1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Generic infrastructure for lifetime debugging of objects.
4 *
5 * Copyright (C) 2008, Linutronix GmbH, Thomas Gleixner <tglx@kernel.org>
6 */
7
8 #define pr_fmt(fmt) "ODEBUG: " fmt
9
10 #include <linux/cpu.h>
11 #include <linux/debugobjects.h>
12 #include <linux/debugfs.h>
13 #include <linux/hash.h>
14 #include <linux/kmemleak.h>
15 #include <linux/sched.h>
16 #include <linux/sched/loadavg.h>
17 #include <linux/sched/task_stack.h>
18 #include <linux/seq_file.h>
19 #include <linux/slab.h>
20 #include <linux/static_key.h>
21
22 #define ODEBUG_HASH_BITS 14
23 #define ODEBUG_HASH_SIZE (1 << ODEBUG_HASH_BITS)
24
25 /* Must be power of two */
26 #define ODEBUG_BATCH_SIZE 16
27
28 /* Initial values. Must all be a multiple of batch size */
29 #define ODEBUG_POOL_SIZE (64 * ODEBUG_BATCH_SIZE)
30 #define ODEBUG_POOL_MIN_LEVEL (ODEBUG_POOL_SIZE / 4)
31
32 #define ODEBUG_POOL_PERCPU_SIZE (8 * ODEBUG_BATCH_SIZE)
33
34 #define ODEBUG_CHUNK_SHIFT PAGE_SHIFT
35 #define ODEBUG_CHUNK_SIZE (1 << ODEBUG_CHUNK_SHIFT)
36 #define ODEBUG_CHUNK_MASK (~(ODEBUG_CHUNK_SIZE - 1))
37
38 /*
39 * We limit the freeing of debug objects via workqueue at a maximum
40 * frequency of 10Hz and about 1024 objects for each freeing operation.
41 * So it is freeing at most 10k debug objects per second.
42 */
43 #define ODEBUG_FREE_WORK_MAX (1024 / ODEBUG_BATCH_SIZE)
44 #define ODEBUG_FREE_WORK_DELAY DIV_ROUND_UP(HZ, 10)
45
46 struct debug_bucket {
47 struct hlist_head list;
48 raw_spinlock_t lock;
49 };
50
51 struct pool_stats {
52 unsigned int cur_used;
53 unsigned int max_used;
54 unsigned int min_fill;
55 };
56
57 struct obj_pool {
58 struct hlist_head objects;
59 unsigned int cnt;
60 unsigned int min_cnt;
61 unsigned int max_cnt;
62 struct pool_stats stats;
63 } ____cacheline_aligned;
64
65
66 static DEFINE_PER_CPU_ALIGNED(struct obj_pool, pool_pcpu) = {
67 .max_cnt = ODEBUG_POOL_PERCPU_SIZE,
68 };
69
70 static struct debug_bucket obj_hash[ODEBUG_HASH_SIZE];
71
72 static struct debug_obj obj_static_pool[ODEBUG_POOL_SIZE] __initdata;
73
74 static DEFINE_RAW_SPINLOCK(pool_lock);
75
76 static struct obj_pool pool_global = {
77 .min_cnt = ODEBUG_POOL_MIN_LEVEL,
78 .max_cnt = ODEBUG_POOL_SIZE,
79 .stats = {
80 .min_fill = ODEBUG_POOL_SIZE,
81 },
82 };
83
84 static struct obj_pool pool_to_free = {
85 .max_cnt = UINT_MAX,
86 };
87
88 static HLIST_HEAD(pool_boot);
89
90 static unsigned long avg_usage;
91 static bool obj_freeing;
92
93 static int __data_racy debug_objects_maxchain __read_mostly;
94 static int __data_racy __maybe_unused debug_objects_maxchecked __read_mostly;
95 static int __data_racy debug_objects_fixups __read_mostly;
96 static int __data_racy debug_objects_warnings __read_mostly;
97 static bool __data_racy debug_objects_enabled __read_mostly
98 = CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT;
99
100 static const struct debug_obj_descr *descr_test __read_mostly;
101 static struct kmem_cache *obj_cache __ro_after_init;
102
103 /*
104 * Track numbers of kmem_cache_alloc()/free() calls done.
105 */
106 static int __data_racy debug_objects_allocated;
107 static int __data_racy debug_objects_freed;
108
109 static void free_obj_work(struct work_struct *work);
110 static DECLARE_DELAYED_WORK(debug_obj_work, free_obj_work);
111
112 static DEFINE_STATIC_KEY_FALSE(obj_cache_enabled);
113
enable_object_debug(char * str)114 static int __init enable_object_debug(char *str)
115 {
116 debug_objects_enabled = true;
117 return 0;
118 }
119 early_param("debug_objects", enable_object_debug);
120
disable_object_debug(char * str)121 static int __init disable_object_debug(char *str)
122 {
123 debug_objects_enabled = false;
124 return 0;
125 }
126 early_param("no_debug_objects", disable_object_debug);
127
128 static const char *obj_states[ODEBUG_STATE_MAX] = {
129 [ODEBUG_STATE_NONE] = "none",
130 [ODEBUG_STATE_INIT] = "initialized",
131 [ODEBUG_STATE_INACTIVE] = "inactive",
132 [ODEBUG_STATE_ACTIVE] = "active",
133 [ODEBUG_STATE_DESTROYED] = "destroyed",
134 [ODEBUG_STATE_NOTAVAILABLE] = "not available",
135 };
136
pool_count(struct obj_pool * pool)137 static __always_inline unsigned int pool_count(struct obj_pool *pool)
138 {
139 return READ_ONCE(pool->cnt);
140 }
141
pool_should_refill(struct obj_pool * pool)142 static __always_inline bool pool_should_refill(struct obj_pool *pool)
143 {
144 return pool_count(pool) < pool->min_cnt;
145 }
146
pool_must_refill(struct obj_pool * pool)147 static __always_inline bool pool_must_refill(struct obj_pool *pool)
148 {
149 return pool_count(pool) < pool->min_cnt / 2;
150 }
151
pool_move_batch(struct obj_pool * dst,struct obj_pool * src)152 static bool pool_move_batch(struct obj_pool *dst, struct obj_pool *src)
153 {
154 struct hlist_node *last, *next_batch, *first_batch;
155 struct debug_obj *obj;
156
157 if (dst->cnt >= dst->max_cnt || !src->cnt)
158 return false;
159
160 first_batch = src->objects.first;
161 obj = hlist_entry(first_batch, typeof(*obj), node);
162 last = obj->batch_last;
163 next_batch = last->next;
164
165 /* Move the next batch to the front of the source pool */
166 src->objects.first = next_batch;
167 if (next_batch)
168 next_batch->pprev = &src->objects.first;
169
170 /* Add the extracted batch to the destination pool */
171 last->next = dst->objects.first;
172 if (last->next)
173 last->next->pprev = &last->next;
174 first_batch->pprev = &dst->objects.first;
175 dst->objects.first = first_batch;
176
177 WRITE_ONCE(src->cnt, src->cnt - ODEBUG_BATCH_SIZE);
178 WRITE_ONCE(dst->cnt, dst->cnt + ODEBUG_BATCH_SIZE);
179 return true;
180 }
181
pool_push_batch(struct obj_pool * dst,struct hlist_head * head)182 static bool pool_push_batch(struct obj_pool *dst, struct hlist_head *head)
183 {
184 struct hlist_node *last;
185 struct debug_obj *obj;
186
187 if (dst->cnt >= dst->max_cnt)
188 return false;
189
190 obj = hlist_entry(head->first, typeof(*obj), node);
191 last = obj->batch_last;
192
193 hlist_splice_init(head, last, &dst->objects);
194 WRITE_ONCE(dst->cnt, dst->cnt + ODEBUG_BATCH_SIZE);
