2 * Generic infrastructure for lifetime debugging of objects.
4 * Started by Thomas Gleixner
6 * Copyright (C) 2008, Thomas Gleixner <tglx@linutronix.de>
8 * For licencing details see kernel-base/COPYING
10 #include <linux/debugobjects.h>
11 #include <linux/interrupt.h>
12 #include <linux/seq_file.h>
13 #include <linux/debugfs.h>
14 #include <linux/hash.h>
16 #define ODEBUG_HASH_BITS 14
17 #define ODEBUG_HASH_SIZE (1 << ODEBUG_HASH_BITS)
19 #define ODEBUG_POOL_SIZE 512
20 #define ODEBUG_POOL_MIN_LEVEL 256
22 #define ODEBUG_CHUNK_SHIFT PAGE_SHIFT
23 #define ODEBUG_CHUNK_SIZE (1 << ODEBUG_CHUNK_SHIFT)
24 #define ODEBUG_CHUNK_MASK (~(ODEBUG_CHUNK_SIZE - 1))
27 struct hlist_head list;
31 static struct debug_bucket obj_hash[ODEBUG_HASH_SIZE];
33 static struct debug_obj obj_static_pool[ODEBUG_POOL_SIZE];
35 static DEFINE_SPINLOCK(pool_lock);
37 static HLIST_HEAD(obj_pool);
39 static int obj_pool_min_free = ODEBUG_POOL_SIZE;
40 static int obj_pool_free = ODEBUG_POOL_SIZE;
41 static int obj_pool_used;
42 static int obj_pool_max_used;
43 static struct kmem_cache *obj_cache;
45 static int debug_objects_maxchain __read_mostly;
46 static int debug_objects_fixups __read_mostly;
47 static int debug_objects_warnings __read_mostly;
48 static int debug_objects_enabled __read_mostly
49 = CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT;
51 static struct debug_obj_descr *descr_test __read_mostly;
53 static int __init enable_object_debug(char *str)
55 debug_objects_enabled = 1;
58 early_param("debug_objects", enable_object_debug);
60 static const char *obj_states[ODEBUG_STATE_MAX] = {
61 [ODEBUG_STATE_NONE] = "none",
62 [ODEBUG_STATE_INIT] = "initialized",
63 [ODEBUG_STATE_INACTIVE] = "inactive",
64 [ODEBUG_STATE_ACTIVE] = "active",
65 [ODEBUG_STATE_DESTROYED] = "destroyed",
66 [ODEBUG_STATE_NOTAVAILABLE] = "not available",
69 static int fill_pool(void)
71 gfp_t gfp = GFP_ATOMIC | __GFP_NORETRY | __GFP_NOWARN;
72 struct debug_obj *new;
75 if (likely(obj_pool_free >= ODEBUG_POOL_MIN_LEVEL))
78 if (unlikely(!obj_cache))
81 while (obj_pool_free < ODEBUG_POOL_MIN_LEVEL) {
83 new = kmem_cache_zalloc(obj_cache, gfp);
87 spin_lock_irqsave(&pool_lock, flags);
88 hlist_add_head(&new->node, &obj_pool);
90 spin_unlock_irqrestore(&pool_lock, flags);
96 * Lookup an object in the hash bucket.
98 static struct debug_obj *lookup_object(void *addr, struct debug_bucket *b)
100 struct hlist_node *node;
101 struct debug_obj *obj;
104 hlist_for_each_entry(obj, node, &b->list, node) {
106 if (obj->object == addr)
109 if (cnt > debug_objects_maxchain)
110 debug_objects_maxchain = cnt;
116 * Allocate a new object. If the pool is empty, switch off the debugger.
117 * Must be called with interrupts disabled.
