Re: [PATCH v4 2/2] mm: slub: call WARN() when the slab detect an error

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Harry Yoo <harry.yoo@oracle.com>
To: Hyesoo Yu <hyesoo.yu@samsung.com>
Cc: janghyuck.kim@samsung.com, vbabka@suse.cz,
	Christoph Lameter <cl@linux.com>,
	Pekka Enberg <penberg@kernel.org>,
	David Rientjes <rientjes@google.com>,
	Joonsoo Kim <iamjoonsoo.kim@lge.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Roman Gushchin <roman.gushchin@linux.dev>,
	Hyeonggon Yoo <42.hyeyoo@gmail.com>,
	linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 2/2] mm: slub: call WARN() when the slab detect an error
Date: Thu, 27 Feb 2025 21:55:13 +0900	[thread overview]
Message-ID: <Z8BgsapZtIC9VyRf@harry> (raw)
In-Reply-To: <20250226081206.680495-3-hyesoo.yu@samsung.com>

On Wed, Feb 26, 2025 at 05:12:01PM +0900, Hyesoo Yu wrote:
> If a slab object is corrupted or an error occurs in its internal
> value, continuing after restoration may cause other side effects.
> At this point, it is difficult to debug because the problem occurred
> in the past. It is useful to use WARN() to catch errors at the point
> of issue because WARN() could trigger panic for system debugging when
> panic_on_warn is enabled. WARN() is added where to detect the error
> on slab_err and object_err.
> 
> It makes sense to only do the WARN() after printing the logs. slab_err
> is splited to __slab_err that calls the WARN() and it is called after
> printing logs.
> 
> Changes in v4:
> - Remove WARN() in kmem_cache_destroy to remove redundant warning.
> 
> Changes in v3:
> - move the WARN from slab_fix to slab_err, object_err and check_obj to
> use WARN on all error reporting paths.
> 
> Changes in v2:
> - Replace direct calling with BUG_ON with the use of WARN in slab_fix.

Same here, please rephrase the changelog without "Changes in vN" in the
changelog, and move the patch version changes below "---" line.

> Signed-off-by: Hyesoo Yu <hyesoo.yu@samsung.com>
> ---

Otherwise this change in general looks good to me (with a suggestion below).
Please feel free to add:
Reviewed-by: Harry Yoo <harry.yoo@oracle.com>

# Suggestion

There's a case where SLUB just calls pr_err() and dump_stack() instead of
slab_err() or object_err() in free_consistency_checks().

I would like to add something like this:

diff --git a/mm/slub.c b/mm/slub.c
index b7660ee85db0..d5609fa63da4 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -1022,12 +1022,16 @@ static void slab_bug(struct kmem_cache *s, char *fmt, ...)
 {
 	struct va_format vaf;
 	va_list args;
+	const char *name = "<unknown>";
+
+	if (s)
+		name = s->name;
 
 	va_start(args, fmt);
 	vaf.fmt = fmt;
 	vaf.va = &args;
 	pr_err("=============================================================================\n");
-	pr_err("BUG %s (%s): %pV\n", s->name, print_tainted(), &vaf);
+	pr_err("BUG %s (%s): %pV\n", name, print_tainted(), &vaf);
 	pr_err("-----------------------------------------------------------------------------\n\n");
 	va_end(args);
 }
@@ -1628,9 +1632,8 @@ static inline int free_consistency_checks(struct kmem_cache *s,
 			slab_err(s, slab, "Attempt to free object(0x%p) outside of slab",
 				 object);
 		} else if (!slab->slab_cache) {
-			pr_err("SLUB <none>: no slab for object 0x%p.\n",
-			       object);
-			dump_stack();
+			slab_err(NULL, slab, "No slab for object 0x%p",
+				 object);
 		} else
 			object_err(s, slab, object,
 					"page slab pointer corrupt.");

