swh:1:snp:0424f14fb59df2ee63d8659da5115ce9de06a349
Revision b1ab41c4943008375c149a63602d7407f61de5b2 authored by Ingo Molnar on 02 June 2006, 13:44:58 UTC, committed by Linus Torvalds on 02 June 2006, 18:21:10 UTC
mm/slab.c's offlab_limit logic is totally broken.
Firstly, "offslab_limit" is a global variable while it should either be
calculated in situ or should be passed in as a parameter.
Secondly, the more serious problem with it is that the condition for
calculating it:
if (!(OFF_SLAB(sizes->cs_cachep))) {
offslab_limit = sizes->cs_size - sizeof(struct slab);
offslab_limit /= sizeof(kmem_bufctl_t);
is in total disconnect with the condition that makes use of it:
/* More than offslab_limit objects will cause problems */
if ((flags & CFLGS_OFF_SLAB) && num > offslab_limit)
break;
but due to offslab_limit being a global variable this breakage was
hidden.
Up until lockdep came along and perturbed the slab sizes sufficiently so
that the first off-slab cache would still see a (non-calculated) zero
value for offslab_limit and would panic with:
kmem_cache_create: couldn't create cache size-512.
Call Trace:
[<ffffffff8020a5b9>] show_trace+0x96/0x1c8
[<ffffffff8020a8f0>] dump_stack+0x13/0x15
[<ffffffff8022994f>] panic+0x39/0x21a
[<ffffffff80270814>] kmem_cache_create+0x5a0/0x5d0
[<ffffffff80aced62>] kmem_cache_init+0x193/0x379
[<ffffffff80abf779>] start_kernel+0x17f/0x218
[<ffffffff80abf263>] _sinittext+0x263/0x26a
Kernel panic - not syncing: kmem_cache_create(): failed to create slab `size-512'
Paolo Ornati's config on x86_64 managed to trigger it.
The fix is to move the calculation to the place that makes use of it.
This also makes slab.o 54 bytes smaller.
Btw., the check itself is quite silly. Its intention is to test whether
the number of objects per slab would be higher than the number of slab
control pointers possible. In theory it could be triggered: if someone
tried to allocate 4-byte objects cache and explicitly requested with
CFLGS_OFF_SLAB. So i kept the check.
Out of historic interest i checked how old this bug was and it's
ancient, 10 years old! It is the oldest hidden and then truly triggering
bugs i ever saw being fixed in the kernel!
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
1 parent b52a834
Tip revision: e8b0ccb2a787fb43f8091a1eaef9c28a79b00002 authored by Linus Torvalds on 05 April 2024, 17:05:42 UTC
Merge tag '9p-for-6.9-rc3' of https://github.com/martinetd/linux
Merge tag '9p-for-6.9-rc3' of https://github.com/martinetd/linux
Tip revision: e8b0ccb
| File | Mode | Size |
|---|---|---|
| Documentation | ||
| arch | ||
| block | ||
| crypto | ||
| drivers | ||
| fs | ||
| include | ||
| init | ||
| ipc | ||
| kernel | ||
| lib | ||
| mm | ||
| net | ||
| scripts | ||
| security | ||
| sound | ||
| usr | ||
| .gitignore | -rw-r--r-- | 462 bytes |
| COPYING | -rw-r--r-- | 18.3 KB |
| CREDITS | -rw-r--r-- | 87.4 KB |
| Kbuild | -rw-r--r-- | 1.2 KB |
| MAINTAINERS | -rw-r--r-- | 68.6 KB |
| Makefile | -rw-r--r-- | 43.6 KB |
| README | -rw-r--r-- | 16.2 KB |
| REPORTING-BUGS | -rw-r--r-- | 3.0 KB |
Computing file changes ...