195 return true;
196 }
197
pool_pop_batch(struct hlist_head * head,struct obj_pool * src)198 static bool pool_pop_batch(struct hlist_head *head, struct obj_pool *src)
199 {
200 struct hlist_node *last, *next;
201 struct debug_obj *obj;
202
203 if (!src->cnt)
204 return false;
205
206 /* Move the complete list to the head */
207 hlist_move_list(&src->objects, head);
208
209 obj = hlist_entry(head->first, typeof(*obj), node);
210 last = obj->batch_last;
211 next = last->next;
212 /* Disconnect the batch from the list */
213 last->next = NULL;
214
215 /* Move the node after last back to the source pool. */
216 src->objects.first = next;
217 if (next)
218 next->pprev = &src->objects.first;
219
220 WRITE_ONCE(src->cnt, src->cnt - ODEBUG_BATCH_SIZE);
221 return true;
222 }
223
__alloc_object(struct hlist_head * list)224 static struct debug_obj *__alloc_object(struct hlist_head *list)
225 {
226 struct debug_obj *obj;
227
228 if (unlikely(!list->first))
229 return NULL;
230
231 obj = hlist_entry(list->first, typeof(*obj), node);
232 hlist_del(&obj->node);
233 return obj;
234 }
235
pcpu_refill_stats(void)236 static void pcpu_refill_stats(void)
237 {
238 struct pool_stats *stats = &pool_global.stats;
239
240 WRITE_ONCE(stats->cur_used, stats->cur_used + ODEBUG_BATCH_SIZE);
241
242 if (stats->cur_used > stats->max_used)
243 stats->max_used = stats->cur_used;
244
245 if (pool_global.cnt < stats->min_fill)
246 stats->min_fill = pool_global.cnt;
247 }
248
pcpu_alloc(void)249 static struct debug_obj *pcpu_alloc(void)
250 {
251 struct obj_pool *pcp = this_cpu_ptr(&pool_pcpu);
252
253 lockdep_assert_irqs_disabled();
254
255 for (;;) {
256 struct debug_obj *obj = __alloc_object(&pcp->objects);
257
258 if (likely(obj)) {
259 pcp->cnt--;
260 /*
261 * If this emptied a batch try to refill from the
262 * free pool. Don't do that if this was the top-most
263 * batch as pcpu_free() expects the per CPU pool
264 * to be less than ODEBUG_POOL_PERCPU_SIZE.
265 */
266 if (unlikely(pcp->cnt < (ODEBUG_POOL_PERCPU_SIZE - ODEBUG_BATCH_SIZE) &&
267 !(pcp->cnt % ODEBUG_BATCH_SIZE))) {
268 /*
269 * Don't try to allocate from the regular pool here
270 * to not exhaust it prematurely.
271 */
272 if (pool_count(&pool_to_free)) {
273 guard(raw_spinlock)(&pool_lock);
274 pool_move_batch(pcp, &pool_to_free);
275 pcpu_refill_stats();
276 }
277 }
278 return obj;
279 }
280
281 guard(raw_spinlock)(&pool_lock);
282 if (!pool_move_batch(pcp, &pool_to_free)) {
283 if (!pool_move_batch(pcp, &pool_global))
284 return NULL;
285 }
286 pcpu_refill_stats();
287 }
288 }
289
pcpu_free(struct debug_obj * obj)290 static void pcpu_free(struct debug_obj *obj)
291 {
292 struct obj_pool *pcp = this_cpu_ptr(&pool_pcpu);
293 struct debug_obj *first;
294
295 lockdep_assert_irqs_disabled();
296
297 if (!(pcp->cnt % ODEBUG_BATCH_SIZE)) {
298 obj->batch_last = &obj->node;
299 } else {
300 first = hlist_entry(pcp->objects.first, typeof(*first), node);
301 obj->batch_last = first->batch_last;
302 }
303 hlist_add_head(&obj->node, &pcp->objects);
304 pcp->cnt++;
305
306 /* Pool full ? */
307 if (pcp->cnt < ODEBUG_POOL_PERCPU_SIZE)
308 return;
309
310 /* Remove a batch from the per CPU pool */
311 guard(raw_spinlock)(&pool_lock);
312 /* Try to fit the batch into the pool_global first */
313 if (!pool_move_batch(&pool_global, pcp))
314 pool_move_batch(&pool_to_free, pcp);
315 WRITE_ONCE(pool_global.stats.cur_used, pool_global.stats.cur_used - ODEBUG_BATCH_SIZE);
316 }
317
free_object_list(struct hlist_head * head)318 static void free_object_list(struct hlist_head *head)
319 {
320 struct hlist_node *tmp;
321 struct debug_obj *obj;
322 int cnt = 0;
323
324 hlist_for_each_entry_safe(obj, tmp, head, node) {
325 hlist_del(&obj->node);
326 kmem_cache_free(obj_cache, obj);
327 cnt++;
328 }
329 debug_objects_freed += cnt;
330 }
331
fill_pool_from_freelist(void)332 static void fill_pool_from_freelist(void)
333 {
334 static unsigned long state;
335
336 /*
337 * Reuse objs from the global obj_to_free list; they will be
338 * reinitialized when allocating.
339 */
340 if (!pool_count(&pool_to_free))
341 return;
342
343 /*
344 * Prevent the context from being scheduled or interrupted after
345 * setting the state flag;
346 */
347 guard(irqsave)();
348
349 /*
350 * Avoid lock contention on &pool_lock and avoid making the cache
351 * line exclusive by testing the bit before attempting to set it.
352 */
353 if (test_bit(0, &state) || test_and_set_bit(0, &state))
354 return;
355
356 /* Avoid taking the lock when there is no work to do */
357 while (pool_should_refill(&pool_global) && pool_count(&pool_to_free)) {
358 guard(raw_spinlock)(&pool_lock);
359 /* Move a batch if possible */
360 pool_move_batch(&pool_global, &pool_to_free);
361 }
362 clear_bit(0, &state);
363 }
364
kmem_alloc_batch(struct hlist_head * head,struct kmem_cache * cache,gfp_t gfp)365 static bool kmem_alloc_batch(struct hlist_head *head, struct kmem_cache *cache, gfp_t gfp)
366 {
367 struct hlist_node *last = NULL;
368 struct debug_obj *obj;
369
370 for (int cnt = 0; cnt < ODEBUG_BATCH_SIZE; cnt++) {
371 obj = kmem_cache_zalloc(cache, gfp);
372 if (!obj) {
373 free_object_list(head);
374 return false;
375 }
376 debug_objects_allocated++;
377
378 if (!last)
379 last = &obj->node;
380 obj->batch_last = last;
381
382 hlist_add_head(&obj->node, head);
383 }
384 return true;
385 }
386
fill_pool(void)387 static void fill_pool(void)
388 {
389 static atomic_t cpus_allocating;
390
391 /*
392 * Avoid allocation and lock contention when:
393 * - One other CPU is already allocating
394 * - the global pool has not reached the critical level yet
395 */
396 if (!pool_must_refill(&pool_global) && atomic_read(&cpus_allocating))
397 return;
398
399 atomic_inc(&cpus_allocating);
400 while (pool_should_refill(&pool_global)) {
401 gfp_t gfp = __GFP_HIGH | __GFP_NOWARN;
402 HLIST_HEAD(head);
403
404 /*
405 * Allow reclaim only in preemptible context and during
406 * early boot. If not preemptible, the caller might hold
407 * locks causing a deadlock in the allocator.
