1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * Copyright 2012 Joyent, Inc. All rights reserved. 28 * Copyright (c) 2013 by Delphix. All rights reserved. 29 */ 30 31 #include "umem.h" 32 33 #include <sys/vmem_impl_user.h> 34 #include <umem_impl.h> 35 36 #include <alloca.h> 37 #include <limits.h> 38 #include <mdb/mdb_whatis.h> 39 #include <thr_uberdata.h> 40 #include <stdio.h> 41 42 #include "misc.h" 43 #include "leaky.h" 44 #include "dist.h" 45 46 #include "umem_pagesize.h" 47 48 #define UM_ALLOCATED 0x1 49 #define UM_FREE 0x2 50 #define UM_BUFCTL 0x4 51 #define UM_HASH 0x8 52 53 int umem_ready; 54 55 static int umem_stack_depth_warned; 56 static uint32_t umem_max_ncpus; 57 uint32_t umem_stack_depth; 58 59 size_t umem_pagesize; 60 61 #define UMEM_READVAR(var) \ 62 (umem_readvar(&(var), #var) == -1 && \ 63 (mdb_warn("failed to read "#var), 1)) 64 65 int 66 umem_update_variables(void) 67 { 68 size_t pagesize; 69 70 /* 71 * Figure out which type of umem is being used; if it's not there 72 * yet, succeed quietly. 73 */ 74 if (umem_set_standalone() == -1) { 75 umem_ready = 0; 76 return (0); /* umem not there yet */ 77 } 78 79 /* 80 * Solaris 9 used a different name for umem_max_ncpus. It's 81 * cheap backwards compatibility to check for both names. 82 */ 83 if (umem_readvar(&umem_max_ncpus, "umem_max_ncpus") == -1 && 84 umem_readvar(&umem_max_ncpus, "max_ncpus") == -1) { 85 mdb_warn("unable to read umem_max_ncpus or max_ncpus"); 86 return (-1); 87 } 88 if (UMEM_READVAR(umem_ready)) 89 return (-1); 90 if (UMEM_READVAR(umem_stack_depth)) 91 return (-1); 92 if (UMEM_READVAR(pagesize)) 93 return (-1); 94 95 if (umem_stack_depth > UMEM_MAX_STACK_DEPTH) { 96 if (umem_stack_depth_warned == 0) { 97 mdb_warn("umem_stack_depth corrupted (%d > %d)\n", 98 umem_stack_depth, UMEM_MAX_STACK_DEPTH); 99 umem_stack_depth_warned = 1; 100 } 101 umem_stack_depth = 0; 102 } 103 104 umem_pagesize = pagesize; 105 106 return (0); 107 } 108 109 static int 110 umem_ptc_walk_init(mdb_walk_state_t *wsp) 111 { 112 if (wsp->walk_addr == NULL) { 113 if (mdb_layered_walk("ulwp", wsp) == -1) { 114 mdb_warn("couldn't walk 'ulwp'"); 115 return (WALK_ERR); 116 } 117 } 118 119 return (WALK_NEXT); 120 } 121 122 static int 123 umem_ptc_walk_step(mdb_walk_state_t *wsp) 124 { 125 uintptr_t this; 126 int rval; 127 128 if (wsp->walk_layer != NULL) { 129 this = (uintptr_t)((ulwp_t *)wsp->walk_layer)->ul_self + 130 (uintptr_t)wsp->walk_arg; 131 } else { 132 this = wsp->walk_addr + (uintptr_t)wsp->walk_arg; 133 } 134 135 for (;;) { 136 if (mdb_vread(&this, sizeof (void *), this) == -1) { 137 mdb_warn("couldn't read ptc buffer at %p", this); 138 return (WALK_ERR); 139 } 140 141 if (this == NULL) 142 break; 143 144 rval = wsp->walk_callback(this, &this, wsp->walk_cbdata); 145 146 if (rval != WALK_NEXT) 147 return (rval); 148 } 149 150 return (wsp->walk_layer != NULL ? WALK_NEXT : WALK_DONE); 151 } 152 153 /*ARGSUSED*/ 154 static int 155 umem_init_walkers(uintptr_t addr, const umem_cache_t *c, int *sizes) 156 { 157 mdb_walker_t w; 158 char descr[64]; 159 char name[64]; 160 int i; 161 162 (void) mdb_snprintf(descr, sizeof (descr), 163 "walk the %s cache", c->cache_name); 164 165 w.walk_name = c->cache_name; 166 w.walk_descr = descr; 167 w.walk_init = umem_walk_init; 168 w.walk_step = umem_walk_step; 169 w.walk_fini = umem_walk_fini; 170 w.walk_init_arg = (void *)addr; 171 172 if (mdb_add_walker(&w) == -1) 173 mdb_warn("failed to add %s walker", c->cache_name); 174 175 if (!(c->cache_flags & UMF_PTC)) 176 return (WALK_NEXT); 177 178 /* 179 * For the per-thread cache walker, the address is the offset in the 180 * tm_roots[] array of the ulwp_t. 181 */ 182 for (i = 0; sizes[i] != 0; i++) { 183 if (sizes[i] == c->cache_bufsize) 184 break; 185 } 186 187 if (sizes[i] == 0) { 188 mdb_warn("cache %s is cached per-thread, but could not find " 189 "size in umem_alloc_sizes\n", c->cache_name); 190 return (WALK_NEXT); 191 } 192 193 if (i >= NTMEMBASE) { 194 mdb_warn("index for %s (%d) exceeds root slots (%d)\n", 195 c->cache_name, i, NTMEMBASE); 196 return (WALK_NEXT); 197 } 198 199 (void) mdb_snprintf(name, sizeof (name), 200 "umem_ptc_%d", c->cache_bufsize); 201 (void) mdb_snprintf(descr, sizeof (descr), 202 "walk the per-thread cache for %s", c->cache_name); 203 204 w.walk_name = name; 205 w.walk_descr = descr; 206 w.walk_init = umem_ptc_walk_init; 207 w.walk_step = umem_ptc_walk_step; 208 w.walk_fini = NULL; 209 w.walk_init_arg = (void *)offsetof(ulwp_t, ul_tmem.tm_roots[i]); 210 211 if (mdb_add_walker(&w) == -1) 212 mdb_warn("failed to add %s walker", w.walk_name); 213 214 return (WALK_NEXT); 215 } 216 217 /*ARGSUSED*/ 218 static void 219 umem_statechange_cb(void *arg) 220 { 221 static int been_ready = 0; 222 GElf_Sym sym; 223 int *sizes; 224 225 #ifndef _KMDB 226 leaky_cleanup(1); /* state changes invalidate leaky state */ 227 #endif 228 229 if (umem_update_variables() == -1) 230 return; 231 232 if (been_ready) 233 return; 234 235 if (umem_ready != UMEM_READY) 236 return; 237 238 been_ready = 1; 239 240 /* 241 * In order to determine the tm_roots offset of any cache that is 242 * cached per-thread, we need to have the umem_alloc_sizes array. 243 * Read this, assuring that it is zero-terminated. 244 */ 245 if (umem_lookup_by_name("umem_alloc_sizes", &sym) == -1) { 246 mdb_warn("unable to lookup 'umem_alloc_sizes'"); 247 return; 248 } 249 250 sizes = mdb_zalloc(sym.st_size + sizeof (int), UM_SLEEP | UM_GC); 251 252 if (mdb_vread(sizes, sym.st_size, (uintptr_t)sym.st_value) == -1) { 253 mdb_warn("couldn't read 'umem_alloc_sizes'"); 254 return; 255 } 256 257 (void) mdb_walk("umem_cache", (mdb_walk_cb_t)umem_init_walkers, sizes); 258 } 259 260 int 261 umem_abort_messages(void) 262 { 263 char *umem_error_buffer; 264 uint_t umem_error_begin; 265 GElf_Sym sym; 266 size_t bufsize; 267 268 if (UMEM_READVAR(umem_error_begin)) 269 return (DCMD_ERR); 270 271 if (umem_lookup_by_name("umem_error_buffer", &sym) == -1) { 272 mdb_warn("unable to look up umem_error_buffer"); 273 return (DCMD_ERR); 274 } 275 276 bufsize = (size_t)sym.st_size; 277 278 umem_error_buffer = mdb_alloc(bufsize+1, UM_SLEEP | UM_GC); 279 280 if (mdb_vread(umem_error_buffer, bufsize, (uintptr_t)sym.st_value) 281 != bufsize) { 282 mdb_warn("unable to read umem_error_buffer"); 283 return (DCMD_ERR); 284 } 285 /* put a zero after the end of the buffer to simplify printing */ 286 umem_error_buffer[bufsize] = 0; 287 288 if ((umem_error_begin % bufsize) == 0) 289 mdb_printf("%s\n", umem_error_buffer); 290 else { 291 umem_error_buffer[(umem_error_begin % bufsize) - 1] = 0; 292 mdb_printf("%s%s\n", 293 &umem_error_buffer[umem_error_begin % bufsize], 294 umem_error_buffer); 295 } 296 297 return (DCMD_OK); 298 } 299 300 static void 301 umem_log_status(const char *name, umem_log_header_t *val) 302 { 303 umem_log_header_t my_lh; 304 uintptr_t pos = (uintptr_t)val; 305 size_t size; 306 307 if (pos == NULL) 308 return; 309 310 if (mdb_vread(&my_lh, sizeof (umem_log_header_t), pos) == -1) { 311 mdb_warn("\nunable to read umem_%s_log pointer %p", 312 name, pos); 313 return; 314 } 315 316 size = my_lh.lh_chunksize * my_lh.lh_nchunks; 317 318 if (size % (1024 * 1024) == 0) 319 mdb_printf("%s=%dm ", name, size / (1024 * 1024)); 320 else if (size % 1024 == 0) 321 mdb_printf("%s=%dk ", name, size / 1024); 322 else 323 mdb_printf("%s=%d ", name, size); 324 } 325 326 typedef struct umem_debug_flags { 327 const char *udf_name; 328 uint_t udf_flags; 329 uint_t udf_clear; /* if 0, uses udf_flags */ 330 } umem_debug_flags_t; 331 332 umem_debug_flags_t umem_status_flags[] = { 333 { "random", UMF_RANDOMIZE, UMF_RANDOM }, 334 { "default", UMF_AUDIT | UMF_DEADBEEF | UMF_REDZONE | UMF_CONTENTS }, 335 { "audit", UMF_AUDIT }, 336 { "guards", UMF_DEADBEEF | UMF_REDZONE }, 337 { "nosignal", UMF_CHECKSIGNAL }, 338 { "firewall", UMF_FIREWALL }, 339 { "lite", UMF_LITE }, 340 { NULL } 341 }; 342 343 /*ARGSUSED*/ 344 int 345 umem_status(uintptr_t addr, uint_t flags, int ac, const mdb_arg_t *argv) 346 { 347 int umem_logging; 348 349 umem_log_header_t *umem_transaction_log; 350 umem_log_header_t *umem_content_log; 351 umem_log_header_t *umem_failure_log; 352 umem_log_header_t *umem_slab_log; 353 354 mdb_printf("Status:\t\t%s\n", 355 umem_ready == UMEM_READY_INIT_FAILED ? "initialization failed" : 356 umem_ready == UMEM_READY_STARTUP ? "uninitialized" : 357 umem_ready == UMEM_READY_INITING ? "initialization in process" : 358 umem_ready == UMEM_READY ? "ready and active" : 359 umem_ready == 0 ? "not loaded into address space" : 360 "unknown (umem_ready invalid)"); 361 362 if (umem_ready == 0) 363 return (DCMD_OK); 364 365 mdb_printf("Concurrency:\t%d\n", umem_max_ncpus); 366 367 if (UMEM_READVAR(umem_logging)) 368 goto err; 369 if (UMEM_READVAR(umem_transaction_log)) 370 goto err; 371 if (UMEM_READVAR(umem_content_log)) 372 goto err; 373 if (UMEM_READVAR(umem_failure_log)) 374 goto err; 375 if (UMEM_READVAR(umem_slab_log)) 376 goto err; 377 378 mdb_printf("Logs:\t\t"); 379 umem_log_status("transaction", umem_transaction_log); 380 umem_log_status("content", umem_content_log); 381 umem_log_status("fail", umem_failure_log); 382 umem_log_status("slab", umem_slab_log); 383 if (!umem_logging) 384 mdb_printf("(inactive)"); 385 mdb_printf("\n"); 386 387 mdb_printf("Message buffer:\n"); 388 return (umem_abort_messages()); 389 390 err: 391 mdb_printf("Message buffer:\n"); 392 (void) umem_abort_messages(); 393 return (DCMD_ERR); 394 } 395 396 typedef struct { 397 uintptr_t ucw_first; 398 uintptr_t ucw_current; 399 } umem_cache_walk_t; 400 401 int 402 umem_cache_walk_init(mdb_walk_state_t *wsp) 403 { 404 umem_cache_walk_t *ucw; 405 umem_cache_t c; 406 uintptr_t cp; 407 GElf_Sym sym; 408 409 if (umem_lookup_by_name("umem_null_cache", &sym) == -1) { 410 mdb_warn("couldn't find umem_null_cache"); 411 return (WALK_ERR); 412 } 413 414 cp = (uintptr_t)sym.st_value; 415 416 if (mdb_vread(&c, sizeof (umem_cache_t), cp) == -1) { 417 mdb_warn("couldn't read cache at %p", cp); 418 return (WALK_ERR); 419 } 420 421 ucw = mdb_alloc(sizeof (umem_cache_walk_t), UM_SLEEP); 422 423 ucw->ucw_first = cp; 424 ucw->ucw_current = (uintptr_t)c.cache_next; 425 wsp->walk_data = ucw; 426 427 return (WALK_NEXT); 428 } 429 430 int 431 umem_cache_walk_step(mdb_walk_state_t *wsp) 432 { 433 umem_cache_walk_t *ucw = wsp->walk_data; 434 umem_cache_t c; 435 int status; 436 437 if (mdb_vread(&c, sizeof (umem_cache_t), ucw->ucw_current) == -1) { 438 mdb_warn("couldn't read cache at %p", ucw->ucw_current); 439 return (WALK_DONE); 440 } 