On Fri, May 27, 2016 at 12:04 PM, Alexander Potapenko <glider@xxxxxxxxxx> wrote:
> Hi everyone,
>
> I'm debugging some crashes in the KASAN quarantine, and I've noticed
> that for certain objects something which I assumed to be invariant
> does not hold.
>
> In particular, my understanding was that for an object returned by
> kmem_cache_zalloc(cache, gfp_flags) the value of
> virt_to_page(object)->slab_cache must be always equal to |cache|.
Sent out a patch for this ("[mm] Set page->slab_cache for every page
allocated for a kmem_cache.")
> However this isn't true for at least idr_free_cache in lib/idr.c
> If I apply the attached patch, build a x86_64 kernel with defconfig,
> and run the resulting kernel in QEMU, I get the following log:
>
> [ 0.007022] HERE: lib/idr.c:198 allocated ffff88001ddc8008 from
> idr_layer_cache
> [ 0.007478] idr_layer_cache: ffff88001dc0b6c0, slab_cache: ffff88001dc0b6c0
> [ 0.007920] HERE: lib/idr.c:198 allocated ffff88001ddcf1a8 from
> idr_layer_cache
> [ 0.008002] idr_layer_cache: ffff88001dc0b6c0, slab_cache: (null)
> [ 0.008445] ------------[ cut here ]------------
> [ 0.008791] kernel BUG at lib/idr.c:200!
>
> Am I misunderstanding the purpose of slab_cache in struct page, or is
> there really a bug in initializing it?
>
> Thanks,
>
> --
> Alexander Potapenko
> Software Engineer
>
> Google Germany GmbH
> Erika-Mann-Straße, 33
> 80636 München
>
> Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Matthew Scott Sucherman, Paul Terence Manicle
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href