1 /* 2 * Copyright (c) 2002, Jeffrey Roberson <jroberson@chesapeake.net> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice unmodified, this list of conditions, and the following 10 * disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 * 26 * $FreeBSD$ 27 * 28 */ 29 30 /* 31 * uma_dbg.c Debugging features for UMA users 32 * 33 */ 34 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/kernel.h> 39 #include <sys/types.h> 40 #include <sys/queue.h> 41 #include <sys/lock.h> 42 #include <sys/mutex.h> 43 #include <sys/malloc.h> 44 45 #include <machine/types.h> 46 47 #include <vm/uma.h> 48 #include <vm/uma_int.h> 49 #include <vm/uma_dbg.h> 50 51 static const u_int32_t uma_junk = 0xdeadc0de; 52 53 /* 54 * Checks an item to make sure it hasn't been overwritten since freed. 55 * 56 * Complies with standard ctor arg/return 57 * 58 */ 59 void 60 trash_ctor(void *mem, int size, void *arg) 61 { 62 int cnt; 63 u_int32_t *p; 64 65 cnt = size / sizeof(uma_junk); 66 67 for (p = mem; cnt > 0; cnt--, p++) 68 if (*p != uma_junk) 69 panic("Memory modified after free %p(%d)\n", 70 mem, size); 71 } 72 73 /* 74 * Fills an item with predictable garbage 75 * 76 * Complies with standard dtor arg/return 77 * 78 */ 79 void 80 trash_dtor(void *mem, int size, void *arg) 81 { 82 int cnt; 83 u_int32_t *p; 84 85 cnt = size / sizeof(uma_junk); 86 87 for (p = mem; cnt > 0; cnt--, p++) 88 *p = uma_junk; 89 } 90 91 /* 92 * Fills an item with predictable garbage 93 * 94 * Complies with standard init arg/return 95 * 96 */ 97 void 98 trash_init(void *mem, int size) 99 { 100 trash_dtor(mem, size, NULL); 101 } 102 103 /* 104 * Checks an item to make sure it hasn't been overwritten since it was freed. 105 * 106 * Complies with standard fini arg/return 107 * 108 */ 109 void 110 trash_fini(void *mem, int size) 111 { 112 trash_ctor(mem, size, NULL); 113 } 114 115 /* 116 * Checks an item to make sure it hasn't been overwritten since freed. 117 * 118 * Complies with standard ctor arg/return 119 * 120 */ 121 void 122 mtrash_ctor(void *mem, int size, void *arg) 123 { 124 struct malloc_type **ksp; 125 u_int32_t *p = mem; 126 int cnt; 127 128 size -= sizeof(struct malloc_type *); 129 ksp = (struct malloc_type **)mem; 130 ksp += size / sizeof(struct malloc_type *); 131 cnt = size / sizeof(uma_junk); 132 133 for (p = mem; cnt > 0; cnt--, p++) 134 if (*p != uma_junk) { 135 printf("Memory modified after free %p(%d)\n", 136 mem, size); 137 panic("Most recently used by %s\n", (*ksp == NULL)? 138 "none" : (*ksp)->ks_shortdesc); 139 } 140 } 141 142 /* 143 * Fills an item with predictable garbage 144 * 145 * Complies with standard dtor arg/return 146 * 147 */ 148 void 149 mtrash_dtor(void *mem, int size, void *arg) 150 { 151 int cnt; 152 u_int32_t *p; 153 154 size -= sizeof(struct malloc_type *); 155 cnt = size / sizeof(uma_junk); 156 157 for (p = mem; cnt > 0; cnt--, p++) 158 *p = uma_junk; 159 } 160 161 /* 162 * Fills an item with predictable garbage 163 * 164 * Complies with standard init arg/return 165 * 166 */ 167 void 168 mtrash_init(void *mem, int size) 169 { 170 struct malloc_type **ksp; 171 172 mtrash_dtor(mem, size, NULL); 173 174 ksp = (struct malloc_type **)mem; 175 ksp += (size / sizeof(struct malloc_type *)) - 1; 176 *ksp = NULL; 177 } 178 179 /* 180 * Checks an item to make sure it hasn't been overwritten since it was freed. 181 * 182 * Complies with standard fini arg/return 183 * 184 */ 185 void 186 mtrash_fini(void *mem, int size) 187 { 188 mtrash_ctor(mem, size, NULL); 189 } 190 191 static uma_slab_t 192 uma_dbg_getslab(uma_zone_t zone, void *item) 193 { 194 uma_slab_t slab; 195 u_int8_t *mem; 196 197 mem = (u_int8_t *)((unsigned long)item & (~UMA_SLAB_MASK)); 198 if (zone->uz_flags & UMA_ZFLAG_MALLOC) { 199 mtx_lock(&malloc_mtx); 200 slab = hash_sfind(mallochash, mem); 201 mtx_unlock(&malloc_mtx); 202 } else if (zone->uz_flags & UMA_ZFLAG_OFFPAGE) { 203 ZONE_LOCK(zone); 204 slab = hash_sfind(&zone->uz_hash, mem); 205 ZONE_UNLOCK(zone); 206 } else { 207 mem += zone->uz_pgoff; 208 slab = (uma_slab_t)mem; 209 } 210 211 return (slab); 212 } 213 214 /* 215 * Set up the slab's freei data such that uma_dbg_free can function. 216 * 217 */ 218 219 void 220 uma_dbg_alloc(uma_zone_t zone, uma_slab_t slab, void *item) 221 { 222 int freei; 223 224 if (slab == NULL) { 225 slab = uma_dbg_getslab(zone, item); 226 if (slab == NULL) 227 panic("uma: item %p did not belong to zone %s\n", 228 item, zone->uz_name); 229 } 230 231 freei = ((unsigned long)item - (unsigned long)slab->us_data) 232 / zone->uz_rsize; 233 234 slab->us_freelist[freei] = 255; 235 236 return; 237 } 238 239 /* 240 * Verifies freed addresses. Checks for alignment, valid slab membership 241 * and duplicate frees. 242 * 243 */ 244 245 void 246 uma_dbg_free(uma_zone_t zone, uma_slab_t slab, void *item) 247 { 248 int freei; 249 250 if (slab == NULL) { 251 slab = uma_dbg_getslab(zone, item); 252 if (slab == NULL) 253 panic("uma: Freed item %p did not belong to zone %s\n", 254 item, zone->uz_name); 255 } 256 257 freei = ((unsigned long)item - (unsigned long)slab->us_data) 258 / zone->uz_rsize; 259 260 if (freei >= zone->uz_ipers) 261 panic("zone: %s(%p) slab %p freelist %i out of range 0-%d\n", 262 zone->uz_name, zone, slab, freei, zone->uz_ipers-1); 263 264 if (((freei * zone->uz_rsize) + slab->us_data) != item) { 265 printf("zone: %s(%p) slab %p freed address %p unaligned.\n", 266 zone->uz_name, zone, slab, item); 267 panic("should be %p\n", 268 (freei * zone->uz_rsize) + slab->us_data); 269 } 270 271 if (slab->us_freelist[freei] != 255) { 272 printf("Slab at %p, freei %d = %d.\n", 273 slab, freei, slab->us_freelist[freei]); 274 panic("Duplicate free of item %p from zone %p(%s)\n", 275 item, zone, zone->uz_name); 276 } 277 278 /* 279 * When this is actually linked into the slab this will change. 280 * Until then the count of valid slabs will make sure we don't 281 * accidentally follow this and assume it's a valid index. 282 */ 283 slab->us_freelist[freei] = 0; 284 } 285