2 * Generic infrastructure for lifetime debugging of objects.
4 * Started by Thomas Gleixner
6 * Copyright (C) 2008, Thomas Gleixner <tglx@linutronix.de>
8 * For licencing details see kernel-base/COPYING
10 #include <linux/debugobjects.h>
11 #include <linux/interrupt.h>
12 #include <linux/seq_file.h>
13 #include <linux/debugfs.h>
14 #include <linux/hash.h>
16 #define ODEBUG_HASH_BITS 14
17 #define ODEBUG_HASH_SIZE (1 << ODEBUG_HASH_BITS)
19 #define ODEBUG_POOL_SIZE 512
20 #define ODEBUG_POOL_MIN_LEVEL 256
22 #define ODEBUG_CHUNK_SHIFT PAGE_SHIFT
23 #define ODEBUG_CHUNK_SIZE (1 << ODEBUG_CHUNK_SHIFT)
24 #define ODEBUG_CHUNK_MASK (~(ODEBUG_CHUNK_SIZE - 1))
27 struct hlist_head list;
31 static struct debug_bucket obj_hash[ODEBUG_HASH_SIZE];
33 static struct debug_obj obj_static_pool[ODEBUG_POOL_SIZE];
35 static DEFINE_SPINLOCK(pool_lock);
37 static HLIST_HEAD(obj_pool);
39 static int obj_pool_min_free = ODEBUG_POOL_SIZE;
40 static int obj_pool_free = ODEBUG_POOL_SIZE;
41 static int obj_pool_used;
42 static int obj_pool_max_used;
43 static struct kmem_cache *obj_cache;
45 static int debug_objects_maxchain __read_mostly;
46 static int debug_objects_fixups __read_mostly;
47 static int debug_objects_warnings __read_mostly;
48 static int debug_objects_enabled __read_mostly;
49 static struct debug_obj_descr *descr_test __read_mostly;
51 static int __init enable_object_debug(char *str)
53 debug_objects_enabled = 1;
56 early_param("debug_objects", enable_object_debug);
58 static const char *obj_states[ODEBUG_STATE_MAX] = {
59 [ODEBUG_STATE_NONE] = "none",
60 [ODEBUG_STATE_INIT] = "initialized",
61 [ODEBUG_STATE_INACTIVE] = "inactive",
62 [ODEBUG_STATE_ACTIVE] = "active",
63 [ODEBUG_STATE_DESTROYED] = "destroyed",
64 [ODEBUG_STATE_NOTAVAILABLE] = "not available",
67 static int fill_pool(void)
69 gfp_t gfp = GFP_ATOMIC | __GFP_NORETRY | __GFP_NOWARN;
70 struct debug_obj *new;
73 if (likely(obj_pool_free >= ODEBUG_POOL_MIN_LEVEL))
76 if (unlikely(!obj_cache))
79 while (obj_pool_free < ODEBUG_POOL_MIN_LEVEL) {
81 new = kmem_cache_zalloc(obj_cache, gfp);
85 spin_lock_irqsave(&pool_lock, flags);
86 hlist_add_head(&new->node, &obj_pool);
88 spin_unlock_irqrestore(&pool_lock, flags);
94 * Lookup an object in the hash bucket.
96 static struct debug_obj *lookup_object(void *addr, struct debug_bucket *b)
98 struct hlist_node *node;
99 struct debug_obj *obj;
102 hlist_for_each_entry(obj, node, &b->list, node) {
104 if (obj->object == addr)
107 if (cnt > debug_objects_maxchain)
108 debug_objects_maxchain = cnt;
114 * Allocate a new object. If the pool is empty, switch off the debugger.
115 * Must be called with interrupts disabled.
