1 <?xml version="1.0" encoding="UTF-8"?>
2 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" []>
5 <book id="debug-objects-guide">
7 <title>Debug objects life time</title>
11 <firstname>Thomas</firstname>
12 <surname>Gleixner</surname>
15 <email>tglx@linutronix.de</email>
23 <holder>Thomas Gleixner</holder>
28 This documentation is free software; you can redistribute
29 it and/or modify it under the terms of the GNU General Public
30 License version 2 as published by the Free Software Foundation.
34 This program is distributed in the hope that it will be
35 useful, but WITHOUT ANY WARRANTY; without even the implied
36 warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
37 See the GNU General Public License for more details.
41 You should have received a copy of the GNU General Public
42 License along with this program; if not, write to the Free
43 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
48 For more details see the file COPYING in the source
49 distribution of Linux.
57 <title>Introduction</title>
59 debugobjects is a generic infrastructure to track the life time
60 of kernel objects and validate the operations on those.
63 debugobjects is useful to check for the following error patterns:
65 <listitem><para>Activation of uninitialized objects</para></listitem>
66 <listitem><para>Initialization of active objects</para></listitem>
67 <listitem><para>Usage of freed/destroyed objects</para></listitem>
71 debugobjects is not changing the data structure of the real
72 object so it can be compiled in with a minimal runtime impact
73 and enabled on demand with a kernel command line option.
78 <title>Howto use debugobjects</title>
80 A kernel subsystem needs to provide a data structure which
81 describes the object type and add calls into the debug code at
82 appropriate places. The data structure to describe the object
83 type needs at minimum the name of the object type. Optional
84 functions can and should be provided to fixup detected problems
85 so the kernel can continue to work and the debug information can
86 be retrieved from a live system instead of hard core debugging
87 with serial consoles and stack trace transcripts from the
91 The debug calls provided by debugobjects are:
93 <listitem><para>debug_object_init</para></listitem>
94 <listitem><para>debug_object_init_on_stack</para></listitem>
95 <listitem><para>debug_object_activate</para></listitem>
96 <listitem><para>debug_object_deactivate</para></listitem>
97 <listitem><para>debug_object_destroy</para></listitem>
98 <listitem><para>debug_object_free</para></listitem>
100 Each of these functions takes the address of the real object and
101 a pointer to the object type specific debug description
105 Each detected error is reported in the statistics and a limited
106 number of errors are printk'ed including a full stack trace.
109 The statistics are available via debugfs/debug_objects/stats.
110 They provide information about the number of warnings and the
111 number of successful fixups along with information about the
112 usage of the internal tracking objects and the state of the
113 internal tracking objects pool.
116 <chapter id="debugfunctions">
117 <title>Debug functions</title>
118 <sect1 id="prototypes">
119 <title>Debug object function reference</title>
122 <sect1 id="debug_object_init">
123 <title>debug_object_init</title>
125 This function is called whenever the initialization function
126 of a real object is called.
129 When the real object is already tracked by debugobjects it is
130 checked, whether the object can be initialized. Initializing
131 is not allowed for active and destroyed objects. When
132 debugobjects detects an error, then it calls the fixup_init
133 function of the object type description structure if provided
134 by the caller. The fixup function can correct the problem
135 before the real initialization of the object happens. E.g. it
136 can deactivate an active object in order to prevent damage to
140 When the real object is not yet tracked by debugobjects,
141 debugobjects allocates a tracker object for the real object
142 and sets the tracker object state to ODEBUG_STATE_INIT. It
143 verifies that the object is not on the callers stack. If it is
144 on the callers stack then a limited number of warnings
145 including a full stack trace is printk'ed. The calling code
146 must use debug_object_init_on_stack() and remove the object
147 before leaving the function which allocated it. See next
152 <sect1 id="debug_object_init_on_stack">
153 <title>debug_object_init_on_stack</title>
155 This function is called whenever the initialization function
156 of a real object which resides on the stack is called.
159 When the real object is already tracked by debugobjects it is
160 checked, whether the object can be initialized. Initializing
161 is not allowed for active and destroyed objects. When
162 debugobjects detects an error, then it calls the fixup_init
163 function of the object type description structure if provided
164 by the caller. The fixup function can correct the problem
165 before the real initialization of the object happens. E.g. it
166 can deactivate an active object in order to prevent damage to
170 When the real object is not yet tracked by debugobjects
171 debugobjects allocates a tracker object for the real object
172 and sets the tracker object state to ODEBUG_STATE_INIT. It
173 verifies that the object is on the callers stack.
176 An object which is on the stack must be removed from the
177 tracker by calling debug_object_free() before the function
178 which allocates the object returns. Otherwise we keep track of
183 <sect1 id="debug_object_activate">
184 <title>debug_object_activate</title>
186 This function is called whenever the activation function of a
187 real object is called.
190 When the real object is already tracked by debugobjects it is
191 checked, whether the object can be activated. Activating is
192 not allowed for active and destroyed objects. When
193 debugobjects detects an error, then it calls the
194 fixup_activate function of the object type description
195 structure if provided by the caller. The fixup function can
196 correct the problem before the real activation of the object
197 happens. E.g. it can deactivate an active object in order to
198 prevent damage to the subsystem.