441 442 status = wsp->walk_callback(ucw->ucw_current, &c, wsp->walk_cbdata); 443 444 if ((ucw->ucw_current = (uintptr_t)c.cache_next) == ucw->ucw_first) 445 return (WALK_DONE); 446 447 return (status); 448 } 449 450 void 451 umem_cache_walk_fini(mdb_walk_state_t *wsp) 452 { 453 umem_cache_walk_t *ucw = wsp->walk_data; 454 mdb_free(ucw, sizeof (umem_cache_walk_t)); 455 } 456 457 typedef struct { 458 umem_cpu_t *ucw_cpus; 459 uint32_t ucw_current; 460 uint32_t ucw_max; 461 } umem_cpu_walk_state_t; 462 463 int 464 umem_cpu_walk_init(mdb_walk_state_t *wsp) 465 { 466 umem_cpu_t *umem_cpus; 467 468 umem_cpu_walk_state_t *ucw; 469 470 if (umem_readvar(&umem_cpus, "umem_cpus") == -1) { 471 mdb_warn("failed to read 'umem_cpus'"); 472 return (WALK_ERR); 473 } 474 475 ucw = mdb_alloc(sizeof (*ucw), UM_SLEEP); 476 477 ucw->ucw_cpus = umem_cpus; 478 ucw->ucw_current = 0; 479 ucw->ucw_max = umem_max_ncpus; 480 481 wsp->walk_data = ucw; 482 return (WALK_NEXT); 483 } 484 485 int 486 umem_cpu_walk_step(mdb_walk_state_t *wsp) 487 { 488 umem_cpu_t cpu; 489 umem_cpu_walk_state_t *ucw = wsp->walk_data; 490 491 uintptr_t caddr; 492 493 if (ucw->ucw_current >= ucw->ucw_max) 494 return (WALK_DONE); 495 496 caddr = (uintptr_t)&(ucw->ucw_cpus[ucw->ucw_current]); 497 498 if (mdb_vread(&cpu, sizeof (umem_cpu_t), caddr) == -1) { 499 mdb_warn("failed to read cpu %d", ucw->ucw_current); 500 return (WALK_ERR); 501 } 502 503 ucw->ucw_current++; 504 505 return (wsp->walk_callback(caddr, &cpu, wsp->walk_cbdata)); 506 } 507 508 void 509 umem_cpu_walk_fini(mdb_walk_state_t *wsp) 510 { 511 umem_cpu_walk_state_t *ucw = wsp->walk_data; 512 513 mdb_free(ucw, sizeof (*ucw)); 514 } 515 516 int 517 umem_cpu_cache_walk_init(mdb_walk_state_t *wsp) 518 { 519 if (wsp->walk_addr == NULL) { 520 mdb_warn("umem_cpu_cache doesn't support global walks"); 521 return (WALK_ERR); 522 } 523 524 if (mdb_layered_walk("umem_cpu", wsp) == -1) { 525 mdb_warn("couldn't walk 'umem_cpu'"); 526 return (WALK_ERR); 527 } 528 529 wsp->walk_data = (void *)wsp->walk_addr; 530 531 return (WALK_NEXT); 532 } 533 534 int 535 umem_cpu_cache_walk_step(mdb_walk_state_t *wsp) 536 { 537 uintptr_t caddr = (uintptr_t)wsp->walk_data; 538 const umem_cpu_t *cpu = wsp->walk_layer; 539 umem_cpu_cache_t cc; 540 541 caddr += cpu->cpu_cache_offset; 542 543 if (mdb_vread(&cc, sizeof (umem_cpu_cache_t), caddr) == -1) { 544 mdb_warn("couldn't read umem_cpu_cache at %p", caddr); 545 return (WALK_ERR); 546 } 547 548 return (wsp->walk_callback(caddr, &cc, wsp->walk_cbdata)); 549 } 550 551 int 552 umem_slab_walk_init(mdb_walk_state_t *wsp) 553 { 554 uintptr_t caddr = wsp->walk_addr; 555 umem_cache_t c; 556 557 if (caddr == NULL) { 558 mdb_warn("umem_slab doesn't support global walks\n"); 559 return (WALK_ERR); 560 } 561 562 if (mdb_vread(&c, sizeof (c), caddr) == -1) { 563 mdb_warn("couldn't read umem_cache at %p", caddr); 564 return (WALK_ERR); 565 } 566 567 wsp->walk_data = 568 (void *)(caddr + offsetof(umem_cache_t, cache_nullslab)); 569 wsp->walk_addr = (uintptr_t)c.cache_nullslab.slab_next; 570 571 return (WALK_NEXT); 572 } 573 574 int 575 umem_slab_walk_partial_init(mdb_walk_state_t *wsp) 576 { 577 uintptr_t caddr = wsp->walk_addr; 578 umem_cache_t c; 579 580 if (caddr == NULL) { 581 mdb_warn("umem_slab_partial doesn't support global walks\n"); 582 return (WALK_ERR); 583 } 584 585 if (mdb_vread(&c, sizeof (c), caddr) == -1) { 586 mdb_warn("couldn't read umem_cache at %p", caddr); 587 return (WALK_ERR); 588 } 589 590 wsp->walk_data = 591 (void *)(caddr + offsetof(umem_cache_t, cache_nullslab)); 592 wsp->walk_addr = (uintptr_t)c.cache_freelist; 593 594 /* 595 * Some consumers (umem_walk_step(), in particular) require at 596 * least one callback if there are any buffers in the cache. So 597 * if there are *no* partial slabs, report the last full slab, if 598 * any. 599 * 600 * Yes, this is ugly, but it's cleaner than the other possibilities. 601 */ 602 if ((uintptr_t)wsp->walk_data == wsp->walk_addr) 603 wsp->walk_addr = (uintptr_t)c.cache_nullslab.slab_prev; 604 605 return (WALK_NEXT); 606 } 607 608 int 609 umem_slab_walk_step(mdb_walk_state_t *wsp) 610 { 611 umem_slab_t s; 612 uintptr_t addr = wsp->walk_addr; 613 uintptr_t saddr = (uintptr_t)wsp->walk_data; 614 uintptr_t caddr = saddr - offsetof(umem_cache_t, cache_nullslab); 615 616 if (addr == saddr) 617 return (WALK_DONE); 618 619 if (mdb_vread(&s, sizeof (s), addr) == -1) { 620 mdb_warn("failed to read slab at %p", wsp->walk_addr); 621 return (WALK_ERR); 622 } 623 624 if ((uintptr_t)s.slab_cache != caddr) { 625 mdb_warn("slab %p isn't in cache %p (in cache %p)\n", 626 addr, caddr, s.slab_cache); 627 return (WALK_ERR); 628 } 629 630 wsp->walk_addr = (uintptr_t)s.slab_next; 631 632 return (wsp->walk_callback(addr, &s, wsp->walk_cbdata)); 633 } 634 635 int 636 umem_cache(uintptr_t addr, uint_t flags, int ac, const mdb_arg_t *argv) 637 { 638 umem_cache_t c; 639 640 if (!(flags & DCMD_ADDRSPEC)) { 641 if (mdb_walk_dcmd("umem_cache", "umem_cache", ac, argv) == -1) { 642 mdb_warn("can't walk umem_cache"); 643 return (DCMD_ERR); 644 } 645 return (DCMD_OK); 646 } 647 648 if (DCMD_HDRSPEC(flags)) 649 mdb_printf("%-?s %-25s %4s %8s %8s %8s\n", "ADDR", "NAME", 650 "FLAG", "CFLAG", "BUFSIZE", "BUFTOTL"); 651 652 if (mdb_vread(&c, sizeof (c), addr) == -1) { 653 mdb_warn("couldn't read umem_cache at %p", addr); 654 return (DCMD_ERR); 655 } 656 657 mdb_printf("%0?p %-25s %04x %08x %8ld %8lld\n", addr, c.cache_name, 658 c.cache_flags, c.cache_cflags, c.cache_bufsize, c.cache_buftotal); 659 660 return (DCMD_OK); 661 } 662 663 static int 664 addrcmp(const void *lhs, const void *rhs) 665 { 666 uintptr_t p1 = *((uintptr_t *)lhs); 667 uintptr_t p2 = *((uintptr_t *)rhs); 668 669 if (p1 < p2) 670 return (-1); 671 if (p1 > p2) 672 return (1); 673 return (0); 674 } 675 676 static int 677 bufctlcmp(const umem_bufctl_audit_t **lhs, const umem_bufctl_audit_t **rhs) 678 { 679 const umem_bufctl_audit_t *bcp1 = *lhs; 680 const umem_bufctl_audit_t *bcp2 = *rhs; 681 682 if (bcp1->bc_timestamp > bcp2->bc_timestamp) 683 return (-1); 684 685 if (bcp1->bc_timestamp < bcp2->bc_timestamp) 686 return (1); 687 688 return (0); 689 } 690 691 typedef struct umem_hash_walk { 692 uintptr_t *umhw_table; 693 size_t umhw_nelems; 694 size_t umhw_pos; 695 umem_bufctl_t umhw_cur; 696 } umem_hash_walk_t; 697 698 int 699 umem_hash_walk_init(mdb_walk_state_t *wsp) 700 { 701 umem_hash_walk_t *umhw; 702 uintptr_t *hash; 703 umem_cache_t c; 704 uintptr_t haddr, addr = wsp->walk_addr; 705 size_t nelems; 706 size_t hsize; 707 708 if (addr == NULL) { 709 mdb_warn("umem_hash doesn't support global walks\n"); 710 return (WALK_ERR); 711 } 712 713 if (mdb_vread(&c, sizeof (c), addr) == -1) { 714 mdb_warn("couldn't read cache at addr %p", addr); 715 return (WALK_ERR); 716 } 717 718 if (!(c.cache_flags & UMF_HASH)) { 719 mdb_warn("cache %p doesn't have a hash table\n", addr); 720 return (WALK_DONE); /* nothing to do */ 721 } 722 723 umhw = mdb_zalloc(sizeof (umem_hash_walk_t), UM_SLEEP); 724 umhw->umhw_cur.bc_next = NULL; 725 umhw->umhw_pos = 0; 726 727 umhw->umhw_nelems = nelems = c.cache_hash_mask + 1; 728 hsize = nelems * sizeof (uintptr_t); 729 haddr = (uintptr_t)c.cache_hash_table; 730 731 umhw->umhw_table = hash = mdb_alloc(hsize, UM_SLEEP); 732 if (mdb_vread(hash, hsize, haddr) == -1) { 733 mdb_warn("failed to read hash table at %p", haddr); 734 mdb_free(hash, hsize); 735 mdb_free(umhw, sizeof (umem_hash_walk_t)); 736 return (WALK_ERR); 737 } 738 739 wsp->walk_data = umhw; 740 741 return (WALK_NEXT); 742 } 743 744 int 745 umem_hash_walk_step(mdb_walk_state_t *wsp) 746 { 747 umem_hash_walk_t *umhw = wsp->walk_data; 748 uintptr_t addr = NULL; 749 750 if ((addr = (uintptr_t)umhw->umhw_cur.bc_next) == NULL) { 751 while (umhw->umhw_pos < umhw->umhw_nelems) { 752 if ((addr = umhw->umhw_table[umhw->umhw_pos++]) != NULL) 753 break; 754 } 755 } 756 if (addr == NULL) 757 return (WALK_DONE); 758 759 if (mdb_vread(&umhw->umhw_cur, sizeof (umem_bufctl_t), addr) == -1) { 760 mdb_warn("couldn't read umem_bufctl_t at addr %p", addr); 761 return (WALK_ERR); 762 } 763 764 return (wsp->walk_callback(addr, &umhw->umhw_cur, wsp->walk_cbdata)); 765 } 766 767 void 768 umem_hash_walk_fini(mdb_walk_state_t *wsp) 769 { 770 umem_hash_walk_t *umhw = wsp->walk_data; 771 772 if (umhw == NULL) 773 return; 774 775 mdb_free(umhw->umhw_table, umhw->umhw_nelems * sizeof (uintptr_t)); 776 mdb_free(umhw, sizeof (umem_hash_walk_t)); 777 } 778 779 /* 780 * Find the address of the bufctl structure for the address 'buf' in cache 781 * 'cp', which is at address caddr, and place it in *out. 782 */ 783 static int 784 umem_hash_lookup(umem_cache_t *cp, uintptr_t caddr, void *buf, uintptr_t *out) 785 { 786 uintptr_t bucket = (uintptr_t)UMEM_HASH(cp, buf); 787 umem_bufctl_t *bcp; 788 umem_bufctl_t bc; 789 790 if (mdb_vread(&bcp, sizeof (umem_bufctl_t *), bucket) == -1) { 791 mdb_warn("unable to read hash bucket for %p in cache %p", 792 buf, caddr); 793 return (-1); 794 } 795 796 while (bcp != NULL) { 797 if (mdb_vread(&bc, sizeof (umem_bufctl_t), 798 (uintptr_t)bcp) == -1) { 799 mdb_warn("unable to read bufctl at %p", bcp); 800 return (-1); 801 } 802 if (bc.bc_addr == buf) { 803 *out = (uintptr_t)bcp; 804 return (0); 805 } 806 bcp = bc.bc_next; 807 } 808 809 mdb_warn("unable to find bufctl for %p in cache %p\n", buf, caddr); 810 return (-1); 811 } 812 813 int 814 umem_get_magsize(const umem_cache_t *cp) 815 { 816 uintptr_t addr = (uintptr_t)cp->cache_magtype; 817 GElf_Sym mt_sym; 818 umem_magtype_t mt; 819 int res; 820 821 /* 822 * if cpu 0 has a non-zero magsize, it must be correct. caches 823 * with UMF_NOMAGAZINE have disabled their magazine layers, so 824 * it is okay to return 0 for them. 825 */ 826 if ((res = cp->cache_cpu[0].cc_magsize) != 0 || 827 (cp->cache_flags & UMF_NOMAGAZINE)) 828 return (res); 829 830 if (umem_lookup_by_name("umem_magtype", &mt_sym) == -1) { 831 mdb_warn("unable to read 'umem_magtype'"); 832 } else if (addr < mt_sym.st_value || 833 addr + sizeof (mt) - 1 > mt_sym.st_value + mt_sym.st_size - 1 || 834 ((addr - mt_sym.st_value) % sizeof (mt)) != 0) { 835 mdb_warn("cache '%s' has invalid magtype pointer (%p)\n", 836 cp->cache_name, addr); 837 return (0); 838 } 839 if (mdb_vread(&mt, sizeof (mt), addr) == -1) { 840 mdb_warn("unable to read magtype at %a", addr); 841 return (0); 842 } 843 return (mt.mt_magsize); 844 } 845 846 /*ARGSUSED*/ 847 static int 848 umem_estimate_slab(uintptr_t addr, const umem_slab_t *sp, size_t *est) 849 { 850 *est -= (sp->slab_chunks - sp->slab_refcnt); 851 852 return (WALK_NEXT); 853 } 854 855 /* 856 * Returns an upper bound on the number of allocated buffers in a given 857 * cache. 