408 *
409 * If the reclaim flag is not set during early boot then
410 * allocations, which happen before deferred page
411 * initialization has completed, will fail.
412 *
413 * In preemptible context the flag is harmless and not a
414 * performance issue as that's usually invoked from slow
415 * path initialization context.
416 */
417 if (preemptible() || system_state < SYSTEM_SCHEDULING)
418 gfp |= __GFP_KSWAPD_RECLAIM;
419
420 if (!kmem_alloc_batch(&head, obj_cache, gfp))
421 break;
422
423 guard(raw_spinlock_irqsave)(&pool_lock);
424 if (!pool_push_batch(&pool_global, &head))
425 pool_push_batch(&pool_to_free, &head);
426 }
427 atomic_dec(&cpus_allocating);
428 }
429
430 /*
431 * Lookup an object in the hash bucket.
432 */
lookup_object(void * addr,struct debug_bucket * b)433 static struct debug_obj *lookup_object(void *addr, struct debug_bucket *b)
434 {
435 struct debug_obj *obj;
436 int cnt = 0;
437
438 hlist_for_each_entry(obj, &b->list, node) {
439 cnt++;
440 if (obj->object == addr)
441 return obj;
442 }
443 if (cnt > debug_objects_maxchain)
444 debug_objects_maxchain = cnt;
445
446 return NULL;
447 }
448
calc_usage(void)449 static void calc_usage(void)
450 {
451 static DEFINE_RAW_SPINLOCK(avg_lock);
452 static unsigned long avg_period;
453 unsigned long cur, now = jiffies;
454
455 if (!time_after_eq(now, READ_ONCE(avg_period)))
456 return;
457
458 if (!raw_spin_trylock(&avg_lock))
459 return;
460
461 WRITE_ONCE(avg_period, now + msecs_to_jiffies(10));
462 cur = READ_ONCE(pool_global.stats.cur_used) * ODEBUG_FREE_WORK_MAX;
463 WRITE_ONCE(avg_usage, calc_load(avg_usage, EXP_5, cur));
464 raw_spin_unlock(&avg_lock);
465 }
466
alloc_object(void * addr,struct debug_bucket * b,const struct debug_obj_descr * descr)467 static struct debug_obj *alloc_object(void *addr, struct debug_bucket *b,
468 const struct debug_obj_descr *descr)
469 {
470 struct debug_obj *obj;
471
472 calc_usage();
473
474 if (static_branch_likely(&obj_cache_enabled))
475 obj = pcpu_alloc();
476 else
477 obj = __alloc_object(&pool_boot);
478
479 if (likely(obj)) {
480 obj->object = addr;
481 obj->descr = descr;
482 obj->state = ODEBUG_STATE_NONE;
483 obj->astate = 0;
484 hlist_add_head(&obj->node, &b->list);
485 }
486 return obj;
487 }
488
489 /* workqueue function to free objects. */
free_obj_work(struct work_struct * work)490 static void free_obj_work(struct work_struct *work)
491 {
492 static unsigned long last_use_avg;
493 unsigned long cur_used, last_used, delta;
494 unsigned int max_free = 0;
495
496 WRITE_ONCE(obj_freeing, false);
497
498 /* Rate limit freeing based on current use average */
499 cur_used = READ_ONCE(avg_usage);
500 last_used = last_use_avg;
501 last_use_avg = cur_used;
502
503 if (!pool_count(&pool_to_free))
504 return;
505
506 if (cur_used <= last_used) {
507 delta = (last_used - cur_used) / ODEBUG_FREE_WORK_MAX;
508 max_free = min(delta, ODEBUG_FREE_WORK_MAX);
509 }
510
511 for (int cnt = 0; cnt < ODEBUG_FREE_WORK_MAX; cnt++) {
512 HLIST_HEAD(tofree);
513
514 /* Acquire and drop the lock for each batch */
515 scoped_guard(raw_spinlock_irqsave, &pool_lock) {
516 if (!pool_to_free.cnt)
517 return;
518
519 /* Refill the global pool if possible */
520 if (pool_move_batch(&pool_global, &pool_to_free)) {
521 /* Don't free as there seems to be demand */
522 max_free = 0;
523 } else if (max_free) {
524 pool_pop_batch(&tofree, &pool_to_free);
525 max_free--;
526 } else {
527 return;
528 }
529 }
530 free_object_list(&tofree);
531 }
532 }
533
__free_object(struct debug_obj * obj)534 static void __free_object(struct debug_obj *obj)
535 {
536 guard(irqsave)();
537 if (static_branch_likely(&obj_cache_enabled))
538 pcpu_free(obj);
539 else
540 hlist_add_head(&obj->node, &pool_boot);
541 }
542
543 /*
544 * Put the object back into the pool and schedule work to free objects
545 * if necessary.
546 */
free_object(struct debug_obj * obj)547 static void free_object(struct debug_obj *obj)
548 {
549 __free_object(obj);
550 if (!READ_ONCE(obj_freeing) && pool_count(&pool_to_free)) {
551 WRITE_ONCE(obj_freeing, true);
552 schedule_delayed_work(&debug_obj_work, ODEBUG_FREE_WORK_DELAY);
553 }
554 }
555
put_objects(struct hlist_head * list)556 static void put_objects(struct hlist_head *list)
557 {
558 struct hlist_node *tmp;
559 struct debug_obj *obj;
560
561 /*
562 * Using free_object() puts the objects into reuse or schedules
563 * them for freeing and it get's all the accounting correct.
564 */
565 hlist_for_each_entry_safe(obj, tmp, list, node) {
566 hlist_del(&obj->node);
567 free_object(obj);
568 }
569 }
570
571 #ifdef CONFIG_HOTPLUG_CPU
object_cpu_offline(unsigned int cpu)572 static int object_cpu_offline(unsigned int cpu)
573 {
574 /* Remote access is safe as the CPU is dead already */
575 struct obj_pool *pcp = per_cpu_ptr(&pool_pcpu, cpu);
576
577 put_objects(&pcp->objects);
578 pcp->cnt = 0;
579 return 0;
580 }
581 #endif
582
583 /* Out of memory. Free all objects from hash */
debug_objects_oom(void)584 static void debug_objects_oom(void)
585 {
586 struct debug_bucket *db = obj_hash;
587 HLIST_HEAD(freelist);
588
589 pr_warn("Out of memory. ODEBUG disabled\n");
590
591 for (int i = 0; i < ODEBUG_HASH_SIZE; i++, db++) {
592 scoped_guard(raw_spinlock_irqsave, &db->lock)
593 hlist_move_list(&db->list, &freelist);
594
595 put_objects(&freelist);
596 }
597 }
598
599 /*
600 * We use the pfn of the address for the hash. That way we can check
601 * for freed objects simply by checking the affected bucket.
