memtype added 0xd0a40000-0xd0a50000, track write-combining, req write-combining, ret write-combining
[   23.218415] free_memtype request 0xd0a40000-0xd0a50000
[   26.028404] Overlap at 0xd0a40000-0xd0a50000

So it looks like after we free_memtype, reserve the same area again, then free_memtype again showed us the invalid memtype (was not found in rbtree).
But the third time reserve_memtype found overlap (it's in rbtree)...

I guess there might be something wrong between the augmented rbtree insert/remove ..

(Cc'ed Peter)

> Marcin

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/