Re: [bug, netconsole, SLUB] BUG skbuff_head_cache: Poison overwritten

Hi Pekka. On Fri, Jul 18, 2008 at 12:02:26PM +0300, Pekka Enberg (penberg@cs.helsinki.fi) wrote:

quoted text

> > Out of curiosity, why does it scream at allocation time? > > Because it's checking for use-after-free errors. The object is > poisoned with POISON_FREE when it's free'd and we verify the poison > values at allocation time.

Does it also scream on double free event? Just to closer guilty circles... 0x9c offset is somewhere at the very end of the skbuff structure, likely skb->users. Can you also check in some kind of this patch to catch freed skb freeing for testing? diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 3666216..dda96bf 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -419,6 +419,14 @@ void kfree_skb(struct sk_buff *skb) { if (unlikely(!skb)) return; + + { + u8 *ptr = (u8 *)(&skb->users); + + if (*ptr == POISON_FREE || *ptr == POISON_INUSE || *ptr == POISON_END) + BUG(); + } + if (likely(atomic_read(&skb->users) == 1)) smp_rmb(); else if (likely(!atomic_dec_and_test(&skb->users))) -- Evgeniy Polyakov --

unsubscribe notice

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/


linux-kernel:
Ken Chen	[patch] sched: fix inconsistency when redistribute per-cpu tg->cfs_rq shares.
Ingo Molnar	Re: [PATCH v3] x86: merge the simple bitops and move them to bitops.h
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Andi Kleen	Re: - romsignature-checksum-cleanup-2.patch removed from -mm tree
Petr Tesarik	Re: Serious problem with ticket spinlocks on ia64
git:
Junio C Hamano	Re: Teach "git checkout" to use git-show-ref
Christian Jaeger	Re: Problem with Git.pm bidi_pipe methods
Linus Torvalds	[PATCH 1/7] Make unpack_trees_options bit flags actual bitfields
Jon Smirl	stgit: managing signed-off-by lines
Han-Wen Nienhuys	Re: Cleaning up git user-interface warts
git-commits-head:
Linux Kernel Mailing List	MIPS: Bonito64: Make Loongson independent from Bonito64 code.
Linux Kernel Mailing List	iwlwifi: initialize spinlock before use
Linux Kernel Mailing List	i2c-i801: Add Intel Cougar Point device IDs
Linux Kernel Mailing List	drm/i915: Add information on pinning and fencing to the i915 list debug.
Linux Kernel Mailing List	ALSA: hda - Clean up quirks for HP laptops with AD1984A
linux-netdev:
Gerrit Renker	v2 [PATCH 1/4] dccp: Limit feature negotiation to connection setup phase
Richard Cochran	Re: [PATCH v3 3/3] ptp: Added a clock that uses the eTSEC found on the MPC85xx.
Inaky Perez-Gonzalez	[PATCH 40/40] wimax/i2400m: add CREDITS and MAINTAINERS entries
Sathya Perla	[PATCH net-next-2.6] be2net: add multiple RX queue support
Changli Gao	Re: [PATCH 3/3] ifb: move tq from ifb_private
freebsd-current:
Boris Samorodov	Re: twa + dump = sbwait
韓家標 Bill Hacker	Re: ZFS honesty
Bjoern A. Zeeb	Re: Can not boot 7.0-BETA3 with IPSEC
rmgls	man usb2_core(4)
Sam Leffler	Re: Lots of "ath0: bad series0 hwrate 0x1b" in 8.0-BETA2