在 2025/7/26 07:00, Harry Yoo 写道:
On Sat, Jul 26, 2025 at 04:55:06AM +0900, Harry Yoo wrote:
On Fri, Jul 25, 2025 at 06:10:51PM +0100, Matthew Wilcox wrote:
On Fri, Jul 25, 2025 at 06:47:01PM +0200, Vlastimil Babka wrote:
On 7/25/25 08:49, Li Qiong wrote:
For debugging, object_err() prints free pointer of the object. However, if check_valid_pointer() returns false for a object, dereferncing `object + s->offset` can lead to a crash. Therefore, print the object's address in such cases. if (!check_valid_pointer(s, slab, object)) {
object_err(s, slab, object, "Freelist Pointer check fails");
slab_err(s, slab, "Invalid object pointer 0x%p", object);No, the error message is now wrong. It's not an object, it's the freelist pointer.
Because it's the object is about to be allocated, it will look like this:
object pointer -> obj: [ garbage ][ freelist pointer ][ garbage ]
SLUB uses check_valid_pointer() to check either 1) freelist pointer of an object is valid (e.g. in check_object()), or 2) an object pointer points to a valid address (e.g. in free_debug_processing()).
In this case it's an object pointer, not a freelist pointer. Or am I misunderstanding something?
Actually, in alloc_debug_processing() the pointer came from slab->freelist, so I think saying either "invalid freelist pointer" or "invalid object pointer" make sense...
free_consistency_checks() has 'slab_err(s, slab, "Invalid object pointer 0x%p", object);' Maybe it is better, alloc_consisency_checks() has the same message.