The patch titled
Subject: slub: fix/clean free_debug_processing return paths
has been added to the -mm tree. Its filename is
slub-fix-clean-free_debug_processing-return-paths.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/slub-fix-clean-free_debug_processing-return-paths.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/slub-fix-clean-free_debug_processing-return-paths.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Laura Abbott <labbott@xxxxxxxxxxxxxxxxx>
Subject: slub: fix/clean free_debug_processing return paths
Since 19c7ff9ecd89 ("slub: Take node lock during object free checks")
check_object has been incorrectly returning success as it follows the out
label which just returns the node. Thanks to refactoring, the out and
fail paths are now basically the same. Combine the two into one and just
use a single label.
Credit to Mathias Krause for the original work which inspired this series
Signed-off-by: Laura Abbott <labbott@xxxxxxxxxxxxxxxxx>
Acked-by: Christoph Lameter <cl@xxxxxxxxx>
Cc: Pekka Enberg <penberg@xxxxxxxxxx>
Cc: David Rientjes <rientjes@xxxxxxxxxx>
Cc: Joonsoo Kim <js1304@xxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Mathias Krause <minipli@xxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/slub.c | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff -puN mm/slub.c~slub-fix-clean-free_debug_processing-return-paths mm/slub.c
--- a/mm/slub.c~slub-fix-clean-free_debug_processing-return-paths
+++ a/mm/slub.c
@@ -1053,24 +1053,25 @@ static noinline int free_debug_processin
void *object = head;
int cnt = 0;
unsigned long uninitialized_var(flags);
+ int ret = 0;
spin_lock_irqsave(&n->list_lock, flags);
slab_lock(page);
if (!check_slab(s, page))
- goto fail;
+ goto out;
next_object:
cnt++;
if (!check_valid_pointer(s, page, object)) {
slab_err(s, page, "Invalid object pointer 0x%p", object);
- goto fail;
+ goto out;
}
if (on_freelist(s, page, object)) {
object_err(s, page, object, "Object already free");
- goto fail;
+ goto out;
}
if (!check_object(s, page, object, SLUB_RED_ACTIVE))
@@ -1087,7 +1088,7 @@ next_object:
} else
object_err(s, page, object,
"page slab pointer corrupt.");
- goto fail;
+ goto out;
}
if (s->flags & SLAB_STORE_USER)
@@ -1101,6 +1102,8 @@ next_object:
object = get_freepointer(s, object);
goto next_object;
}
+ ret = 1;
+
out:
if (cnt != bulk_cnt)
slab_err(s, page, "Bulk freelist count(%d) invalid(%d)\n",
@@ -1108,13 +1111,9 @@ out:
slab_unlock(page);
spin_unlock_irqrestore(&n->list_lock, flags);
- return 1;
-
-fail:
- slab_unlock(page);
- spin_unlock_irqrestore(&n->list_lock, flags);
- slab_fix(s, "Object at 0x%p not freed", object);
- return 0;
+ if (!ret)
+ slab_fix(s, "Object at 0x%p not freed", object);
+ return ret;
}
static int __init setup_slub_debug(char *str)
_
Patches currently in -mm which might be from labbott@xxxxxxxxxxxxxxxxx are
slub-drop-lock-at-the-end-of-free_debug_processing.patch
slub-fix-clean-free_debug_processing-return-paths.patch
slub-convert-slab_debug_free-to-slab_consistency_checks.patch
slub-relax-cmpxchg-consistency-restrictions.patch
mm-debug-pageallocc-split-out-page-poisoning-from-debug-page_alloc.patch
mm-page_poisonc-enable-page_poisoning-as-a-separate-option.patch
mm-page_poisoningc-allow-for-zero-poisoning.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