119 static struct debug_obj *
120 alloc_object(void *addr, struct debug_bucket *b, struct debug_obj_descr *descr)
122 struct debug_obj *obj = NULL;
124 spin_lock(&pool_lock);
125 if (obj_pool.first) {
126 obj = hlist_entry(obj_pool.first, typeof(*obj), node);
130 obj->state = ODEBUG_STATE_NONE;
131 hlist_del(&obj->node);
133 hlist_add_head(&obj->node, &b->list);
136 if (obj_pool_used > obj_pool_max_used)
137 obj_pool_max_used = obj_pool_used;
140 if (obj_pool_free < obj_pool_min_free)
141 obj_pool_min_free = obj_pool_free;
143 spin_unlock(&pool_lock);
149 * Put the object back into the pool or give it back to kmem_cache:
151 static void free_object(struct debug_obj *obj)
153 unsigned long idx = (unsigned long)(obj - obj_static_pool);
156 if (obj_pool_free < ODEBUG_POOL_SIZE || idx < ODEBUG_POOL_SIZE) {
157 spin_lock_irqsave(&pool_lock, flags);
158 hlist_add_head(&obj->node, &obj_pool);
161 spin_unlock_irqrestore(&pool_lock, flags);
163 spin_lock_irqsave(&pool_lock, flags);
165 spin_unlock_irqrestore(&pool_lock, flags);
166 kmem_cache_free(obj_cache, obj);
171 * We run out of memory. That means we probably have tons of objects
174 static void debug_objects_oom(void)
176 struct debug_bucket *db = obj_hash;
177 struct hlist_node *node, *tmp;
178 HLIST_HEAD(freelist);
179 struct debug_obj *obj;
183 printk(KERN_WARNING "ODEBUG: Out of memory. ODEBUG disabled\n");
185 for (i = 0; i < ODEBUG_HASH_SIZE; i++, db++) {
186 spin_lock_irqsave(&db->lock, flags);
187 hlist_move_list(&db->list, &freelist);
188 spin_unlock_irqrestore(&db->lock, flags);
191 hlist_for_each_entry_safe(obj, node, tmp, &freelist, node) {
192 hlist_del(&obj->node);
199 * We use the pfn of the address for the hash. That way we can check
200 * for freed objects simply by checking the affected bucket.
202 static struct debug_bucket *get_bucket(unsigned long addr)
206 hash = hash_long((addr >> ODEBUG_CHUNK_SHIFT), ODEBUG_HASH_BITS);
207 return &obj_hash[hash];
210 static void debug_print_object(struct debug_obj *obj, char *msg)
214 if (limit < 5 && obj->descr != descr_test) {
216 WARN(1, KERN_ERR "ODEBUG: %s %s object type: %s\n", msg,
217 obj_states[obj->state], obj->descr->name);
219 debug_objects_warnings++;
223 * Try to repair the damage, so we have a better chance to get useful
227 debug_object_fixup(int (*fixup)(void *addr, enum debug_obj_state state),
228 void * addr, enum debug_obj_state state)
231 debug_objects_fixups += fixup(addr, state);
234 static void debug_object_is_on_stack(void *addr, int onstack)
242 is_on_stack = object_is_on_stack(addr);
243 if (is_on_stack == onstack)
249 "ODEBUG: object is on stack, but not annotated\n");
252 "ODEBUG: object is not on stack, but annotated\n");
257 __debug_object_init(void *addr, struct debug_obj_descr *descr, int onstack)
259 enum debug_obj_state state;
260 struct debug_bucket *db;
261 struct debug_obj *obj;
266 db = get_bucket((unsigned long) addr);
268 spin_lock_irqsave(&db->lock, flags);
270 obj = lookup_object(addr, db);
272 obj = alloc_object(addr, db, descr);
274 debug_objects_enabled = 0;
275 spin_unlock_irqrestore(&db->lock, flags);
279 debug_object_is_on_stack(addr, onstack);
282 switch (obj->state) {
283 case ODEBUG_STATE_NONE:
284 case ODEBUG_STATE_INIT:
285 case ODEBUG_STATE_INACTIVE:
286 obj->state = ODEBUG_STATE_INIT;
289 case ODEBUG_STATE_ACTIVE:
290 debug_print_object(obj, "init");
