On Wed, Feb 8, 2023 at 5:08 PM Aureau, Georges (Kernel Tools ERT) <georges.aureau@hpe.com> wrote:
Hello Lianbo,

> The number of instructions disassembled by gdb is: spn->value - sp->value, which is much more than actually needed.
> Can you please replace it with this one?
> + sprintf(buf1, "disassemble 0x%lx, 0x%lx", sp->value, spn->value);
 
What about just doing "disassemble __slab_free":


 Also fine to me.

+/*
+ * With CONFIG_SLAB_FREELIST_HARDENED, freelist_ptr's are crypted with xor's,
+ * and for recent release with an additionnal bswap. Some releases prio to 5.7.0
+ * may be using the additionnal bswap. The only easy and reliable way to tell is
+ * to inspect assembly code (eg. "__slab_free") for a bswap instruction.
+ */
+static int
+freelist_ptr_bswap_x86(void)
+{
+       char buf1[BUFSIZE];
+       char buf2[BUFSIZE];
+       char *arglist[MAXARGS];
+       int found;
+       sprintf(buf1, "disassemble __slab_free");
+       open_tmpfile();
+       gdb_pass_through(buf1, pc->tmpfile, GNU_RETURN_ON_ERROR);

It could be good to check the return value of gdb_pass_through(). For example:

if (!gdb_pass_through(buf1, pc->tmpfile, GNU_RETURN_ON_ERROR)) {
    close_tmpfile();
    return FALSE.
}
 
+       rewind(pc->tmpfile);
+       found = FALSE;
+       while (fgets(buf2, BUFSIZE, pc->tmpfile)) {
+               if (parse_line(buf2, arglist) < 3)
+                       continue;
+               if (STREQ(arglist[2], "bswap")) {
+                       found = TRUE;
+                       //break;

Here, the above break is still needed.

Thanks.
Lianbo

+               }
+       }
+       close_tmpfile();
+       return found;
+}

Thanks,
Georges