Re: [patch] slob: fix memory corruption
From: Nick Piggin
Date: Thu Nov 15 2007 - 16:03:29 EST
On Thursday 15 November 2007 23:48, Ingo Molnar wrote:
> > From: Nick Piggin <npiggin@xxxxxxx>
> >
> > - if (free_slob_pages.next != prev->next)
> > + if (prev != free_slob_pages.prev &&
> > + free_slob_pages.next != prev->next)
> > list_move_tail(&free_slob_pages, prev->next);
>
> btw., exactly how did you find this bug? User-space simulation of SLOB?
Yes. It was very useful in developing the improvements to the freelist
handling. The only reason why I don't release/run the code more often
is that my test harness work is pretty ugly (ie. it isn't just a simple
cp mm/slob.c ../blah/).
After that, just a loop of N iterations, within each iteration, there is
a chance of a single allocation of a random size, a single free of a
random outstanding allocation, a run of allocating MAX allocations, or
a run of freeing all previously allocated memory. It's a bit crude, but
it showed up your list head corruption in a second or two.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/