858 */ 859 size_t 860 umem_estimate_allocated(uintptr_t addr, const umem_cache_t *cp) 861 { 862 int magsize; 863 size_t cache_est; 864 865 cache_est = cp->cache_buftotal; 866 867 (void) mdb_pwalk("umem_slab_partial", 868 (mdb_walk_cb_t)umem_estimate_slab, &cache_est, addr); 869 870 if ((magsize = umem_get_magsize(cp)) != 0) { 871 size_t mag_est = cp->cache_full.ml_total * magsize; 872 873 if (cache_est >= mag_est) { 874 cache_est -= mag_est; 875 } else { 876 mdb_warn("cache %p's magazine layer holds more buffers " 877 "than the slab layer.\n", addr); 878 } 879 } 880 return (cache_est); 881 } 882 883 #define READMAG_ROUNDS(rounds) { \ 884 if (mdb_vread(mp, magbsize, (uintptr_t)ump) == -1) { \ 885 mdb_warn("couldn't read magazine at %p", ump); \ 886 goto fail; \ 887 } \ 888 for (i = 0; i < rounds; i++) { \ 889 maglist[magcnt++] = mp->mag_round[i]; \ 890 if (magcnt == magmax) { \ 891 mdb_warn("%d magazines exceeds fudge factor\n", \ 892 magcnt); \ 893 goto fail; \ 894 } \ 895 } \ 896 } 897 898 static int 899 umem_read_magazines(umem_cache_t *cp, uintptr_t addr, 900 void ***maglistp, size_t *magcntp, size_t *magmaxp) 901 { 902 umem_magazine_t *ump, *mp; 903 void **maglist = NULL; 904 int i, cpu; 905 size_t magsize, magmax, magbsize; 906 size_t magcnt = 0; 907 908 /* 909 * Read the magtype out of the cache, after verifying the pointer's 910 * correctness. 911 */ 912 magsize = umem_get_magsize(cp); 913 if (magsize == 0) { 914 *maglistp = NULL; 915 *magcntp = 0; 916 *magmaxp = 0; 917 return (0); 918 } 919 920 /* 921 * There are several places where we need to go buffer hunting: 922 * the per-CPU loaded magazine, the per-CPU spare full magazine, 923 * and the full magazine list in the depot. 924 * 925 * For an upper bound on the number of buffers in the magazine 926 * layer, we have the number of magazines on the cache_full 927 * list plus at most two magazines per CPU (the loaded and the 928 * spare). Toss in 100 magazines as a fudge factor in case this 929 * is live (the number "100" comes from the same fudge factor in 930 * crash(1M)). 931 */ 932 magmax = (cp->cache_full.ml_total + 2 * umem_max_ncpus + 100) * magsize; 933 magbsize = offsetof(umem_magazine_t, mag_round[magsize]); 934 935 if (magbsize >= PAGESIZE / 2) { 936 mdb_warn("magazine size for cache %p unreasonable (%x)\n", 937 addr, magbsize); 938 return (-1); 939 } 940 941 maglist = mdb_alloc(magmax * sizeof (void *), UM_SLEEP); 942 mp = mdb_alloc(magbsize, UM_SLEEP); 943 if (mp == NULL || maglist == NULL) 944 goto fail; 945 946 /* 947 * First up: the magazines in the depot (i.e. on the cache_full list). 948 */ 949 for (ump = cp->cache_full.ml_list; ump != NULL; ) { 950 READMAG_ROUNDS(magsize); 951 ump = mp->mag_next; 952 953 if (ump == cp->cache_full.ml_list) 954 break; /* cache_full list loop detected */ 955 } 956 957 dprintf(("cache_full list done\n")); 958 959 /* 960 * Now whip through the CPUs, snagging the loaded magazines 961 * and full spares. 962 */ 963 for (cpu = 0; cpu < umem_max_ncpus; cpu++) { 964 umem_cpu_cache_t *ccp = &cp->cache_cpu[cpu]; 965 966 dprintf(("reading cpu cache %p\n", 967 (uintptr_t)ccp - (uintptr_t)cp + addr)); 968 969 if (ccp->cc_rounds > 0 && 970 (ump = ccp->cc_loaded) != NULL) { 971 dprintf(("reading %d loaded rounds\n", ccp->cc_rounds)); 972 READMAG_ROUNDS(ccp->cc_rounds); 973 } 974 975 if (ccp->cc_prounds > 0 && 976 (ump = ccp->cc_ploaded) != NULL) { 977 dprintf(("reading %d previously loaded rounds\n", 978 ccp->cc_prounds)); 979 READMAG_ROUNDS(ccp->cc_prounds); 980 } 981 } 982 983 dprintf(("magazine layer: %d buffers\n", magcnt)); 984 985 mdb_free(mp, magbsize); 986 987 *maglistp = maglist; 988 *magcntp = magcnt; 989 *magmaxp = magmax; 990 991 return (0); 992 993 fail: 994 if (mp) 995 mdb_free(mp, magbsize); 996 if (maglist) 997 mdb_free(maglist, magmax * sizeof (void *)); 998 999 return (-1); 1000 } 1001 1002 typedef struct umem_read_ptc_walk { 1003 void **urpw_buf; 1004 size_t urpw_cnt; 1005 size_t urpw_max; 1006 } umem_read_ptc_walk_t; 1007 1008 /*ARGSUSED*/ 1009 static int 1010 umem_read_ptc_walk_buf(uintptr_t addr, 1011 const void *ignored, umem_read_ptc_walk_t *urpw) 1012 { 1013 if (urpw->urpw_cnt == urpw->urpw_max) { 1014 size_t nmax = urpw->urpw_max ? (urpw->urpw_max << 1) : 1; 1015 void **new = mdb_zalloc(nmax * sizeof (void *), UM_SLEEP); 1016 1017 if (nmax > 1) { 1018 size_t osize = urpw->urpw_max * sizeof (void *); 1019 bcopy(urpw->urpw_buf, new, osize); 1020 mdb_free(urpw->urpw_buf, osize); 1021 } 1022 1023 urpw->urpw_buf = new; 1024 urpw->urpw_max = nmax; 1025 } 1026 1027 urpw->urpw_buf[urpw->urpw_cnt++] = (void *)addr; 1028 1029 return (WALK_NEXT); 1030 } 1031 1032 static int 1033 umem_read_ptc(umem_cache_t *cp, 1034 void ***buflistp, size_t *bufcntp, size_t *bufmaxp) 1035 { 1036 umem_read_ptc_walk_t urpw; 1037 char walk[60]; 1038 int rval; 1039 1040 if (!(cp->cache_flags & UMF_PTC)) 1041 return (0); 1042 1043 (void) snprintf(walk, sizeof (walk), "umem_ptc_%d", cp->cache_bufsize); 1044 1045 urpw.urpw_buf = *buflistp; 1046 urpw.urpw_cnt = *bufcntp; 1047 urpw.urpw_max = *bufmaxp; 1048 1049 if ((rval = mdb_walk(walk, 1050 (mdb_walk_cb_t)umem_read_ptc_walk_buf, &urpw)) == -1) { 1051 mdb_warn("couldn't walk %s", walk); 1052 } 1053 1054 *buflistp = urpw.urpw_buf; 1055 *bufcntp = urpw.urpw_cnt; 1056 *bufmaxp = urpw.urpw_max; 1057 1058 return (rval); 1059 } 1060 1061 static int 1062 umem_walk_callback(mdb_walk_state_t *wsp, uintptr_t buf) 1063 { 1064 return (wsp->walk_callback(buf, NULL, wsp->walk_cbdata)); 1065 } 1066 1067 static int 1068 bufctl_walk_callback(umem_cache_t *cp, mdb_walk_state_t *wsp, uintptr_t buf) 1069 { 1070 umem_bufctl_audit_t *b; 1071 UMEM_LOCAL_BUFCTL_AUDIT(&b); 1072 1073 /* 1074 * if UMF_AUDIT is not set, we know that we're looking at a 1075 * umem_bufctl_t. 1076 */ 1077 if (!(cp->cache_flags & UMF_AUDIT) || 1078 mdb_vread(b, UMEM_BUFCTL_AUDIT_SIZE, buf) == -1) { 1079 (void) memset(b, 0, UMEM_BUFCTL_AUDIT_SIZE); 1080 if (mdb_vread(b, sizeof (umem_bufctl_t), buf) == -1) { 1081 mdb_warn("unable to read bufctl at %p", buf); 1082 return (WALK_ERR); 1083 } 1084 } 1085 1086 return (wsp->walk_callback(buf, b, wsp->walk_cbdata)); 1087 } 1088 1089 typedef struct umem_walk { 1090 int umw_type; 1091 1092 uintptr_t umw_addr; /* cache address */ 1093 umem_cache_t *umw_cp; 1094 size_t umw_csize; 1095 1096 /* 1097 * magazine layer 1098 */ 1099 void **umw_maglist; 1100 size_t umw_max; 1101 size_t umw_count; 1102 size_t umw_pos; 1103 1104 /* 1105 * slab layer 1106 */ 1107 char *umw_valid; /* to keep track of freed buffers */ 1108 char *umw_ubase; /* buffer for slab data */ 1109 } umem_walk_t; 1110 1111 static int 1112 umem_walk_init_common(mdb_walk_state_t *wsp, int type) 1113 { 1114 umem_walk_t *umw; 1115 int csize; 1116 umem_cache_t *cp; 1117 size_t vm_quantum; 1118 1119 size_t magmax, magcnt; 1120 void **maglist = NULL; 1121 uint_t chunksize, slabsize; 1122 int status = WALK_ERR; 1123 uintptr_t addr = wsp->walk_addr; 1124 const char *layered; 1125 1126 type &= ~UM_HASH; 1127 1128 if (addr == NULL) { 1129 mdb_warn("umem walk doesn't support global walks\n"); 1130 return (WALK_ERR); 1131 } 1132 1133 dprintf(("walking %p\n", addr)); 1134 1135 /* 1136 * The number of "cpus" determines how large the cache is. 1137 */ 1138 csize = UMEM_CACHE_SIZE(umem_max_ncpus); 1139 cp = mdb_alloc(csize, UM_SLEEP); 1140 1141 if (mdb_vread(cp, csize, addr) == -1) { 1142 mdb_warn("couldn't read cache at addr %p", addr); 1143 goto out2; 1144 } 1145 1146 /* 1147 * It's easy for someone to hand us an invalid cache address. 1148 * Unfortunately, it is hard for this walker to survive an 1149 * invalid cache cleanly. So we make sure that: 1150 * 1151 * 1. the vmem arena for the cache is readable, 1152 * 2. the vmem arena's quantum is a power of 2, 1153 * 3. our slabsize is a multiple of the quantum, and 1154 * 4. our chunksize is >0 and less than our slabsize. 1155 */ 1156 if (mdb_vread(&vm_quantum, sizeof (vm_quantum), 1157 (uintptr_t)&cp->cache_arena->vm_quantum) == -1 || 1158 vm_quantum == 0 || 1159 (vm_quantum & (vm_quantum - 1)) != 0 || 1160 cp->cache_slabsize < vm_quantum || 1161 P2PHASE(cp->cache_slabsize, vm_quantum) != 0 || 1162 cp->cache_chunksize == 0 || 1163 cp->cache_chunksize > cp->cache_slabsize) { 1164 mdb_warn("%p is not a valid umem_cache_t\n", addr); 1165 goto out2; 1166 } 1167 1168 dprintf(("buf total is %d\n", cp->cache_buftotal)); 1169 1170 if (cp->cache_buftotal == 0) { 1171 mdb_free(cp, csize); 1172 return (WALK_DONE); 1173 } 1174 1175 /* 1176 * If they ask for bufctls, but it's a small-slab cache, 1177 * there is nothing to report. 1178 */ 1179 if ((type & UM_BUFCTL) && !(cp->cache_flags & UMF_HASH)) { 1180 dprintf(("bufctl requested, not UMF_HASH (flags: %p)\n", 1181 cp->cache_flags)); 1182 mdb_free(cp, csize); 1183 return (WALK_DONE); 1184 } 1185 1186 /* 1187 * Read in the contents of the magazine layer 1188 */ 1189 if (umem_read_magazines(cp, addr, &maglist, &magcnt, &magmax) != 0) 1190 goto out2; 1191 1192 /* 1193 * Read in the contents of the per-thread caches, if any 1194 */ 1195 if (umem_read_ptc(cp, &maglist, &magcnt, &magmax) != 0) 1196 goto out2; 1197 1198 /* 1199 * We have all of the buffers from the magazines and from the 1200 * per-thread cache (if any); if we are walking allocated buffers, 1201 * sort them so we can bsearch them later. 1202 */ 1203 if (type & UM_ALLOCATED) 1204 qsort(maglist, magcnt, sizeof (void *), addrcmp); 1205 1206 wsp->walk_data = umw = mdb_zalloc(sizeof (umem_walk_t), UM_SLEEP); 1207 1208 umw->umw_type = type; 1209 umw->umw_addr = addr; 1210 umw->umw_cp = cp; 1211 umw->umw_csize = csize; 1212 umw->umw_maglist = maglist; 1213 umw->umw_max = magmax; 1214 umw->umw_count = magcnt; 1215 umw->umw_pos = 0; 1216 1217 /* 1218 * When walking allocated buffers in a UMF_HASH cache, we walk the 1219 * hash table instead of the slab layer. 1220 */ 1221 if ((cp->cache_flags & UMF_HASH) && (type & UM_ALLOCATED)) { 1222 layered = "umem_hash"; 1223 1224 umw->umw_type |= UM_HASH; 1225 } else { 1226 /* 1227 * If we are walking freed buffers, we only need the 1228 * magazine layer plus the partially allocated slabs. 1229 * To walk allocated buffers, we need all of the slabs. 1230 */ 1231 if (type & UM_ALLOCATED) 1232 layered = "umem_slab"; 1233 else 1234 layered = "umem_slab_partial"; 1235 1236 /* 1237 * for small-slab caches, we read in the entire slab. For 1238 * freed buffers, we can just walk the freelist. For 1239 * allocated buffers, we use a 'valid' array to track 1240 * the freed buffers. 