292 spin_unlock_irqrestore(&db->lock, flags);
293 debug_object_fixup(descr->fixup_init, addr, state);
296 case ODEBUG_STATE_DESTROYED:
297 debug_print_object(obj, "init");
303 spin_unlock_irqrestore(&db->lock, flags);
307 * debug_object_init - debug checks when an object is initialized
308 * @addr: address of the object
309 * @descr: pointer to an object specific debug description structure
311 void debug_object_init(void *addr, struct debug_obj_descr *descr)
313 if (!debug_objects_enabled)
316 __debug_object_init(addr, descr, 0);
320 * debug_object_init_on_stack - debug checks when an object on stack is
322 * @addr: address of the object
323 * @descr: pointer to an object specific debug description structure
325 void debug_object_init_on_stack(void *addr, struct debug_obj_descr *descr)
327 if (!debug_objects_enabled)
330 __debug_object_init(addr, descr, 1);
334 * debug_object_activate - debug checks when an object is activated
335 * @addr: address of the object
336 * @descr: pointer to an object specific debug description structure
338 void debug_object_activate(void *addr, struct debug_obj_descr *descr)
340 enum debug_obj_state state;
341 struct debug_bucket *db;
342 struct debug_obj *obj;
345 if (!debug_objects_enabled)
348 db = get_bucket((unsigned long) addr);
350 spin_lock_irqsave(&db->lock, flags);
352 obj = lookup_object(addr, db);
354 switch (obj->state) {
355 case ODEBUG_STATE_INIT:
356 case ODEBUG_STATE_INACTIVE:
357 obj->state = ODEBUG_STATE_ACTIVE;
360 case ODEBUG_STATE_ACTIVE:
361 debug_print_object(obj, "activate");
363 spin_unlock_irqrestore(&db->lock, flags);
364 debug_object_fixup(descr->fixup_activate, addr, state);
367 case ODEBUG_STATE_DESTROYED:
368 debug_print_object(obj, "activate");
373 spin_unlock_irqrestore(&db->lock, flags);
377 spin_unlock_irqrestore(&db->lock, flags);
379 * This happens when a static object is activated. We
380 * let the type specific code decide whether this is
383 debug_object_fixup(descr->fixup_activate, addr,
384 ODEBUG_STATE_NOTAVAILABLE);
388 * debug_object_deactivate - debug checks when an object is deactivated
389 * @addr: address of the object
390 * @descr: pointer to an object specific debug description structure
392 void debug_object_deactivate(void *addr, struct debug_obj_descr *descr)
394 struct debug_bucket *db;
395 struct debug_obj *obj;
398 if (!debug_objects_enabled)
401 db = get_bucket((unsigned long) addr);
403 spin_lock_irqsave(&db->lock, flags);
405 obj = lookup_object(addr, db);
407 switch (obj->state) {
408 case ODEBUG_STATE_INIT:
409 case ODEBUG_STATE_INACTIVE:
410 case ODEBUG_STATE_ACTIVE:
411 obj->state = ODEBUG_STATE_INACTIVE;
414 case ODEBUG_STATE_DESTROYED:
415 debug_print_object(obj, "deactivate");
421 struct debug_obj o = { .object = addr,
422 .state = ODEBUG_STATE_NOTAVAILABLE,
425 debug_print_object(&o, "deactivate");
428 spin_unlock_irqrestore(&db->lock, flags);
432 * debug_object_destroy - debug checks when an object is destroyed
433 * @addr: address of the object
434 * @descr: pointer to an object specific debug description structure
436 void debug_object_destroy(void *addr, struct debug_obj_descr *descr)
438 enum debug_obj_state state;
439 struct debug_bucket *db;
440 struct debug_obj *obj;
443 if (!debug_objects_enabled)
446 db = get_bucket((unsigned long) addr);
448 spin_lock_irqsave(&db->lock, flags);
450 obj = lookup_object(addr, db);
