From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail6.bemta7.messagelabs.com (mail6.bemta7.messagelabs.com [216.82.255.55]) by kanga.kvack.org (Postfix) with ESMTP id 4C52B6B002D for ; Sat, 26 Nov 2011 05:54:47 -0500 (EST) Received: by wwg38 with SMTP id 38so6466108wwg.26 for ; Sat, 26 Nov 2011 02:54:44 -0800 (PST) Subject: Re: [BUG] 3.2-rc2: BUG kmalloc-8: Redzone overwritten From: Sasha Levin In-Reply-To: <1321870967.8173.1.camel@lappy> References: <1321866845.3831.7.camel@lappy> <1321870529.2552.19.camel@edumazet-HP-Compaq-6005-Pro-SFF-PC> <1321870915.2552.22.camel@edumazet-HP-Compaq-6005-Pro-SFF-PC> <1321870967.8173.1.camel@lappy> Content-Type: text/plain; charset="ISO-8859-1" Date: Sat, 26 Nov 2011 12:54:38 +0200 Message-ID: <1322304878.28191.1.camel@sasha> Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org List-ID: To: Eric Dumazet Cc: David Miller , Matt Mackall , Christoph Lameter , Pekka Enberg , linux-mm , linux-kernel , netdev On Mon, 2011-11-21 at 12:22 +0200, Sasha Levin wrote: > On Mon, 2011-11-21 at 11:21 +0100, Eric Dumazet wrote: > > Le lundi 21 novembre 2011 a 11:15 +0100, Eric Dumazet a ecrit : > > > > > > > > Hmm, trinity tries to crash decnet ;) > > > > > > Maybe we should remove this decnet stuff for good instead of tracking > > > all bugs just for the record. Is there anybody still using decnet ? > > > > > > For example dn_start_slow_timer() starts a timer without holding a > > > reference on struct sock, this is highly suspect. > > > > > > [PATCH] decnet: proper socket refcounting > > > > > > Better use sk_reset_timer() / sk_stop_timer() helpers to make sure we > > > dont access already freed/reused memory later. > > > > > > Reported-by: Sasha Levin > > > Signed-off-by: Eric Dumazet > > > > Hmm, I forgot to remove the sock_hold(sk) call from dn_slow_timer(), > > here is V2 : > > > > [PATCH] decnet: proper socket refcounting > > > > Better use sk_reset_timer() / sk_stop_timer() helpers to make sure we > > dont access already freed/reused memory later. > > > > Reported-by: Sasha Levin > > Signed-off-by: Eric Dumazet > > --- > > [snip] > > Applied locally and running same tests as before, will update with > results. > Looks ok after a couple days of testing. Tested-by: Sasha Levin -- Sasha. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754006Ab1KZKyt (ORCPT ); Sat, 26 Nov 2011 05:54:49 -0500 Received: from mail-ww0-f44.google.com ([74.125.82.44]:51938 "EHLO mail-ww0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753511Ab1KZKyp (ORCPT ); Sat, 26 Nov 2011 05:54:45 -0500 Subject: Re: [BUG] 3.2-rc2: BUG kmalloc-8: Redzone overwritten From: Sasha Levin To: Eric Dumazet Cc: David Miller , Matt Mackall , Christoph Lameter , Pekka Enberg , linux-mm , linux-kernel , netdev In-Reply-To: <1321870967.8173.1.camel@lappy> References: <1321866845.3831.7.camel@lappy> <1321870529.2552.19.camel@edumazet-HP-Compaq-6005-Pro-SFF-PC> <1321870915.2552.22.camel@edumazet-HP-Compaq-6005-Pro-SFF-PC> <1321870967.8173.1.camel@lappy> Content-Type: text/plain; charset="ISO-8859-1" Date: Sat, 26 Nov 2011 12:54:38 +0200 Message-ID: <1322304878.28191.1.camel@sasha> Mime-Version: 1.0 X-Mailer: Evolution 2.32.3 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2011-11-21 at 12:22 +0200, Sasha Levin wrote: > On Mon, 2011-11-21 at 11:21 +0100, Eric Dumazet wrote: > > Le lundi 21 novembre 2011 à 11:15 +0100, Eric Dumazet a écrit : > > > > > > > > Hmm, trinity tries to crash decnet ;) > > > > > > Maybe we should remove this decnet stuff for good instead of tracking > > > all bugs just for the record. Is there anybody still using decnet ? > > > > > > For example dn_start_slow_timer() starts a timer without holding a > > > reference on struct sock, this is highly suspect. > > > > > > [PATCH] decnet: proper socket refcounting > > > > > > Better use sk_reset_timer() / sk_stop_timer() helpers to make sure we > > > dont access already freed/reused memory later. > > > > > > Reported-by: Sasha Levin > > > Signed-off-by: Eric Dumazet > > > > Hmm, I forgot to remove the sock_hold(sk) call from dn_slow_timer(), > > here is V2 : > > > > [PATCH] decnet: proper socket refcounting > > > > Better use sk_reset_timer() / sk_stop_timer() helpers to make sure we > > dont access already freed/reused memory later. > > > > Reported-by: Sasha Levin > > Signed-off-by: Eric Dumazet > > --- > > [snip] > > Applied locally and running same tests as before, will update with > results. > Looks ok after a couple days of testing. Tested-by: Sasha Levin -- Sasha. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sasha Levin Subject: Re: [BUG] 3.2-rc2: BUG kmalloc-8: Redzone overwritten Date: Sat, 26 Nov 2011 12:54:38 +0200 Message-ID: <1322304878.28191.1.camel@sasha> References: <1321866845.3831.7.camel@lappy> <1321870529.2552.19.camel@edumazet-HP-Compaq-6005-Pro-SFF-PC> <1321870915.2552.22.camel@edumazet-HP-Compaq-6005-Pro-SFF-PC> <1321870967.8173.1.camel@lappy> Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable Cc: David Miller , Matt Mackall , Christoph Lameter , Pekka Enberg , linux-mm , linux-kernel , netdev To: Eric Dumazet Return-path: In-Reply-To: <1321870967.8173.1.camel@lappy> Sender: owner-linux-mm@kvack.org List-Id: netdev.vger.kernel.org On Mon, 2011-11-21 at 12:22 +0200, Sasha Levin wrote: > On Mon, 2011-11-21 at 11:21 +0100, Eric Dumazet wrote: > > Le lundi 21 novembre 2011 =E0 11:15 +0100, Eric Dumazet a =E9crit : > >=20 > > >=20 > > > Hmm, trinity tries to crash decnet ;) > > >=20 > > > Maybe we should remove this decnet stuff for good instead of tracki= ng > > > all bugs just for the record. Is there anybody still using decnet ? > > >=20 > > > For example dn_start_slow_timer() starts a timer without holding a > > > reference on struct sock, this is highly suspect. > > >=20 > > > [PATCH] decnet: proper socket refcounting > > >=20 > > > Better use sk_reset_timer() / sk_stop_timer() helpers to make sure = we > > > dont access already freed/reused memory later. > > >=20 > > > Reported-by: Sasha Levin > > > Signed-off-by: Eric Dumazet > >=20 > > Hmm, I forgot to remove the sock_hold(sk) call from dn_slow_timer(), > > here is V2 : > >=20 > > [PATCH] decnet: proper socket refcounting > >=20 > > Better use sk_reset_timer() / sk_stop_timer() helpers to make sure we > > dont access already freed/reused memory later. > >=20 > > Reported-by: Sasha Levin > > Signed-off-by: Eric Dumazet > > --- >=20 > [snip] >=20 > Applied locally and running same tests as before, will update with > results. >=20 Looks ok after a couple days of testing. Tested-by: Sasha Levin --=20 Sasha. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter= .ca/ Don't email: email@kvack.org