From: Manfred Spraul <manfred@colorfullife.com>
To: Russell King <rmk+lkml@arm.linux.org.uk>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [BUG] 2.6.8-rc3 slab corruption (jffs2?)
Date: Sun, 08 Aug 2004 11:23:06 +0200 [thread overview]
Message-ID: <4115F0FA.30503@colorfullife.com> (raw)
rmk wrote:
>Due to tail call optimisation, its difficult to work out exactly what's
>going on, but the first seems to be a kfree call from the erase callback
>(possibly jffs2_erase_callback). The second function is the call to
>jffs2_free_full_dirent() in jffs2_garbage_collect_deletion_dirent().
>
>
>
I'd concentrate on cfi_intelext_erase_varsize+0x58/0x64:
When slab encounters a corruption, it dumps three objects: the corrupted
one, the previous one and the next one. Theoretically, a write
before/after the end of the object could corrupt the neighboring object,
but probably the first function is the relevant one.
Could you double check that gcc did a tail optimization in
cfi_intelext_erase_varsize?
I don't understand how this is possible: cfi_intelext_erase_varsize
returns (int)0, instr->callback is a void function.
And even if there is a tail optimization: how would that affect the call
address of the kfree() call? Perhaps gcc automatically inlined something?
--
Manfred
next reply other threads:[~2004-08-08 9:20 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-08 9:23 Manfred Spraul [this message]
2004-08-08 9:36 ` [BUG] 2.6.8-rc3 slab corruption (jffs2?) Russell King
-- strict thread matches above, loose matches on Subject: below --
2004-08-07 14:04 Russell King
2004-08-07 14:04 ` Russell King
2004-08-07 21:59 ` David Woodhouse
2004-08-07 21:59 ` David Woodhouse
2004-08-08 6:12 ` Wu Jian Feng
2004-08-08 10:53 ` David Woodhouse
2004-08-08 10:53 ` David Woodhouse
2004-08-09 1:59 ` Wu Jian Feng
2004-08-09 1:59 ` Wu Jian Feng
2004-08-09 6:41 ` David Woodhouse
2004-08-09 11:07 ` David Woodhouse
2004-08-09 13:11 ` Jarkko Lavinen
2004-08-09 13:17 ` David Woodhouse
2004-08-10 0:52 ` Wu Jian Feng
2004-08-10 0:52 ` Wu Jian Feng
2004-08-10 13:16 ` David Woodhouse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4115F0FA.30503@colorfullife.com \
--to=manfred@colorfullife.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rmk+lkml@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.