Re: [patch 00/26] Current slab allocator / SLUB patch queue

On Mon, 18 Jun 2007, Michal Piotrowski wrote:

> Result:
> 
> [  212.247759] WARNING: at lib/vsprintf.c:280 vsnprintf()
> [  212.253263]  [<c04052ad>] dump_trace+0x63/0x1eb
> [  212.259042]  [<c040544f>] show_trace_log_lvl+0x1a/0x2f
> [  212.266672]  [<c040608d>] show_trace+0x12/0x14
> [  212.271622]  [<c04060a5>] dump_stack+0x16/0x18
> [  212.276663]  [<c050d512>] vsnprintf+0x6b/0x48c
> [  212.281325]  [<c050d9f0>] scnprintf+0x20/0x2d
> [  212.286707]  [<c0508dbc>] bitmap_scnlistprintf+0xa8/0xec
> [  212.292508]  [<c0480d40>] list_locations+0x24c/0x2a2
> [  212.298241]  [<c0480dde>] alloc_calls_show+0x1f/0x26
> [  212.303459]  [<c047e72e>] slab_attr_show+0x1c/0x20
> [  212.309469]  [<c04c1cf9>] sysfs_read_file+0x94/0x105
> [  212.315519]  [<c0485933>] vfs_read+0xcf/0x158
> [  212.320215]  [<c0485d99>] sys_read+0x3d/0x72
> [  212.327539]  [<c040420c>] syscall_call+0x7/0xb
> [  212.332203]  [<b7f74410>] 0xb7f74410
> [  212.336229]  =======================
> 
> Unfortunately, I don't know which file was cat'ed

The dump shows that it was alloc_calls. But the issue is not related to 
this patchset.

Looks like we overflowed the buffer available for /sys output. The calls 
in list_location to format cpulist and node lists attempt to allow very
long lists by trying to calculate how many bytes are remaining in the 
page. If we are beyond the space left over by them then we may pass a
negative size to the scn_printf functions.

So we need to check first if there are enough bytes remaining before
doing the calculation of how many remaining bytes can be used to
format these lists.

Does this patch fix the issue?

Index: linux-2.6.22-rc4-mm2/mm/slub.c
===================================================================
--- linux-2.6.22-rc4-mm2.orig/mm/slub.c	2007-06-18 09:37:41.000000000 -0700
+++ linux-2.6.22-rc4-mm2/mm/slub.c	2007-06-18 09:44:38.000000000 -0700
@@ -3649,13 +3649,15 @@ static int list_locations(struct kmem_ca
 			n += sprintf(buf + n, " pid=%ld",
 				l->min_pid);
 
-		if (num_online_cpus() > 1 && !cpus_empty(l->cpus)) {
+		if (num_online_cpus() > 1 && !cpus_empty(l->cpus) &&
+				n < PAGE_SIZE - n - 57) {
 			n += sprintf(buf + n, " cpus=");
 			n += cpulist_scnprintf(buf + n, PAGE_SIZE - n - 50,
 					l->cpus);
 		}
 
-		if (num_online_nodes() > 1 && !nodes_empty(l->nodes)) {
+		if (num_online_nodes() > 1 && !nodes_empty(l->nodes) &&
+				n < PAGE_SIZE - n - 57) {
 			n += sprintf(buf + n, " nodes=");
 			n += nodelist_scnprintf(buf + n, PAGE_SIZE - n - 50,
 					l->nodes);





-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [patch 00/26] Current slab allocator / SLUB patch queue
    • From: "Michal Piotrowski" <[email protected]>

• References:
  • [patch 00/26] Current slab allocator / SLUB patch queue
    • From: [email protected]
  • Re: [patch 00/26] Current slab allocator / SLUB patch queue
    • From: Michal Piotrowski <[email protected]>

• Prev by Date: RE: [PATCH] cciss: force ignore of responses to unsent scsi commands after kexec reboot
• Next by Date: Re: [PATCH] madvise_need_mmap_write() usage
• Previous by thread: Re: [patch 00/26] Current slab allocator / SLUB patch queue
• Next by thread: Re: [patch 00/26] Current slab allocator / SLUB patch queue
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]