454 switch (obj->state) {
455 case ODEBUG_STATE_NONE:
456 case ODEBUG_STATE_INIT:
457 case ODEBUG_STATE_INACTIVE:
458 obj->state = ODEBUG_STATE_DESTROYED;
460 case ODEBUG_STATE_ACTIVE:
461 debug_print_object(obj, "destroy");
463 spin_unlock_irqrestore(&db->lock, flags);
464 debug_object_fixup(descr->fixup_destroy, addr, state);
467 case ODEBUG_STATE_DESTROYED:
468 debug_print_object(obj, "destroy");
474 spin_unlock_irqrestore(&db->lock, flags);
478 * debug_object_free - debug checks when an object is freed
479 * @addr: address of the object
480 * @descr: pointer to an object specific debug description structure
482 void debug_object_free(void *addr, struct debug_obj_descr *descr)
484 enum debug_obj_state state;
485 struct debug_bucket *db;
486 struct debug_obj *obj;
489 if (!debug_objects_enabled)
492 db = get_bucket((unsigned long) addr);
494 spin_lock_irqsave(&db->lock, flags);
496 obj = lookup_object(addr, db);
500 switch (obj->state) {
501 case ODEBUG_STATE_ACTIVE:
502 debug_print_object(obj, "free");
504 spin_unlock_irqrestore(&db->lock, flags);
505 debug_object_fixup(descr->fixup_free, addr, state);
508 hlist_del(&obj->node);
509 spin_unlock_irqrestore(&db->lock, flags);
514 spin_unlock_irqrestore(&db->lock, flags);
517 #ifdef CONFIG_DEBUG_OBJECTS_FREE
518 static void __debug_check_no_obj_freed(const void *address, unsigned long size)
520 unsigned long flags, oaddr, saddr, eaddr, paddr, chunks;
521 struct hlist_node *node, *tmp;
522 HLIST_HEAD(freelist);
523 struct debug_obj_descr *descr;
524 enum debug_obj_state state;
525 struct debug_bucket *db;
526 struct debug_obj *obj;
529 saddr = (unsigned long) address;
530 eaddr = saddr + size;
531 paddr = saddr & ODEBUG_CHUNK_MASK;
532 chunks = ((eaddr - paddr) + (ODEBUG_CHUNK_SIZE - 1));
533 chunks >>= ODEBUG_CHUNK_SHIFT;
535 for (;chunks > 0; chunks--, paddr += ODEBUG_CHUNK_SIZE) {
536 db = get_bucket(paddr);
540 spin_lock_irqsave(&db->lock, flags);
541 hlist_for_each_entry_safe(obj, node, tmp, &db->list, node) {
543 oaddr = (unsigned long) obj->object;
544 if (oaddr < saddr || oaddr >= eaddr)
547 switch (obj->state) {
548 case ODEBUG_STATE_ACTIVE:
549 debug_print_object(obj, "free");
552 spin_unlock_irqrestore(&db->lock, flags);
553 debug_object_fixup(descr->fixup_free,
554 (void *) oaddr, state);
557 hlist_del(&obj->node);
558 hlist_add_head(&obj->node, &freelist);
562 spin_unlock_irqrestore(&db->lock, flags);
565 hlist_for_each_entry_safe(obj, node, tmp, &freelist, node) {
566 hlist_del(&obj->node);
570 if (cnt > debug_objects_maxchain)
571 debug_objects_maxchain = cnt;
575 void debug_check_no_obj_freed(const void *address, unsigned long size)
577 if (debug_objects_enabled)
578 __debug_check_no_obj_freed(address, size);
582 #ifdef CONFIG_DEBUG_FS
584 static int debug_stats_show(struct seq_file *m, void *v)
586 seq_printf(m, "max_chain :%d\n", debug_objects_maxchain);
587 seq_printf(m, "warnings :%d\n", debug_objects_warnings);
588 seq_printf(m, "fixups :%d\n", debug_objects_fixups);
589 seq_printf(m, "pool_free :%d\n", obj_pool_free);
590 seq_printf(m, "pool_min_free :%d\n", obj_pool_min_free);
591 seq_printf(m, "pool_used :%d\n", obj_pool_used);
592 seq_printf(m, "pool_max_used :%d\n", obj_pool_max_used);
596 static int debug_stats_open(struct inode *inode, struct file *filp)
598 return single_open(filp, debug_stats_show, NULL);