602 */
get_bucket(unsigned long addr)603 static struct debug_bucket *get_bucket(unsigned long addr)
604 {
605 unsigned long hash;
606
607 hash = hash_long((addr >> ODEBUG_CHUNK_SHIFT), ODEBUG_HASH_BITS);
608 return &obj_hash[hash];
609 }
610
debug_print_object(struct debug_obj * obj,char * msg)611 static void debug_print_object(struct debug_obj *obj, char *msg)
612 {
613 const struct debug_obj_descr *descr = obj->descr;
614 static int limit;
615
616 /*
617 * Don't report if lookup_object_or_alloc() by the current thread
618 * failed because lookup_object_or_alloc()/debug_objects_oom() by a
619 * concurrent thread turned off debug_objects_enabled and cleared
620 * the hash buckets.
621 */
622 if (!debug_objects_enabled)
623 return;
624
625 if (limit < 5 && descr != descr_test) {
626 void *hint = descr->debug_hint ?
627 descr->debug_hint(obj->object) : NULL;
628 limit++;
629 WARN(1, KERN_ERR "ODEBUG: %s %s (active state %u) "
630 "object: %p object type: %s hint: %pS\n",
631 msg, obj_states[obj->state], obj->astate,
632 obj->object, descr->name, hint);
633 }
634 debug_objects_warnings++;
635 }
636
637 /*
638 * Try to repair the damage, so we have a better chance to get useful
639 * debug output.
640 */
641 static bool
debug_object_fixup(bool (* fixup)(void * addr,enum debug_obj_state state),void * addr,enum debug_obj_state state)642 debug_object_fixup(bool (*fixup)(void *addr, enum debug_obj_state state),
643 void * addr, enum debug_obj_state state)
644 {
645 if (fixup && fixup(addr, state)) {
646 debug_objects_fixups++;
647 return true;
648 }
649 return false;
650 }
651
debug_object_is_on_stack(void * addr,int onstack)652 static void debug_object_is_on_stack(void *addr, int onstack)
653 {
654 int is_on_stack;
655 static int limit;
656
657 if (limit > 4)
658 return;
659
660 is_on_stack = object_is_on_stack(addr);
661 if (is_on_stack == onstack)
662 return;
663
664 limit++;
665 if (is_on_stack)
666 pr_warn("object %p is on stack %p, but NOT annotated.\n", addr,
667 task_stack_page(current));
668 else
669 pr_warn("object %p is NOT on stack %p, but annotated.\n", addr,
670 task_stack_page(current));
671
672 WARN_ON(1);
673 }
674
lookup_object_or_alloc(void * addr,struct debug_bucket * b,const struct debug_obj_descr * descr,bool onstack,bool alloc_ifstatic)675 static struct debug_obj *lookup_object_or_alloc(void *addr, struct debug_bucket *b,
676 const struct debug_obj_descr *descr,
677 bool onstack, bool alloc_ifstatic)
678 {
679 struct debug_obj *obj = lookup_object(addr, b);
680 enum debug_obj_state state = ODEBUG_STATE_NONE;
681
682 if (likely(obj))
683 return obj;
684
685 /*
686 * debug_object_init() unconditionally allocates untracked
687 * objects. It does not matter whether it is a static object or
688 * not.
689 *
690 * debug_object_assert_init() and debug_object_activate() allow
691 * allocation only if the descriptor callback confirms that the
692 * object is static and considered initialized. For non-static
693 * objects the allocation needs to be done from the fixup callback.
694 */
695 if (unlikely(alloc_ifstatic)) {
696 if (!descr->is_static_object || !descr->is_static_object(addr))
697 return ERR_PTR(-ENOENT);
698 /* Statically allocated objects are considered initialized */
699 state = ODEBUG_STATE_INIT;
700 }
701
702 obj = alloc_object(addr, b, descr);
703 if (likely(obj)) {
704 obj->state = state;
705 debug_object_is_on_stack(addr, onstack);
706 return obj;
707 }
708
709 /* Out of memory. Do the cleanup outside of the locked region */
710 debug_objects_enabled = false;
711 return NULL;
712 }
713
debug_objects_is_pi_blocked_on(void)714 static inline bool debug_objects_is_pi_blocked_on(void)
715 {
716 #ifdef CONFIG_RT_MUTEXES
717 return current->pi_blocked_on != NULL;
718 #else
719 return false;
720 #endif
721 }
722
debug_objects_fill_pool(void)723 static void debug_objects_fill_pool(void)
724 {
725 if (!static_branch_likely(&obj_cache_enabled))
726 return;
727
728 if (likely(!pool_should_refill(&pool_global)))
729 return;
730
731 /* Try reusing objects from obj_to_free_list */
732 fill_pool_from_freelist();
733
734 if (likely(!pool_should_refill(&pool_global)))
735 return;
736
737 /*
738 * On RT enabled kernels the pool refill must happen in preemptible
739 * context and not enqueued on an rt_mutex -- for !RT kernels we rely
740 * on the fact that spinlock_t and raw_spinlock_t are basically the
741 * same type and this lock-type inversion works just fine.
742 */
743 if (!IS_ENABLED(CONFIG_PREEMPT_RT) || system_state < SYSTEM_SCHEDULING ||
744 (preemptible() && !debug_objects_is_pi_blocked_on())) {
745 /*
746 * Annotate away the spinlock_t inside raw_spinlock_t warning
747 * by temporarily raising the wait-type to LD_WAIT_CONFIG, matching
748 * the preemptible() condition above.
749 */
750 static DEFINE_WAIT_OVERRIDE_MAP(fill_pool_map, LD_WAIT_CONFIG);
751 lock_map_acquire_try(&fill_pool_map);
752 fill_pool();
753 lock_map_release(&fill_pool_map);
754 }
755 }
756
757 static void
__debug_object_init(void * addr,const struct debug_obj_descr * descr,int onstack)758 __debug_object_init(void *addr, const struct debug_obj_descr *descr, int onstack)
759 {
760 struct debug_obj *obj, o;
761 struct debug_bucket *db;
762 unsigned long flags;
763
764 debug_objects_fill_pool();
765
766 db = get_bucket((unsigned long) addr);
767
768 raw_spin_lock_irqsave(&db->lock, flags);
769
770 obj = lookup_object_or_alloc(addr, db, descr, onstack, false);
771 if (unlikely(!obj)) {
772 raw_spin_unlock_irqrestore(&db->lock, flags);
773 debug_objects_oom();
774 return;
775 }
776
777 switch (obj->state) {
778 case ODEBUG_STATE_NONE:
779 case ODEBUG_STATE_INIT:
780 case ODEBUG_STATE_INACTIVE:
781 obj->state = ODEBUG_STATE_INIT;
782 raw_spin_unlock_irqrestore(&db->lock, flags);
783 return;
784 default:
785 break;
786 }
787
788 o = *obj;
789 raw_spin_unlock_irqrestore(&db->lock, flags);
790 debug_print_object(&o, "init");
791
792 if (o.state == ODEBUG_STATE_ACTIVE)
793 debug_object_fixup(descr->fixup_init, addr, o.state);
794 }
795
796 /**
797 * debug_object_init - debug checks when an object is initialized
798 * @addr: address of the object
799 * @descr: pointer to an object specific debug description structure
800 */
debug_object_init(void * addr,const struct debug_obj_descr * descr)801 void debug_object_init(void *addr, const struct debug_obj_descr *descr)
802 {
803 if (!debug_objects_enabled)
804 return;
805
806 __debug_object_init(addr, descr, 0);
807 }
808 EXPORT_SYMBOL_GPL(debug_object_init);
809
810 /**
811 * debug_object_init_on_stack - debug checks when an object on stack is
812 * initialized
813 * @addr: address of the object
814 * @descr: pointer to an object specific debug description structure
815 */
debug_object_init_on_stack(void * addr,const struct debug_obj_descr * descr)816 void debug_object_init_on_stack(void *addr, const struct debug_obj_descr *descr)
817 {
818 if (!debug_objects_enabled)
819 return;
820
821 __debug_object_init(addr, descr, 1);
822 }
823 EXPORT_SYMBOL_GPL(debug_object_init_on_stack);
824
825 /**
826 * debug_object_activate - debug checks when an object is activated
827 * @addr: address of the object
828 * @descr: pointer to an object specific debug description structure
829 * Returns 0 for success, -EINVAL for check failed.
