In slab.c the routine check_poison_obj() is called.
That routine does nothing except return 0 or 1.
Thus it looks like the present call in slab_destroy()
is meaningless. Perhaps something like this was meant?
--- slab.c~ Sat Jan 18 23:54:30 2003
+++ slab.c Mon Jan 27 00:05:47 2003
@@ -796,7 +796,8 @@
void *objp = slabp->s_mem + cachep->objsize * i;
if (cachep->flags & SLAB_POISON)
- check_poison_obj(cachep, objp);
+ if (check_poison_obj(cachep, objp))
+ BUG();
if (cachep->flags & SLAB_RED_ZONE) {
if (*((unsigned long*)(objp)) != RED_INACTIVE)
A BUG() was lost in patch 2.5.45.
Andries
[email protected] wrote:
>
> In slab.c the routine check_poison_obj() is called.
> That routine does nothing except return 0 or 1.
> Thus it looks like the present call in slab_destroy()
> is meaningless. Perhaps something like this was meant?
>
Sharp eyes. It obviously got lost somewhere.
We've been moving away from generating informationless BUG()s in there,
toward emitting more info and trying to continue. So I made this change:
diff -puN mm/slab.c~slab-poisoning-fix mm/slab.c
--- 25/mm/slab.c~slab-poisoning-fix 2003-01-26 19:10:54.000000000 -0800
+++ 25-akpm/mm/slab.c 2003-01-26 19:13:01.000000000 -0800
@@ -769,7 +769,7 @@ static void poison_obj(kmem_cache_t *cac
*(unsigned char *)(addr+size-1) = POISON_END;
}
-static int check_poison_obj (kmem_cache_t *cachep, void *addr)
+static void check_poison_obj(kmem_cache_t *cachep, void *addr)
{
int size = cachep->objsize;
void *end;
@@ -779,8 +779,7 @@ static int check_poison_obj (kmem_cache_
}
end = memchr(addr, POISON_END, size);
if (end != (addr+size-1))
- return 1;
- return 0;
+ slab_error(cachep, "object was modified after freeing");
}
#endif
@@ -1630,8 +1629,7 @@ cache_alloc_debugcheck_after(kmem_cache_
if (!objp)
return objp;
if (cachep->flags & SLAB_POISON)
- if (check_poison_obj(cachep, objp))
- BUG();
+ check_poison_obj(cachep, objp);
if (cachep->flags & SLAB_RED_ZONE) {
/* Set alloc red-zone, and check old one. */
if (xchg((unsigned long *)objp, RED_ACTIVE) != RED_INACTIVE)