From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Pekka J Enberg <penberg@cs.helsinki.fi>
Cc: Vegard Nossum <vegard.nossum@gmail.com>,
Ingo Molnar <mingo@elte.hu>, Jens Axboe <jens.axboe@oracle.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: kmemcheck caught read from freed memory (cfq_free_io_context)
Date: Thu, 3 Apr 2008 14:27:53 -0700 [thread overview]
Message-ID: <20080403212753.GL8770@linux.vnet.ibm.com> (raw)
In-Reply-To: <Pine.LNX.4.64.0804032244510.15758@sbz-30.cs.Helsinki.FI>
On Thu, Apr 03, 2008 at 10:49:23PM +0300, Pekka J Enberg wrote:
> Hi Paul,
>
> On Thu, 3 Apr 2008, Paul E. McKenney wrote:
> > OK, so another approach would be to use a larger shadow block for
> > SLAB_DESTROY_BY_RCU slabs, so that each shadow location would have enough
> > room for an rcu_head and a size in addition to the flag. That would
> > trivialize tracking, or, more accurately, delegate such tracking to the
> > RCU infrastructure.
>
> Yeah, or just allocate some extra spaces for the RCU case and not
> overload the current shadow pages. But sounds good to me.
As long as we have an rcu_head for each memory block in the slab, I am
not to worried about where they are allocated.
> On Thu, 3 Apr 2008, Paul E. McKenney wrote:
> > Of course, the case where the block gets reallocated before the RCU
> > grace period ends would also need to be handled (which my rough sketch
> > yesterday did -not- handle, by the way...).
> >
> > There are a couple of ways of doing this. Probably the easiest approach
> > is to add more state to the flag, so that the RCU callback would check
> > to see if reallocation had already happened. If so, it would update the
> > state to indicate that the rcu_head was again available, and would need to
> > repost itself if the block had been freed again after being reallocated.
> >
> > The other approach would be to defer actually adding the block to the
> > freelist until the grace period expired. This would be more accurate,
> > but also quite a bit more intrusive.
>
> We already talked about deferring the actual freeing in kmemcheck to
> better detect these use-after-free conditions with Vegard. So it's
> something that we probably want to do regardless of RCU.
Then it is especially important that the rcu_head be pre-allocated.
Otherwise we could get into out-of-memory deadlocks where a free
operation is blocked by an allocation operation. ;-)
Thanx, Paul
next prev parent reply other threads:[~2008-04-03 21:28 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-01 21:08 kmemcheck caught read from freed memory (cfq_free_io_context) Vegard Nossum
2008-04-01 21:36 ` Peter Zijlstra
2008-04-01 22:51 ` Paul E. McKenney
2008-04-02 6:15 ` Peter Zijlstra
2008-04-02 7:19 ` Jens Axboe
2008-04-02 10:24 ` Paul E. McKenney
2008-04-02 7:17 ` Jens Axboe
2008-04-02 7:20 ` Pekka J Enberg
2008-04-02 7:24 ` Jens Axboe
2008-04-02 7:28 ` Ingo Molnar
2008-04-02 7:31 ` Jens Axboe
2008-04-02 10:55 ` Paul E. McKenney
2008-04-02 10:59 ` Peter Zijlstra
2008-04-02 11:33 ` Fabio Checconi
2008-04-02 11:43 ` Jens Axboe
2008-04-02 12:36 ` Jens Axboe
2008-04-02 12:36 ` Jens Axboe
2008-04-02 12:55 ` Fabio Checconi
2008-04-02 12:58 ` Jens Axboe
2008-04-02 12:58 ` Jens Axboe
2008-04-02 13:16 ` Fabio Checconi
2008-04-02 16:14 ` Paul E. McKenney
2008-04-02 13:37 ` Paul E. McKenney
2008-04-02 13:41 ` Jens Axboe
2008-04-02 15:33 ` Paul E. McKenney
2008-04-02 16:31 ` Jens Axboe
2008-04-02 17:00 ` Paul E. McKenney
2008-04-02 13:32 ` Paul E. McKenney
2008-04-02 13:40 ` Jens Axboe
2008-04-02 16:15 ` Paul E. McKenney
2008-04-02 11:01 ` Pekka Enberg
2008-04-02 11:07 ` Jens Axboe
2008-04-02 11:08 ` Peter Zijlstra
2008-04-02 11:11 ` Pekka Enberg
2008-04-02 11:14 ` Peter Zijlstra
2008-04-02 11:18 ` Pekka Enberg
2008-04-02 17:36 ` Christoph Lameter
2008-04-02 11:14 ` Jens Axboe
2008-04-02 11:20 ` Peter Zijlstra
2008-04-02 11:25 ` Peter Zijlstra
2008-04-02 11:32 ` Jens Axboe
2008-04-02 11:37 ` Peter Zijlstra
2008-04-02 11:42 ` Jens Axboe
2008-04-02 11:47 ` Peter Zijlstra
2008-04-02 11:53 ` Jens Axboe
2008-04-02 12:13 ` Peter Zijlstra
2008-04-02 12:28 ` Jens Axboe
2008-04-02 13:26 ` Paul E. McKenney
2008-04-02 13:43 ` Andi Kleen
2008-04-02 12:26 ` Peter Zijlstra
2008-04-02 12:34 ` Jens Axboe
2008-04-02 16:08 ` Paul E. McKenney
2008-04-02 16:15 ` Vegard Nossum
2008-04-02 16:32 ` Pekka J Enberg
2008-04-02 18:23 ` Paul E. McKenney
2008-04-02 19:53 ` Pekka Enberg
2008-04-02 20:15 ` Paul E. McKenney
2008-04-03 15:18 ` Paul E. McKenney
2008-04-03 19:49 ` Pekka J Enberg
2008-04-03 21:27 ` Paul E. McKenney [this message]
2008-04-02 16:59 ` Paul E. McKenney
2008-04-02 17:31 ` Vegard Nossum
2008-04-02 10:40 ` Paul E. McKenney
2008-04-02 10:46 ` Pekka Enberg
2008-04-02 10:49 ` Peter Zijlstra
2008-04-02 10:54 ` Pekka J Enberg
2008-04-02 17:35 ` Christoph Lameter
2008-04-02 10:53 ` Peter Zijlstra
2008-04-02 11:13 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080403212753.GL8770@linux.vnet.ibm.com \
--to=paulmck@linux.vnet.ibm.com \
--cc=a.p.zijlstra@chello.nl \
--cc=jens.axboe@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=penberg@cs.helsinki.fi \
--cc=vegard.nossum@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.