117 static struct debug_obj *
118 alloc_object(void *addr, struct debug_bucket *b, struct debug_obj_descr *descr)
120 struct debug_obj *obj = NULL;
122 spin_lock(&pool_lock);
123 if (obj_pool.first) {
124 obj = hlist_entry(obj_pool.first, typeof(*obj), node);
128 obj->state = ODEBUG_STATE_NONE;
129 hlist_del(&obj->node);
131 hlist_add_head(&obj->node, &b->list);
134 if (obj_pool_used > obj_pool_max_used)
135 obj_pool_max_used = obj_pool_used;
138 if (obj_pool_free < obj_pool_min_free)
139 obj_pool_min_free = obj_pool_free;
141 spin_unlock(&pool_lock);
147 * Put the object back into the pool or give it back to kmem_cache:
149 static void free_object(struct debug_obj *obj)
151 unsigned long idx = (unsigned long)(obj - obj_static_pool);
154 if (obj_pool_free < ODEBUG_POOL_SIZE || idx < ODEBUG_POOL_SIZE) {
155 spin_lock_irqsave(&pool_lock, flags);
156 hlist_add_head(&obj->node, &obj_pool);
159 spin_unlock_irqrestore(&pool_lock, flags);
161 spin_lock_irqsave(&pool_lock, flags);
163 spin_unlock_irqrestore(&pool_lock, flags);
164 kmem_cache_free(obj_cache, obj);
169 * We run out of memory. That means we probably have tons of objects
172 static void debug_objects_oom(void)
174 struct debug_bucket *db = obj_hash;
175 struct hlist_node *node, *tmp;
176 HLIST_HEAD(freelist);
177 struct debug_obj *obj;
181 printk(KERN_WARNING "ODEBUG: Out of memory. ODEBUG disabled\n");
183 for (i = 0; i < ODEBUG_HASH_SIZE; i++, db++) {
184 spin_lock_irqsave(&db->lock, flags);
185 hlist_move_list(&db->list, &freelist);
186 spin_unlock_irqrestore(&db->lock, flags);
189 hlist_for_each_entry_safe(obj, node, tmp, &freelist, node) {
190 hlist_del(&obj->node);
197 * We use the pfn of the address for the hash. That way we can check
198 * for freed objects simply by checking the affected bucket.
200 static struct debug_bucket *get_bucket(unsigned long addr)
204 hash = hash_long((addr >> ODEBUG_CHUNK_SHIFT), ODEBUG_HASH_BITS);
205 return &obj_hash[hash];
208 static void debug_print_object(struct debug_obj *obj, char *msg)
212 if (limit < 5 && obj->descr != descr_test) {
214 WARN(1, KERN_ERR "ODEBUG: %s %s object type: %s\n", msg,
215 obj_states[obj->state], obj->descr->name);
217 debug_objects_warnings++;
221 * Try to repair the damage, so we have a better chance to get useful
225 debug_object_fixup(int (*fixup)(void *addr, enum debug_obj_state state),
226 void * addr, enum debug_obj_state state)
229 debug_objects_fixups += fixup(addr, state);
232 static void debug_object_is_on_stack(void *addr, int onstack)
240 is_on_stack = object_is_on_stack(addr);
241 if (is_on_stack == onstack)
247 "ODEBUG: object is on stack, but not annotated\n");
250 "ODEBUG: object is not on stack, but annotated\n");
255 __debug_object_init(void *addr, struct debug_obj_descr *descr, int onstack)
257 enum debug_obj_state state;
258 struct debug_bucket *db;
259 struct debug_obj *obj;
264 db = get_bucket((unsigned long) addr);
266 spin_lock_irqsave(&db->lock, flags);
268 obj = lookup_object(addr, db);
270 obj = alloc_object(addr, db, descr);
272 debug_objects_enabled = 0;
273 spin_unlock_irqrestore(&db->lock, flags);
277 debug_object_is_on_stack(addr, onstack);
280 switch (obj->state) {
281 case ODEBUG_STATE_NONE:
282 case ODEBUG_STATE_INIT:
283 case ODEBUG_STATE_INACTIVE:
284 obj->state = ODEBUG_STATE_INIT;
287 case ODEBUG_STATE_ACTIVE:
288 debug_print_object(obj, "init");
