Re: [PATCH v4] kasan/quarantine: fix bugs on qlist_move_cache()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jul 04, 2016 at 12:49:08PM +0300, Andrey Ryabinin wrote:
> 
> 
> On 07/04/2016 07:31 AM, js1304@xxxxxxxxx wrote:
> > From: Joonsoo Kim <iamjoonsoo.kim@xxxxxxx>
> > 
> > There are two bugs on qlist_move_cache(). One is that qlist's tail
> > isn't set properly. curr->next can be NULL since it is singly linked
> > list and NULL value on tail is invalid if there is one item on qlist.
> > Another one is that if cache is matched, qlist_put() is called and
> > it will set curr->next to NULL. It would cause to stop the loop
> > prematurely.
> > 
> > These problems come from complicated implementation so I'd like to
> > re-implement it completely. Implementation in this patch is really
> > simple. Iterate all qlist_nodes and put them to appropriate list.
> > 
> > Unfortunately, I got this bug sometime ago and lose oops message.
> > But, the bug looks trivial and no need to attach oops.
> > 
> > v4: fix cache size bug s/cache->size/obj_cache->size/
> > v3: fix build warning
> > 
> > Signed-off-by: Joonsoo Kim <iamjoonsoo.kim@xxxxxxx>
> > ---
> >  mm/kasan/quarantine.c | 21 +++++++--------------
> >  1 file changed, 7 insertions(+), 14 deletions(-)
> > 
> > diff --git a/mm/kasan/quarantine.c b/mm/kasan/quarantine.c
> > index 4973505..b2e1827 100644
> > --- a/mm/kasan/quarantine.c
> > +++ b/mm/kasan/quarantine.c
> > @@ -238,30 +238,23 @@ static void qlist_move_cache(struct qlist_head *from,
> >  				   struct qlist_head *to,
> >  				   struct kmem_cache *cache)
> >  {
> > -	struct qlist_node *prev = NULL, *curr;
> > +	struct qlist_node *curr;
> >  
> >  	if (unlikely(qlist_empty(from)))
> >  		return;
> >  
> >  	curr = from->head;
> > +	qlist_init(from);
> >  	while (curr) {
> >  		struct qlist_node *qlink = curr;
> >  		struct kmem_cache *obj_cache = qlink_to_cache(qlink);
> >  
> > -		if (obj_cache == cache) {
> > -			if (unlikely(from->head == qlink)) {
> > -				from->head = curr->next;
> > -				prev = curr;
> > -			} else
> > -				prev->next = curr->next;
> > -			if (unlikely(from->tail == qlink))
> > -				from->tail = curr->next;
> > -			from->bytes -= cache->size;
> > -			qlist_put(to, qlink, cache->size);
> > -		} else {
> > -			prev = curr;
> > -		}
> >  		curr = curr->next;
> 
> Nit: Wouldn't be more appropriate to swap 'curr' and 'qlink' variable names?
> Because now qlink is acts as a "current" pointer.

Okay. I sent fixed version.

Thanks.

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]