Le mardi 22 novembre 2011 à 10:20 -0600, Christoph Lameter a écrit : > Argh. The Redzoning (and the general object pad initialization) is outside > of the slab_lock now. So I get wrong positives on those now. That > is already in 3.1 as far as I know. To solve that we would have to cover a > much wider area in the alloc and free with the slab lock. > > But I do not get the count mismatches that you saw. Maybe related to > preemption. Will try that next. Also I note the checks (redzoning and all features) that should be done in kfree() are only done on slow path ??? f ... stat(s, FREE_SLOWPATH); if (kmem_cache_debug(s) && !free_debug_processing(s, page, x, addr)) ... This is unfortunate... I am considering adding a "quarantine" capability : each cpu will maintain in its struct kmem_cache_cpu a FIFO list of "s->quarantine_max" freed objects. So it should be easier to track use after free bugs, setting quarantine_max to a big value. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>