1 /*- 2 * Copyright (c) 2002, 2003, 2004, 2005 Jeffrey Roberson <jeff@FreeBSD.org> 3 * Copyright (c) 2004, 2005 Bosko Milekic <bmilekic@FreeBSD.org> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice unmodified, this list of conditions, and the following 11 * disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 /* 29 * uma_dbg.c Debugging features for UMA users 30 * 31 */ 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/kernel.h> 39 #include <sys/types.h> 40 #include <sys/queue.h> 41 #include <sys/lock.h> 42 #include <sys/mutex.h> 43 #include <sys/malloc.h> 44 45 #include <vm/vm.h> 46 #include <vm/vm_object.h> 47 #include <vm/vm_page.h> 48 #include <vm/uma.h> 49 #include <vm/uma_int.h> 50 #include <vm/uma_dbg.h> 51 52 static const u_int32_t uma_junk = 0xdeadc0de; 53 54 /* 55 * Checks an item to make sure it hasn't been overwritten since it was freed, 56 * prior to subsequent reallocation. 57 * 58 * Complies with standard ctor arg/return 59 * 60 */ 61 int 62 trash_ctor(void *mem, int size, void *arg, int flags) 63 { 64 int cnt; 65 u_int32_t *p; 66 67 cnt = size / sizeof(uma_junk); 68 69 for (p = mem; cnt > 0; cnt--, p++) 70 if (*p != uma_junk) { 71 printf("Memory modified after free %p(%d) val=%x @ %p\n", 72 mem, size, *p, p); 73 return (0); 74 } 75 return (0); 76 } 77 78 /* 79 * Fills an item with predictable garbage 80 * 81 * Complies with standard dtor arg/return 82 * 83 */ 84 void 85 trash_dtor(void *mem, int size, void *arg) 86 { 87 int cnt; 88 u_int32_t *p; 89 90 cnt = size / sizeof(uma_junk); 91 92 for (p = mem; cnt > 0; cnt--, p++) 93 *p = uma_junk; 94 } 95 96 /* 97 * Fills an item with predictable garbage 98 * 99 * Complies with standard init arg/return 100 * 101 */ 102 int 103 trash_init(void *mem, int size, int flags) 104 { 105 trash_dtor(mem, size, NULL); 106 return (0); 107 } 108 109 /* 110 * Checks an item to make sure it hasn't been overwritten since it was freed. 111 * 112 * Complies with standard fini arg/return 113 * 114 */ 115 void 116 trash_fini(void *mem, int size) 117 { 118 (void)trash_ctor(mem, size, NULL, 0); 119 } 120 121 int 122 mtrash_ctor(void *mem, int size, void *arg, int flags) 123 { 124 struct malloc_type **ksp; 125 u_int32_t *p = mem; 126 int cnt; 127 128 size -= sizeof(struct malloc_type *); 129 ksp = (struct malloc_type **)mem; 130 ksp += size / sizeof(struct malloc_type *); 131 cnt = size / sizeof(uma_junk); 132 133 for (p = mem; cnt > 0; cnt--, p++) 134 if (*p != uma_junk) { 135 printf("Memory modified after free %p(%d) val=%x @ %p\n", 136 mem, size, *p, p); 137 panic("Most recently used by %s\n", (*ksp == NULL)? 138 "none" : (*ksp)->ks_shortdesc); 139 } 140 return (0); 141 } 142 143 /* 144 * Fills an item with predictable garbage 145 * 146 * Complies with standard dtor arg/return 147 * 148 */ 149 void 150 mtrash_dtor(void *mem, int size, void *arg) 151 { 152 int cnt; 153 u_int32_t *p; 154 155 size -= sizeof(struct malloc_type *); 156 cnt = size / sizeof(uma_junk); 157 158 for (p = mem; cnt > 0; cnt--, p++) 159 *p = uma_junk; 160 } 161 162 /* 163 * Fills an item with predictable garbage 164 * 165 * Complies with standard init arg/return 166 * 167 */ 168 int 169 mtrash_init(void *mem, int size, int flags) 170 { 171 struct malloc_type **ksp; 172 173 mtrash_dtor(mem, size, NULL); 174 175 ksp = (struct malloc_type **)mem; 176 ksp += (size / sizeof(struct malloc_type *)) - 1; 177 *ksp = NULL; 178 return (0); 179 } 180 181 /* 182 * Checks an item to make sure it hasn't been overwritten since it was freed, 183 * prior to freeing it back to available memory. 