parlib: slab: Fix ancient ctor off-by-one
authorBarret Rhoden <brho@cs.berkeley.edu>
Thu, 16 Mar 2017 22:43:08 +0000 (18:43 -0400)
committerBarret Rhoden <brho@cs.berkeley.edu>
Tue, 21 Mar 2017 18:29:06 +0000 (14:29 -0400)
The original purpose for that list was to build the chain of small slab
objects.  But we only ran the ctor on the first n - 1 of them.

This bug is ancient - it's from the kernel's original slab implementation.
We hadn't really used slab ctors a lot.  Same goes for userspace, until my
recent epoll changes.

Signed-off-by: Barret Rhoden <brho@cs.berkeley.edu>
user/parlib/slab.c

index f65c263..f094c11 100644 (file)
@@ -274,6 +274,9 @@ static void kmem_cache_grow(struct kmem_cache *cp)
                        *(uintptr_t**)(buf + cp->obj_size) = buf + a_slab->obj_size;
                        buf += a_slab->obj_size;
                }
+               /* Initialize the final object (note the -1 in the for loop). */
+               if (cp->ctor)
+                       cp->ctor(buf, cp->obj_size);
                *((uintptr_t**)(buf + cp->obj_size)) = NULL;
        } else {
                a_slab = kmem_cache_alloc(kmem_slab_cache, 0);