From 434d50b41c5ebd6fa4646a03e692616bd294268b Mon Sep 17 00:00:00 2001 From: alex Date: Fri, 16 Jul 2004 12:40:54 +0000 Subject: [PATCH] - slab-use-after-free debug tool added to vanilla-2.4.24 series to debug 3772 - dynlocks use own slab: slab-use-after-free may be enabled for only dynlocks --- .../patches/dynamic-locks-2.4.24.patch | 81 ++++++++++++++++++++-- .../patches/slab-use-after-free-debug-2.4.24.patch | 64 +++++++++++------ lustre/kernel_patches/series/vanilla-2.4.24 | 1 + 3 files changed, 116 insertions(+), 30 deletions(-) diff --git a/lustre/kernel_patches/patches/dynamic-locks-2.4.24.patch b/lustre/kernel_patches/patches/dynamic-locks-2.4.24.patch index 4c72921..bd4d2f4 100644 --- a/lustre/kernel_patches/patches/dynamic-locks-2.4.24.patch +++ b/lustre/kernel_patches/patches/dynamic-locks-2.4.24.patch @@ -6,8 +6,8 @@ Index: linux-2.4.24/include/linux/dynlocks.h =================================================================== --- linux-2.4.24.orig/include/linux/dynlocks.h 2003-01-30 13:24:37.000000000 +0300 -+++ linux-2.4.24/include/linux/dynlocks.h 2004-07-16 10:25:15.000000000 +0400 -@@ -0,0 +1,45 @@ ++++ linux-2.4.24/include/linux/dynlocks.h 2004-07-16 14:17:00.000000000 +0400 +@@ -0,0 +1,46 @@ +#ifndef _LINUX_DYNLOCKS_H +#define _LINUX_DYNLOCKS_H + @@ -44,6 +44,7 @@ Index: linux-2.4.24/include/linux/dynlocks.h + struct list_head dl_list; + spinlock_t dl_list_lock; + struct dynlock * dl_back; ++ int dl_locks; +}; + +void dynlock_init(struct dynlock *dl); @@ -56,8 +57,8 @@ Index: linux-2.4.24/include/linux/dynlocks.h Index: linux-2.4.24/lib/dynlocks.c =================================================================== --- linux-2.4.24.orig/lib/dynlocks.c 2003-01-30 13:24:37.000000000 +0300 -+++ linux-2.4.24/lib/dynlocks.c 2004-07-16 11:53:38.000000000 +0400 -@@ -0,0 +1,199 @@ ++++ linux-2.4.24/lib/dynlocks.c 2004-07-16 15:31:06.000000000 +0400 +@@ -0,0 +1,247 @@ +/* + * Dynamic Locks + * @@ -72,6 +73,49 @@ Index: linux-2.4.24/lib/dynlocks.c +#include +#include + ++static kmem_cache_t * dynlock_cachep = NULL; ++ ++void __init dynlock_cache_init(void) ++{ ++ printk(KERN_INFO "init dynlocks cache\n"); ++ dynlock_cachep = kmem_cache_create("dynlock_cache", ++ sizeof(struct dynlock_member), ++ 0, ++ SLAB_HWCACHE_ALIGN, ++ NULL, NULL); ++ if (dynlock_cachep == NULL) ++ panic("Can't create dynlock cache"); ++} ++ ++static void dynlock_check_consistency(struct dynlock *dl) ++{ ++ struct dynlock_member *hl; ++ struct list_head *cur; ++ int num = 0; ++ ++ spin_lock(&dl->dl_list_lock); ++ BUG_ON(dl == NULL); ++ BUG_ON(dl->dl_magic != DYNLOCK_LIST_MAGIC); ++ BUG_ON(dl->dl_back != dl); ++ list_for_each(cur, &dl->dl_list) { ++ BUG_ON(cur->next == NULL); ++ BUG_ON(cur->prev == NULL); ++ hl = list_entry(cur, struct dynlock_member, dl_list); ++ if (hl->dl_magic != DYNLOCK_MAGIC || hl->dl_head != dl) { ++ printk("corrupted lock 0x%p/%d: magic 0x%x (!