1241 */ 1242 if (!(cp->cache_flags & UMF_HASH)) { 1243 chunksize = cp->cache_chunksize; 1244 slabsize = cp->cache_slabsize; 1245 1246 umw->umw_ubase = mdb_alloc(slabsize + 1247 sizeof (umem_bufctl_t), UM_SLEEP); 1248 1249 if (type & UM_ALLOCATED) 1250 umw->umw_valid = 1251 mdb_alloc(slabsize / chunksize, UM_SLEEP); 1252 } 1253 } 1254 1255 status = WALK_NEXT; 1256 1257 if (mdb_layered_walk(layered, wsp) == -1) { 1258 mdb_warn("unable to start layered '%s' walk", layered); 1259 status = WALK_ERR; 1260 } 1261 1262 out1: 1263 if (status == WALK_ERR) { 1264 if (umw->umw_valid) 1265 mdb_free(umw->umw_valid, slabsize / chunksize); 1266 1267 if (umw->umw_ubase) 1268 mdb_free(umw->umw_ubase, slabsize + 1269 sizeof (umem_bufctl_t)); 1270 1271 if (umw->umw_maglist) 1272 mdb_free(umw->umw_maglist, umw->umw_max * 1273 sizeof (uintptr_t)); 1274 1275 mdb_free(umw, sizeof (umem_walk_t)); 1276 wsp->walk_data = NULL; 1277 } 1278 1279 out2: 1280 if (status == WALK_ERR) 1281 mdb_free(cp, csize); 1282 1283 return (status); 1284 } 1285 1286 int 1287 umem_walk_step(mdb_walk_state_t *wsp) 1288 { 1289 umem_walk_t *umw = wsp->walk_data; 1290 int type = umw->umw_type; 1291 umem_cache_t *cp = umw->umw_cp; 1292 1293 void **maglist = umw->umw_maglist; 1294 int magcnt = umw->umw_count; 1295 1296 uintptr_t chunksize, slabsize; 1297 uintptr_t addr; 1298 const umem_slab_t *sp; 1299 const umem_bufctl_t *bcp; 1300 umem_bufctl_t bc; 1301 1302 int chunks; 1303 char *kbase; 1304 void *buf; 1305 int i, ret; 1306 1307 char *valid, *ubase; 1308 1309 /* 1310 * first, handle the 'umem_hash' layered walk case 1311 */ 1312 if (type & UM_HASH) { 1313 /* 1314 * We have a buffer which has been allocated out of the 1315 * global layer. We need to make sure that it's not 1316 * actually sitting in a magazine before we report it as 1317 * an allocated buffer. 1318 */ 1319 buf = ((const umem_bufctl_t *)wsp->walk_layer)->bc_addr; 1320 1321 if (magcnt > 0 && 1322 bsearch(&buf, maglist, magcnt, sizeof (void *), 1323 addrcmp) != NULL) 1324 return (WALK_NEXT); 1325 1326 if (type & UM_BUFCTL) 1327 return (bufctl_walk_callback(cp, wsp, wsp->walk_addr)); 1328 1329 return (umem_walk_callback(wsp, (uintptr_t)buf)); 1330 } 1331 1332 ret = WALK_NEXT; 1333 1334 addr = umw->umw_addr; 1335 1336 /* 1337 * If we're walking freed buffers, report everything in the 1338 * magazine layer before processing the first slab. 1339 */ 1340 if ((type & UM_FREE) && magcnt != 0) { 1341 umw->umw_count = 0; /* only do this once */ 1342 for (i = 0; i < magcnt; i++) { 1343 buf = maglist[i]; 1344 1345 if (type & UM_BUFCTL) { 1346 uintptr_t out; 1347 1348 if (cp->cache_flags & UMF_BUFTAG) { 1349 umem_buftag_t *btp; 1350 umem_buftag_t tag; 1351 1352 /* LINTED - alignment */ 1353 btp = UMEM_BUFTAG(cp, buf); 1354 if (mdb_vread(&tag, sizeof (tag), 1355 (uintptr_t)btp) == -1) { 1356 mdb_warn("reading buftag for " 1357 "%p at %p", buf, btp); 1358 continue; 1359 } 1360 out = (uintptr_t)tag.bt_bufctl; 1361 } else { 1362 if (umem_hash_lookup(cp, addr, buf, 1363 &out) == -1) 1364 continue; 1365 } 1366 ret = bufctl_walk_callback(cp, wsp, out); 1367 } else { 1368 ret = umem_walk_callback(wsp, (uintptr_t)buf); 1369 } 1370 1371 if (ret != WALK_NEXT) 1372 return (ret); 1373 } 1374 } 1375 1376 /* 1377 * Handle the buffers in the current slab 1378 */ 1379 chunksize = cp->cache_chunksize; 1380 slabsize = cp->cache_slabsize; 1381 1382 sp = wsp->walk_layer; 1383 chunks = sp->slab_chunks; 1384 kbase = sp->slab_base; 1385 1386 dprintf(("kbase is %p\n", kbase)); 1387 1388 if (!(cp->cache_flags & UMF_HASH)) { 1389 valid = umw->umw_valid; 1390 ubase = umw->umw_ubase; 1391 1392 if (mdb_vread(ubase, chunks * chunksize, 1393 (uintptr_t)kbase) == -1) { 1394 mdb_warn("failed to read slab contents at %p", kbase); 1395 return (WALK_ERR); 1396 } 1397 1398 /* 1399 * Set up the valid map as fully allocated -- we'll punch 1400 * out the freelist. 1401 */ 1402 if (type & UM_ALLOCATED) 1403 (void) memset(valid, 1, chunks); 1404 } else { 1405 valid = NULL; 1406 ubase = NULL; 1407 } 1408 1409 /* 1410 * walk the slab's freelist 1411 */ 1412 bcp = sp->slab_head; 1413 1414 dprintf(("refcnt is %d; chunks is %d\n", sp->slab_refcnt, chunks)); 1415 1416 /* 1417 * since we could be in the middle of allocating a buffer, 1418 * our refcnt could be one higher than it aught. So we 1419 * check one further on the freelist than the count allows. 1420 */ 1421 for (i = sp->slab_refcnt; i <= chunks; i++) { 1422 uint_t ndx; 1423 1424 dprintf(("bcp is %p\n", bcp)); 1425 1426 if (bcp == NULL) { 1427 if (i == chunks) 1428 break; 1429 mdb_warn( 1430 "slab %p in cache %p freelist too short by %d\n", 1431 sp, addr, chunks - i); 1432 break; 1433 } 1434 1435 if (cp->cache_flags & UMF_HASH) { 1436 if (mdb_vread(&bc, sizeof (bc), (uintptr_t)bcp) == -1) { 1437 mdb_warn("failed to read bufctl ptr at %p", 1438 bcp); 1439 break; 1440 } 1441 buf = bc.bc_addr; 1442 } else { 1443 /* 1444 * Otherwise the buffer is (or should be) in the slab 1445 * that we've read in; determine its offset in the 1446 * slab, validate that it's not corrupt, and add to 1447 * our base address to find the umem_bufctl_t. (Note 1448 * that we don't need to add the size of the bufctl 1449 * to our offset calculation because of the slop that's 1450 * allocated for the buffer at ubase.) 1451 */ 1452 uintptr_t offs = (uintptr_t)bcp - (uintptr_t)kbase; 1453 1454 if (offs > chunks * chunksize) { 1455 mdb_warn("found corrupt bufctl ptr %p" 1456 " in slab %p in cache %p\n", bcp, 1457 wsp->walk_addr, addr); 1458 break; 1459 } 1460 1461 bc = *((umem_bufctl_t *)((uintptr_t)ubase + offs)); 1462 buf = UMEM_BUF(cp, bcp); 1463 } 1464 1465 ndx = ((uintptr_t)buf - (uintptr_t)kbase) / chunksize; 1466 1467 if (ndx > slabsize / cp->cache_bufsize) { 1468 /* 1469 * This is very wrong; we have managed to find 1470 * a buffer in the slab which shouldn't 1471 * actually be here. Emit a warning, and 1472 * try to continue. 1473 */ 1474 mdb_warn("buf %p is out of range for " 1475 "slab %p, cache %p\n", buf, sp, addr); 1476 } else if (type & UM_ALLOCATED) { 1477 /* 1478 * we have found a buffer on the slab's freelist; 1479 * clear its entry 1480 */ 1481 valid[ndx] = 0; 1482 } else { 1483 /* 1484 * Report this freed buffer 1485 */ 1486 if (type & UM_BUFCTL) { 1487 ret = bufctl_walk_callback(cp, wsp, 1488 (uintptr_t)bcp); 1489 } else { 1490 ret = umem_walk_callback(wsp, (uintptr_t)buf); 1491 } 1492 if (ret != WALK_NEXT) 1493 return (ret); 1494 } 1495 1496 bcp = bc.bc_next; 1497 } 1498 1499 if (bcp != NULL) { 1500 dprintf(("slab %p in cache %p freelist too long (%p)\n", 1501 sp, addr, bcp)); 1502 } 1503 1504 /* 1505 * If we are walking freed buffers, the loop above handled reporting 1506 * them. 1507 */ 1508 if (type & UM_FREE) 1509 return (WALK_NEXT); 1510 1511 if (type & UM_BUFCTL) { 1512 mdb_warn("impossible situation: small-slab UM_BUFCTL walk for " 1513 "cache %p\n", addr); 1514 return (WALK_ERR); 1515 } 1516 1517 /* 1518 * Report allocated buffers, skipping buffers in the magazine layer. 1519 * We only get this far for small-slab caches. 1520 */ 1521 for (i = 0; ret == WALK_NEXT && i < chunks; i++) { 1522 buf = (char *)kbase + i * chunksize; 1523 1524 if (!valid[i]) 1525 continue; /* on slab freelist */ 1526 1527 if (magcnt > 0 && 1528 bsearch(&buf, maglist, magcnt, sizeof (void *), 1529 addrcmp) != NULL) 1530 continue; /* in magazine layer */ 1531 1532 ret = umem_walk_callback(wsp, (uintptr_t)buf); 1533 } 1534 return (ret); 1535 } 1536 1537 void 1538 umem_walk_fini(mdb_walk_state_t *wsp) 1539 { 1540 umem_walk_t *umw = wsp->walk_data; 1541 uintptr_t chunksize; 1542 uintptr_t slabsize; 1543 1544 if (umw == NULL) 1545 return; 1546 1547 if (umw->umw_maglist != NULL) 1548 mdb_free(umw->umw_maglist, umw->umw_max * sizeof (void *)); 1549 1550 chunksize = umw->umw_cp->cache_chunksize; 1551 slabsize = umw->umw_cp->cache_slabsize; 1552 1553 if (umw->umw_valid != NULL) 1554 mdb_free(umw->umw_valid, slabsize / chunksize); 1555 if (umw->umw_ubase != NULL) 1556 mdb_free(umw->umw_ubase, slabsize + sizeof (umem_bufctl_t)); 1557 1558 mdb_free(umw->umw_cp, umw->umw_csize); 1559 mdb_free(umw, sizeof (umem_walk_t)); 1560 } 1561 1562 /*ARGSUSED*/ 1563 static int 1564 umem_walk_all(uintptr_t addr, const umem_cache_t *c, mdb_walk_state_t *wsp) 1565 { 1566 /* 1567 * Buffers allocated from NOTOUCH caches can also show up as freed 1568 * memory in other caches. This can be a little confusing, so we 1569 * don't walk NOTOUCH caches when walking all caches (thereby assuring 1570 * that "::walk umem" and "::walk freemem" yield disjoint output). 1571 */ 1572 if (c->cache_cflags & UMC_NOTOUCH) 1573 return (WALK_NEXT); 1574 1575 if (mdb_pwalk(wsp->walk_data, wsp->walk_callback, 1576 wsp->walk_cbdata, addr) == -1) 1577 return (WALK_DONE); 1578 1579 return (WALK_NEXT); 1580 } 1581 1582 #define UMEM_WALK_ALL(name, wsp) { \ 1583 wsp->walk_data = (name); \ 1584 if (mdb_walk("umem_cache", (mdb_walk_cb_t)umem_walk_all, wsp) == -1) \ 1585 return (WALK_ERR); \ 1586 return (WALK_DONE); \ 1587 } 1588 1589 int 1590 umem_walk_init(mdb_walk_state_t *wsp) 1591 { 1592 if (wsp->walk_arg != NULL) 1593 wsp->walk_addr = (uintptr_t)wsp->walk_arg; 1594 1595 if (wsp->walk_addr == NULL) 1596 UMEM_WALK_ALL("umem", wsp); 1597 return (umem_walk_init_common(wsp, UM_ALLOCATED)); 1598 } 1599 1600 int 1601 bufctl_walk_init(mdb_walk_state_t *wsp) 1602 { 1603 if (wsp->walk_addr == NULL) 1604 UMEM_WALK_ALL("bufctl", wsp); 1605 return (umem_walk_init_common(wsp, UM_ALLOCATED | UM_BUFCTL)); 1606 } 1607 1608 int 1609 freemem_walk_init(mdb_walk_state_t *wsp) 1610 { 1611 if (wsp->walk_addr == NULL) 1612 UMEM_WALK_ALL("freemem", wsp); 1613 return (umem_walk_init_common(wsp, UM_FREE)); 1614 } 1615 1616 int 1617 freectl_walk_init(mdb_walk_state_t *wsp) 1618 { 1619 if (wsp->walk_addr == NULL) 1620 UMEM_WALK_ALL("freectl", wsp); 1621 return (umem_walk_init_common(wsp, UM_FREE | UM_BUFCTL)); 1622 } 1623 1624 typedef struct bufctl_history_walk { 1625 void *bhw_next; 1626 umem_cache_t *bhw_cache; 1627 umem_slab_t *bhw_slab; 1628 hrtime_t bhw_timestamp; 1629 } bufctl_history_walk_t; 1630 1631 int 1632 bufctl_history_walk_init(mdb_walk_state_t *wsp) 1633 { 1634 bufctl_history_walk_t *bhw; 1635 umem_bufctl_audit_t bc; 1636 umem_bufctl_audit_t bcn; 1637 1638 if (wsp->walk_addr == NULL) { 1639 mdb_warn("bufctl_history walk doesn't support global walks\n"); 1640 return (WALK_ERR); 1641 } 1642 1643 if (mdb_vread(&bc, sizeof (bc), wsp->walk_addr) == -1) { 1644 mdb_warn("unable to read bufctl at %p", wsp->walk_addr); 1645 return (WALK_ERR); 1646 } 1647 1648 bhw = mdb_zalloc(sizeof (*bhw), UM_SLEEP); 1649 bhw->bhw_timestamp = 0; 1650 bhw->bhw_cache = bc.bc_cache; 1651 bhw->bhw_slab = bc.bc_slab; 1652 1653 /* 1654 * sometimes the first log entry matches the base bufctl; in that 1655 * case, skip the base bufctl. 