201 When the real object is not yet tracked by debugobjects then
202 the fixup_activate function is called if available. This is
203 necessary to allow the legitimate activation of statically
204 allocated and initialized objects. The fixup function checks
205 whether the object is valid and calls the debug_objects_init()
206 function to initialize the tracking of this object.
209 When the activation is legitimate, then the state of the
210 associated tracker object is set to ODEBUG_STATE_ACTIVE.
214 <sect1 id="debug_object_deactivate">
215 <title>debug_object_deactivate</title>
217 This function is called whenever the deactivation function of
218 a real object is called.
221 When the real object is tracked by debugobjects it is checked,
222 whether the object can be deactivated. Deactivating is not
223 allowed for untracked or destroyed objects.
226 When the deactivation is legitimate, then the state of the
227 associated tracker object is set to ODEBUG_STATE_INACTIVE.
231 <sect1 id="debug_object_destroy">
232 <title>debug_object_destroy</title>
234 This function is called to mark an object destroyed. This is
235 useful to prevent the usage of invalid objects, which are
236 still available in memory: either statically allocated objects
237 or objects which are freed later.
240 When the real object is tracked by debugobjects it is checked,
241 whether the object can be destroyed. Destruction is not
242 allowed for active and destroyed objects. When debugobjects
243 detects an error, then it calls the fixup_destroy function of
244 the object type description structure if provided by the
245 caller. The fixup function can correct the problem before the
246 real destruction of the object happens. E.g. it can deactivate
247 an active object in order to prevent damage to the subsystem.
250 When the destruction is legitimate, then the state of the
251 associated tracker object is set to ODEBUG_STATE_DESTROYED.
255 <sect1 id="debug_object_free">
256 <title>debug_object_free</title>
258 This function is called before an object is freed.
261 When the real object is tracked by debugobjects it is checked,
262 whether the object can be freed. Free is not allowed for
263 active objects. When debugobjects detects an error, then it
264 calls the fixup_free function of the object type description
265 structure if provided by the caller. The fixup function can
266 correct the problem before the real free of the object
267 happens. E.g. it can deactivate an active object in order to
268 prevent damage to the subsystem.
271 Note that debug_object_free removes the object from the
272 tracker. Later usage of the object is detected by the other
277 <chapter id="fixupfunctions">
278 <title>Fixup functions</title>
279 <sect1 id="debug_obj_descr">
280 <title>Debug object type description structure</title>
281 !Iinclude/linux/debugobjects.h
283 <sect1 id="fixup_init">
284 <title>fixup_init</title>
286 This function is called from the debug code whenever a problem
287 in debug_object_init is detected. The function takes the
288 address of the object and the state which is currently
289 recorded in the tracker.
292 Called from debug_object_init when the object state is:
294 <listitem><para>ODEBUG_STATE_ACTIVE</para></listitem>
298 The function returns 1 when the fixup was successful,
299 otherwise 0. The return value is used to update the
303 Note, that the function needs to call the debug_object_init()
304 function again, after the damage has been repaired in order to
305 keep the state consistent.
309 <sect1 id="fixup_activate">
310 <title>fixup_activate</title>
312 This function is called from the debug code whenever a problem
313 in debug_object_activate is detected.
316 Called from debug_object_activate when the object state is:
318 <listitem><para>ODEBUG_STATE_NOTAVAILABLE</para></listitem>
319 <listitem><para>ODEBUG_STATE_ACTIVE</para></listitem>
323 The function returns 1 when the fixup was successful,
324 otherwise 0. The return value is used to update the
328 Note that the function needs to call the debug_object_activate()
329 function again after the damage has been repaired in order to
330 keep the state consistent.
333 The activation of statically initialized objects is a special
334 case. When debug_object_activate() has no tracked object for
335 this object address then fixup_activate() is called with
336 object state ODEBUG_STATE_NOTAVAILABLE. The fixup function
337 needs to check whether this is a legitimate case of a
338 statically initialized object or not. In case it is it calls
339 debug_object_init() and debug_object_activate() to make the
340 object known to the tracker and marked active. In this case
341 the function should return 0 because this is not a real fixup.
345 <sect1 id="fixup_destroy">
346 <title>fixup_destroy</title>
348 This function is called from the debug code whenever a problem
349 in debug_object_destroy is detected.
352 Called from debug_object_destroy when the object state is:
354 <listitem><para>ODEBUG_STATE_ACTIVE</para></listitem>
358 The function returns 1 when the fixup was successful,
359 otherwise 0. The return value is used to update the
363 <sect1 id="fixup_free">
364 <title>fixup_free</title>
366 This function is called from the debug code whenever a problem
367 in debug_object_free is detected. Further it can be called
368 from the debug checks in kfree/vfree, when an active object is
369 detected from the debug_check_no_obj_freed() sanity checks.
372 Called from debug_object_free() or debug_check_no_obj_freed()
373 when the object state is:
375 <listitem><para>ODEBUG_STATE_ACTIVE</para></listitem>
379 The function returns 1 when the fixup was successful,
380 otherwise 0. The return value is used to update the
386 <title>Known Bugs And Assumptions</title>
388 None (knock on wood).