1 /* 2 * Copyright (c) 2002, Jeffrey Roberson <jeff@freebsd.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice unmodified, this list of conditions, and the following 10 * disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 * 26 * $FreeBSD$ 27 * 28 */ 29 30 /* 31 * uma_dbg.c Debugging features for UMA users 32 * 33 */ 34 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/kernel.h> 39 #include <sys/types.h> 40 #include <sys/queue.h> 41 #include <sys/lock.h> 42 #include <sys/mutex.h> 43 #include <sys/malloc.h> 44 45 #include <vm/vm.h> 46 #include <vm/vm_object.h> 47 #include <vm/vm_page.h> 48 #include <vm/uma.h> 49 #include <vm/uma_int.h> 50 #include <vm/uma_dbg.h> 51 52 static const u_int32_t uma_junk = 0xdeadc0de; 53 54 /* 55 * Checks an item to make sure it hasn't been overwritten since freed. 56 * 57 * Complies with standard ctor arg/return 58 * 59 */ 60 void 61 trash_ctor(void *mem, int size, void *arg) 62 { 63 int cnt; 64 u_int32_t *p; 65 66 cnt = size / sizeof(uma_junk); 67 68 for (p = mem; cnt > 0; cnt--, p++) 69 if (*p != uma_junk) 70 panic("Memory modified after free %p(%d)\n", 71 mem, size); 72 } 73 74 /* 75 * Fills an item with predictable garbage 76 * 77 * Complies with standard dtor arg/return 78 * 79 */ 80 void 81 trash_dtor(void *mem, int size, void *arg) 82 { 83 int cnt; 84 u_int32_t *p; 85 86 cnt = size / sizeof(uma_junk); 87 88 for (p = mem; cnt > 0; cnt--, p++) 89 *p = uma_junk; 90 } 91 92 /* 93 * Fills an item with predictable garbage 94 * 95 * Complies with standard init arg/return 96 * 97 */ 98 void 99 trash_init(void *mem, int size) 100 { 101 trash_dtor(mem, size, NULL); 102 } 103 104 /* 105 * Checks an item to make sure it hasn't been overwritten since it was freed. 106 * 107 * Complies with standard fini arg/return 108 * 109 */ 110 void 111 trash_fini(void *mem, int size) 112 { 113 trash_ctor(mem, size, NULL); 114 } 115 116 /* 117 * Checks an item to make sure it hasn't been overwritten since freed. 118 * 119 * Complies with standard ctor arg/return 120 * 121 */ 122 void 123 mtrash_ctor(void *mem, int size, void *arg) 124 { 125 struct malloc_type **ksp; 126 u_int32_t *p = mem; 127 int cnt; 128 129 size -= sizeof(struct malloc_type *); 130 ksp = (struct malloc_type **)mem; 131 ksp += size / sizeof(struct malloc_type *); 132 cnt = size / sizeof(uma_junk); 133 134 for (p = mem; cnt > 0; cnt--, p++) 135 if (*p != uma_junk) { 136 printf("Memory modified after free %p(%d)\n", 137 mem, size); 138 panic("Most recently used by %s\n", (*ksp == NULL)? 139 "none" : (*ksp)->ks_shortdesc); 140 } 141 } 142 143 /* 144 * Fills an item with predictable garbage 145 * 146 * Complies with standard dtor arg/return 147 * 148 */ 149 void 150 mtrash_dtor(void *mem, int size, void *arg) 151 { 152 int cnt; 153 u_int32_t *p; 154 155 size -= sizeof(struct malloc_type *); 156 cnt = size / sizeof(uma_junk); 157 158 for (p = mem; cnt > 0; cnt--, p++) 159 *p = uma_junk; 160 } 161 162 /* 163 * Fills an item with predictable garbage 164 * 165 * Complies with standard init arg/return 166 * 167 */ 168 void 169 mtrash_init(void *mem, int size) 170 { 171 struct malloc_type **ksp; 172 173 mtrash_dtor(mem, size, NULL); 174 175 ksp = (struct malloc_type **)mem; 176 ksp += (size / sizeof(struct malloc_type *)) - 1; 177 *ksp = NULL; 178 } 179 180 /* 181 * Checks an item to make sure it hasn't been overwritten since it was freed. 182 * 183 * Complies with standard fini arg/return 184 * 185 */ 186 void 187 mtrash_fini(void *mem, int size) 188 { 189 mtrash_ctor(mem, size, NULL); 190 } 191 192 static uma_slab_t 193 uma_dbg_getslab(uma_zone_t zone, void *item) 194 { 195 uma_slab_t slab; 196 u_int8_t *mem; 197 198 mem = (u_int8_t *)((unsigned long)item & (~UMA_SLAB_MASK)); 199 if (zone->uz_flags & UMA_ZFLAG_MALLOC) { 200 slab = vtoslab((vm_offset_t)mem); 201 } else if (zone->uz_flags & UMA_ZFLAG_HASH) { 202 slab = hash_sfind(&zone->uz_hash, mem); 203 } else { 204 mem += zone->uz_pgoff; 205 slab = (uma_slab_t)mem; 206 } 207 208 return (slab); 209 } 210 211 /* 212 * Set up the slab's freei data such that uma_dbg_free can function. 213 * 214 */ 215 216 void 217 uma_dbg_alloc(uma_zone_t zone, uma_slab_t slab, void *item) 218 { 219 int freei; 220 221 if (slab == NULL) { 222 slab = uma_dbg_getslab(zone, item); 223 if (slab == NULL) 224 panic("uma: item %p did not belong to zone %s\n", 225 item, zone->uz_name); 226 } 227 228 freei = ((unsigned long)item - (unsigned long)slab->us_data) 229 / zone->uz_rsize; 230 231 slab->us_freelist[freei] = 255; 232 233 return; 234 } 235 236 /* 237 * Verifies freed addresses. Checks for alignment, valid slab membership 238 * and duplicate frees. 239 * 240 */ 241 242 void 243 uma_dbg_free(uma_zone_t zone, uma_slab_t slab, void *item) 244 { 245 int freei; 246 247 if (slab == NULL) { 248 slab = uma_dbg_getslab(zone, item); 249 if (slab == NULL) 250 panic("uma: Freed item %p did not belong to zone %s\n", 251 item, zone->uz_name); 252 } 253 254 freei = ((unsigned long)item - (unsigned long)slab->us_data) 255 / zone->uz_rsize; 256 257 if (freei >= zone->uz_ipers) 258 panic("zone: %s(%p) slab %p freelist %d out of range 0-%d\n", 259 zone->uz_name, zone, slab, freei, zone->uz_ipers-1); 260 261 if (((freei * zone->uz_rsize) + slab->us_data) != item) { 262 printf("zone: %s(%p) slab %p freed address %p unaligned.\n", 263 zone->uz_name, zone, slab, item); 264 panic("should be %p\n", 265 (freei * zone->uz_rsize) + slab->us_data); 266 } 267 268 if (slab->us_freelist[freei] != 255) { 269 printf("Slab at %p, freei %d = %d.\n", 270 slab, freei, slab->us_freelist[freei]); 271 panic("Duplicate free of item %p from zone %p(%s)\n", 272 item, zone, zone->uz_name); 273 } 274 275 /* 276 * When this is actually linked into the slab this will change. 277 * Until then the count of valid slabs will make sure we don't 278 * accidentally follow this and assume it's a valid index. 279 */ 280 slab->us_freelist[freei] = 0; 281 } 282