1656 */ 1657 if (bc.bc_lastlog != NULL && 1658 mdb_vread(&bcn, sizeof (bcn), (uintptr_t)bc.bc_lastlog) != -1 && 1659 bc.bc_addr == bcn.bc_addr && 1660 bc.bc_cache == bcn.bc_cache && 1661 bc.bc_slab == bcn.bc_slab && 1662 bc.bc_timestamp == bcn.bc_timestamp && 1663 bc.bc_thread == bcn.bc_thread) 1664 bhw->bhw_next = bc.bc_lastlog; 1665 else 1666 bhw->bhw_next = (void *)wsp->walk_addr; 1667 1668 wsp->walk_addr = (uintptr_t)bc.bc_addr; 1669 wsp->walk_data = bhw; 1670 1671 return (WALK_NEXT); 1672 } 1673 1674 int 1675 bufctl_history_walk_step(mdb_walk_state_t *wsp) 1676 { 1677 bufctl_history_walk_t *bhw = wsp->walk_data; 1678 uintptr_t addr = (uintptr_t)bhw->bhw_next; 1679 uintptr_t baseaddr = wsp->walk_addr; 1680 umem_bufctl_audit_t *b; 1681 UMEM_LOCAL_BUFCTL_AUDIT(&b); 1682 1683 if (addr == NULL) 1684 return (WALK_DONE); 1685 1686 if (mdb_vread(b, UMEM_BUFCTL_AUDIT_SIZE, addr) == -1) { 1687 mdb_warn("unable to read bufctl at %p", bhw->bhw_next); 1688 return (WALK_ERR); 1689 } 1690 1691 /* 1692 * The bufctl is only valid if the address, cache, and slab are 1693 * correct. We also check that the timestamp is decreasing, to 1694 * prevent infinite loops. 1695 */ 1696 if ((uintptr_t)b->bc_addr != baseaddr || 1697 b->bc_cache != bhw->bhw_cache || 1698 b->bc_slab != bhw->bhw_slab || 1699 (bhw->bhw_timestamp != 0 && b->bc_timestamp >= bhw->bhw_timestamp)) 1700 return (WALK_DONE); 1701 1702 bhw->bhw_next = b->bc_lastlog; 1703 bhw->bhw_timestamp = b->bc_timestamp; 1704 1705 return (wsp->walk_callback(addr, b, wsp->walk_cbdata)); 1706 } 1707 1708 void 1709 bufctl_history_walk_fini(mdb_walk_state_t *wsp) 1710 { 1711 bufctl_history_walk_t *bhw = wsp->walk_data; 1712 1713 mdb_free(bhw, sizeof (*bhw)); 1714 } 1715 1716 typedef struct umem_log_walk { 1717 umem_bufctl_audit_t *ulw_base; 1718 umem_bufctl_audit_t **ulw_sorted; 1719 umem_log_header_t ulw_lh; 1720 size_t ulw_size; 1721 size_t ulw_maxndx; 1722 size_t ulw_ndx; 1723 } umem_log_walk_t; 1724 1725 int 1726 umem_log_walk_init(mdb_walk_state_t *wsp) 1727 { 1728 uintptr_t lp = wsp->walk_addr; 1729 umem_log_walk_t *ulw; 1730 umem_log_header_t *lhp; 1731 int maxndx, i, j, k; 1732 1733 /* 1734 * By default (global walk), walk the umem_transaction_log. Otherwise 1735 * read the log whose umem_log_header_t is stored at walk_addr. 1736 */ 1737 if (lp == NULL && umem_readvar(&lp, "umem_transaction_log") == -1) { 1738 mdb_warn("failed to read 'umem_transaction_log'"); 1739 return (WALK_ERR); 1740 } 1741 1742 if (lp == NULL) { 1743 mdb_warn("log is disabled\n"); 1744 return (WALK_ERR); 1745 } 1746 1747 ulw = mdb_zalloc(sizeof (umem_log_walk_t), UM_SLEEP); 1748 lhp = &ulw->ulw_lh; 1749 1750 if (mdb_vread(lhp, sizeof (umem_log_header_t), lp) == -1) { 1751 mdb_warn("failed to read log header at %p", lp); 1752 mdb_free(ulw, sizeof (umem_log_walk_t)); 1753 return (WALK_ERR); 1754 } 1755 1756 ulw->ulw_size = lhp->lh_chunksize * lhp->lh_nchunks; 1757 ulw->ulw_base = mdb_alloc(ulw->ulw_size, UM_SLEEP); 1758 maxndx = lhp->lh_chunksize / UMEM_BUFCTL_AUDIT_SIZE - 1; 1759 1760 if (mdb_vread(ulw->ulw_base, ulw->ulw_size, 1761 (uintptr_t)lhp->lh_base) == -1) { 1762 mdb_warn("failed to read log at base %p", lhp->lh_base); 1763 mdb_free(ulw->ulw_base, ulw->ulw_size); 1764 mdb_free(ulw, sizeof (umem_log_walk_t)); 1765 return (WALK_ERR); 1766 } 1767 1768 ulw->ulw_sorted = mdb_alloc(maxndx * lhp->lh_nchunks * 1769 sizeof (umem_bufctl_audit_t *), UM_SLEEP); 1770 1771 for (i = 0, k = 0; i < lhp->lh_nchunks; i++) { 1772 caddr_t chunk = (caddr_t) 1773 ((uintptr_t)ulw->ulw_base + i * lhp->lh_chunksize); 1774 1775 for (j = 0; j < maxndx; j++) { 1776 /* LINTED align */ 1777 ulw->ulw_sorted[k++] = (umem_bufctl_audit_t *)chunk; 1778 chunk += UMEM_BUFCTL_AUDIT_SIZE; 1779 } 1780 } 1781 1782 qsort(ulw->ulw_sorted, k, sizeof (umem_bufctl_audit_t *), 1783 (int(*)(const void *, const void *))bufctlcmp); 1784 1785 ulw->ulw_maxndx = k; 1786 wsp->walk_data = ulw; 1787 1788 return (WALK_NEXT); 1789 } 1790 1791 int 1792 umem_log_walk_step(mdb_walk_state_t *wsp) 1793 { 1794 umem_log_walk_t *ulw = wsp->walk_data; 1795 umem_bufctl_audit_t *bcp; 1796 1797 if (ulw->ulw_ndx == ulw->ulw_maxndx) 1798 return (WALK_DONE); 1799 1800 bcp = ulw->ulw_sorted[ulw->ulw_ndx++]; 1801 1802 return (wsp->walk_callback((uintptr_t)bcp - (uintptr_t)ulw->ulw_base + 1803 (uintptr_t)ulw->ulw_lh.lh_base, bcp, wsp->walk_cbdata)); 1804 } 1805 1806 void 1807 umem_log_walk_fini(mdb_walk_state_t *wsp) 1808 { 1809 umem_log_walk_t *ulw = wsp->walk_data; 1810 1811 mdb_free(ulw->ulw_base, ulw->ulw_size); 1812 mdb_free(ulw->ulw_sorted, ulw->ulw_maxndx * 1813 sizeof (umem_bufctl_audit_t *)); 1814 mdb_free(ulw, sizeof (umem_log_walk_t)); 1815 } 1816 1817 typedef struct allocdby_bufctl { 1818 uintptr_t abb_addr; 1819 hrtime_t abb_ts; 1820 } allocdby_bufctl_t; 1821 1822 typedef struct allocdby_walk { 1823 const char *abw_walk; 1824 uintptr_t abw_thread; 1825 size_t abw_nbufs; 1826 size_t abw_size; 1827 allocdby_bufctl_t *abw_buf; 1828 size_t abw_ndx; 1829 } allocdby_walk_t; 1830 1831 int 1832 allocdby_walk_bufctl(uintptr_t addr, const umem_bufctl_audit_t *bcp, 1833 allocdby_walk_t *abw) 1834 { 1835 if ((uintptr_t)bcp->bc_thread != abw->abw_thread) 1836 return (WALK_NEXT); 1837 1838 if (abw->abw_nbufs == abw->abw_size) { 1839 allocdby_bufctl_t *buf; 1840 size_t oldsize = sizeof (allocdby_bufctl_t) * abw->abw_size; 1841 1842 buf = mdb_zalloc(oldsize << 1, UM_SLEEP); 1843 1844 bcopy(abw->abw_buf, buf, oldsize); 1845 mdb_free(abw->abw_buf, oldsize); 1846 1847 abw->abw_size <<= 1; 1848 abw->abw_buf = buf; 1849 } 1850 1851 abw->abw_buf[abw->abw_nbufs].abb_addr = addr; 1852 abw->abw_buf[abw->abw_nbufs].abb_ts = bcp->bc_timestamp; 1853 abw->abw_nbufs++; 1854 1855 return (WALK_NEXT); 1856 } 1857 1858 /*ARGSUSED*/ 1859 int 1860 allocdby_walk_cache(uintptr_t addr, const umem_cache_t *c, allocdby_walk_t *abw) 1861 { 1862 if (mdb_pwalk(abw->abw_walk, (mdb_walk_cb_t)allocdby_walk_bufctl, 1863 abw, addr) == -1) { 1864 mdb_warn("couldn't walk bufctl for cache %p", addr); 1865 return (WALK_DONE); 1866 } 1867 1868 return (WALK_NEXT); 1869 } 1870 1871 static int 1872 allocdby_cmp(const allocdby_bufctl_t *lhs, const allocdby_bufctl_t *rhs) 1873 { 1874 if (lhs->abb_ts < rhs->abb_ts) 1875 return (1); 1876 if (lhs->abb_ts > rhs->abb_ts) 1877 return (-1); 1878 return (0); 1879 } 1880 1881 static int 1882 allocdby_walk_init_common(mdb_walk_state_t *wsp, const char *walk) 1883 { 1884 allocdby_walk_t *abw; 1885 1886 if (wsp->walk_addr == NULL) { 1887 mdb_warn("allocdby walk doesn't support global walks\n"); 1888 return (WALK_ERR); 1889 } 1890 1891 abw = mdb_zalloc(sizeof (allocdby_walk_t), UM_SLEEP); 1892 1893 abw->abw_thread = wsp->walk_addr; 1894 abw->abw_walk = walk; 1895 abw->abw_size = 128; /* something reasonable */ 1896 abw->abw_buf = 1897 mdb_zalloc(abw->abw_size * sizeof (allocdby_bufctl_t), UM_SLEEP); 1898 1899 wsp->walk_data = abw; 1900 1901 if (mdb_walk("umem_cache", 1902 (mdb_walk_cb_t)allocdby_walk_cache, abw) == -1) { 1903 mdb_warn("couldn't walk umem_cache"); 1904 allocdby_walk_fini(wsp); 1905 return (WALK_ERR); 1906 } 1907 1908 qsort(abw->abw_buf, abw->abw_nbufs, sizeof (allocdby_bufctl_t), 1909 (int(*)(const void *, const void *))allocdby_cmp); 1910 1911 return (WALK_NEXT); 1912 } 1913 1914 int 1915 allocdby_walk_init(mdb_walk_state_t *wsp) 1916 { 1917 return (allocdby_walk_init_common(wsp, "bufctl")); 1918 } 1919 1920 int 1921 freedby_walk_init(mdb_walk_state_t *wsp) 1922 { 1923 return (allocdby_walk_init_common(wsp, "freectl")); 1924 } 1925 1926 int 1927 allocdby_walk_step(mdb_walk_state_t *wsp) 1928 { 1929 allocdby_walk_t *abw = wsp->walk_data; 1930 uintptr_t addr; 1931 umem_bufctl_audit_t *bcp; 1932 UMEM_LOCAL_BUFCTL_AUDIT(&bcp); 1933 1934 if (abw->abw_ndx == abw->abw_nbufs) 1935 return (WALK_DONE); 1936 1937 addr = abw->abw_buf[abw->abw_ndx++].abb_addr; 1938 1939 if (mdb_vread(bcp, UMEM_BUFCTL_AUDIT_SIZE, addr) == -1) { 1940 mdb_warn("couldn't read bufctl at %p", addr); 1941 return (WALK_DONE); 1942 } 1943 1944 return (wsp->walk_callback(addr, bcp, wsp->walk_cbdata)); 1945 } 1946 1947 void 1948 allocdby_walk_fini(mdb_walk_state_t *wsp) 1949 { 1950 allocdby_walk_t *abw = wsp->walk_data; 1951 1952 mdb_free(abw->abw_buf, sizeof (allocdby_bufctl_t) * abw->abw_size); 1953 mdb_free(abw, sizeof (allocdby_walk_t)); 1954 } 1955 1956 /*ARGSUSED*/ 1957 int 1958 allocdby_walk(uintptr_t addr, const umem_bufctl_audit_t *bcp, void *ignored) 1959 { 1960 char c[MDB_SYM_NAMLEN]; 1961 GElf_Sym sym; 1962 int i; 1963 1964 mdb_printf("%0?p %12llx ", addr, bcp->bc_timestamp); 1965 for (i = 0; i < bcp->bc_depth; i++) { 1966 if (mdb_lookup_by_addr(bcp->bc_stack[i], 1967 MDB_SYM_FUZZY, c, sizeof (c), &sym) == -1) 1968 continue; 1969 if (is_umem_sym(c, "umem_")) 1970 continue; 1971 mdb_printf("%s+0x%lx", 1972 c, bcp->bc_stack[i] - (uintptr_t)sym.st_value); 1973 break; 1974 } 1975 mdb_printf("\n"); 1976 1977 return (WALK_NEXT); 1978 } 1979 1980 static int 1981 allocdby_common(uintptr_t addr, uint_t flags, const char *w) 1982 { 1983 if (!(flags & DCMD_ADDRSPEC)) 1984 return (DCMD_USAGE); 1985 1986 mdb_printf("%-?s %12s %s\n", "BUFCTL", "TIMESTAMP", "CALLER"); 1987 1988 if (mdb_pwalk(w, (mdb_walk_cb_t)allocdby_walk, NULL, addr) == -1) { 1989 mdb_warn("can't walk '%s' for %p", w, addr); 1990 return (DCMD_ERR); 1991 } 1992 1993 return (DCMD_OK); 1994 } 1995 1996 /*ARGSUSED*/ 1997 int 1998 allocdby(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv) 1999 { 2000 return (allocdby_common(addr, flags, "allocdby")); 2001 } 2002 2003 /*ARGSUSED*/ 2004 int 2005 freedby(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv) 2006 { 2007 return (allocdby_common(addr, flags, "freedby")); 2008 } 2009 2010 typedef struct whatis_info { 2011 mdb_whatis_t *wi_w; 2012 const umem_cache_t *wi_cache; 2013 const vmem_t *wi_vmem; 2014 vmem_t *wi_msb_arena; 2015 size_t wi_slab_size; 2016 int wi_slab_found; 2017 uint_t wi_freemem; 2018 } whatis_info_t; 2019 2020 /* call one of our dcmd functions with "-v" and the provided address */ 2021 static void 2022 whatis_call_printer(mdb_dcmd_f *dcmd, uintptr_t addr) 2023 { 2024 mdb_arg_t a; 2025 a.a_type = MDB_TYPE_STRING; 2026 a.a_un.a_str = "-v"; 2027 2028 mdb_printf(":\n"); 2029 (void) (*dcmd)(addr, DCMD_ADDRSPEC, 1, &a); 2030 } 2031 2032 static void 2033 whatis_print_umem(whatis_info_t *wi, uintptr_t maddr, uintptr_t addr, 2034 uintptr_t baddr) 2035 { 2036 mdb_whatis_t *w = wi->wi_w; 2037 const umem_cache_t *cp = wi->wi_cache; 2038 int quiet = (mdb_whatis_flags(w) & WHATIS_QUIET); 2039 2040 int call_printer = (!quiet && (cp->cache_flags & UMF_AUDIT)); 2041 2042 mdb_whatis_report_object(w, maddr, addr, ""); 2043 2044 if (baddr != 0 && !call_printer) 2045 mdb_printf("bufctl %p ", baddr); 2046 2047 mdb_printf("%s from %s", 2048 (wi->wi_freemem == FALSE) ? "allocated" : "freed", cp->cache_name); 2049 2050 if (call_printer && baddr != 0) { 2051 whatis_call_printer(bufctl, baddr); 2052 return; 2053 } 2054 mdb_printf("\n"); 2055 } 2056 2057 /*ARGSUSED*/ 2058 static int 2059 whatis_walk_umem(uintptr_t addr, void *ignored, whatis_info_t *wi) 2060 { 2061 mdb_whatis_t *w = wi->wi_w; 2062 2063 uintptr_t cur; 2064 size_t size = wi->wi_cache->cache_bufsize; 2065 2066 while (mdb_whatis_match(w, addr, size, &cur)) 2067 whatis_print_umem(wi, cur, addr, NULL); 2068 2069 return (WHATIS_WALKRET(w)); 2070 } 2071 2072 /*ARGSUSED*/ 2073 static int 2074 whatis_walk_bufctl(uintptr_t baddr, const umem_bufctl_t *bcp, whatis_info_t *wi) 2075 { 2076 mdb_whatis_t *w = wi->wi_w; 2077 2078 uintptr_t cur; 2079 uintptr_t addr = (uintptr_t)bcp->bc_addr; 2080 size_t size = wi->wi_cache->cache_bufsize; 2081 2082 while (mdb_whatis_match(w, addr, size, &cur)) 2083 whatis_print_umem(wi, cur, addr, baddr); 2084 2085 return (WHATIS_WALKRET(w)); 2086 } 2087 2088 2089 static int 2090 whatis_walk_seg(uintptr_t addr, const vmem_seg_t *vs, whatis_info_t *wi) 2091 { 2092 mdb_whatis_t *w = wi->wi_w; 2093 2094 size_t size = vs->vs_end - vs->vs_start; 2095 uintptr_t cur; 2096 2097 /* We're not interested in anything but alloc and free segments */ 2098 if (vs->vs_type != VMEM_ALLOC && vs->vs_type != VMEM_FREE) 2099 return (WALK_NEXT); 2100 2101 while (mdb_whatis_match(w, vs->vs_start, size, &cur)) { 2102 mdb_whatis_report_object(w, cur, vs->vs_start, ""); 2103 2104 /* 2105 * If we're not printing it seperately, provide the vmem_seg 2106 * pointer if it has a stack trace. 2107 */ 2108 if ((mdb_whatis_flags(w) & WHATIS_QUIET) && 2109 ((mdb_whatis_flags(w) & WHATIS_BUFCTL) != 0 || 2110 (vs->vs_type == VMEM_ALLOC && vs->vs_depth != 0))) { 2111 mdb_printf("vmem_seg %p ", addr); 2112 } 2113 2114 mdb_printf("%s from %s vmem arena", 2115 (vs->vs_type == VMEM_ALLOC) ? "allocated" : "freed", 2116 wi->wi_vmem->vm_name); 2117 2118 if (!mdb_whatis_flags(w) & WHATIS_QUIET) 2119 whatis_call_printer(vmem_seg, addr); 2120 else 2121 mdb_printf("\n"); 2122 } 2123 2124 return (WHATIS_WALKRET(w)); 2125 } 2126 2127 static int 2128 whatis_walk_vmem(uintptr_t addr, const vmem_t *vmem, whatis_info_t *wi) 2129 { 2130 mdb_whatis_t *w = wi->wi_w; 2131 const char *nm = vmem->vm_name; 2132 wi->wi_vmem = vmem; 2133 2134 if (mdb_whatis_flags(w) & WHATIS_VERBOSE) 2135 mdb_printf("Searching vmem arena %s...\n", nm); 2136 2137 if (mdb_pwalk("vmem_seg", 2138 (mdb_walk_cb_t)whatis_walk_seg, wi, addr) == -1) { 2139 mdb_warn("can't walk vmem seg for %p", addr); 2140 return (WALK_NEXT); 2141 } 2142 2143 return (WHATIS_WALKRET(w)); 2144 } 2145 2146 /*ARGSUSED*/ 2147 static int 2148 whatis_walk_slab(uintptr_t saddr, const umem_slab_t *sp, whatis_info_t *wi) 2149 { 2150 mdb_whatis_t *w = wi->wi_w; 2151 2152 /* It must overlap with the slab data, or it's not interesting */ 2153 if (mdb_whatis_overlaps(w, 2154 (uintptr_t)sp->slab_base, wi->wi_slab_size)) { 2155 wi->wi_slab_found++; 2156 return (WALK_DONE); 2157 } 2158 return (WALK_NEXT); 2159 } 2160 2161 static int 2162 whatis_walk_cache(uintptr_t addr, const umem_cache_t *c, whatis_info_t *wi) 2163 { 2164 mdb_whatis_t *w = wi->wi_w; 2165 char *walk, *freewalk; 2166 mdb_walk_cb_t func; 2167 int do_bufctl; 2168 2169 /* Override the '-b' flag as necessary */ 2170 if (!(c->cache_flags & UMF_HASH)) 2171 do_bufctl = FALSE; /* no bufctls to walk */ 2172 else if (c->cache_flags & UMF_AUDIT) 2173 do_bufctl = TRUE; /* we always want debugging info */ 2174 else 2175 do_bufctl = ((mdb_whatis_flags(w) & WHATIS_BUFCTL) != 0); 2176 2177 if (do_bufctl) { 2178 walk = "bufctl"; 2179 freewalk = "freectl"; 2180 func = (mdb_walk_cb_t)whatis_walk_bufctl; 2181 } else { 2182 walk = "umem"; 2183 freewalk = "freemem"; 2184 func = (mdb_walk_cb_t)whatis_walk_umem; 2185 } 2186 2187 wi->wi_cache = c; 2188 2189 if (mdb_whatis_flags(w) & WHATIS_VERBOSE) 2190 mdb_printf("Searching %s...\n", c->cache_name); 2191 2192 /* 2193 * If more then two buffers live on each slab, figure out if we're 2194 * interested in anything in any slab before doing the more expensive 2195 * umem/freemem (bufctl/freectl) walkers. 2196 */ 2197 wi->wi_slab_size = c->cache_slabsize - c->cache_maxcolor; 2198 if (!(c->cache_flags & UMF_HASH)) 2199 wi->wi_slab_size -= sizeof (umem_slab_t); 2200 2201 if ((wi->wi_slab_size / c->cache_chunksize) > 2) { 2202 wi->wi_slab_found = 0; 2203 if (mdb_pwalk("umem_slab", (mdb_walk_cb_t)whatis_walk_slab, wi, 2204 addr) == -1) { 2205 mdb_warn("can't find umem_slab walker"); 2206 return (WALK_DONE); 2207 } 2208 if (wi->wi_slab_found == 0) 2209 return (WALK_NEXT); 2210 } 2211 2212 wi->wi_freemem = FALSE; 2213 if (mdb_pwalk(walk, func, wi, addr) == -1) { 2214 mdb_warn("can't find %s walker", walk); 2215 return (WALK_DONE); 2216 } 2217 2218 if (mdb_whatis_done(w)) 2219 return (WALK_DONE); 2220 2221 /* 2222 * We have searched for allocated memory; now search for freed memory. 2223 */ 2224 if (mdb_whatis_flags(w) & WHATIS_VERBOSE) 2225 mdb_printf("Searching %s for free memory...\n", c->cache_name); 2226 2227 wi->wi_freemem = TRUE; 2228 2229 if (mdb_pwalk(freewalk, func, wi, addr) == -1) { 2230 mdb_warn("can't find %s walker", freewalk); 2231 return (WALK_DONE); 2232 } 2233 2234 return (WHATIS_WALKRET(w)); 2235 } 2236 2237 static int 2238 whatis_walk_touch(uintptr_t addr, const umem_cache_t *c, whatis_info_t *wi) 2239 { 2240 if (c->cache_arena == wi->wi_msb_arena || 2241 (c->cache_cflags & UMC_NOTOUCH)) 2242 return (WALK_NEXT); 2243 2244 return (whatis_walk_cache(addr, c, wi)); 2245 } 2246 2247 static int 2248 whatis_walk_metadata(uintptr_t addr, const umem_cache_t *c, whatis_info_t *wi) 2249 { 2250 if (c->cache_arena != wi->wi_msb_arena) 2251 return (WALK_NEXT); 2252 2253 return (whatis_walk_cache(addr, c, wi)); 2254 } 2255 2256 static int 2257 whatis_walk_notouch(uintptr_t addr, const umem_cache_t *c, whatis_info_t *wi) 2258 { 2259 if (c->cache_arena == wi->wi_msb_arena || 2260 !(c->cache_cflags & UMC_NOTOUCH)) 2261 return (WALK_NEXT); 2262 2263 return (whatis_walk_cache(addr, c, wi)); 2264 } 2265 2266 /*ARGSUSED*/ 2267 static int 2268 whatis_run_umem(mdb_whatis_t *w, void *ignored) 2269 { 2270 whatis_info_t wi; 2271 2272 bzero(&wi, sizeof (wi)); 2273 wi.wi_w = w; 2274 2275 /* umem's metadata is allocated from the umem_internal_arena */ 2276 if (umem_readvar(&wi.wi_msb_arena, "umem_internal_arena") == -1) 2277 mdb_warn("unable to readvar \"umem_internal_arena\""); 2278 2279 /* 2280 * We process umem caches in the following order: 2281 * 2282 * non-UMC_NOTOUCH, non-metadata (typically the most interesting) 2283 * metadata (can be huge with UMF_AUDIT) 2284 * UMC_NOTOUCH, non-metadata (see umem_walk_all()) 2285 */ 2286 if (mdb_walk("umem_cache", (mdb_walk_cb_t)whatis_walk_touch, 2287 &wi) == -1 || 2288 mdb_walk("umem_cache", (mdb_walk_cb_t)whatis_walk_metadata, 2289 &wi) == -1 || 2290 mdb_walk("umem_cache", (mdb_walk_cb_t)whatis_walk_notouch, 2291 &wi) == -1) { 2292 mdb_warn("couldn't find umem_cache walker"); 2293 return (1); 2294 } 2295 return (0); 2296 } 2297 2298 /*ARGSUSED*/ 2299 static int 2300 whatis_run_vmem(mdb_whatis_t *w, void *ignored) 2301 { 2302 whatis_info_t wi; 2303 2304 bzero(&wi, sizeof (wi)); 2305 wi.wi_w = w; 2306 2307 if (mdb_walk("vmem_postfix", 2308 (mdb_walk_cb_t)whatis_walk_vmem, &wi) == -1) { 2309 mdb_warn("couldn't find vmem_postfix walker"); 2310 return (1); 2311 } 2312 return (0); 2313 } 2314 2315 int 2316 umem_init(void) 2317 { 2318 mdb_walker_t w = { 2319 "umem_cache", "walk list of umem caches", umem_cache_walk_init, 2320 umem_cache_walk_step, umem_cache_walk_fini 2321 }; 2322 2323 if (mdb_add_walker(&w) == -1) { 2324 mdb_warn("failed to add umem_cache walker"); 2325 return (-1); 2326 } 2327 2328 if (umem_update_variables() == -1) 2329 return (-1); 2330 2331 /* install a callback so that our variables are always up-to-date */ 2332 (void) mdb_callback_add(MDB_CALLBACK_STCHG, umem_statechange_cb, NULL); 2333 umem_statechange_cb(NULL); 2334 2335 /* 2336 * Register our ::whatis callbacks. 2337 */ 2338 mdb_whatis_register("umem", whatis_run_umem, NULL, 2339 WHATIS_PRIO_ALLOCATOR, WHATIS_REG_NO_ID); 2340 mdb_whatis_register("vmem", whatis_run_vmem, NULL, 2341 WHATIS_PRIO_ALLOCATOR, WHATIS_REG_NO_ID); 2342 2343 return (0); 2344 } 2345 2346 typedef struct umem_log_cpu { 2347 uintptr_t umc_low; 2348 uintptr_t umc_high; 2349 } umem_log_cpu_t; 2350 2351 int 2352 umem_log_walk(uintptr_t addr, const umem_bufctl_audit_t *b, umem_log_cpu_t *umc) 2353 { 2354 int i; 2355 2356 for (i = 0; i < umem_max_ncpus; i++) { 2357 if (addr >= umc[i].umc_low && addr < umc[i].umc_high) 2358 break; 2359 } 2360 2361 if (i == umem_max_ncpus) 2362 mdb_printf(" "); 2363 else 2364 mdb_printf("%3d", i); 2365 2366 mdb_printf(" %0?p %0?p %16llx %0?p\n", addr, b->bc_addr, 2367 b->bc_timestamp, b->bc_thread); 2368 2369 return (WALK_NEXT); 2370 } 2371 2372 /*ARGSUSED*/ 2373 int 2374 umem_log(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv) 2375 { 2376 umem_log_header_t lh; 2377 umem_cpu_log_header_t clh; 2378 uintptr_t lhp, clhp; 2379 umem_log_cpu_t *umc; 2380 int i; 2381 2382 if (umem_readvar(&lhp, "umem_transaction_log") == -1) { 2383 mdb_warn("failed to read 'umem_transaction_log'"); 2384 return (DCMD_ERR); 2385 } 2386 2387 if (lhp == NULL) { 2388 mdb_warn("no umem transaction log\n"); 2389 return (DCMD_ERR); 2390 } 2391 2392 if (mdb_vread(&lh, sizeof (umem_log_header_t), lhp) == -1) { 2393 mdb_warn("failed to read log header at %p", lhp); 2394 return (DCMD_ERR); 2395 } 2396 2397 clhp = lhp + ((uintptr_t)&lh.lh_cpu[0] - (uintptr_t)&lh); 2398 2399 umc = mdb_zalloc(sizeof (umem_log_cpu_t) * umem_max_ncpus, 2400 UM_SLEEP | UM_GC); 2401 2402 for (i = 0; i < umem_max_ncpus; i++) { 2403 if (mdb_vread(&clh, sizeof (clh), clhp) == -1) { 2404 mdb_warn("cannot read cpu %d's log header at %p", 2405 i, clhp); 2406 return (DCMD_ERR); 2407 } 2408 2409 umc[i].umc_low = clh.clh_chunk * lh.lh_chunksize + 2410 (uintptr_t)lh.lh_base; 2411 umc[i].umc_high = (uintptr_t)clh.clh_current; 2412 2413 clhp += sizeof (umem_cpu_log_header_t); 2414 } 2415 2416 if (DCMD_HDRSPEC(flags)) { 2417 mdb_printf("%3s %-?s %-?s %16s %-?s\n", "CPU", "ADDR", 2418 "BUFADDR", "TIMESTAMP", "THREAD"); 2419 } 2420 2421 /* 2422 * If we have been passed an address, we'll just print out that 2423 * log entry. 