From: Frederic Weisbecker <fweisbec@gmail.com>
To: Sitsofe Wheeler <sitsofe@yahoo.com>
Cc: Jiri Slaby <jirislaby@gmail.com>,
linux-kernel@vger.kernel.org, linux-wireless@vger.kernel.org,
ath5k-devel@venema.h4ckr.net,
Nick Kossifidis <mickflemm@gmail.com>,
"Luis R. Rodriguez" <lrodriguez@atheros.com>,
Bob Copeland <me@bobcopeland.com>
Subject: Re: [TIP] BUG kmalloc-4096: Poison overwritten (ath5k_rx_skb_alloc)
Date: Sun, 22 Feb 2009 21:30:39 +0100 [thread overview]
Message-ID: <20090222203038.GB6060@nowhere> (raw)
In-Reply-To: <20090222201821.GA21375@silver.sucs.org>
On Sun, Feb 22, 2009 at 08:18:22PM +0000, Sitsofe Wheeler wrote:
> On Sun, Feb 22, 2009 at 08:42:37PM +0100, Frederic Weisbecker wrote:
> > On Sun, Feb 22, 2009 at 08:27:38PM +0100, Jiri Slaby wrote:
> > > On 22.2.2009 18:10, Frederic Weisbecker wrote:
> > >> I have some troubles with kmemcheck, so I give up for now.
> > >> Well, by reading the kmemcheck documentation, it tells that there can be some false
> > >> positives so...
> > >
> > > This has nothing to do with kmemcheck.
> > >
> > >> Since we are not sure this is a real bug, I'm not sure it would be interesting.
> > >
> > > There is no false positive possibility with these checkers, so this is
> > > pretty much interesting, because it is a bug.
> >
> >
> > If so, Documentation/kmemcheck.txt really needs an update.
>
> kmemcheck is different to the slab object lifetime debugger (which is
> what reported this error). kmemcheck may have turned up in the trace
> because it was compiled in (and it ties into slab/slub) but wasn't
> turned on (it can be dynamically toggled via sysfs).
Ah sorry, I thought it was a kmemcheck warning. That's why I didn't understand
what Jiri said to me.
> kmemcheck keeps a shadow of the memory and via the shadow memory it
> records whether the memory has been written to yet. I believe
> kmemcheck's problem is that it can't know when allocated but
> uninitialised memory is being used on purpose/not really being used
> (e.g. when gcc does a 32 bit read when only 16 bits have been used but
> throws the upper 16 bits away). There may be other cases such as when a
> previously uninitialised buffer is used but the buffer is actually used
> by an mmaped device...
Ok.
> My understanding is that the slab debugger writes poison about the place
> (e.g. to memory that has been freed and at the start/end of allocations)
> and then checks to see if someone has scribbled on it. This case is more
> coarse as it only deals with allocation rather than initialisation (and
> if you scribble the same value as the poison pattern you go undetected)
> but I believe this is what Jiri is referring to as a "no false positive
> possibility" case - it's never right to write to unallocated memory.
>
> (fixed up Bob's email address on the cc)
Well I understand better now. Thanks for the explanations.
> --
> Sitsofe | http://sucs.org/~sits/
next prev parent reply other threads:[~2009-02-22 20:30 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-22 11:18 [TIP] BUG kmalloc-4096: Poison overwritten (ath5k_rx_skb_alloc) Sitsofe Wheeler
2009-02-22 12:01 ` Jiri Slaby
2009-02-22 12:20 ` Sitsofe Wheeler
2009-02-22 12:47 ` Jiri Slaby
2009-02-22 14:47 ` Frederic Weisbecker
2009-02-22 17:02 ` Sitsofe Wheeler
2009-02-22 17:10 ` Frederic Weisbecker
2009-02-22 19:27 ` Jiri Slaby
2009-02-22 19:42 ` Frederic Weisbecker
2009-02-22 20:18 ` Sitsofe Wheeler
2009-02-22 20:27 ` Jiri Slaby
2009-02-22 20:30 ` Frederic Weisbecker [this message]
2009-02-22 21:56 ` Jiri Slaby
2009-02-22 22:21 ` Sitsofe Wheeler
2009-02-22 23:20 ` Jiri Slaby
2009-02-23 15:35 ` Bob Copeland
2009-02-23 16:03 ` Nick Kossifidis
2009-02-23 16:15 ` Nick Kossifidis
2009-02-23 16:21 ` Bob Copeland
2009-02-23 16:27 ` Nick Kossifidis
2009-02-23 16:30 ` Bob Copeland
2009-02-23 16:41 ` Nick Kossifidis
2009-02-23 16:44 ` Bob Copeland
2009-02-23 16:16 ` pat-lkml
2009-02-23 16:20 ` Nick Kossifidis
2009-02-23 22:22 ` Jiri Slaby
2009-02-23 22:43 ` Jiri Slaby
2009-02-23 23:08 ` Nick Kossifidis
2009-02-24 13:58 ` Bob Copeland
2009-02-24 21:47 ` Jiri Slaby
2009-02-25 14:01 ` Sitsofe Wheeler
2009-02-26 1:06 ` Bob Copeland
2009-02-26 20:53 ` Jiri Slaby
2009-02-26 21:05 ` Bob Copeland
2009-02-26 13:59 ` Bob Copeland
2009-02-26 17:03 ` Sitsofe Wheeler
2009-03-02 17:34 ` [ath5k-devel] " Bob Copeland
2009-03-03 4:12 ` Bob Copeland
2009-03-03 20:03 ` Sitsofe Wheeler
2009-03-04 12:07 ` Bob Copeland
2009-03-06 9:42 ` Sitsofe Wheeler
2009-03-07 4:47 ` Bob Copeland
2009-03-07 8:04 ` Sitsofe Wheeler
2009-03-07 13:34 ` Bob Copeland
2009-03-08 3:09 ` Bob Copeland
2009-03-08 9:28 ` Jiri Slaby
2009-03-08 16:10 ` Bob Copeland
2009-03-10 0:43 ` Bob Copeland
2009-03-10 8:19 ` Sitsofe Wheeler
2009-03-12 6:10 ` Sitsofe Wheeler
2009-03-13 9:52 ` Sitsofe Wheeler
2009-03-13 12:28 ` Bob Copeland
2009-03-20 13:14 ` Bob Copeland
2009-03-29 14:24 ` Sitsofe Wheeler
2009-03-29 15:14 ` Bob Copeland
2009-03-31 8:30 ` Sitsofe Wheeler
2009-05-13 21:44 ` Sitsofe Wheeler
2009-05-15 4:09 ` Bob Copeland
2009-05-18 10:05 ` Sitsofe Wheeler
2009-05-22 9:39 ` Sitsofe Wheeler
2009-05-22 12:06 ` Bob Copeland
2009-05-26 21:10 ` Sitsofe Wheeler
2009-06-28 20:23 ` Sitsofe Wheeler
2009-07-14 2:24 ` Bob Copeland
2009-02-26 1:11 ` Bob Copeland
2009-02-22 20:17 ` Bob Copeland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090222203038.GB6060@nowhere \
--to=fweisbec@gmail.com \
--cc=ath5k-devel@venema.h4ckr.net \
--cc=jirislaby@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=lrodriguez@atheros.com \
--cc=me@bobcopeland.com \
--cc=mickflemm@gmail.com \
--cc=sitsofe@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox