Slab Poisoning is a term popular among linux kernel hackers and refers to the condition caused by using an uninitialized dynamically allocated memory location, mostly a panic (or oops).
How to find if you have a slab poisoning ?
If you have an offending address 0xa5a5a5a5 somewhere in the kernel oops message, you can be almost be sure that you have used an uninitialized dynamically allocated memory somewhere. Similarl, if you see some where the address 0×6b6b6b6b, you can very much be sure of using a freed variable.
Note: This help from the kernel comes only when it is compiled with CONFIG_DEBUG_SLABĀ configuration. In this case, each byte of allocated memory is set to 0xa5 before being handed over to the caller and also set to 0×6b when it is freed. Why not 0×00 ? because that hides more bugs than it can help find (See Writing Solid Code and my review on that book).
Using memory tagsĀ before and after the allocated memor, it is possible to tell about any memory overrun or buffer overflow. When kernel debugging is enabled, linux kernel does exactly that.
Filed under: linux, linux kernel, technical
