This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: [WIP] uprobe tests
> > > slab error in verify_redzone_free(): cache `size-32': memory outside object was
> > > overwritten
> > > [<c04787f2>] cache_free_debugcheck+0xb2/0x1a6
> > > [<c0478b5e>] kfree+0x90/0xe0
> > > [<f098208b>] u_dbfs_cleanup+0x4b/0x4d [blink2]
> > > [<f09820d6>] cleanup_module+0x49/0x4b [blink2]
> ...
I was also able to reproduce this with Frank's Kernel Hacking options.
>
> I rebuilt kernels with Frank's debugging options enabled. Here's a
> simple fix that yields clean test runs for me. In the test suite, in
> include/udbgfs.c, in the line
> print_buf = kmalloc(sizeof(print_buf),GFP_KERNEL);
> change
> sizeof(print_buf)
> to
> sizeof(*print_buf)
I have added the fix as suggested by Jim.
>
> BTW, I don't think test_printk() handles buffer overflows correctly.
> When we reach the end of the buffer, it's possible for vsnprintf() to
> return a number greater than print_buf->bytes_left (see "Return value"
> in the man page), which means print_buf->bytes_left can underflow to a
> very big number, telling the next call to vsnprintf() that we have a
> very big buffer. I don't see any overflows in the test suite that would
> test my hypothesis, though, so I'll leave that investigation and fix to
> Srikar.
To take care of the overflow that Jim has pointed out, I have modified
test_printk function to check for the overflow as an interim solution.
Once we start seeing tests failing due to overflow we can investigate at
a more feasible solution. Please do let me know if this is acceptable.
Here is the modified test_printk function.
int test_printk(const char *fmt, ...)
{
va_list args;
int len;
#ifdef UPROBE_DEBUGFS_DEBUG
printk (KERN_ERR "calling test_printk\n");
#endif
if (print_buf->bytes_left == 0) {
printk (KERN_ERR "test_printk: bytes left is 0\n");
return -1;
}
va_start(args, fmt);
spin_lock(&print_buf->lock);
len = vsnprintf(print_buf->cur, print_buf->bytes_left, fmt,
args);
print_buf->cur += len;
print_buf->bytes_in_buf += len;
if (len > print_buf->bytes_left)
print_buf->bytes_left = 0;
else
print_buf->bytes_left -= len;
spin_unlock(&print_buf->lock);
va_end(args);
#ifdef UPROBE_DEBUGFS_DEBUG
printk (KERN_ERR "exiting test_printk\n");
#endif
return len;
}
--
Thanks and Regards
Srikar