290 spin_unlock_irqrestore(&db->lock, flags);
291 debug_object_fixup(descr->fixup_init, addr, state);
294 case ODEBUG_STATE_DESTROYED:
295 debug_print_object(obj, "init");
301 spin_unlock_irqrestore(&db->lock, flags);
305 * debug_object_init - debug checks when an object is initialized
306 * @addr: address of the object
307 * @descr: pointer to an object specific debug description structure
309 void debug_object_init(void *addr, struct debug_obj_descr *descr)
311 if (!debug_objects_enabled)
314 __debug_object_init(addr, descr, 0);
318 * debug_object_init_on_stack - debug checks when an object on stack is
320 * @addr: address of the object
321 * @descr: pointer to an object specific debug description structure
323 void debug_object_init_on_stack(void *addr, struct debug_obj_descr *descr)
325 if (!debug_objects_enabled)
328 __debug_object_init(addr, descr, 1);
332 * debug_object_activate - debug checks when an object is activated
333 * @addr: address of the object
334 * @descr: pointer to an object specific debug description structure
336 void debug_object_activate(void *addr, struct debug_obj_descr *descr)
338 enum debug_obj_state state;
339 struct debug_bucket *db;
340 struct debug_obj *obj;
343 if (!debug_objects_enabled)
346 db = get_bucket((unsigned long) addr);
348 spin_lock_irqsave(&db->lock, flags);
350 obj = lookup_object(addr, db);
352 switch (obj->state) {
353 case ODEBUG_STATE_INIT:
354 case ODEBUG_STATE_INACTIVE:
355 obj->state = ODEBUG_STATE_ACTIVE;
358 case ODEBUG_STATE_ACTIVE:
359 debug_print_object(obj, "activate");
361 spin_unlock_irqrestore(&db->lock, flags);
362 debug_object_fixup(descr->fixup_activate, addr, state);
365 case ODEBUG_STATE_DESTROYED:
366 debug_print_object(obj, "activate");
371 spin_unlock_irqrestore(&db->lock, flags);
375 spin_unlock_irqrestore(&db->lock, flags);
377 * This happens when a static object is activated. We
378 * let the type specific code decide whether this is
381 debug_object_fixup(descr->fixup_activate, addr,
382 ODEBUG_STATE_NOTAVAILABLE);
386 * debug_object_deactivate - debug checks when an object is deactivated
387 * @addr: address of the object
388 * @descr: pointer to an object specific debug description structure
390 void debug_object_deactivate(void *addr, struct debug_obj_descr *descr)
392 struct debug_bucket *db;
393 struct debug_obj *obj;
396 if (!debug_objects_enabled)
399 db = get_bucket((unsigned long) addr);
401 spin_lock_irqsave(&db->lock, flags);
403 obj = lookup_object(addr, db);
405 switch (obj->state) {
406 case ODEBUG_STATE_INIT:
407 case ODEBUG_STATE_INACTIVE:
408 case ODEBUG_STATE_ACTIVE:
409 obj->state = ODEBUG_STATE_INACTIVE;
412 case ODEBUG_STATE_DESTROYED:
413 debug_print_object(obj, "deactivate");
419 struct debug_obj o = { .object = addr,
420 .state = ODEBUG_STATE_NOTAVAILABLE,
423 debug_print_object(&o, "deactivate");
426 spin_unlock_irqrestore(&db->lock, flags);
430 * debug_object_destroy - debug checks when an object is destroyed
431 * @addr: address of the object
432 * @descr: pointer to an object specific debug description structure
434 void debug_object_destroy(void *addr, struct debug_obj_descr *descr)
436 enum debug_obj_state state;
437 struct debug_bucket *db;
438 struct debug_obj *obj;
441 if (!debug_objects_enabled)
444 db = get_bucket((unsigned long) addr);
446 spin_lock_irqsave(&db->lock, flags);
448 obj = lookup_object(addr, db);
