The patch titled Subject: mm-slub-fix-corrupted-freechain-in-deactivate_slab-fix has been added to the -mm tree. Its filename is mm-slub-fix-corrupted-freechain-in-deactivate_slab-fix.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-slub-fix-corrupted-freechain-in-deactivate_slab-fix.patch and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-slub-fix-corrupted-freechain-in-deactivate_slab-fix.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Subject: mm-slub-fix-corrupted-freechain-in-deactivate_slab-fix fix build with CONFIG_SLAB_DEBUG=n Cc: Christoph Lameter <cl@xxxxxxxxx> Cc: David Rientjes <rientjes@xxxxxxxxxx> Cc: Dongli Zhang <dongli.zhang@xxxxxxxxxx> Cc: Joe Jin <joe.jin@xxxxxxxxxx> Cc: Joonsoo Kim <iamjoonsoo.kim@xxxxxxx> Cc: Pekka Enberg <penberg@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- mm/slub.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) --- a/mm/slub.c~mm-slub-fix-corrupted-freechain-in-deactivate_slab-fix +++ a/mm/slub.c @@ -662,6 +662,20 @@ static void slab_fix(struct kmem_cache * va_end(args); } +static bool freelist_corrupted(struct kmem_cache *s, struct page *page, + void *freelist, void *nextfree) +{ + if ((s->flags & SLAB_CONSISTENCY_CHECKS) && + !check_valid_pointer(s, page, nextfree)) { + object_err(s, page, freelist, "Freechain corrupt"); + freelist = NULL; + slab_fix(s, "Isolate corrupted freechain"); + return true; + } + + return false; +} + static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) { unsigned int off; /* Offset of last byte */ @@ -1400,6 +1414,11 @@ static inline void inc_slabs_node(struct static inline void dec_slabs_node(struct kmem_cache *s, int node, int objects) {} +static bool freelist_corrupted(struct kmem_cache *s, struct page *page, + void *freelist, void *nextfree) +{ + return false; +} #endif /* CONFIG_SLUB_DEBUG */ /* @@ -2083,19 +2102,13 @@ static void deactivate_slab(struct kmem_ void *prior; unsigned long counters; - if ((s->flags & SLAB_CONSISTENCY_CHECKS) && - !check_valid_pointer(s, page, nextfree)) { - /* - * If 'nextfree' is invalid, it is possible that - * the object at 'freelist' is already corrupted. - * Therefore, all objects starting at 'freelist' - * are isolated. - */ - object_err(s, page, freelist, "Freechain corrupt"); - freelist = NULL; - slab_fix(s, "Isolate corrupted freechain"); + /* + * If 'nextfree' is invalid, it is possible that the object at + * 'freelist' is already corrupted. So isolate all objects + * starting at 'freelist'. + */ + if (freelist_corrupted(s, page, freelist, nextfree)) break; - } do { prior = page->freelist; _ Patches currently in -mm which might be from akpm@xxxxxxxxxxxxxxxxxxxx are maintainers-add-an-entry-for-kfifo-fix.patch maintainers-add-an-entry-for-kfifo-fix-fix.patch mm-ksm-fix-null-pointer-dereference-when-ksm-zero-page-is-enabled-v4-fix.patch drivers-tty-serial-sh-scic-suppress-uninitialized-var-warning.patch mm.patch mm-slub-fix-corrupted-freechain-in-deactivate_slab-fix.patch memcg-optimize-memorynuma_stat-like-memorystat-fix.patch mm-hugetlb-fix-a-typo-in-comment-manitained-maintained-v2-checkpatch-fixes.patch linux-next-fix.patch kernel-forkc-export-kernel_thread-to-modules.patch