Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755323AbcJLOLH (ORCPT ); Wed, 12 Oct 2016 10:11:07 -0400 Received: from resqmta-ch2-12v.sys.comcast.net ([69.252.207.44]:40230 "EHLO resqmta-ch2-12v.sys.comcast.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754689AbcJLOK5 (ORCPT ); Wed, 12 Oct 2016 10:10:57 -0400 Date: Wed, 12 Oct 2016 09:10:58 -0500 (CDT) From: Christoph Lameter X-X-Sender: cl@east.gentwo.org To: Linus Torvalds cc: Al Viro , Andrew Morton , Jens Axboe , "Ted Ts'o" , Linux Kernel Mailing List , linux-fsdevel Subject: Re: [git pull] vfs pile 1 (splice) In-Reply-To: Message-ID: References: <20161007222059.GS19539@ZenIV.linux.org.uk> Content-Type: text/plain; charset=US-ASCII X-CMAE-Envelope: MS4wfPUbJ+ExvYqgwTXGVqrXXFFkAvC97qPQZQ/RvXF7Y4fC0ulDF/vtiqUFKAQGylEgzVnLPvLa2/cQmjYtl0R+w/+GtDqeFYoACYFcLdYShwLRgL4ynU6O RLpQmB+mfliu4tn5TkfXCJFkaclIP6HcEVetCG+qYQiB1PX1kvgIoHaAZeMRhbCNZMxVgEsCaYysEtA0kzw2FGbfpejhGHGolNayoLnVCVdQFH+SW2qJ27O4 NBPL8pAJikfSYVBXJzWnpR01KSCKNQGIO/u6FpS/xD7usqcOf/8iwI5j1EDC7F0wL6qLbCJpULvVZMHTLA/DAulRMR5VfwsKS8MpIeszCU0T1kXYJZvC8hAr 1p/4Q+edH8VHZ/PejtbWGib0LoFdXA== Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 494 Lines: 10 On Mon, 10 Oct 2016, Linus Torvalds wrote: > But the fact that it reacts _so_ badly to double-freeing issues when > the freelist has become corrupted due to an object being free'd and > then modified is clearly very fragile and not great. Yup that is why the debug options move the freepointer after the object and verify that the pointers in the chain point to valid objects in the slab page. slub_debug has special logic to detect double freeing and that option can be enabled separatelhy.