=0x%x)\n", ++ hl, num, hl->dl_magic, DYNLOCK_MAGIC); ++ printk(" value 0x%lx, %d readers, %d writers, pid %d, %d refs\n", ++ hl->dl_value, hl->dl_readers, hl->dl_writers, ++ hl->dl_pid, hl->dl_refcount); ++ printk(" head 0x%p\n", hl->dl_head); ++ BUG(); ++ } ++ num++; ++ } ++ BUG_ON(num != dl->dl_locks); ++ spin_unlock(&dl->dl_list_lock); ++} ++ +/* + * dynlock_init + * @@ -84,6 +128,7 @@ Index: linux-2.4.24/lib/dynlocks.c + INIT_LIST_HEAD(&dl->dl_list); + dl->dl_magic = DYNLOCK_LIST_MAGIC; + dl->dl_back = dl; ++ dl->dl_locks = 0; +} + +/* @@ -135,7 +180,7 @@ Index: linux-2.4.24/lib/dynlocks.c + * lock we didn't find and just created + * so, we drop our lock + */ -+ kfree(nhl); ++ kmem_cache_free(dynlock_cachep, nhl); + nhl = NULL; + } + hl->dl_refcount++; @@ -148,13 +193,14 @@ Index: linux-2.4.24/lib/dynlocks.c + /* we already have allocated lock. use it */ + hl = nhl; + nhl = NULL; ++ dl->dl_locks++; + list_add(&hl->dl_list, &dl->dl_list); + goto found; + } + spin_unlock(&dl->dl_list_lock); + + /* lock not found and we haven't allocated lock yet. allocate it */ -+ nhl = kmalloc(sizeof(struct dynlock_member), gfp); ++ nhl = kmem_cache_alloc(dynlock_cachep, gfp); + if (nhl == NULL) + return NULL; + nhl->dl_refcount = 1; @@ -196,6 +242,7 @@ Index: linux-2.4.24/lib/dynlocks.c + spin_unlock(&dl->dl_list_lock); + + BUG_ON(hl->dl_magic != DYNLOCK_MAGIC); ++ dynlock_check_consistency(dl); + return hl; +} + @@ -247,10 +294,12 @@ Index: linux-2.4.24/lib/dynlocks.c + if (--(hl->dl_refcount) == 0) { + hl->dl_magic = DYNLOCK_MAGIC2; + list_del(&hl->dl_list); ++ dl->dl_locks--; + } + spin_unlock(&dl->dl_list_lock); + if (hl->dl_refcount == 0) -+ kfree(hl); ++ kmem_cache_free(dynlock_cachep, hl); ++ dynlock_check_consistency(dl); +} + +EXPORT_SYMBOL(dynlock_init); @@ -274,3 +323,21 @@ Index: linux-2.4.24/lib/Makefile obj-$(CONFIG_FW_LOADER) += firmware_class.o obj-$(CONFIG_RWSEM_GENERIC_SPINLOCK) += rwsem-spinlock.o +Index: linux-2.4.24/fs/dcache.c +=================================================================== +--- linux-2.4.24.orig/fs/dcache.c 2004-07-16 12:35:54.000000000 +0400 ++++ linux-2.4.24/fs/dcache.c 2004-07-16 12:36:14.000000000 +0400 +@@ -1274,6 +1274,7 @@ + extern void bdev_cache_init(void); + extern void cdev_cache_init(void); + extern void iobuf_cache_init(void); ++extern void dynlock_cache_init(void); + + void __init vfs_caches_init(unsigned long mempages) + { +@@ -1310,4 +1311,5 @@ + bdev_cache_init(); + cdev_cache_init(); + iobuf_cache_init(); ++ dynlock_cache_init(); + } diff --git a/lustre/kernel_patches/patches/slab-use-after-free-debug-2.4.24.patch b/lustre/kernel_patches/patches/slab-use-after-free-debug-2.4.24.patch index eb508d3..f0fb2fa 100644 --- a/lustre/kernel_patches/patches/slab-use-after-free-debug-2.4.24.patch +++ b/lustre/kernel_patches/patches/slab-use-after-free-debug-2.4.24.patch @@ -1,8 +1,8 @@ %patch Index: linux-2.4.24/mm/slab.c =================================================================== ---- linux-2.4.24.orig/mm/slab.c 2004-02-06 11:15:22.000000000 +0300 -+++ linux-2.4.24/mm/slab.c 2004-02-07 00:42:38.000000000 +0300 +--- linux-2.4.24.orig/mm/slab.c 2004-07-14 18:14:27.000000000 +0400 ++++ linux-2.4.24/mm/slab.c 2004-07-16 15:54:07.000000000 +0400 @@ -97,6 +97,8 @@ #define FORCED_DEBUG 0 #endif @@ -25,7 +25,7 @@ Index: linux-2.4.24/mm/slab.c #if DEBUG /* -@@ -1342,6 +1350,20 @@ +@@ -1340,6 +1348,20 @@ unsigned long save_flags; void* objp; @@ -46,7 +46,7 @@ Index: linux-2.4.24/mm/slab.c