452 switch (obj->state) {
453 case ODEBUG_STATE_NONE:
454 case ODEBUG_STATE_INIT:
455 case ODEBUG_STATE_INACTIVE:
456 obj->state = ODEBUG_STATE_DESTROYED;
458 case ODEBUG_STATE_ACTIVE:
459 debug_print_object(obj, "destroy");
461 spin_unlock_irqrestore(&db->lock, flags);
462 debug_object_fixup(descr->fixup_destroy, addr, state);
465 case ODEBUG_STATE_DESTROYED:
466 debug_print_object(obj, "destroy");
472 spin_unlock_irqrestore(&db->lock, flags);
476 * debug_object_free - debug checks when an object is freed
477 * @addr: address of the object
478 * @descr: pointer to an object specific debug description structure
480 void debug_object_free(void *addr, struct debug_obj_descr *descr)
482 enum debug_obj_state state;
483 struct debug_bucket *db;
484 struct debug_obj *obj;
487 if (!debug_objects_enabled)
490 db = get_bucket((unsigned long) addr);
492 spin_lock_irqsave(&db->lock, flags);
494 obj = lookup_object(addr, db);
498 switch (obj->state) {
499 case ODEBUG_STATE_ACTIVE:
500 debug_print_object(obj, "free");
502 spin_unlock_irqrestore(&db->lock, flags);
503 debug_object_fixup(descr->fixup_free, addr, state);
506 hlist_del(&obj->node);
507 spin_unlock_irqrestore(&db->lock, flags);
512 spin_unlock_irqrestore(&db->lock, flags);
515 #ifdef CONFIG_DEBUG_OBJECTS_FREE
516 static void __debug_check_no_obj_freed(const void *address, unsigned long size)
518 unsigned long flags, oaddr, saddr, eaddr, paddr, chunks;
519 struct hlist_node *node, *tmp;
520 HLIST_HEAD(freelist);
521 struct debug_obj_descr *descr;
522 enum debug_obj_state state;
523 struct debug_bucket *db;
524 struct debug_obj *obj;
527 saddr = (unsigned long) address;
528 eaddr = saddr + size;
529 paddr = saddr & ODEBUG_CHUNK_MASK;
530 chunks = ((eaddr - paddr) + (ODEBUG_CHUNK_SIZE - 1));
531 chunks >>= ODEBUG_CHUNK_SHIFT;
533 for (;chunks > 0; chunks--, paddr += ODEBUG_CHUNK_SIZE) {
534 db = get_bucket(paddr);
538 spin_lock_irqsave(&db->lock, flags);
539 hlist_for_each_entry_safe(obj, node, tmp, &db->list, node) {
541 oaddr = (unsigned long) obj->object;
542 if (oaddr < saddr || oaddr >= eaddr)
545 switch (obj->state) {
546 case ODEBUG_STATE_ACTIVE:
547 debug_print_object(obj, "free");
550 spin_unlock_irqrestore(&db->lock, flags);
551 debug_object_fixup(descr->fixup_free,
552 (void *) oaddr, state);
555 hlist_del(&obj->node);
556 hlist_add_head(&obj->node, &freelist);
560 spin_unlock_irqrestore(&db->lock, flags);
563 hlist_for_each_entry_safe(obj, node, tmp, &freelist, node) {
564 hlist_del(&obj->node);
568 if (cnt > debug_objects_maxchain)
569 debug_objects_maxchain = cnt;
573 void debug_check_no_obj_freed(const void *address, unsigned long size)
575 if (debug_objects_enabled)
576 __debug_check_no_obj_freed(address, size);
580 #ifdef CONFIG_DEBUG_FS
582 static int debug_stats_show(struct seq_file *m, void *v)
584 seq_printf(m, "max_chain :%d\n", debug_objects_maxchain);
585 seq_printf(m, "warnings :%d\n", debug_objects_warnings);
586 seq_printf(m, "fixups :%d\n", debug_objects_fixups);
587 seq_printf(m, "pool_free :%d\n", obj_pool_free);
588 seq_printf(m, "pool_min_free :%d\n", obj_pool_min_free);
589 seq_printf(m, "pool_used :%d\n", obj_pool_used);
590 seq_printf(m, "pool_max_used :%d\n", obj_pool_max_used);
594 static int debug_stats_open(struct inode *inode, struct file *filp)
596 return single_open(filp, debug_stats_show, NULL);
