[PATCH] cache_k8_northbridges() overflows beyond allocation (Was:2.6.21-rc5-mm4 (SLUB))

From: Badari Pulavarty
Date: Fri Apr 13 2007 - 11:14:00 EST

Next message: Randy Dunlap: "Re: [PATCH] [KERNEL-DOC] fix tex error when building pdfdocs"
Previous message: Con Kolivas: "Staircase Deadline cpu scheduler v 0.40"
Next in thread: Andi Kleen: "Re: [PATCH] cache_k8_northbridges() overflows beyond allocation (Was: 2.6.21-rc5-mm4 (SLUB))"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2007-04-04 at 11:04 -0700, Christoph Lameter wrote:
> On Wed, 4 Apr 2007, Badari Pulavarty wrote:
...
>
> > *** SLUB: Freepointer corrupt in kmalloc-16@0xffff810173f172a0 Slab
> > 0xffff81017f9f8b80
> > offset=672 flags=0x2000000000000c7 inuse=42
> > freelist=0xffff810173f172a0
> > Bytes b4 0xffff810173f17290: a0 72 f1 73 00 00 00 00 00 00 00 00 00
> > 00 00 00 .r\uffffs............
> > Object 0xffff810173f172a0: 00 00 00 00 01 81 ff ff 00 00 00 00 00
> > 00 00 00 ......\uffff\uffff........
> > FreePointer 0xffff810173f172a0 -> 0xffff810100000000
>

Found it !! After a painful capture of all the kmalloc-16 slab
allocations (400+) so far and auditing some of them, found the
culprit - who writes beyond its allocation, causing the slab
corruption.

Thanks,
Badari

cache_k8_northbridges() is storing config values to incorrect locations
(in flush_words) and also its overflowing beyond the allocation, causing
slab verification failures.

Signed-off-by: Badari Pulavarty <pbadari@xxxxxxxxxx>
---
arch/x86_64/kernel/k8.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

Index: linux-2.6.21-rc6/arch/x86_64/kernel/k8.c
===================================================================
--- linux-2.6.21-rc6.orig/arch/x86_64/kernel/k8.c 2007-04-05 19:36:56.000000000 -0700
+++ linux-2.6.21-rc6/arch/x86_64/kernel/k8.c 2007-04-13 07:51:57.000000000 -0700
@@ -61,8 +61,8 @@ int cache_k8_northbridges(void)
dev = NULL;
i = 0;
while ((dev = next_k8_northbridge(dev)) != NULL) {
- k8_northbridges[i++] = dev;
- pci_read_config_dword(dev, 0x9c, &flush_words[i]);
+ k8_northbridges[i] = dev;
+ pci_read_config_dword(dev, 0x9c, &flush_words[i++]);
}
k8_northbridges[i] = NULL;
return 0;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Randy Dunlap: "Re: [PATCH] [KERNEL-DOC] fix tex error when building pdfdocs"
Previous message: Con Kolivas: "Staircase Deadline cpu scheduler v 0.40"
Next in thread: Andi Kleen: "Re: [PATCH] cache_k8_northbridges() overflows beyond allocation (Was: 2.6.21-rc5-mm4 (SLUB))"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]