830 */
debug_object_activate(void * addr,const struct debug_obj_descr * descr)831 int debug_object_activate(void *addr, const struct debug_obj_descr *descr)
832 {
833 struct debug_obj o = { .object = addr, .state = ODEBUG_STATE_NOTAVAILABLE, .descr = descr };
834 struct debug_bucket *db;
835 struct debug_obj *obj;
836 unsigned long flags;
837
838 if (!debug_objects_enabled)
839 return 0;
840
841 debug_objects_fill_pool();
842
843 db = get_bucket((unsigned long) addr);
844
845 raw_spin_lock_irqsave(&db->lock, flags);
846
847 obj = lookup_object_or_alloc(addr, db, descr, false, true);
848 if (unlikely(!obj)) {
849 raw_spin_unlock_irqrestore(&db->lock, flags);
850 debug_objects_oom();
851 return 0;
852 } else if (likely(!IS_ERR(obj))) {
853 switch (obj->state) {
854 case ODEBUG_STATE_ACTIVE:
855 case ODEBUG_STATE_DESTROYED:
856 o = *obj;
857 break;
858 case ODEBUG_STATE_INIT:
859 case ODEBUG_STATE_INACTIVE:
860 obj->state = ODEBUG_STATE_ACTIVE;
861 fallthrough;
862 default:
863 raw_spin_unlock_irqrestore(&db->lock, flags);
864 return 0;
865 }
866 }
867
868 raw_spin_unlock_irqrestore(&db->lock, flags);
869 debug_print_object(&o, "activate");
870
871 switch (o.state) {
872 case ODEBUG_STATE_ACTIVE:
873 case ODEBUG_STATE_NOTAVAILABLE:
874 if (debug_object_fixup(descr->fixup_activate, addr, o.state))
875 return 0;
876 fallthrough;
877 default:
878 return -EINVAL;
879 }
880 }
881 EXPORT_SYMBOL_GPL(debug_object_activate);
882
883 /**
884 * debug_object_deactivate - debug checks when an object is deactivated
885 * @addr: address of the object
886 * @descr: pointer to an object specific debug description structure
887 */
debug_object_deactivate(void * addr,const struct debug_obj_descr * descr)888 void debug_object_deactivate(void *addr, const struct debug_obj_descr *descr)
889 {
890 struct debug_obj o = { .object = addr, .state = ODEBUG_STATE_NOTAVAILABLE, .descr = descr };
891 struct debug_bucket *db;
892 struct debug_obj *obj;
893 unsigned long flags;
894
895 if (!debug_objects_enabled)
896 return;
897
898 db = get_bucket((unsigned long) addr);
899
900 raw_spin_lock_irqsave(&db->lock, flags);
901
902 obj = lookup_object(addr, db);
903 if (obj) {
904 switch (obj->state) {
905 case ODEBUG_STATE_DESTROYED:
906 break;
907 case ODEBUG_STATE_INIT:
908 case ODEBUG_STATE_INACTIVE:
909 case ODEBUG_STATE_ACTIVE:
910 if (obj->astate)
911 break;
912 obj->state = ODEBUG_STATE_INACTIVE;
913 fallthrough;
914 default:
915 raw_spin_unlock_irqrestore(&db->lock, flags);
916 return;
917 }
918 o = *obj;
919 }
920
921 raw_spin_unlock_irqrestore(&db->lock, flags);
922 debug_print_object(&o, "deactivate");
923 }
924 EXPORT_SYMBOL_GPL(debug_object_deactivate);
925
926 /**
927 * debug_object_destroy - debug checks when an object is destroyed
928 * @addr: address of the object
929 * @descr: pointer to an object specific debug description structure
930 */
debug_object_destroy(void * addr,const struct debug_obj_descr * descr)931 void debug_object_destroy(void *addr, const struct debug_obj_descr *descr)
932 {
933 struct debug_obj *obj, o;
934 struct debug_bucket *db;
935 unsigned long flags;
936
937 if (!debug_objects_enabled)
938 return;
939
940 db = get_bucket((unsigned long) addr);
941
942 raw_spin_lock_irqsave(&db->lock, flags);
943
944 obj = lookup_object(addr, db);
945 if (!obj) {
946 raw_spin_unlock_irqrestore(&db->lock, flags);
947 return;
948 }
949
950 switch (obj->state) {
951 case ODEBUG_STATE_ACTIVE:
952 case ODEBUG_STATE_DESTROYED:
953 break;
954 case ODEBUG_STATE_NONE:
955 case ODEBUG_STATE_INIT:
956 case ODEBUG_STATE_INACTIVE:
957 obj->state = ODEBUG_STATE_DESTROYED;
958 fallthrough;
959 default:
960 raw_spin_unlock_irqrestore(&db->lock, flags);
961 return;
962 }
963
964 o = *obj;
965 raw_spin_unlock_irqrestore(&db->lock, flags);
966 debug_print_object(&o, "destroy");
967
968 if (o.state == ODEBUG_STATE_ACTIVE)
969 debug_object_fixup(descr->fixup_destroy, addr, o.state);
970 }
971 EXPORT_SYMBOL_GPL(debug_object_destroy);
972
973 /**
974 * debug_object_free - debug checks when an object is freed
975 * @addr: address of the object
976 * @descr: pointer to an object specific debug description structure
977 */
debug_object_free(void * addr,const struct debug_obj_descr * descr)978 void debug_object_free(void *addr, const struct debug_obj_descr *descr)
979 {
980 struct debug_obj *obj, o;
981 struct debug_bucket *db;
982 unsigned long flags;
983
984 if (!debug_objects_enabled)
985 return;
986
987 db = get_bucket((unsigned long) addr);
988
989 raw_spin_lock_irqsave(&db->lock, flags);
990
991 obj = lookup_object(addr, db);
992 if (!obj) {
993 raw_spin_unlock_irqrestore(&db->lock, flags);
994 return;
995 }
996
997 switch (obj->state) {
998 case ODEBUG_STATE_ACTIVE:
999 break;
1000 default:
1001 hlist_del(&obj->node);
1002 raw_spin_unlock_irqrestore(&db->lock, flags);
1003 free_object(obj);
1004 return;
1005 }
1006
1007 o = *obj;
1008 raw_spin_unlock_irqrestore(&db->lock, flags);
1009 debug_print_object(&o, "free");
1010
1011 debug_object_fixup(descr->fixup_free, addr, o.state);
1012 }
1013 EXPORT_SYMBOL_GPL(debug_object_free);
1014
1015 /**