2424 */ 2425 if (flags & DCMD_ADDRSPEC) { 2426 umem_bufctl_audit_t *bp; 2427 UMEM_LOCAL_BUFCTL_AUDIT(&bp); 2428 2429 if (mdb_vread(bp, UMEM_BUFCTL_AUDIT_SIZE, addr) == -1) { 2430 mdb_warn("failed to read bufctl at %p", addr); 2431 return (DCMD_ERR); 2432 } 2433 2434 (void) umem_log_walk(addr, bp, umc); 2435 2436 return (DCMD_OK); 2437 } 2438 2439 if (mdb_walk("umem_log", (mdb_walk_cb_t)umem_log_walk, umc) == -1) { 2440 mdb_warn("can't find umem log walker"); 2441 return (DCMD_ERR); 2442 } 2443 2444 return (DCMD_OK); 2445 } 2446 2447 typedef struct bufctl_history_cb { 2448 int bhc_flags; 2449 int bhc_argc; 2450 const mdb_arg_t *bhc_argv; 2451 int bhc_ret; 2452 } bufctl_history_cb_t; 2453 2454 /*ARGSUSED*/ 2455 static int 2456 bufctl_history_callback(uintptr_t addr, const void *ign, void *arg) 2457 { 2458 bufctl_history_cb_t *bhc = arg; 2459 2460 bhc->bhc_ret = 2461 bufctl(addr, bhc->bhc_flags, bhc->bhc_argc, bhc->bhc_argv); 2462 2463 bhc->bhc_flags &= ~DCMD_LOOPFIRST; 2464 2465 return ((bhc->bhc_ret == DCMD_OK)? WALK_NEXT : WALK_DONE); 2466 } 2467 2468 void 2469 bufctl_help(void) 2470 { 2471 mdb_printf("%s\n", 2472 "Display the contents of umem_bufctl_audit_ts, with optional filtering.\n"); 2473 mdb_dec_indent(2); 2474 mdb_printf("%<b>OPTIONS%</b>\n"); 2475 mdb_inc_indent(2); 2476 mdb_printf("%s", 2477 " -v Display the full content of the bufctl, including its stack trace\n" 2478 " -h retrieve the bufctl's transaction history, if available\n" 2479 " -a addr\n" 2480 " filter out bufctls not involving the buffer at addr\n" 2481 " -c caller\n" 2482 " filter out bufctls without the function/PC in their stack trace\n" 2483 " -e earliest\n" 2484 " filter out bufctls timestamped before earliest\n" 2485 " -l latest\n" 2486 " filter out bufctls timestamped after latest\n" 2487 " -t thread\n" 2488 " filter out bufctls not involving thread\n"); 2489 } 2490 2491 int 2492 bufctl(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv) 2493 { 2494 uint_t verbose = FALSE; 2495 uint_t history = FALSE; 2496 uint_t in_history = FALSE; 2497 uintptr_t caller = NULL, thread = NULL; 2498 uintptr_t laddr, haddr, baddr = NULL; 2499 hrtime_t earliest = 0, latest = 0; 2500 int i, depth; 2501 char c[MDB_SYM_NAMLEN]; 2502 GElf_Sym sym; 2503 umem_bufctl_audit_t *bcp; 2504 UMEM_LOCAL_BUFCTL_AUDIT(&bcp); 2505 2506 if (mdb_getopts(argc, argv, 2507 'v', MDB_OPT_SETBITS, TRUE, &verbose, 2508 'h', MDB_OPT_SETBITS, TRUE, &history, 2509 'H', MDB_OPT_SETBITS, TRUE, &in_history, /* internal */ 2510 'c', MDB_OPT_UINTPTR, &caller, 2511 't', MDB_OPT_UINTPTR, &thread, 2512 'e', MDB_OPT_UINT64, &earliest, 2513 'l', MDB_OPT_UINT64, &latest, 2514 'a', MDB_OPT_UINTPTR, &baddr, NULL) != argc) 2515 return (DCMD_USAGE); 2516 2517 if (!(flags & DCMD_ADDRSPEC)) 2518 return (DCMD_USAGE); 2519 2520 if (in_history && !history) 2521 return (DCMD_USAGE); 2522 2523 if (history && !in_history) { 2524 mdb_arg_t *nargv = mdb_zalloc(sizeof (*nargv) * (argc + 1), 2525 UM_SLEEP | UM_GC); 2526 bufctl_history_cb_t bhc; 2527 2528 nargv[0].a_type = MDB_TYPE_STRING; 2529 nargv[0].a_un.a_str = "-H"; /* prevent recursion */ 2530 2531 for (i = 0; i < argc; i++) 2532 nargv[i + 1] = argv[i]; 2533 2534 /* 2535 * When in history mode, we treat each element as if it 2536 * were in a seperate loop, so that the headers group 2537 * bufctls with similar histories. 2538 */ 2539 bhc.bhc_flags = flags | DCMD_LOOP | DCMD_LOOPFIRST; 2540 bhc.bhc_argc = argc + 1; 2541 bhc.bhc_argv = nargv; 2542 bhc.bhc_ret = DCMD_OK; 2543 2544 if (mdb_pwalk("bufctl_history", bufctl_history_callback, &bhc, 2545 addr) == -1) { 2546 mdb_warn("unable to walk bufctl_history"); 2547 return (DCMD_ERR); 2548 } 2549 2550 if (bhc.bhc_ret == DCMD_OK && !(flags & DCMD_PIPE_OUT)) 2551 mdb_printf("\n"); 2552 2553 return (bhc.bhc_ret); 2554 } 2555 2556 if (DCMD_HDRSPEC(flags) && !(flags & DCMD_PIPE_OUT)) { 2557 if (verbose) { 2558 mdb_printf("%16s %16s %16s %16s\n" 2559 "%<u>%16s %16s %16s %16s%</u>\n", 2560 "ADDR", "BUFADDR", "TIMESTAMP", "THREAD", 2561 "", "CACHE", "LASTLOG", "CONTENTS"); 2562 } else { 2563 mdb_printf("%<u>%-?s %-?s %-12s %5s %s%</u>\n", 2564 "ADDR", "BUFADDR", "TIMESTAMP", "THRD", "CALLER"); 2565 } 2566 } 2567 2568 if (mdb_vread(bcp, UMEM_BUFCTL_AUDIT_SIZE, addr) == -1) { 2569 mdb_warn("couldn't read bufctl at %p", addr); 2570 return (DCMD_ERR); 2571 } 2572 2573 /* 2574 * Guard against bogus bc_depth in case the bufctl is corrupt or 2575 * the address does not really refer to a bufctl. 2576 */ 2577 depth = MIN(bcp->bc_depth, umem_stack_depth); 2578 2579 if (caller != NULL) { 2580 laddr = caller; 2581 haddr = caller + sizeof (caller); 2582 2583 if (mdb_lookup_by_addr(caller, MDB_SYM_FUZZY, c, sizeof (c), 2584 &sym) != -1 && caller == (uintptr_t)sym.st_value) { 2585 /* 2586 * We were provided an exact symbol value; any 2587 * address in the function is valid. 2588 */ 2589 laddr = (uintptr_t)sym.st_value; 2590 haddr = (uintptr_t)sym.st_value + sym.st_size; 2591 } 2592 2593 for (i = 0; i < depth; i++) 2594 if (bcp->bc_stack[i] >= laddr && 2595 bcp->bc_stack[i] < haddr) 2596 break; 2597 2598 if (i == depth) 2599 return (DCMD_OK); 2600 } 2601 2602 if (thread != NULL && (uintptr_t)bcp->bc_thread != thread) 2603 return (DCMD_OK); 2604 2605 if (earliest != 0 && bcp->bc_timestamp < earliest) 2606 return (DCMD_OK); 2607 2608 if (latest != 0 && bcp->bc_timestamp > latest) 2609 return (DCMD_OK); 2610 2611 if (baddr != 0 && (uintptr_t)bcp->bc_addr != baddr) 2612 return (DCMD_OK); 2613 2614 if (flags & DCMD_PIPE_OUT) { 2615 mdb_printf("%#r\n", addr); 2616 return (DCMD_OK); 2617 } 2618 2619 if (verbose) { 2620 mdb_printf( 2621 "%<b>%16p%</b> %16p %16llx %16d\n" 2622 "%16s %16p %16p %16p\n", 2623 addr, bcp->bc_addr, bcp->bc_timestamp, bcp->bc_thread, 2624 "", bcp->bc_cache, bcp->bc_lastlog, bcp->bc_contents); 2625 2626 mdb_inc_indent(17); 2627 for (i = 0; i < depth; i++) 2628 mdb_printf("%a\n", bcp->bc_stack[i]); 2629 mdb_dec_indent(17); 2630 mdb_printf("\n"); 2631 } else { 2632 mdb_printf("%0?p %0?p %12llx %5d", addr, bcp->bc_addr, 2633 bcp->bc_timestamp, bcp->bc_thread); 2634 2635 for (i = 0; i < depth; i++) { 2636 if (mdb_lookup_by_addr(bcp->bc_stack[i], 2637 MDB_SYM_FUZZY, c, sizeof (c), &sym) == -1) 2638 continue; 2639 if (is_umem_sym(c, "umem_")) 2640 continue; 2641 mdb_printf(" %a\n", bcp->bc_stack[i]); 2642 break; 2643 } 2644 2645 if (i >= depth) 2646 mdb_printf("\n"); 2647 } 2648 2649 return (DCMD_OK); 2650 } 2651 2652 /*ARGSUSED*/ 2653 int 2654 bufctl_audit(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv) 2655 { 2656 mdb_arg_t a; 2657 2658 if (!(flags & DCMD_ADDRSPEC)) 2659 return (DCMD_USAGE); 2660 2661 if (argc != 0) 2662 return (DCMD_USAGE); 2663 2664 a.a_type = MDB_TYPE_STRING; 2665 a.a_un.a_str = "-v"; 2666 2667 return (bufctl(addr, flags, 1, &a)); 2668 } 2669 2670 typedef struct umem_verify { 2671 uint64_t *umv_buf; /* buffer to read cache contents into */ 2672 size_t umv_size; /* number of bytes in umv_buf */ 2673 int umv_corruption; /* > 0 if corruption found. */ 2674 int umv_besilent; /* report actual corruption sites */ 2675 struct umem_cache umv_cache; /* the cache we're operating on */ 2676 } umem_verify_t; 2677 2678 /* 2679 * verify_pattern() 2680 * verify that buf is filled with the pattern pat. 2681 */ 2682 static int64_t 2683 verify_pattern(uint64_t *buf_arg, size_t size, uint64_t pat) 2684 { 2685 /*LINTED*/ 2686 uint64_t *bufend = (uint64_t *)((char *)buf_arg + size); 2687 uint64_t *buf; 2688 2689 for (buf = buf_arg; buf < bufend; buf++) 2690 if (*buf != pat) 2691 return ((uintptr_t)buf - (uintptr_t)buf_arg); 2692 return (-1); 2693 } 2694 2695 /* 2696 * verify_buftag() 2697 * verify that btp->bt_bxstat == (bcp ^ pat) 2698 */ 2699 static int 2700 verify_buftag(umem_buftag_t *btp, uintptr_t pat) 2701 { 2702 return (btp->bt_bxstat == ((intptr_t)btp->bt_bufctl ^ pat) ? 0 : -1); 2703 } 2704 2705 /* 2706 * verify_free() 2707 * verify the integrity of a free block of memory by checking 2708 * that it is filled with 0xdeadbeef and that its buftag is sane. 2709 */ 2710 /*ARGSUSED1*/ 2711 static int 2712 verify_free(uintptr_t addr, const void *data, void *private) 2713 { 2714 umem_verify_t *umv = (umem_verify_t *)private; 2715 uint64_t *buf = umv->umv_buf; /* buf to validate */ 2716 int64_t corrupt; /* corruption offset */ 2717 umem_buftag_t *buftagp; /* ptr to buftag */ 2718 umem_cache_t *cp = &umv->umv_cache; 2719 int besilent = umv->umv_besilent; 2720 2721 /*LINTED*/ 2722 buftagp = UMEM_BUFTAG(cp, buf); 2723 2724 /* 2725 * Read the buffer to check. 2726 */ 2727 if (mdb_vread(buf, umv->umv_size, addr) == -1) { 2728 if (!besilent) 2729 mdb_warn("couldn't read %p", addr); 2730 return (WALK_NEXT); 2731 } 2732 2733 if ((corrupt = verify_pattern(buf, cp->cache_verify, 2734 UMEM_FREE_PATTERN)) >= 0) { 2735 if (!besilent) 2736 mdb_printf("buffer %p (free) seems corrupted, at %p\n", 2737 addr, (uintptr_t)addr + corrupt); 2738 goto corrupt; 2739 } 2740 2741 if ((cp->cache_flags & UMF_HASH) && 2742 buftagp->bt_redzone != UMEM_REDZONE_PATTERN) { 2743 if (!besilent) 2744 mdb_printf("buffer %p (free) seems to " 2745 "have a corrupt redzone pattern\n", addr); 2746 goto corrupt; 2747 } 2748 2749 /* 2750 * confirm bufctl pointer integrity. 2751 */ 2752 if (verify_buftag(buftagp, UMEM_BUFTAG_FREE) == -1) { 2753 if (!besilent) 2754 mdb_printf("buffer %p (free) has a corrupt " 2755 "buftag\n", addr); 2756 goto corrupt; 2757 } 2758 2759 return (WALK_NEXT); 2760 corrupt: 2761 umv->umv_corruption++; 2762 return (WALK_NEXT); 2763 } 2764 2765 /* 2766 * verify_alloc() 2767 * Verify that the buftag of an allocated buffer makes sense with respect 2768 * to the buffer. 2769 */ 2770 /*ARGSUSED1*/ 2771 static int 2772 verify_alloc(uintptr_t addr, const void *data, void *private) 2773 { 2774 umem_verify_t *umv = (umem_verify_t *)private; 2775 umem_cache_t *cp = &umv->umv_cache; 2776 uint64_t *buf = umv->umv_buf; /* buf to validate */ 2777 /*LINTED*/ 2778 umem_buftag_t *buftagp = UMEM_BUFTAG(cp, buf); 2779 uint32_t *ip = (uint32_t *)buftagp; 2780 uint8_t *bp = (uint8_t *)buf; 2781 int looks_ok = 0, size_ok = 1; /* flags for finding corruption */ 2782 int besilent = umv->umv_besilent; 2783 2784 /* 2785 * Read the buffer to check. 