summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLaura Abbott <labbott@fedoraproject.org>2016-03-15 22:55:02 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2016-03-16 00:55:16 +0100
commit804aa132d341cc5838b710e62de02d62e6ad0185 (patch)
tree430d86b2278800229737058fef66befbc8b86a13
parentslub: drop lock at the end of free_debug_processing (diff)
downloadlinux-804aa132d341cc5838b710e62de02d62e6ad0185.tar.xz
linux-804aa132d341cc5838b710e62de02d62e6ad0185.zip
slub: fix/clean free_debug_processing return paths
Since commit 19c7ff9ecd89 ("slub: Take node lock during object free checks") check_object has been incorrectly returning success as it follows the out label which just returns the node. Thanks to refactoring, the out and fail paths are now basically the same. Combine the two into one and just use a single label. Credit to Mathias Krause for the original work which inspired this series Signed-off-by: Laura Abbott <labbott@fedoraproject.org> Acked-by: Christoph Lameter <cl@linux.com> Cc: Pekka Enberg <penberg@kernel.org> Cc: David Rientjes <rientjes@google.com> Cc: Joonsoo Kim <js1304@gmail.com> Cc: Kees Cook <keescook@chromium.org> Cc: Mathias Krause <minipli@googlemail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--mm/slub.c21
1 files changed, 10 insertions, 11 deletions
diff --git a/mm/slub.c b/mm/slub.c
index a03e0ae71643..744d29b43bf6 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -1053,24 +1053,25 @@ static noinline int free_debug_processing(
void *object = head;
int cnt = 0;
unsigned long uninitialized_var(flags);
+ int ret = 0;
spin_lock_irqsave(&n->list_lock, flags);
slab_lock(page);
if (!check_slab(s, page))
- goto fail;
+ goto out;
next_object:
cnt++;
if (!check_valid_pointer(s, page, object)) {
slab_err(s, page, "Invalid object pointer 0x%p", object);
- goto fail;
+ goto out;
}
if (on_freelist(s, page, object)) {
object_err(s, page, object, "Object already free");
- goto fail;
+ goto out;
}
if (!check_object(s, page, object, SLUB_RED_ACTIVE))
@@ -1087,7 +1088,7 @@ next_object:
} else
object_err(s, page, object,
"page slab pointer corrupt.");
- goto fail;
+ goto out;
}
if (s->flags & SLAB_STORE_USER)
@@ -1101,6 +1102,8 @@ next_object:
object = get_freepointer(s, object);
goto next_object;
}
+ ret = 1;
+
out:
if (cnt != bulk_cnt)
slab_err(s, page, "Bulk freelist count(%d) invalid(%d)\n",
@@ -1108,13 +1111,9 @@ out:
slab_unlock(page);
spin_unlock_irqrestore(&n->list_lock, flags);
- return 1;
-
-fail:
- slab_unlock(page);
- spin_unlock_irqrestore(&n->list_lock, flags);
- slab_fix(s, "Object at 0x%p not freed", object);
- return 0;
+ if (!ret)
+ slab_fix(s, "Object at 0x%p not freed", object);
+ return ret;
}
static int __init setup_slub_debug(char *str)