599 static const struct file_operations debug_stats_fops = {
600 .open = debug_stats_open,
603 .release = single_release,
606 static int __init debug_objects_init_debugfs(void)
608 struct dentry *dbgdir, *dbgstats;
610 if (!debug_objects_enabled)
613 dbgdir = debugfs_create_dir("debug_objects", NULL);
617 dbgstats = debugfs_create_file("stats", 0444, dbgdir, NULL,
625 debugfs_remove(dbgdir);
629 __initcall(debug_objects_init_debugfs);
632 static inline void debug_objects_init_debugfs(void) { }
635 #ifdef CONFIG_DEBUG_OBJECTS_SELFTEST
637 /* Random data structure for the self test */
639 unsigned long dummy1[6];
641 unsigned long dummy2[3];
644 static __initdata struct debug_obj_descr descr_type_test;
647 * fixup_init is called when:
648 * - an active object is initialized
650 static int __init fixup_init(void *addr, enum debug_obj_state state)
652 struct self_test *obj = addr;
655 case ODEBUG_STATE_ACTIVE:
656 debug_object_deactivate(obj, &descr_type_test);
657 debug_object_init(obj, &descr_type_test);
665 * fixup_activate is called when:
666 * - an active object is activated
667 * - an unknown object is activated (might be a statically initialized object)
669 static int __init fixup_activate(void *addr, enum debug_obj_state state)
671 struct self_test *obj = addr;
674 case ODEBUG_STATE_NOTAVAILABLE:
675 if (obj->static_init == 1) {
676 debug_object_init(obj, &descr_type_test);
677 debug_object_activate(obj, &descr_type_test);
679 * Real code should return 0 here ! This is
680 * not a fixup of some bad behaviour. We
681 * merily call the debug_init function to keep
682 * track of the object.
686 /* Real code needs to emit a warning here */
690 case ODEBUG_STATE_ACTIVE:
691 debug_object_deactivate(obj, &descr_type_test);
692 debug_object_activate(obj, &descr_type_test);
701 * fixup_destroy is called when:
702 * - an active object is destroyed
704 static int __init fixup_destroy(void *addr, enum debug_obj_state state)
706 struct self_test *obj = addr;
709 case ODEBUG_STATE_ACTIVE:
710 debug_object_deactivate(obj, &descr_type_test);
711 debug_object_destroy(obj, &descr_type_test);
719 * fixup_free is called when:
720 * - an active object is freed
722 static int __init fixup_free(void *addr, enum debug_obj_state state)
724 struct self_test *obj = addr;
727 case ODEBUG_STATE_ACTIVE:
728 debug_object_deactivate(obj, &descr_type_test);
729 debug_object_free(obj, &descr_type_test);
737 check_results(void *addr, enum debug_obj_state state, int fixups, int warnings)
739 struct debug_bucket *db;
740 struct debug_obj *obj;
744 db = get_bucket((unsigned long) addr);
746 spin_lock_irqsave(&db->lock, flags);
748 obj = lookup_object(addr, db);
749 if (!obj && state != ODEBUG_STATE_NONE) {
750 WARN(1, KERN_ERR "ODEBUG: selftest object not found\n");
753 if (obj && obj->state != state) {
754 WARN(1, KERN_ERR "ODEBUG: selftest wrong state: %d != %d\n",
758 if (fixups != debug_objects_fixups) {
759 WARN(1, KERN_ERR "ODEBUG: selftest fixups failed %d != %d\n",
760 fixups, debug_objects_fixups);
763 if (warnings != debug_objects_warnings) {
764 WARN(1, KERN_ERR "ODEBUG: selftest warnings failed %d != %d\n",
765 warnings, debug_objects_warnings);
770 spin_unlock_irqrestore(&db->lock, flags);
772 debug_objects_enabled = 0;
776 static __initdata struct debug_obj_descr descr_type_test = {
778 .fixup_init = fixup_init,
779 .fixup_activate = fixup_activate,