1016 * debug_object_assert_init - debug checks when object should be init-ed
1017 * @addr: address of the object
1018 * @descr: pointer to an object specific debug description structure
1019 */
debug_object_assert_init(void * addr,const struct debug_obj_descr * descr)1020 void debug_object_assert_init(void *addr, const struct debug_obj_descr *descr)
1021 {
1022 struct debug_obj o = { .object = addr, .state = ODEBUG_STATE_NOTAVAILABLE, .descr = descr };
1023 struct debug_bucket *db;
1024 struct debug_obj *obj;
1025 unsigned long flags;
1026
1027 if (!debug_objects_enabled)
1028 return;
1029
1030 debug_objects_fill_pool();
1031
1032 db = get_bucket((unsigned long) addr);
1033
1034 raw_spin_lock_irqsave(&db->lock, flags);
1035 obj = lookup_object_or_alloc(addr, db, descr, false, true);
1036 raw_spin_unlock_irqrestore(&db->lock, flags);
1037 if (!IS_ERR_OR_NULL(obj))
1038 return;
1039
1040 /* If NULL the allocation has hit OOM */
1041 if (!obj) {
1042 debug_objects_oom();
1043 return;
1044 }
1045
1046 /* Object is neither tracked nor static. It's not initialized. */
1047 debug_print_object(&o, "assert_init");
1048 debug_object_fixup(descr->fixup_assert_init, addr, ODEBUG_STATE_NOTAVAILABLE);
1049 }
1050 EXPORT_SYMBOL_GPL(debug_object_assert_init);
1051
1052 /**
1053 * debug_object_active_state - debug checks object usage state machine
1054 * @addr: address of the object
1055 * @descr: pointer to an object specific debug description structure
1056 * @expect: expected state
1057 * @next: state to move to if expected state is found
1058 */
1059 void
debug_object_active_state(void * addr,const struct debug_obj_descr * descr,unsigned int expect,unsigned int next)1060 debug_object_active_state(void *addr, const struct debug_obj_descr *descr,
1061 unsigned int expect, unsigned int next)
1062 {
1063 struct debug_obj o = { .object = addr, .state = ODEBUG_STATE_NOTAVAILABLE, .descr = descr };
1064 struct debug_bucket *db;
1065 struct debug_obj *obj;
1066 unsigned long flags;
1067
1068 if (!debug_objects_enabled)
1069 return;
1070
1071 db = get_bucket((unsigned long) addr);
1072
1073 raw_spin_lock_irqsave(&db->lock, flags);
1074
1075 obj = lookup_object(addr, db);
1076 if (obj) {
1077 switch (obj->state) {
1078 case ODEBUG_STATE_ACTIVE:
1079 if (obj->astate != expect)
1080 break;
1081 obj->astate = next;
1082 raw_spin_unlock_irqrestore(&db->lock, flags);
1083 return;
1084 default:
1085 break;
1086 }
1087 o = *obj;
1088 }
1089
1090 raw_spin_unlock_irqrestore(&db->lock, flags);
1091 debug_print_object(&o, "active_state");
1092 }
1093 EXPORT_SYMBOL_GPL(debug_object_active_state);
1094
1095 #ifdef CONFIG_DEBUG_OBJECTS_FREE
__debug_check_no_obj_freed(const void * address,unsigned long size)1096 static void __debug_check_no_obj_freed(const void *address, unsigned long size)
1097 {
1098 unsigned long flags, oaddr, saddr, eaddr, paddr, chunks;
1099 int cnt, objs_checked = 0;
1100 struct debug_obj *obj, o;
1101 struct debug_bucket *db;
1102 struct hlist_node *tmp;
1103
1104 saddr = (unsigned long) address;
1105 eaddr = saddr + size;
1106 paddr = saddr & ODEBUG_CHUNK_MASK;
1107 chunks = ((eaddr - paddr) + (ODEBUG_CHUNK_SIZE - 1));
1108 chunks >>= ODEBUG_CHUNK_SHIFT;
1109
1110 for (;chunks > 0; chunks--, paddr += ODEBUG_CHUNK_SIZE) {
1111 db = get_bucket(paddr);
1112
1113 repeat:
1114 cnt = 0;
1115 raw_spin_lock_irqsave(&db->lock, flags);
1116 hlist_for_each_entry_safe(obj, tmp, &db->list, node) {
1117 cnt++;
1118 oaddr = (unsigned long) obj->object;
1119 if (oaddr < saddr || oaddr >= eaddr)
1120 continue;
1121
1122 switch (obj->state) {
1123 case ODEBUG_STATE_ACTIVE:
1124 o = *obj;
1125 raw_spin_unlock_irqrestore(&db->lock, flags);
1126 debug_print_object(&o, "free");
1127 debug_object_fixup(o.descr->fixup_free, (void *)oaddr, o.state);
1128 goto repeat;
1129 default:
1130 hlist_del(&obj->node);
1131 __free_object(obj);
1132 break;
1133 }
1134 }
1135 raw_spin_unlock_irqrestore(&db->lock, flags);
1136
1137 if (cnt > debug_objects_maxchain)
1138 debug_objects_maxchain = cnt;
1139
1140 objs_checked += cnt;
1141 }
1142
1143 if (objs_checked > debug_objects_maxchecked)
1144 debug_objects_maxchecked = objs_checked;
1145
1146 /* Schedule work to actually kmem_cache_free() objects */
1147 if (!READ_ONCE(obj_freeing) && pool_count(&pool_to_free)) {
1148 WRITE_ONCE(obj_freeing, true);
1149 schedule_delayed_work(&debug_obj_work, ODEBUG_FREE_WORK_DELAY);
1150 }
1151 }
1152
debug_check_no_obj_freed(const void * address,unsigned long size)1153 void debug_check_no_obj_freed(const void *address, unsigned long size)
1154 {
1155 if (debug_objects_enabled)
1156 __debug_check_no_obj_freed(address, size);
1157 }
1158 #endif
1159
1160 #ifdef CONFIG_DEBUG_FS
1161
debug_stats_show(struct seq_file * m,void * v)1162 static int debug_stats_show(struct seq_file *m, void *v)
1163 {
1164 unsigned int cpu, pool_used, pcp_free = 0;
1165
1166 /*
1167 * pool_global.stats.cur_used is the number of batches currently
1168 * handed out to per CPU pools. Convert it to number of objects
1169 * and subtract the number of free objects in the per CPU pools.
1170 * As this is lockless the number is an estimate.