601 static const struct file_operations debug_stats_fops = {
602 .open = debug_stats_open,
605 .release = single_release,
608 static int __init debug_objects_init_debugfs(void)
610 struct dentry *dbgdir, *dbgstats;
612 if (!debug_objects_enabled)
615 dbgdir = debugfs_create_dir("debug_objects", NULL);
619 dbgstats = debugfs_create_file("stats", 0444, dbgdir, NULL,
627 debugfs_remove(dbgdir);
631 __initcall(debug_objects_init_debugfs);
634 static inline void debug_objects_init_debugfs(void) { }
637 #ifdef CONFIG_DEBUG_OBJECTS_SELFTEST
639 /* Random data structure for the self test */
641 unsigned long dummy1[6];
643 unsigned long dummy2[3];
646 static __initdata struct debug_obj_descr descr_type_test;
649 * fixup_init is called when:
650 * - an active object is initialized
652 static int __init fixup_init(void *addr, enum debug_obj_state state)
654 struct self_test *obj = addr;
657 case ODEBUG_STATE_ACTIVE:
658 debug_object_deactivate(obj, &descr_type_test);
659 debug_object_init(obj, &descr_type_test);
667 * fixup_activate is called when:
668 * - an active object is activated
669 * - an unknown object is activated (might be a statically initialized object)
671 static int __init fixup_activate(void *addr, enum debug_obj_state state)
673 struct self_test *obj = addr;
676 case ODEBUG_STATE_NOTAVAILABLE:
677 if (obj->static_init == 1) {
678 debug_object_init(obj, &descr_type_test);
679 debug_object_activate(obj, &descr_type_test);
681 * Real code should return 0 here ! This is
682 * not a fixup of some bad behaviour. We
683 * merily call the debug_init function to keep
684 * track of the object.
688 /* Real code needs to emit a warning here */
692 case ODEBUG_STATE_ACTIVE:
693 debug_object_deactivate(obj, &descr_type_test);
694 debug_object_activate(obj, &descr_type_test);
703 * fixup_destroy is called when:
704 * - an active object is destroyed
706 static int __init fixup_destroy(void *addr, enum debug_obj_state state)
708 struct self_test *obj = addr;
711 case ODEBUG_STATE_ACTIVE:
712 debug_object_deactivate(obj, &descr_type_test);
713 debug_object_destroy(obj, &descr_type_test);
721 * fixup_free is called when:
722 * - an active object is freed
724 static int __init fixup_free(void *addr, enum debug_obj_state state)
726 struct self_test *obj = addr;
729 case ODEBUG_STATE_ACTIVE:
730 debug_object_deactivate(obj, &descr_type_test);
731 debug_object_free(obj, &descr_type_test);
739 check_results(void *addr, enum debug_obj_state state, int fixups, int warnings)
741 struct debug_bucket *db;
742 struct debug_obj *obj;
746 db = get_bucket((unsigned long) addr);
748 spin_lock_irqsave(&db->lock, flags);
750 obj = lookup_object(addr, db);
751 if (!obj && state != ODEBUG_STATE_NONE) {
752 WARN(1, KERN_ERR "ODEBUG: selftest object not found\n");
755 if (obj && obj->state != state) {
756 WARN(1, KERN_ERR "ODEBUG: selftest wrong state: %d != %d\n",
760 if (fixups != debug_objects_fixups) {
761 WARN(1, KERN_ERR "ODEBUG: selftest fixups failed %d != %d\n",
762 fixups, debug_objects_fixups);
765 if (warnings != debug_objects_warnings) {
766 WARN(1, KERN_ERR "ODEBUG: selftest warnings failed %d != %d\n",
767 warnings, debug_objects_warnings);
772 spin_unlock_irqrestore(&db->lock, flags);
774 debug_objects_enabled = 0;
778 static __initdata struct debug_obj_descr descr_type_test = {
780 .fixup_init = fixup_init,
781 .fixup_activate = fixup_activate,