780 .fixup_destroy = fixup_destroy,
781 .fixup_free = fixup_free,
784 static __initdata struct self_test obj = { .static_init = 0 };
786 static void __init debug_objects_selftest(void)
788 int fixups, oldfixups, warnings, oldwarnings;
791 local_irq_save(flags);
793 fixups = oldfixups = debug_objects_fixups;
794 warnings = oldwarnings = debug_objects_warnings;
795 descr_test = &descr_type_test;
797 debug_object_init(&obj, &descr_type_test);
798 if (check_results(&obj, ODEBUG_STATE_INIT, fixups, warnings))
800 debug_object_activate(&obj, &descr_type_test);
801 if (check_results(&obj, ODEBUG_STATE_ACTIVE, fixups, warnings))
803 debug_object_activate(&obj, &descr_type_test);
804 if (check_results(&obj, ODEBUG_STATE_ACTIVE, ++fixups, ++warnings))
806 debug_object_deactivate(&obj, &descr_type_test);
807 if (check_results(&obj, ODEBUG_STATE_INACTIVE, fixups, warnings))
809 debug_object_destroy(&obj, &descr_type_test);
810 if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, warnings))
812 debug_object_init(&obj, &descr_type_test);
813 if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, ++warnings))
815 debug_object_activate(&obj, &descr_type_test);
816 if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, ++warnings))
818 debug_object_deactivate(&obj, &descr_type_test);
819 if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, ++warnings))
821 debug_object_free(&obj, &descr_type_test);
822 if (check_results(&obj, ODEBUG_STATE_NONE, fixups, warnings))
826 debug_object_activate(&obj, &descr_type_test);
827 if (check_results(&obj, ODEBUG_STATE_ACTIVE, ++fixups, warnings))
829 debug_object_init(&obj, &descr_type_test);
830 if (check_results(&obj, ODEBUG_STATE_INIT, ++fixups, ++warnings))
832 debug_object_free(&obj, &descr_type_test);
833 if (check_results(&obj, ODEBUG_STATE_NONE, fixups, warnings))
836 #ifdef CONFIG_DEBUG_OBJECTS_FREE
837 debug_object_init(&obj, &descr_type_test);
838 if (check_results(&obj, ODEBUG_STATE_INIT, fixups, warnings))
840 debug_object_activate(&obj, &descr_type_test);
841 if (check_results(&obj, ODEBUG_STATE_ACTIVE, fixups, warnings))
843 __debug_check_no_obj_freed(&obj, sizeof(obj));
844 if (check_results(&obj, ODEBUG_STATE_NONE, ++fixups, ++warnings))
847 printk(KERN_INFO "ODEBUG: selftest passed\n");
850 debug_objects_fixups = oldfixups;
851 debug_objects_warnings = oldwarnings;
854 local_irq_restore(flags);
857 static inline void debug_objects_selftest(void) { }
861 * Called during early boot to initialize the hash buckets and link
862 * the static object pool objects into the poll list. After this call
863 * the object tracker is fully operational.
865 void __init debug_objects_early_init(void)
869 for (i = 0; i < ODEBUG_HASH_SIZE; i++)
870 spin_lock_init(&obj_hash[i].lock);
872 for (i = 0; i < ODEBUG_POOL_SIZE; i++)
873 hlist_add_head(&obj_static_pool[i].node, &obj_pool);
877 * Called after the kmem_caches are functional to setup a dedicated
878 * cache pool, which has the SLAB_DEBUG_OBJECTS flag set. This flag
879 * prevents that the debug code is called on kmem_cache_free() for the
880 * debug tracker objects to avoid recursive calls.
882 void __init debug_objects_mem_init(void)
884 if (!debug_objects_enabled)
887 obj_cache = kmem_cache_create("debug_objects_cache",
888 sizeof (struct debug_obj), 0,
889 SLAB_DEBUG_OBJECTS, NULL);
892 debug_objects_enabled = 0;
894 debug_objects_selftest();