1171 */
1172 for_each_possible_cpu(cpu)
1173 pcp_free += per_cpu(pool_pcpu.cnt, cpu);
1174
1175 pool_used = READ_ONCE(pool_global.stats.cur_used);
1176 pcp_free = min(pool_used, pcp_free);
1177 pool_used -= pcp_free;
1178
1179 seq_printf(m, "max_chain : %d\n", debug_objects_maxchain);
1180 seq_printf(m, "max_checked : %d\n", debug_objects_maxchecked);
1181 seq_printf(m, "warnings : %d\n", debug_objects_warnings);
1182 seq_printf(m, "fixups : %d\n", debug_objects_fixups);
1183 seq_printf(m, "pool_free : %u\n", pool_count(&pool_global) + pcp_free);
1184 seq_printf(m, "pool_pcp_free : %u\n", pcp_free);
1185 seq_printf(m, "pool_min_free : %u\n", data_race(pool_global.stats.min_fill));
1186 seq_printf(m, "pool_used : %u\n", pool_used);
1187 seq_printf(m, "pool_max_used : %u\n", data_race(pool_global.stats.max_used));
1188 seq_printf(m, "on_free_list : %u\n", pool_count(&pool_to_free));
1189 seq_printf(m, "objs_allocated: %d\n", debug_objects_allocated);
1190 seq_printf(m, "objs_freed : %d\n", debug_objects_freed);
1191 return 0;
1192 }
1193 DEFINE_SHOW_ATTRIBUTE(debug_stats);
1194
debug_objects_init_debugfs(void)1195 static int __init debug_objects_init_debugfs(void)
1196 {
1197 struct dentry *dbgdir;
1198
1199 if (!debug_objects_enabled)
1200 return 0;
1201
1202 dbgdir = debugfs_create_dir("debug_objects", NULL);
1203
1204 debugfs_create_file("stats", 0444, dbgdir, NULL, &debug_stats_fops);
1205
1206 return 0;
1207 }
1208 __initcall(debug_objects_init_debugfs);
1209
1210 #else
debug_objects_init_debugfs(void)1211 static inline void debug_objects_init_debugfs(void) { }
1212 #endif
1213
1214 #ifdef CONFIG_DEBUG_OBJECTS_SELFTEST
1215
1216 /* Random data structure for the self test */
1217 struct self_test {
1218 unsigned long dummy1[6];
1219 int static_init;
1220 unsigned long dummy2[3];
1221 };
1222
1223 static __initconst const struct debug_obj_descr descr_type_test;
1224
is_static_object(void * addr)1225 static bool __init is_static_object(void *addr)
1226 {
1227 struct self_test *obj = addr;
1228
1229 return obj->static_init;
1230 }
1231
1232 /*
1233 * fixup_init is called when:
1234 * - an active object is initialized
1235 */
fixup_init(void * addr,enum debug_obj_state state)1236 static bool __init fixup_init(void *addr, enum debug_obj_state state)
1237 {
1238 struct self_test *obj = addr;
1239
1240 switch (state) {
1241 case ODEBUG_STATE_ACTIVE:
1242 debug_object_deactivate(obj, &descr_type_test);
1243 debug_object_init(obj, &descr_type_test);
1244 return true;
1245 default:
1246 return false;
1247 }
1248 }
1249
1250 /*
1251 * fixup_activate is called when:
1252 * - an active object is activated
1253 * - an unknown non-static object is activated
1254 */
fixup_activate(void * addr,enum debug_obj_state state)1255 static bool __init fixup_activate(void *addr, enum debug_obj_state state)
1256 {
1257 struct self_test *obj = addr;
1258
1259 switch (state) {
1260 case ODEBUG_STATE_NOTAVAILABLE:
1261 return true;
1262 case ODEBUG_STATE_ACTIVE:
1263 debug_object_deactivate(obj, &descr_type_test);
1264 debug_object_activate(obj, &descr_type_test);
1265 return true;
1266
1267 default:
1268 return false;
1269 }
1270 }
1271
1272 /*
1273 * fixup_destroy is called when:
1274 * - an active object is destroyed
1275 */
fixup_destroy(void * addr,enum debug_obj_state state)1276 static bool __init fixup_destroy(void *addr, enum debug_obj_state state)
1277 {
1278 struct self_test *obj = addr;
1279
1280 switch (state) {
1281 case ODEBUG_STATE_ACTIVE:
1282 debug_object_deactivate(obj, &descr_type_test);
1283 debug_object_destroy(obj, &descr_type_test);
1284 return true;
1285 default:
1286 return false;
1287 }
1288 }
1289
1290 /*
1291 * fixup_free is called when:
1292 * - an active object is freed
1293 */
fixup_free(void * addr,enum debug_obj_state state)1294 static bool __init fixup_free(void *addr, enum debug_obj_state state)
1295 {
1296 struct self_test *obj = addr;
1297
1298 switch (state) {
1299 case ODEBUG_STATE_ACTIVE:
1300 debug_object_deactivate(obj, &descr_type_test);
1301 debug_object_free(obj, &descr_type_test);
1302 return true;
1303 default:
1304 return false;
1305 }
1306 }
1307
1308 static int __init
check_results(void * addr,enum debug_obj_state state,int fixups,int warnings)1309 check_results(void *addr, enum debug_obj_state state, int fixups, int warnings)
1310 {
1311 struct debug_bucket *db;
1312 struct debug_obj *obj;
1313 unsigned long flags;
1314 int res = -EINVAL;
1315
1316 db = get_bucket((unsigned long) addr);
1317
1318 raw_spin_lock_irqsave(&db->lock, flags);
1319
1320 obj = lookup_object(addr, db);
1321 if (!obj && state != ODEBUG_STATE_NONE) {
1322 WARN(1, KERN_ERR "ODEBUG: selftest object not found\n");
1323 goto out;
1324 }
1325 if (obj && obj->state != state) {
1326 WARN(1, KERN_ERR "ODEBUG: selftest wrong state: %d != %d\n",
1327 obj->state, state);
1328 goto out;
1329 }
1330 if (fixups != debug_objects_fixups) {
1331 WARN(1, KERN_ERR "ODEBUG: selftest fixups failed %d != %d\n",
1332 fixups, debug_objects_fixups);
1333 goto out;
1334 }
1335 if (warnings != debug_objects_warnings) {
1336 WARN(1, KERN_ERR "ODEBUG: selftest warnings failed %d != %d\n",
1337 warnings, debug_objects_warnings);
1338 goto out;
1339 }
1340 res = 0;
1341 out:
1342 raw_spin_unlock_irqrestore(&db->lock, flags);
1343 if (res)
1344 debug_objects_enabled = false;
1345 return res;
1346 }
1347
1348 static __initconst const struct debug_obj_descr descr_type_test = {
1349 .name = "selftest",
1350 .is_static_object = is_static_object,
1351 .fixup_init = fixup_init,
1352 .fixup_activate = fixup_activate,
1353 .fixup_destroy = fixup_destroy,
1354 .fixup_free = fixup_free,
1355 };
1356
1357 static __initdata struct self_test obj = { .static_init = 0 };
1358
debug_objects_selftest(void)1359 static bool __init debug_objects_selftest(void)
1360 {
1361 int fixups, oldfixups, warnings, oldwarnings;
1362 unsigned long flags;
1363
1364 local_irq_save(flags);
1365
1366 fixups = oldfixups = debug_objects_fixups;
