====== Piotr JaroszyƄski: Usermode debugging under Linux ====== ===== Week 8 [ Jul 12 - Jul 18 2010 ] ===== ==== valgrind ==== I wasn't supposed to work on valgrind related stuff, but the following report keeps nagging me: <code> ==31509== 360 bytes in 1 blocks are still reachable in loss record 4 of 5 ==31509== at 0x402C2E: realloc (malloc.c:316) ==31509== by 0x402DCE: malloc (malloc.c:351) ==31509== by 0x402DDC: zalloc (malloc.c:382) ==31509== by 0x404FF8: alloc_netdev (netdevice.c:329) ==31509== by 0x404185: alloc_etherdev (ethernet.c:186) ==31509== by 0x400041: tap_probe (tap.c:142) ==31509== by 0x40FE34: linux_probe (linux.c:42) ==31509== by 0x4020A8: probe_devices (device.c:47) ==31509== by 0x40BB42: startup (init.c:67) ==31509== by 0x40229E: main (main.c:48) </code> See, ''tap_probe()'' is part of the tap driver that I wrote so that makes me look bad ;) I have the issue half-fixed, but while debugging it I stumbled upon another bug, namely false reports like: <code> ==31633== Invalid read of size 8 ==31633== at 0x4042CD: ipv4_create_routes (ipv4.c:593) ==31633== by 0x40124F: apply_settings (settings.c:374) ==31633== by 0x401869: register_settings (settings.c:451) ==31633== by 0x40FE8C: smbios_init (smbios_settings.c:139) ==31633== by 0x40BAF0: initialise (init.c:48) ==31633== by 0x402299: main (main.c:47) ==31633== Address 0x617140 is 0 bytes inside data symbol "ipv4_miniroutes" </code> ''ipv4_miniroutes'' is a file-scoped ''struct list_head'' and the supposedly bad code is: <code c> list_for_each_entry_safe ( miniroute, tmp, &ipv4_miniroutes, list ) </code> To make things more complicated it only happened with ''DEBUG=settings''. All this didn't make much sense until I looked at ''tap.linux.tmp.map'' and found out what symbol is before ''ipv4_miniroutes'': <code> 0000000000617190 l O .data 0000000000000010 free_blocks 00000000006171a0 g O .data 0000000000000010 .hidden ipv4_miniroutes </code> Now I knew exactly where to look, ''core/malloc.c'': <code c> static inline void valgrind_make_blocks_noaccess ( void ) { struct memory_block *block, *tmp; if ( RUNNING_ON_VALGRIND > 0 ) { list_for_each_entry_safe ( block, tmp, &free_blocks, list ) VALGRIND_MAKE_MEM_NOACCESS ( block, sizeof ( *block ) ); VALGRIND_MAKE_MEM_NOACCESS ( block, sizeof ( *block ) ); } } </code> I got lazy and copy-n-pasted the inner-loop instruction to mark the last item on the list - i.e. ''free_blocks'' as ''NOACCESS''. The problem is that ''free_blocks'' is not a ''struct memory_block'', but ''struct list_head'' and hence the ''NOACCESS'' was marking wrong chunk of the memory, also including part of the ''ipv4_miniroutes''. Fix: <code c> - VALGRIND_MAKE_MEM_NOACCESS ( block, sizeof ( *block ) ); + VALGRIND_MAKE_MEM_NOACCESS ( &free_blocks, sizeof ( free_blocks ) ); </code> ==== drivers in userspace ==== Working on it while I'm not distracted by other things ;)