kmem_cache_alloc_head(cachep, flags); try_again: local_irq_save(save_flags); -@@ -1436,13 +1458,17 @@ +@@ -1434,13 +1456,17 @@ if (cachep->flags & SLAB_RED_ZONE) { objp -= BYTES_PER_WORD; @@ -66,7 +66,7 @@ Index: linux-2.4.24/mm/slab.c } if (cachep->flags & SLAB_POISON) kmem_poison_obj(cachep, objp); -@@ -1578,6 +1604,10 @@ +@@ -1576,6 +1602,10 @@ void kmem_cache_free (kmem_cache_t *cachep, void *objp) { unsigned long flags; @@ -77,7 +77,7 @@ Index: linux-2.4.24/mm/slab.c #if DEBUG CHECK_PAGE(virt_to_page(objp)); if (cachep != GET_PAGE_CACHE(virt_to_page(objp))) -@@ -1603,6 +1633,10 @@ +@@ -1601,6 +1631,10 @@ if (!objp) return; @@ -88,7 +88,7 @@ Index: linux-2.4.24/mm/slab.c local_irq_save(flags); CHECK_PAGE(virt_to_page(objp)); c = GET_PAGE_CACHE(virt_to_page(objp)); -@@ -2078,3 +2112,471 @@ +@@ -2076,3 +2110,471 @@ #endif } #endif @@ -562,8 +562,8 @@ Index: linux-2.4.24/mm/slab.c + Index: linux-2.4.24/mm/vmalloc.c =================================================================== ---- linux-2.4.24.orig/mm/vmalloc.c 2004-01-10 17:05:20.000000000 +0300 -+++ linux-2.4.24/mm/vmalloc.c 2004-02-06 11:17:09.000000000 +0300 +--- linux-2.4.24.orig/mm/vmalloc.c 2004-06-24 09:03:26.000000000 +0400 ++++ linux-2.4.24/mm/vmalloc.c 2004-07-16 15:54:07.000000000 +0400 @@ -53,7 +53,7 @@ } while (address < end); } @@ -582,10 +582,27 @@ Index: linux-2.4.24/mm/vmalloc.c unsigned long size, int gfp_mask, pgprot_t prot, +Index: linux-2.4.24/mm/page_alloc.c +=================================================================== +--- linux-2.4.24.orig/mm/page_alloc.c 2004-07-14 18:14:27.000000000 +0400 ++++ linux-2.4.24/mm/page_alloc.c 2004-07-16 16:11:49.000000000 +0400 +@@ -91,6 +91,12 @@ + zone_t *zone; + + arch_free_page(page, order); ++ ++ for (index = 0; index < (1 << order); index++) { ++ BUG_ON(atomic_read(&page[index].count) > 0); ++ BUG_ON(PageSlab(page + index)); ++ } ++ + /* + * Yes, think what happens when other parts of the kernel take + * a reference to a page in order to pin it for io. -ben Index: linux-2.4.24/init/main.c =================================================================== ---- linux-2.4.24.orig/init/main.c 2004-01-10 17:05:59.000000000 +0300 -+++ linux-2.4.24/init/main.c 2004-02-06 11:17:43.000000000 +0300 +--- linux-2.4.24.orig/init/main.c 2004-06-24 09:06:32.000000000 +0400 ++++ linux-2.4.24/init/main.c 2004-07-16 15:54:07.000000000 +0400 @@ -437,6 +437,9 @@ #if defined(CONFIG_SYSVIPC) ipc_init(); @@ -598,8 +615,8 @@ Index: linux-2.4.24/init/main.c Index: linux-2.4.24/fs/proc/proc_misc.c =================================================================== ---- linux-2.4.24.orig/fs/proc/proc_misc.c 2004-01-10 17:05:55.000000000 +0300 -+++ linux-2.4.24/fs/proc/proc_misc.c 2004-02-06 11:35:27.000000000 +0300 +--- linux-2.4.24.orig/fs/proc/proc_misc.c 2004-06-24 09:06:31.000000000 +0400 ++++ linux-2.4.24/fs/proc/proc_misc.c 2004-07-16 15:54:07.000000000 +0400 @@ -303,6 +303,22 @@ release: seq_release, }; @@ -635,8 +652,8 @@ Index: linux-2.4.24/fs/proc/proc_misc.c #endif Index: linux-2.4.24/include/linux/slab.h =================================================================== ---- linux-2.4.24.orig/include/linux/slab.h 2004-01-29 