Re: vmsplice triggering bug in kfree.

From: Eric Dumazet
Date: Thu Jun 07 2012 - 03:47:11 EST


On Thu, 2012-06-07 at 07:52 +0200, Eric Dumazet wrote:
> On Thu, 2012-06-07 at 06:40 +0200, Eric Dumazet wrote:
> > On Thu, 2012-06-07 at 06:27 +0200, Eric Dumazet wrote:
> >
> > > Thanks Dave, I'll take a look today on this report.
> > >
> >
> > OK, trivial bug, I am testing a fix, thanks again.
> >
>
> Not sure if you can reproduce this bug easily, if so could you test
> following patch ?

By the way, following program triggers the bug instantly :

#define __USE_GNU 1
#define _GNU_SOURCE
#include <fcntl.h>
#include <pthread.h>
#include <sys/types.h>

#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>

int pfd[2];

void *worker(void *arg)
{
unsigned int page_size = 4096;

while (1) {
fcntl(pfd[1], F_SETPIPE_SZ, 16 * page_size);
fcntl(pfd[1], F_SETPIPE_SZ, 64 * page_size);
}
}

char buffer[1024*1024];

int main(int argc, char *argv[])
{
pthread_t tid;
int res, fdnull = open("/dev/null", O_WRONLY);

if (pipe(pfd) == -1) {
perror("pipe");
return 1;
}
res = pthread_create(&tid, NULL, worker, NULL);
if (res) {
errno = res;
perror("pthread_create");
return 1;
}

while (1) {
struct iovec iov[1];
int wr;

iov[0].iov_base = buffer;
iov[0].iov_len = 1024*1024;
wr = vmsplice(pfd[1], iov, 1, SPLICE_F_GIFT);
if (wr > 0) {
wr = splice(pfd[0], NULL,
fdnull, NULL,
wr, SPLICE_F_MOVE | SPLICE_F_MORE);
}
}
}


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/