Re: [linux-next-20130422] Bug in SLAB?

From: Tetsuo Handa
Date: Thu May 09 2013 - 08:25:43 EST

Next message: Jiri Kosina: "NOHZ: WARNING: at arch/x86/kernel/smp.c:123native_smp_send_reschedule"
Previous message: Oleksij Rempel: "Re: RTL driver for RTL8191SEvB and/or wpa-supplicant really brokenat times"
Next in thread: Christoph Lameter: "Re: [linux-next-20130422] Bug in SLAB?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tetsuo Handa wrote:
> > Christoph Lameter wrote:
> > > What is MAX_ORDER on the architecture?
> >
> > In my environment (x86_32), the constants are
> >
> > MAX_ORDER=11 PAGE_SHIFT=12 KMALLOC_SHIFT_HIGH=22 KMALLOC_MAX_SIZE=4194304
> >
>
> I don't know if any, but on an architecture with PAGE_SHIFT + MAX_ORDER > 26,
>
> static void init_node_lock_keys(int q)
> {
> int i;
>
> if (slab_state < UP)
> return;
>
> for (i = 1; i < PAGE_SHIFT + MAX_ORDER; i++) {
> struct kmem_cache_node *n;
> struct kmem_cache *cache = kmalloc_caches[i];
>
> looks like out of bounds access due to
>
> #define KMALLOC_SHIFT_HIGH ((MAX_ORDER + PAGE_SHIFT - 1) <= 25 ? \
> (MAX_ORDER + PAGE_SHIFT - 1) : 25)
>
> and
>
> struct kmem_cache *kmalloc_caches[KMALLOC_SHIFT_HIGH + 1];
>
> .
>

As of commit e0fd9aff on linux.git#master,
CONFIG_PPC_256K_PAGES=y (which makes PAGE_SHIFT 18) &&
CONFIG_FORCE_MAX_ZONEORDER=11 (which makes MAX_ORDER 11) &&
CONFIG_PROVE_LOCKING=y with below assertion

----------
diff --git a/mm/slab.c b/mm/slab.c
index 8ccd296..0401982 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -565,6 +565,7 @@ static void init_node_lock_keys(int q)
if (slab_state < UP)
return;

+ BUILD_BUG_ON(PAGE_SHIFT + MAX_ORDER != KMALLOC_SHIFT_HIGH + 1);
for (i = 1; i < PAGE_SHIFT + MAX_ORDER; i++) {
struct kmem_cache_node *n;
struct kmem_cache *cache = kmalloc_caches[i];
----------

on powerpc triggers below error.

CC mm/slab.o
mm/slab.c: In function 'init_node_lock_keys':
mm/slab.c:568:2: error: call to '__compiletime_assert_568' declared with attribute error: BUILD_BUG_ON failed: PAGE_SHIFT + MAX_ORDER != KMALLOC_SHIFT_HIGH + 1
make[1]: *** [mm/slab.o] Error 1
make: *** [mm/slab.o] Error 2

This is an example of overrun at kmalloc_caches[26...PAGE_SHIFT+MAX_ORDER-1]
range which the compiler may not be able to detect.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jiri Kosina: "NOHZ: WARNING: at arch/x86/kernel/smp.c:123native_smp_send_reschedule"
Previous message: Oleksij Rempel: "Re: RTL driver for RTL8191SEvB and/or wpa-supplicant really brokenat times"
Next in thread: Christoph Lameter: "Re: [linux-next-20130422] Bug in SLAB?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]