1367 warnings = oldwarnings = debug_objects_warnings;
1368 descr_test = &descr_type_test;
1369
1370 debug_object_init(&obj, &descr_type_test);
1371 if (check_results(&obj, ODEBUG_STATE_INIT, fixups, warnings))
1372 goto out;
1373 debug_object_activate(&obj, &descr_type_test);
1374 if (check_results(&obj, ODEBUG_STATE_ACTIVE, fixups, warnings))
1375 goto out;
1376 debug_object_activate(&obj, &descr_type_test);
1377 if (check_results(&obj, ODEBUG_STATE_ACTIVE, ++fixups, ++warnings))
1378 goto out;
1379 debug_object_deactivate(&obj, &descr_type_test);
1380 if (check_results(&obj, ODEBUG_STATE_INACTIVE, fixups, warnings))
1381 goto out;
1382 debug_object_destroy(&obj, &descr_type_test);
1383 if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, warnings))
1384 goto out;
1385 debug_object_init(&obj, &descr_type_test);
1386 if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, ++warnings))
1387 goto out;
1388 debug_object_activate(&obj, &descr_type_test);
1389 if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, ++warnings))
1390 goto out;
1391 debug_object_deactivate(&obj, &descr_type_test);
1392 if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, ++warnings))
1393 goto out;
1394 debug_object_free(&obj, &descr_type_test);
1395 if (check_results(&obj, ODEBUG_STATE_NONE, fixups, warnings))
1396 goto out;
1397
1398 obj.static_init = 1;
1399 debug_object_activate(&obj, &descr_type_test);
1400 if (check_results(&obj, ODEBUG_STATE_ACTIVE, fixups, warnings))
1401 goto out;
1402 debug_object_init(&obj, &descr_type_test);
1403 if (check_results(&obj, ODEBUG_STATE_INIT, ++fixups, ++warnings))
1404 goto out;
1405 debug_object_free(&obj, &descr_type_test);
1406 if (check_results(&obj, ODEBUG_STATE_NONE, fixups, warnings))
1407 goto out;
1408
1409 #ifdef CONFIG_DEBUG_OBJECTS_FREE
1410 debug_object_init(&obj, &descr_type_test);
1411 if (check_results(&obj, ODEBUG_STATE_INIT, fixups, warnings))
1412 goto out;
1413 debug_object_activate(&obj, &descr_type_test);
1414 if (check_results(&obj, ODEBUG_STATE_ACTIVE, fixups, warnings))
1415 goto out;
1416 __debug_check_no_obj_freed(&obj, sizeof(obj));
1417 if (check_results(&obj, ODEBUG_STATE_NONE, ++fixups, ++warnings))
1418 goto out;
1419 #endif
1420 pr_info("selftest passed\n");
1421
1422 out:
1423 debug_objects_fixups = oldfixups;
1424 debug_objects_warnings = oldwarnings;
1425 descr_test = NULL;
1426
1427 local_irq_restore(flags);
1428 return debug_objects_enabled;
1429 }
1430 #else
debug_objects_selftest(void)1431 static inline bool debug_objects_selftest(void) { return true; }
1432 #endif
1433
1434 /*
1435 * Called during early boot to initialize the hash buckets and link
1436 * the static object pool objects into the poll list. After this call
1437 * the object tracker is fully operational.
1438 */
debug_objects_early_init(void)1439 void __init debug_objects_early_init(void)
1440 {
1441 int i;
1442
1443 for (i = 0; i < ODEBUG_HASH_SIZE; i++)
1444 raw_spin_lock_init(&obj_hash[i].lock);
1445
1446 /* Keep early boot simple and add everything to the boot list */
1447 for (i = 0; i < ODEBUG_POOL_SIZE; i++)
1448 hlist_add_head(&obj_static_pool[i].node, &pool_boot);
1449 }
1450
1451 /*
1452 * Convert the statically allocated objects to dynamic ones.
1453 * debug_objects_mem_init() is called early so only one CPU is up and
1454 * interrupts are disabled, which means it is safe to replace the active
1455 * object references.
1456 */
debug_objects_replace_static_objects(struct kmem_cache * cache)1457 static bool __init debug_objects_replace_static_objects(struct kmem_cache *cache)
1458 {
1459 struct debug_bucket *db = obj_hash;
1460 struct hlist_node *tmp;
1461 struct debug_obj *obj;
1462 HLIST_HEAD(objects);
1463 int i;
1464
1465 for (i = 0; i < ODEBUG_POOL_SIZE; i += ODEBUG_BATCH_SIZE) {
1466 if (!kmem_alloc_batch(&objects, cache, GFP_KERNEL))
1467 goto free;
1468 pool_push_batch(&pool_global, &objects);
1469 }
1470
1471 /* Disconnect the boot pool. */
1472 pool_boot.first = NULL;
1473
1474 /* Replace the active object references */
1475 for (i = 0; i < ODEBUG_HASH_SIZE; i++, db++) {
1476 hlist_move_list(&db->list, &objects);
1477
1478 hlist_for_each_entry(obj, &objects, node) {
1479 struct debug_obj *new = pcpu_alloc();
1480
1481 /* copy object data */
1482 *new = *obj;
1483 hlist_add_head(&new->node, &db->list);
1484 }
1485 }
1486 return true;
1487 free:
1488 /* Can't use free_object_list() as the cache is not populated yet */
1489 hlist_for_each_entry_safe(obj, tmp, &pool_global.objects, node) {
1490 hlist_del(&obj->node);
1491 kmem_cache_free(cache, obj);
1492 }
1493 return false;
1494 }
1495
1496 /*
1497 * Called after the kmem_caches are functional to setup a dedicated
1498 * cache pool, which has the SLAB_DEBUG_OBJECTS flag set. This flag
1499 * prevents that the debug code is called on kmem_cache_free() for the
1500 * debug tracker objects to avoid recursive calls.
1501 */
debug_objects_mem_init(void)1502 void __init debug_objects_mem_init(void)
1503 {
1504 struct kmem_cache *cache;
1505 int extras;
1506
1507 if (!debug_objects_enabled)
1508 return;
1509
1510 if (!debug_objects_selftest())
1511 return;
1512
1513 cache = kmem_cache_create("debug_objects_cache", sizeof (struct debug_obj), 0,
1514 SLAB_DEBUG_OBJECTS | SLAB_NOLEAKTRACE, NULL);
1515
1516 if (!cache || !debug_objects_replace_static_objects(cache)) {
1517 debug_objects_enabled = false;
1518 pr_warn("Out of memory.\n");
1519 return;
1520 }
1521
1522 /*
1523 * Adjust the thresholds for allocating and freeing objects
1524 * according to the number of possible CPUs available in the
1525 * system.
1526 */
1527 extras = num_possible_cpus() * ODEBUG_BATCH_SIZE;
1528 pool_global.max_cnt += extras;
1529 pool_global.min_cnt += extras;
1530
1531 /* Everything worked. Expose the cache */
1532 obj_cache = cache;
1533 static_branch_enable(&obj_cache_enabled);
1534
1535 #ifdef CONFIG_HOTPLUG_CPU
1536 cpuhp_setup_state_nocalls(CPUHP_DEBUG_OBJ_DEAD, "object:offline", NULL,
1537 object_cpu_offline);
1538 #endif
1539 return;
1540 }
1541