1 /*- 2 * Copyright (c) 2002, 2003, 2004, 2005 Jeffrey Roberson <jeff@FreeBSD.org> 3 * Copyright (c) 2004, 2005 Bosko Milekic <bmilekic@FreeBSD.org> 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice unmodified, this list of conditions, and the following 11 * disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 /* 29 * uma_dbg.c Debugging features for UMA users 30 * 31 */ 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/bitset.h> 39 #include <sys/kernel.h> 40 #include <sys/types.h> 41 #include <sys/queue.h> 42 #include <sys/lock.h> 43 #include <sys/mutex.h> 44 #include <sys/malloc.h> 45 46 #include <vm/vm.h> 47 #include <vm/vm_object.h> 48 #include <vm/vm_page.h> 49 #include <vm/uma.h> 50 #include <vm/uma_int.h> 51 #include <vm/uma_dbg.h> 52 53 static const uint32_t uma_junk = 0xdeadc0de; 54 55 /* 56 * Checks an item to make sure it hasn't been overwritten since it was freed, 57 * prior to subsequent reallocation. 58 * 59 * Complies with standard ctor arg/return 60 * 61 */ 62 int 63 trash_ctor(void *mem, int size, void *arg, int flags) 64 { 65 int cnt; 66 uint32_t *p; 67 68 cnt = size / sizeof(uma_junk); 69 70 for (p = mem; cnt > 0; cnt--, p++) 71 if (*p != uma_junk) { 72 #ifdef INVARIANTS 73 panic("Memory modified after free %p(%d) val=%x @ %p\n", 74 mem, size, *p, p); 75 #else 76 printf("Memory modified after free %p(%d) val=%x @ %p\n", 77 mem, size, *p, p); 78 #endif 79 return (0); 80 } 81 return (0); 82 } 83 84 /* 85 * Fills an item with predictable garbage 86 * 87 * Complies with standard dtor arg/return 88 * 89 */ 90 void 91 trash_dtor(void *mem, int size, void *arg) 92 { 93 int cnt; 94 uint32_t *p; 95 96 cnt = size / sizeof(uma_junk); 97 98 for (p = mem; cnt > 0; cnt--, p++) 99 *p = uma_junk; 100 } 101 102 /* 103 * Fills an item with predictable garbage 104 * 105 * Complies with standard init arg/return 106 * 107 */ 108 int 109 trash_init(void *mem, int size, int flags) 110 { 111 trash_dtor(mem, size, NULL); 112 return (0); 113 } 114 115 /* 116 * Checks an item to make sure it hasn't been overwritten since it was freed. 117 * 118 * Complies with standard fini arg/return 119 * 120 */ 121 void 122 trash_fini(void *mem, int size) 123 { 124 (void)trash_ctor(mem, size, NULL, 0); 125 } 126 127 int 128 mtrash_ctor(void *mem, int size, void *arg, int flags) 129 { 130 struct malloc_type **ksp; 131 uint32_t *p = mem; 132 int cnt; 133 134 size -= sizeof(struct malloc_type *); 135 ksp = (struct malloc_type **)mem; 136 ksp += size / sizeof(struct malloc_type *); 137 cnt = size / sizeof(uma_junk); 138 139 for (p = mem; cnt > 0; cnt--, p++) 140 if (*p != uma_junk) { 141 printf("Memory modified after free %p(%d) val=%x @ %p\n", 142 mem, size, *p, p); 143 panic("Most recently used by %s\n", (*ksp == NULL)? 144 "none" : (*ksp)->ks_shortdesc); 145 } 146 return (0); 147 } 148 149 /* 150 * Fills an item with predictable garbage 151 * 152 * Complies with standard dtor arg/return 153 * 154 */ 155 void 156 mtrash_dtor(void *mem, int size, void *arg) 157 { 158 int cnt; 159 uint32_t *p; 160 161 size -= sizeof(struct malloc_type *); 162 cnt = size / sizeof(uma_junk); 163 164 for (p = mem; cnt > 0; cnt--, p++) 165 *p = uma_junk; 166 } 167 168 /* 169 * Fills an item with predictable garbage 170 * 171 * Complies with standard init arg/return 172 * 173 */ 174 int 175 mtrash_init(void *mem, int size, int flags) 176 { 177 struct malloc_type **ksp; 178 179 mtrash_dtor(mem, size, NULL); 180 181 ksp = (struct malloc_type **)mem; 182 ksp += (size / sizeof(struct malloc_type *)) - 1; 183 *ksp = NULL; 184 return (0); 185 } 186 187 /* 188 * Checks an item to make sure it hasn't been overwritten since it was freed, 189 * prior to freeing it back to available memory. 