184 * 185 * Complies with standard fini arg/return 186 * 187 */ 188 void 189 mtrash_fini(void *mem, int size) 190 { 191 (void)mtrash_ctor(mem, size, NULL, 0); 192 } 193 194 static uma_slab_t 195 uma_dbg_getslab(uma_zone_t zone, void *item) 196 { 197 uma_slab_t slab; 198 uma_keg_t keg; 199 u_int8_t *mem; 200 201 mem = (u_int8_t *)((unsigned long)item & (~UMA_SLAB_MASK)); 202 if (zone->uz_flags & UMA_ZONE_VTOSLAB) { 203 slab = vtoslab((vm_offset_t)mem); 204 } else { 205 keg = LIST_FIRST(&zone->uz_kegs)->kl_keg; 206 if (keg->uk_flags & UMA_ZONE_HASH) 207 slab = hash_sfind(&keg->uk_hash, mem); 208 else 209 slab = (uma_slab_t)(mem + keg->uk_pgoff); 210 } 211 212 return (slab); 213 } 214 215 /* 216 * Set up the slab's freei data such that uma_dbg_free can function. 217 * 218 */ 219 220 void 221 uma_dbg_alloc(uma_zone_t zone, uma_slab_t slab, void *item) 222 { 223 uma_keg_t keg; 224 uma_slabrefcnt_t slabref; 225 int freei; 226 227 if (slab == NULL) { 228 slab = uma_dbg_getslab(zone, item); 229 if (slab == NULL) 230 panic("uma: item %p did not belong to zone %s\n", 231 item, zone->uz_name); 232 } 233 keg = slab->us_keg; 234 235 freei = ((unsigned long)item - (unsigned long)slab->us_data) 236 / keg->uk_rsize; 237 238 if (keg->uk_flags & UMA_ZONE_REFCNT) { 239 slabref = (uma_slabrefcnt_t)slab; 240 slabref->us_freelist[freei].us_item = 255; 241 } else { 242 slab->us_freelist[freei].us_item = 255; 243 } 244 245 return; 246 } 247 248 /* 249 * Verifies freed addresses. Checks for alignment, valid slab membership 250 * and duplicate frees. 251 * 252 */ 253 254 void 255 uma_dbg_free(uma_zone_t zone, uma_slab_t slab, void *item) 256 { 257 uma_keg_t keg; 258 uma_slabrefcnt_t slabref; 259 int freei; 260 261 if (slab == NULL) { 262 slab = uma_dbg_getslab(zone, item); 263 if (slab == NULL) 264 panic("uma: Freed item %p did not belong to zone %s\n", 265 item, zone->uz_name); 266 } 267 keg = slab->us_keg; 268 269 freei = ((unsigned long)item - (unsigned long)slab->us_data) 270 / keg->uk_rsize; 271 272 if (freei >= keg->uk_ipers) 273 panic("zone: %s(%p) slab %p freelist %d out of range 0-%d\n", 274 zone->uz_name, zone, slab, freei, keg->uk_ipers-1); 275 276 if (((freei * keg->uk_rsize) + slab->us_data) != item) { 277 printf("zone: %s(%p) slab %p freed address %p unaligned.\n", 278 zone->uz_name, zone, slab, item); 279 panic("should be %p\n", 280 (freei * keg->uk_rsize) + slab->us_data); 281 } 282 283 if (keg->uk_flags & UMA_ZONE_REFCNT) { 284 slabref = (uma_slabrefcnt_t)slab; 285 if (slabref->us_freelist[freei].us_item != 255) { 286 printf("Slab at %p, freei %d = %d.\n", 287 slab, freei, slabref->us_freelist[freei].us_item); 288 panic("Duplicate free of item %p from zone %p(%s)\n", 289 item, zone, zone->uz_name); 290 } 291 292 /* 293 * When this is actually linked into the slab this will change. 294 * Until then the count of valid slabs will make sure we don't 295 * accidentally follow this and assume it's a valid index. 296 */ 297 slabref->us_freelist[freei].us_item = 0; 298 } else { 299 if (slab->us_freelist[freei].us_item != 255) { 300 printf("Slab at %p, freei %d = %d.\n", 301 slab, freei, slab->us_freelist[freei].us_item); 302 panic("Duplicate free of item %p from zone %p(%s)\n", 303 item, zone, zone->uz_name); 304 } 305 306 /* 307 * When this is actually linked into the slab this will change. 308 * Until then the count of valid slabs will make sure we don't 309 * accidentally follow this and assume it's a valid index. 310 */ 311 slab->us_freelist[freei].us_item = 0; 312 } 313 } 314