782 .fixup_destroy = fixup_destroy,
783 .fixup_free = fixup_free,
786 static __initdata struct self_test obj = { .static_init = 0 };
788 static void __init debug_objects_selftest(void)
790 int fixups, oldfixups, warnings, oldwarnings;
793 local_irq_save(flags);
795 fixups = oldfixups = debug_objects_fixups;
796 warnings = oldwarnings = debug_objects_warnings;
797 descr_test = &descr_type_test;
799 debug_object_init(&obj, &descr_type_test);
800 if (check_results(&obj, ODEBUG_STATE_INIT, fixups, warnings))
802 debug_object_activate(&obj, &descr_type_test);
803 if (check_results(&obj, ODEBUG_STATE_ACTIVE, fixups, warnings))
805 debug_object_activate(&obj, &descr_type_test);
806 if (check_results(&obj, ODEBUG_STATE_ACTIVE, ++fixups, ++warnings))
808 debug_object_deactivate(&obj, &descr_type_test);
809 if (check_results(&obj, ODEBUG_STATE_INACTIVE, fixups, warnings))
811 debug_object_destroy(&obj, &descr_type_test);
812 if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, warnings))
814 debug_object_init(&obj, &descr_type_test);
815 if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, ++warnings))
817 debug_object_activate(&obj, &descr_type_test);
818 if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, ++warnings))
820 debug_object_deactivate(&obj, &descr_type_test);
821 if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, ++warnings))
823 debug_object_free(&obj, &descr_type_test);
824 if (check_results(&obj, ODEBUG_STATE_NONE, fixups, warnings))
828 debug_object_activate(&obj, &descr_type_test);
829 if (check_results(&obj, ODEBUG_STATE_ACTIVE, ++fixups, warnings))
831 debug_object_init(&obj, &descr_type_test);
832 if (check_results(&obj, ODEBUG_STATE_INIT, ++fixups, ++warnings))
834 debug_object_free(&obj, &descr_type_test);
835 if (check_results(&obj, ODEBUG_STATE_NONE, fixups, warnings))
838 #ifdef CONFIG_DEBUG_OBJECTS_FREE
839 debug_object_init(&obj, &descr_type_test);
840 if (check_results(&obj, ODEBUG_STATE_INIT, fixups, warnings))
842 debug_object_activate(&obj, &descr_type_test);
843 if (check_results(&obj, ODEBUG_STATE_ACTIVE, fixups, warnings))
845 __debug_check_no_obj_freed(&obj, sizeof(obj));
846 if (check_results(&obj, ODEBUG_STATE_NONE, ++fixups, ++warnings))
849 printk(KERN_INFO "ODEBUG: selftest passed\n");
852 debug_objects_fixups = oldfixups;
853 debug_objects_warnings = oldwarnings;
856 local_irq_restore(flags);
859 static inline void debug_objects_selftest(void) { }
863 * Called during early boot to initialize the hash buckets and link
864 * the static object pool objects into the poll list. After this call
865 * the object tracker is fully operational.
867 void __init debug_objects_early_init(void)
871 for (i = 0; i < ODEBUG_HASH_SIZE; i++)
872 spin_lock_init(&obj_hash[i].lock);
874 for (i = 0; i < ODEBUG_POOL_SIZE; i++)
875 hlist_add_head(&obj_static_pool[i].node, &obj_pool);
879 * Called after the kmem_caches are functional to setup a dedicated
880 * cache pool, which has the SLAB_DEBUG_OBJECTS flag set. This flag
881 * prevents that the debug code is called on kmem_cache_free() for the
882 * debug tracker objects to avoid recursive calls.
884 void __init debug_objects_mem_init(void)
886 if (!debug_objects_enabled)
889 obj_cache = kmem_cache_create("debug_objects_cache",
890 sizeof (struct debug_obj), 0,
891 SLAB_DEBUG_OBJECTS, NULL);
894 debug_objects_enabled = 0;
896 debug_objects_selftest();