190 * 191 * Complies with standard fini arg/return 192 * 193 */ 194 void 195 mtrash_fini(void *mem, int size) 196 { 197 (void)mtrash_ctor(mem, size, NULL, 0); 198 } 199 200 #ifdef INVARIANTS 201 static uma_slab_t 202 uma_dbg_getslab(uma_zone_t zone, void *item) 203 { 204 uma_slab_t slab; 205 uma_keg_t keg; 206 uint8_t *mem; 207 208 mem = (uint8_t *)((uintptr_t)item & (~UMA_SLAB_MASK)); 209 if (zone->uz_flags & UMA_ZONE_VTOSLAB) { 210 slab = vtoslab((vm_offset_t)mem); 211 } else { 212 /* 213 * It is safe to return the slab here even though the 214 * zone is unlocked because the item's allocation state 215 * essentially holds a reference. 216 */ 217 ZONE_LOCK(zone); 218 keg = LIST_FIRST(&zone->uz_kegs)->kl_keg; 219 if (keg->uk_flags & UMA_ZONE_HASH) 220 slab = hash_sfind(&keg->uk_hash, mem); 221 else 222 slab = (uma_slab_t)(mem + keg->uk_pgoff); 223 ZONE_UNLOCK(zone); 224 } 225 226 return (slab); 227 } 228 229 /* 230 * Set up the slab's freei data such that uma_dbg_free can function. 231 * 232 */ 233 void 234 uma_dbg_alloc(uma_zone_t zone, uma_slab_t slab, void *item) 235 { 236 uma_keg_t keg; 237 int freei; 238 239 if (zone_first_keg(zone) == NULL) 240 return; 241 if (slab == NULL) { 242 slab = uma_dbg_getslab(zone, item); 243 if (slab == NULL) 244 panic("uma: item %p did not belong to zone %s\n", 245 item, zone->uz_name); 246 } 247 keg = slab->us_keg; 248 freei = ((uintptr_t)item - (uintptr_t)slab->us_data) / keg->uk_rsize; 249 250 if (BIT_ISSET(SLAB_SETSIZE, freei, &slab->us_debugfree)) 251 panic("Duplicate alloc of %p from zone %p(%s) slab %p(%d)\n", 252 item, zone, zone->uz_name, slab, freei); 253 BIT_SET_ATOMIC(SLAB_SETSIZE, freei, &slab->us_debugfree); 254 255 return; 256 } 257 258 /* 259 * Verifies freed addresses. Checks for alignment, valid slab membership 260 * and duplicate frees. 261 * 262 */ 263 void 264 uma_dbg_free(uma_zone_t zone, uma_slab_t slab, void *item) 265 { 266 uma_keg_t keg; 267 int freei; 268 269 if (zone_first_keg(zone) == NULL) 270 return; 271 if (slab == NULL) { 272 slab = uma_dbg_getslab(zone, item); 273 if (slab == NULL) 274 panic("uma: Freed item %p did not belong to zone %s\n", 275 item, zone->uz_name); 276 } 277 keg = slab->us_keg; 278 freei = ((uintptr_t)item - (uintptr_t)slab->us_data) / keg->uk_rsize; 279 280 if (freei >= keg->uk_ipers) 281 panic("Invalid free of %p from zone %p(%s) slab %p(%d)\n", 282 item, zone, zone->uz_name, slab, freei); 283 284 if (((freei * keg->uk_rsize) + slab->us_data) != item) 285 panic("Unaligned free of %p from zone %p(%s) slab %p(%d)\n", 286 item, zone, zone->uz_name, slab, freei); 287 288 if (!BIT_ISSET(SLAB_SETSIZE, freei, &slab->us_debugfree)) 289 panic("Duplicate free of %p from zone %p(%s) slab %p(%d)\n", 290 item, zone, zone->uz_name, slab, freei); 291 292 BIT_CLR_ATOMIC(SLAB_SETSIZE, freei, &slab->us_debugfree); 293 } 294 295 #endif /* INVARIANTS */ 296