15:01:10.000000000 +0300 -+++ linux-2.4.24/include/linux/slab.h 2004-02-06 11:18:26.000000000 +0300 +--- linux-2.4.24.orig/include/linux/slab.h 2004-07-16 10:25:19.000000000 +0400 ++++ linux-2.4.24/include/linux/slab.h 2004-07-16 15:54:13.000000000 +0400 @@ -40,6 +40,7 @@ #define SLAB_HWCACHE_ALIGN 0x00002000UL /* align objs on a h/w cache lines */ #define SLAB_CACHE_DMA 0x00004000UL /* use GFP_DMA memory */ @@ -647,8 +664,8 @@ Index: linux-2.4.24/include/linux/slab.h #define SLAB_CTOR_CONSTRUCTOR 0x001UL /* if not set, then deconstructor */ Index: linux-2.4.24/include/asm-i386/io.h =================================================================== ---- linux-2.4.24.orig/include/asm-i386/io.h 2004-01-29 15:01:10.000000000 +0300 -+++ linux-2.4.24/include/asm-i386/io.h 2004-02-06 11:18:26.000000000 +0300 +--- linux-2.4.24.orig/include/asm-i386/io.h 2004-07-16 10:25:19.000000000 +0400 ++++ linux-2.4.24/include/asm-i386/io.h 2004-07-16 15:54:13.000000000 +0400 @@ -75,6 +75,16 @@ static inline unsigned long virt_to_phys(volatile void * address) @@ -668,8 +685,8 @@ Index: linux-2.4.24/include/asm-i386/io.h Index: linux-2.4.24/include/asm-i386/page.h =================================================================== ---- linux-2.4.24.orig/include/asm-i386/page.h 2004-01-14 02:58:46.000000000 +0300 -+++ linux-2.4.24/include/asm-i386/page.h 2004-02-06 11:17:09.000000000 +0300 +--- linux-2.4.24.orig/include/asm-i386/page.h 2004-07-14 18:14:27.000000000 +0400 ++++ linux-2.4.24/include/asm-i386/page.h 2004-07-16 15:54:07.000000000 +0400 @@ -131,9 +131,49 @@ #define VMALLOC_RESERVE ((unsigned long)__VMALLOC_RESERVE) #define __MAXMEM (-__PAGE_OFFSET-__VMALLOC_RESERVE) @@ -722,9 +739,9 @@ Index: linux-2.4.24/include/asm-i386/page.h #define VM_DATA_DEFAULT_FLAGS (VM_READ | VM_WRITE | VM_EXEC | \ Index: linux-2.4.24/arch/i386/config.in =================================================================== ---- linux-2.4.24.orig/arch/i386/config.in 2004-01-14 02:58:46.000000000 +0300 -+++ linux-2.4.24/arch/i386/config.in 2004-02-06 11:17:09.000000000 +0300 -@@ -508,6 +508,9 @@ +--- linux-2.4.24.orig/arch/i386/config.in 2004-07-16 15:54:07.000000000 +0400 ++++ linux-2.4.24/arch/i386/config.in 2004-07-16 15:54:07.000000000 +0400 +@@ -509,6 +509,9 @@ bool ' Check for stack overflows' CONFIG_DEBUG_STACKOVERFLOW bool ' Debug high memory support' CONFIG_DEBUG_HIGHMEM bool ' Debug memory allocations' CONFIG_DEBUG_SLAB @@ -742,7 +759,8 @@ Index: linux-2.4.24/arch/i386/config.in include/asm-i386/page.h | 40 +++ include/linux/slab.h | 1 init/main.c | 3 + mm/page_alloc.c | 6 mm/slab.c | 506 +++++++++++++++++++++++++++++++++++++++++++++++- mm/vmalloc.c | 4 - 8 files changed, 582 insertions(+), 4 deletions(-) + 9 files changed, 588 insertions(+), 4 deletions(-) diff --git a/lustre/kernel_patches/series/vanilla-2.4.24 b/lustre/kernel_patches/series/vanilla-2.4.24 index 86242ef..06d4886 100644 --- a/lustre/kernel_patches/series/vanilla-2.4.24 +++ b/lustre/kernel_patches/series/vanilla-2.4.24 @@ -46,3 +46,4 @@ ext3-mds-num-2.4.24.patch export_lookup_create.patch ext3-raw-lookup-pdirops.patch kksymoops-2.4.24.vanilla.patch +slab-use-after-free-debug-2.4.24.patch -- 1.8.3.1