1 /*- 2 * Copyright (c) 2004, 2005, 3 * Bosko Milekic <bmilekic@freebsd.org> 4 * Copyright (c) 2002, 2003, 2004, 2005, 5 * Jeffrey Roberson <jeff@freebsd.org> 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice unmodified, this list of conditions, and the following 12 * disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * uma_dbg.c Debugging features for UMA users 31 * 32 */ 33 34 #include <sys/cdefs.h> 35 __FBSDID("$FreeBSD$"); 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/kernel.h> 40 #include <sys/types.h> 41 #include <sys/queue.h> 42 #include <sys/lock.h> 43 #include <sys/mutex.h> 44 #include <sys/malloc.h> 45 46 #include <vm/vm.h> 47 #include <vm/vm_object.h> 48 #include <vm/vm_page.h> 49 #include <vm/uma.h> 50 #include <vm/uma_int.h> 51 #include <vm/uma_dbg.h> 52 53 static const u_int32_t uma_junk = 0xdeadc0de; 54 55 /* 56 * Checks an item to make sure it hasn't been overwritten since it was freed, 57 * prior to subsequent reallocation. 58 * 59 * Complies with standard ctor arg/return 60 * 61 */ 62 int 63 trash_ctor(void *mem, int size, void *arg, int flags) 64 { 65 int cnt; 66 u_int32_t *p; 67 68 cnt = size / sizeof(uma_junk); 69 70 for (p = mem; cnt > 0; cnt--, p++) 71 if (*p != uma_junk) 72 panic("Memory modified after free %p(%d) val=%x @ %p\n", 73 mem, size, *p, p); 74 return (0); 75 } 76 77 /* 78 * Fills an item with predictable garbage 79 * 80 * Complies with standard dtor arg/return 81 * 82 */ 83 void 84 trash_dtor(void *mem, int size, void *arg) 85 { 86 int cnt; 87 u_int32_t *p; 88 89 cnt = size / sizeof(uma_junk); 90 91 for (p = mem; cnt > 0; cnt--, p++) 92 *p = uma_junk; 93 } 94 95 /* 96 * Fills an item with predictable garbage 97 * 98 * Complies with standard init arg/return 99 * 100 */ 101 int 102 trash_init(void *mem, int size, int flags) 103 { 104 trash_dtor(mem, size, NULL); 105 return (0); 106 } 107 108 /* 109 * Checks an item to make sure it hasn't been overwritten since it was freed. 110 * 111 * Complies with standard fini arg/return 112 * 113 */ 114 void 115 trash_fini(void *mem, int size) 116 { 117 (void)trash_ctor(mem, size, NULL, 0); 118 } 119 120 int 121 mtrash_ctor(void *mem, int size, void *arg, int flags) 122 { 123 struct malloc_type **ksp; 124 u_int32_t *p = mem; 125 int cnt; 126 127 size -= sizeof(struct malloc_type *); 128 ksp = (struct malloc_type **)mem; 129 ksp += size / sizeof(struct malloc_type *); 130 cnt = size / sizeof(uma_junk); 131 132 for (p = mem; cnt > 0; cnt--, p++) 133 if (*p != uma_junk) { 134 printf("Memory modified after free %p(%d) val=%x @ %p\n", 135 mem, size, *p, p); 136 panic("Most recently used by %s\n", (*ksp == NULL)? 137 "none" : (*ksp)->ks_shortdesc); 138 } 139 return (0); 140 } 141 142 /* 143 * Fills an item with predictable garbage 144 * 145 * Complies with standard dtor arg/return 146 * 147 */ 148 void 149 mtrash_dtor(void *mem, int size, void *arg) 150 { 151 int cnt; 152 u_int32_t *p; 153 154 size -= sizeof(struct malloc_type *); 155 cnt = size / sizeof(uma_junk); 156 157 for (p = mem; cnt > 0; cnt--, p++) 158 *p = uma_junk; 159 } 160 161 /* 162 * Fills an item with predictable garbage 163 * 164 * Complies with standard init arg/return 165 * 166 */ 167 int 168 mtrash_init(void *mem, int size, int flags) 169 { 170 struct malloc_type **ksp; 171 172 mtrash_dtor(mem, size, NULL); 173 174 ksp = (struct malloc_type **)mem; 175 ksp += (size / sizeof(struct malloc_type *)) - 1; 176 *ksp = NULL; 177 return (0); 178 } 179 180 /* 181 * Checks an item to make sure it hasn't been overwritten since it was freed, 182 * prior to freeing it back to available memory. 