mm, slab: Fix infinite loop at _slub_get_freelist() #437
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In some cases, _slub_get_freelist() loops forever when ptr dereferences to itself. This causes instructions like the following to loop forever. (I got this with a vmcore) identify_address(prog, 18446613188003018408) If I break if the pointer is already in the freelist-set, then, I can get drgn unstuck: >>> identify_address(prog, 18446613188003018408) 'slab object: sock_inode_cache+0x2a8' Signed-off-by: Breno Leitao <[email protected]>
|
I discussed this with Breno offline. We're going to use this fix internally as a quick mitigation for our automated crash dump analysis system, but I'm going to look into reporting this as a corrupted free list in some way as the proper fix. |
|
We definitely encountered this on some core dumps as well, and did our own sort of workaround at oracle-samples/drgn-tools#110. I've had it on my agenda to work on a proper fix that allows us to report corrupted freelist pointers, and circular freelists, and continue operating, so that we can format that information for later display. |
|
Thanks, @brenns10, that looks pretty similar to what I had in mind. I'll take a stab at it today or tomorrow. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In some cases, _slub_get_freelist() loops forever when ptr dereferences to itself.
This causes instructions like the following to loop forever. (I got this with a vmcore)
If I break if the pointer is already in the freelist-set, then, I can get drgn unstuck:
Co-developed-with: Leandro Silva [email protected]