-- 
Cheers,
Harry

>  mm/slab_common.c |  3 ---
>  mm/slub.c        | 31 +++++++++++++++++++------------
>  2 files changed, 19 insertions(+), 15 deletions(-)
> 
> diff --git a/mm/slab_common.c b/mm/slab_common.c
> index 477fa471da18..d13f4ffe252b 100644
> --- a/mm/slab_common.c
> +++ b/mm/slab_common.c
> @@ -517,9 +517,6 @@ void kmem_cache_destroy(struct kmem_cache *s)
>  	kasan_cache_shutdown(s);
>  
>  	err = __kmem_cache_shutdown(s);
> -	if (!slab_in_kunit_test())
> -		WARN(err, "%s %s: Slab cache still has objects when called from %pS",
> -		     __func__, s->name, (void *)_RET_IP_);
>  
>  	list_del(&s->list);
>  
> diff --git a/mm/slub.c b/mm/slub.c
> index 8c13cd43c0fd..4961eeccf3ad 100644
> --- a/mm/slub.c
> +++ b/mm/slub.c
> @@ -1096,8 +1096,6 @@ static void print_trailer(struct kmem_cache *s, struct slab *slab, u8 *p)
>  		/* Beginning of the filler is the free pointer */
>  		print_section(KERN_ERR, "Padding  ", p + off,
>  			      size_from_object(s) - off);
> -
> -	dump_stack();
>  }
>  
>  static void object_err(struct kmem_cache *s, struct slab *slab,
> @@ -1109,6 +1107,8 @@ static void object_err(struct kmem_cache *s, struct slab *slab,
>  	slab_bug(s, "%s", reason);
>  	print_trailer(s, slab, object);
>  	add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
> +
> +	WARN_ON(1);
>  }
>  
>  static bool freelist_corrupted(struct kmem_cache *s, struct slab *slab,
> @@ -1125,6 +1125,14 @@ static bool freelist_corrupted(struct kmem_cache *s, struct slab *slab,
>  	return false;
>  }
>  
> +static void __slab_err(struct slab *slab)
> +{
> +	print_slab_info(slab);
> +	add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
> +
> +	WARN_ON(1);
> +}
> +
>  static __printf(3, 4) void slab_err(struct kmem_cache *s, struct slab *slab,
>  			const char *fmt, ...)
>  {
> @@ -1138,9 +1146,7 @@ static __printf(3, 4) void slab_err(struct kmem_cache *s, struct slab *slab,
>  	vsnprintf(buf, sizeof(buf), fmt, args);
>  	va_end(args);
>  	slab_bug(s, "%s", buf);
> -	print_slab_info(slab);
> -	dump_stack();
> -	add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
> +	__slab_err(slab);
>  }
>  
>  static void init_object(struct kmem_cache *s, void *object, u8 val)
> @@ -1313,9 +1319,10 @@ slab_pad_check(struct kmem_cache *s, struct slab *slab)
>  	while (end > fault && end[-1] == POISON_INUSE)
>  		end--;
>  
> -	slab_err(s, slab, "Padding overwritten. 0x%p-0x%p @offset=%tu",
> -			fault, end - 1, fault - start);
> +	slab_bug(s, "Padding overwritten. 0x%p-0x%p @offset=%tu",
> +		 fault, end - 1, fault - start);
>  	print_section(KERN_ERR, "Padding ", pad, remainder);
> +	__slab_err(slab);
>  
>  	restore_bytes(s, "slab padding", POISON_INUSE, fault, end);
>  }
> @@ -5428,14 +5435,13 @@ static int calculate_sizes(struct kmem_cache_args *args, struct kmem_cache *s)
>  	return !!oo_objects(s->oo);
>  }
>  
> -static void list_slab_objects(struct kmem_cache *s, struct slab *slab,
> -			      const char *text)
> +static void list_slab_objects(struct kmem_cache *s, struct slab *slab)
>  {
>  #ifdef CONFIG_SLUB_DEBUG
>  	void *addr = slab_address(slab);
>  	void *p;
>  
> -	slab_err(s, slab, text, s->name);
> +	slab_bug(s, "Objects remaining on __kmem_cache_shutdown()");
>  
>  	spin_lock(&object_map_lock);
>  	__fill_map(object_map, s, slab);
> @@ -5450,6 +5456,8 @@ static void list_slab_objects(struct kmem_cache *s, struct slab *slab,
>  		}
>  	}
>  	spin_unlock(&object_map_lock);
> +
> +	__slab_err(slab);
>  #endif
>  }
>  
> @@ -5470,8 +5478,7 @@ static void free_partial(struct kmem_cache *s, struct kmem_cache_node *n)
>  			remove_partial(n, slab);
>  			list_add(&slab->slab_list, &discard);
>  		} else {
> -			list_slab_objects(s, slab,
> -			  "Objects remaining in %s on __kmem_cache_shutdown()");
> +			list_slab_objects(s, slab);
>  		}
>  	}
>  	spin_unlock_irq(&n->list_lock);
> -- 
> 2.28.0
>

next prev parent reply	other threads:[~2025-02-27 12:55 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CGME20250226081354epcas2p44c2f53d569296ac2e5f8a7b01f4552fa@epcas2p4.samsung.com>
2025-02-26  8:11 ` [PATCH v4 0/2] mm: slub: Enhanced debugging in slub error Hyesoo Yu
2025-02-26  8:12   ` [PATCH v4 1/2] mm: slub: Print the broken data before restoring slub Hyesoo Yu
2025-02-27 11:51     ` Harry Yoo
2025-02-27 12:36       ` Harry Yoo
2025-02-26  8:12   ` [PATCH v4 2/2] mm: slub: call WARN() when the slab detect an error Hyesoo Yu
2025-02-27 12:55     ` Harry Yoo [this message]
2025-02-27 15:18       ` Vlastimil Babka
2025-02-27 14:38     ` Vlastimil Babka
2025-02-27 11:53   ` [PATCH v4 0/2] mm: slub: Enhanced debugging in slub error Harry Yoo
2025-02-27 16:12   ` Vlastimil Babka
2025-02-27 16:26     ` Vlastimil Babka
2025-02-28 12:47       ` Harry Yoo
2025-02-28 16:02         ` Vlastimil Babka
2025-03-04  1:37           ` Hyesoo Yu

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b7660ee85db dfblob:d5609fa63da )
 OR (
bs:"Re: [PATCH v4 2/2] mm: slub: call WARN() when the slab detect an error" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z8BgsapZtIC9VyRf@harry \
    --to=harry.yoo@oracle.com \
    --cc=42.hyeyoo@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=cl@linux.com \
    --cc=hyesoo.yu@samsung.com \
    --cc=iamjoonsoo.kim@lge.com \
    --cc=janghyuck.kim@samsung.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=penberg@kernel.org \
    --cc=rientjes@google.com \
    --cc=roman.gushchin@linux.dev \
    --cc=vbabka@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.