183 * 184 * Complies with standard fini arg/return 185 * 186 */ 187 void 188 mtrash_fini(void *mem, int size) 189 { 190 (void)mtrash_ctor(mem, size, NULL, 0); 191 } 192 193 static uma_slab_t 194 uma_dbg_getslab(uma_zone_t zone, void *item) 195 { 196 uma_slab_t slab; 197 uma_keg_t keg; 198 u_int8_t *mem; 199 200 keg = zone->uz_keg; 201 mem = (u_int8_t *)((unsigned long)item & (~UMA_SLAB_MASK)); 202 if (keg->uk_flags & UMA_ZONE_MALLOC) { 203 slab = vtoslab((vm_offset_t)mem); 204 } else if (keg->uk_flags & UMA_ZONE_HASH) { 205 slab = hash_sfind(&keg->uk_hash, mem); 206 } else { 207 mem += keg->uk_pgoff; 208 slab = (uma_slab_t)mem; 209 } 210 211 return (slab); 212 } 213 214 /* 215 * Set up the slab's freei data such that uma_dbg_free can function. 216 * 217 */ 218 219 void 220 uma_dbg_alloc(uma_zone_t zone, uma_slab_t slab, void *item) 221 { 222 uma_keg_t keg; 223 uma_slabrefcnt_t slabref; 224 int freei; 225 226 keg = zone->uz_keg; 227 if (slab == NULL) { 228 slab = uma_dbg_getslab(zone, item); 229 if (slab == NULL) 230 panic("uma: item %p did not belong to zone %s\n", 231 item, zone->uz_name); 232 } 233 234 freei = ((unsigned long)item - (unsigned long)slab->us_data) 235 / keg->uk_rsize; 236 237 if (keg->uk_flags & UMA_ZONE_REFCNT) { 238 slabref = (uma_slabrefcnt_t)slab; 239 slabref->us_freelist[freei].us_item = 255; 240 } else { 241 slab->us_freelist[freei].us_item = 255; 242 } 243 244 return; 245 } 246 247 /* 248 * Verifies freed addresses. Checks for alignment, valid slab membership 249 * and duplicate frees. 250 * 251 */ 252 253 void 254 uma_dbg_free(uma_zone_t zone, uma_slab_t slab, void *item) 255 { 256 uma_keg_t keg; 257 uma_slabrefcnt_t slabref; 258 int freei; 259 260 keg = zone->uz_keg; 261 if (slab == NULL) { 262 slab = uma_dbg_getslab(zone, item); 263 if (slab == NULL) 264 panic("uma: Freed item %p did not belong to zone %s\n", 265 item, zone->uz_name); 266 } 267 268 freei = ((unsigned long)item - (unsigned long)slab->us_data) 269 / keg->uk_rsize; 270 271 if (freei >= keg->uk_ipers) 272 panic("zone: %s(%p) slab %p freelist %d out of range 0-%d\n", 273 zone->uz_name, zone, slab, freei, keg->uk_ipers-1); 274 275 if (((freei * keg->uk_rsize) + slab->us_data) != item) { 276 printf("zone: %s(%p) slab %p freed address %p unaligned.\n", 277 zone->uz_name, zone, slab, item); 278 panic("should be %p\n", 279 (freei * keg->uk_rsize) + slab->us_data); 280 } 281 282 if (keg->uk_flags & UMA_ZONE_REFCNT) { 283 slabref = (uma_slabrefcnt_t)slab; 284 if (slabref->us_freelist[freei].us_item != 255) { 285 printf("Slab at %p, freei %d = %d.\n", 286 slab, freei, slabref->us_freelist[freei].us_item); 287 panic("Duplicate free of item %p from zone %p(%s)\n", 288 item, zone, zone->uz_name); 289 } 290 291 /* 292 * When this is actually linked into the slab this will change. 293 * Until then the count of valid slabs will make sure we don't 294 * accidentally follow this and assume it's a valid index. 295 */ 296 slabref->us_freelist[freei].us_item = 0; 297 } else { 298 if (slab->us_freelist[freei].us_item != 255) { 299 printf("Slab at %p, freei %d = %d.\n", 300 slab, freei, slab->us_freelist[freei].us_item); 301 panic("Duplicate free of item %p from zone %p(%s)\n", 302 item, zone, zone->uz_name); 303 } 304 305 /* 306 * When this is actually linked into the slab this will change. 307 * Until then the count of valid slabs will make sure we don't 308 * accidentally follow this and assume it's a valid index. 309 */ 310 slab->us_freelist[freei].us_item = 0; 311 } 312 } 313