2786 */ 2787 if (mdb_vread(buf, umv->umv_size, addr) == -1) { 2788 if (!besilent) 2789 mdb_warn("couldn't read %p", addr); 2790 return (WALK_NEXT); 2791 } 2792 2793 /* 2794 * There are two cases to handle: 2795 * 1. If the buf was alloc'd using umem_cache_alloc, it will have 2796 * 0xfeedfacefeedface at the end of it 2797 * 2. If the buf was alloc'd using umem_alloc, it will have 2798 * 0xbb just past the end of the region in use. At the buftag, 2799 * it will have 0xfeedface (or, if the whole buffer is in use, 2800 * 0xfeedface & bb000000 or 0xfeedfacf & 000000bb depending on 2801 * endianness), followed by 32 bits containing the offset of the 2802 * 0xbb byte in the buffer. 2803 * 2804 * Finally, the two 32-bit words that comprise the second half of the 2805 * buftag should xor to UMEM_BUFTAG_ALLOC 2806 */ 2807 2808 if (buftagp->bt_redzone == UMEM_REDZONE_PATTERN) 2809 looks_ok = 1; 2810 else if (!UMEM_SIZE_VALID(ip[1])) 2811 size_ok = 0; 2812 else if (bp[UMEM_SIZE_DECODE(ip[1])] == UMEM_REDZONE_BYTE) 2813 looks_ok = 1; 2814 else 2815 size_ok = 0; 2816 2817 if (!size_ok) { 2818 if (!besilent) 2819 mdb_printf("buffer %p (allocated) has a corrupt " 2820 "redzone size encoding\n", addr); 2821 goto corrupt; 2822 } 2823 2824 if (!looks_ok) { 2825 if (!besilent) 2826 mdb_printf("buffer %p (allocated) has a corrupt " 2827 "redzone signature\n", addr); 2828 goto corrupt; 2829 } 2830 2831 if (verify_buftag(buftagp, UMEM_BUFTAG_ALLOC) == -1) { 2832 if (!besilent) 2833 mdb_printf("buffer %p (allocated) has a " 2834 "corrupt buftag\n", addr); 2835 goto corrupt; 2836 } 2837 2838 return (WALK_NEXT); 2839 corrupt: 2840 umv->umv_corruption++; 2841 return (WALK_NEXT); 2842 } 2843 2844 /*ARGSUSED2*/ 2845 int 2846 umem_verify(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv) 2847 { 2848 if (flags & DCMD_ADDRSPEC) { 2849 int check_alloc = 0, check_free = 0; 2850 umem_verify_t umv; 2851 2852 if (mdb_vread(&umv.umv_cache, sizeof (umv.umv_cache), 2853 addr) == -1) { 2854 mdb_warn("couldn't read umem_cache %p", addr); 2855 return (DCMD_ERR); 2856 } 2857 2858 umv.umv_size = umv.umv_cache.cache_buftag + 2859 sizeof (umem_buftag_t); 2860 umv.umv_buf = mdb_alloc(umv.umv_size, UM_SLEEP | UM_GC); 2861 umv.umv_corruption = 0; 2862 2863 if ((umv.umv_cache.cache_flags & UMF_REDZONE)) { 2864 check_alloc = 1; 2865 if (umv.umv_cache.cache_flags & UMF_DEADBEEF) 2866 check_free = 1; 2867 } else { 2868 if (!(flags & DCMD_LOOP)) { 2869 mdb_warn("cache %p (%s) does not have " 2870 "redzone checking enabled\n", addr, 2871 umv.umv_cache.cache_name); 2872 } 2873 return (DCMD_ERR); 2874 } 2875 2876 if (flags & DCMD_LOOP) { 2877 /* 2878 * table mode, don't print out every corrupt buffer 2879 */ 2880 umv.umv_besilent = 1; 2881 } else { 2882 mdb_printf("Summary for cache '%s'\n", 2883 umv.umv_cache.cache_name); 2884 mdb_inc_indent(2); 2885 umv.umv_besilent = 0; 2886 } 2887 2888 if (check_alloc) 2889 (void) mdb_pwalk("umem", verify_alloc, &umv, addr); 2890 if (check_free) 2891 (void) mdb_pwalk("freemem", verify_free, &umv, addr); 2892 2893 if (flags & DCMD_LOOP) { 2894 if (umv.umv_corruption == 0) { 2895 mdb_printf("%-*s %?p clean\n", 2896 UMEM_CACHE_NAMELEN, 2897 umv.umv_cache.cache_name, addr); 2898 } else { 2899 char *s = ""; /* optional s in "buffer[s]" */ 2900 if (umv.umv_corruption > 1) 2901 s = "s"; 2902 2903 mdb_printf("%-*s %?p %d corrupt buffer%s\n", 2904 UMEM_CACHE_NAMELEN, 2905 umv.umv_cache.cache_name, addr, 2906 umv.umv_corruption, s); 2907 } 2908 } else { 2909 /* 2910 * This is the more verbose mode, when the user has 2911 * type addr::umem_verify. If the cache was clean, 2912 * nothing will have yet been printed. So say something. 2913 */ 2914 if (umv.umv_corruption == 0) 2915 mdb_printf("clean\n"); 2916 2917 mdb_dec_indent(2); 2918 } 2919 } else { 2920 /* 2921 * If the user didn't specify a cache to verify, we'll walk all 2922 * umem_cache's, specifying ourself as a callback for each... 2923 * this is the equivalent of '::walk umem_cache .::umem_verify' 2924 */ 2925 mdb_printf("%<u>%-*s %-?s %-20s%</b>\n", UMEM_CACHE_NAMELEN, 2926 "Cache Name", "Addr", "Cache Integrity"); 2927 (void) (mdb_walk_dcmd("umem_cache", "umem_verify", 0, NULL)); 2928 } 2929 2930 return (DCMD_OK); 2931 } 2932 2933 typedef struct vmem_node { 2934 struct vmem_node *vn_next; 2935 struct vmem_node *vn_parent; 2936 struct vmem_node *vn_sibling; 2937 struct vmem_node *vn_children; 2938 uintptr_t vn_addr; 2939 int vn_marked; 2940 vmem_t vn_vmem; 2941 } vmem_node_t; 2942 2943 typedef struct vmem_walk { 2944 vmem_node_t *vw_root; 2945 vmem_node_t *vw_current; 2946 } vmem_walk_t; 2947 2948 int 2949 vmem_walk_init(mdb_walk_state_t *wsp) 2950 { 2951 uintptr_t vaddr, paddr; 2952 vmem_node_t *head = NULL, *root = NULL, *current = NULL, *parent, *vp; 2953 vmem_walk_t *vw; 2954 2955 if (umem_readvar(&vaddr, "vmem_list") == -1) { 2956 mdb_warn("couldn't read 'vmem_list'"); 2957 return (WALK_ERR); 2958 } 2959 2960 while (vaddr != NULL) { 2961 vp = mdb_zalloc(sizeof (vmem_node_t), UM_SLEEP); 2962 vp->vn_addr = vaddr; 2963 vp->vn_next = head; 2964 head = vp; 2965 2966 if (vaddr == wsp->walk_addr) 2967 current = vp; 2968 2969 if (mdb_vread(&vp->vn_vmem, sizeof (vmem_t), vaddr) == -1) { 2970 mdb_warn("couldn't read vmem_t at %p", vaddr); 2971 goto err; 2972 } 2973 2974 vaddr = (uintptr_t)vp->vn_vmem.vm_next; 2975 } 2976 2977 for (vp = head; vp != NULL; vp = vp->vn_next) { 2978 2979 if ((paddr = (uintptr_t)vp->vn_vmem.vm_source) == NULL) { 2980 vp->vn_sibling = root; 2981 root = vp; 2982 continue; 2983 } 2984 2985 for (parent = head; parent != NULL; parent = parent->vn_next) { 2986 if (parent->vn_addr != paddr) 2987 continue; 2988 vp->vn_sibling = parent->vn_children; 2989 parent->vn_children = vp; 2990 vp->vn_parent = parent; 2991 break; 2992 } 2993 2994 if (parent == NULL) { 2995 mdb_warn("couldn't find %p's parent (%p)\n", 2996 vp->vn_addr, paddr); 2997 goto err; 2998 } 2999 } 3000 3001 vw = mdb_zalloc(sizeof (vmem_walk_t), UM_SLEEP); 3002 vw->vw_root = root; 3003 3004 if (current != NULL) 3005 vw->vw_current = current; 3006 else 3007 vw->vw_current = root; 3008 3009 wsp->walk_data = vw; 3010 return (WALK_NEXT); 3011 err: 3012 for (vp = head; head != NULL; vp = head) { 3013 head = vp->vn_next; 3014 mdb_free(vp, sizeof (vmem_node_t)); 3015 } 3016 3017 return (WALK_ERR); 3018 } 3019 3020 int 3021 vmem_walk_step(mdb_walk_state_t *wsp) 3022 { 3023 vmem_walk_t *vw = wsp->walk_data; 3024 vmem_node_t *vp; 3025 int rval; 3026 3027 if ((vp = vw->vw_current) == NULL) 3028 return (WALK_DONE); 3029 3030 rval = wsp->walk_callback(vp->vn_addr, &vp->vn_vmem, wsp->walk_cbdata); 3031 3032 if (vp->vn_children != NULL) { 3033 vw->vw_current = vp->vn_children; 3034 return (rval); 3035 } 3036 3037 do { 3038 vw->vw_current = vp->vn_sibling; 3039 vp = vp->vn_parent; 3040 } while (vw->vw_current == NULL && vp != NULL); 3041 3042 return (rval); 3043 } 3044 3045 /* 3046 * The "vmem_postfix" walk walks the vmem arenas in post-fix order; all 3047 * children are visited before their parent. We perform the postfix walk 3048 * iteratively (rather than recursively) to allow mdb to regain control 3049 * after each callback. 3050 */ 3051 int 3052 vmem_postfix_walk_step(mdb_walk_state_t *wsp) 3053 { 3054 vmem_walk_t *vw = wsp->walk_data; 3055 vmem_node_t *vp = vw->vw_current; 3056 int rval; 3057 3058 /* 3059 * If this node is marked, then we know that we have already visited 3060 * all of its children. If the node has any siblings, they need to 3061 * be visited next; otherwise, we need to visit the parent. Note 3062 * that vp->vn_marked will only be zero on the first invocation of 3063 * the step function. 3064 */ 3065 if (vp->vn_marked) { 3066 if (vp->vn_sibling != NULL) 3067 vp = vp->vn_sibling; 3068 else if (vp->vn_parent != NULL) 3069 vp = vp->vn_parent; 3070 else { 3071 /* 3072 * We have neither a parent, nor a sibling, and we 3073 * have already been visited; we're done. 3074 */ 3075 return (WALK_DONE); 3076 } 3077 } 3078 3079 /* 3080 * Before we visit this node, visit its children. 3081 */ 3082 while (vp->vn_children != NULL && !vp->vn_children->vn_marked) 3083 vp = vp->vn_children; 3084 3085 vp->vn_marked = 1; 3086 vw->vw_current = vp; 3087 rval = wsp->walk_callback(vp->vn_addr, &vp->vn_vmem, wsp->walk_cbdata); 3088 3089 return (rval); 3090 } 3091 3092 void 3093 vmem_walk_fini(mdb_walk_state_t *wsp) 3094 { 3095 vmem_walk_t *vw = wsp->walk_data; 3096 vmem_node_t *root = vw->vw_root; 3097 int done; 3098 3099 if (root == NULL) 3100 return; 3101 3102 if ((vw->vw_root = root->vn_children) != NULL) 3103 vmem_walk_fini(wsp); 3104 3105 vw->vw_root = root->vn_sibling; 3106 done = (root->vn_sibling == NULL && root->vn_parent == NULL); 3107 mdb_free(root, sizeof (vmem_node_t)); 3108 3109 if (done) { 3110 mdb_free(vw, sizeof (vmem_walk_t)); 3111 } else { 3112 vmem_walk_fini(wsp); 3113 } 3114 } 3115 3116 typedef struct vmem_seg_walk { 3117 uint8_t vsw_type; 3118 uintptr_t vsw_start; 3119 uintptr_t vsw_current; 3120 } vmem_seg_walk_t; 3121 3122 /*ARGSUSED*/ 3123 int 3124 vmem_seg_walk_common_init(mdb_walk_state_t *wsp, uint8_t type, char *name) 3125 { 3126 vmem_seg_walk_t *vsw; 3127 3128 if (wsp->walk_addr == NULL) { 3129 mdb_warn("vmem_%s does not support global walks\n", name); 3130 return (WALK_ERR); 3131 } 3132 3133 wsp->walk_data = vsw = mdb_alloc(sizeof (vmem_seg_walk_t), UM_SLEEP); 3134 3135 vsw->vsw_type = type; 3136 vsw->vsw_start = wsp->walk_addr + OFFSETOF(vmem_t, vm_seg0); 3137 vsw->vsw_current = vsw->vsw_start; 3138 3139 return (WALK_NEXT); 3140 } 3141 3142 /* 3143 * vmem segments can't have type 0 (this should be added to vmem_impl.h). 3144 */ 3145 #define VMEM_NONE 0 3146 3147 int 3148 vmem_alloc_walk_init(mdb_walk_state_t *wsp) 3149 { 3150 return (vmem_seg_walk_common_init(wsp, VMEM_ALLOC, "alloc")); 3151 } 3152 3153 int 3154 vmem_free_walk_init(mdb_walk_state_t *wsp) 3155 { 3156 return (vmem_seg_walk_common_init(wsp, VMEM_FREE, "free")); 3157 } 3158 3159 int 3160 vmem_span_walk_init(mdb_walk_state_t *wsp) 3161 { 3162 return (vmem_seg_walk_common_init(wsp, VMEM_SPAN, "span")); 3163 } 3164 3165 int 3166 vmem_seg_walk_init(mdb_walk_state_t *wsp) 3167 { 3168 return (vmem_seg_walk_common_init(wsp, VMEM_NONE, "seg")); 3169 } 3170 3171 int 3172 vmem_seg_walk_step(mdb_walk_state_t *wsp) 3173 { 3174 vmem_seg_t seg; 3175 vmem_seg_walk_t *vsw = wsp->walk_data; 3176 uintptr_t addr = vsw->vsw_current; 3177 static size_t seg_size = 0; 3178 int rval; 3179 3180 if (!seg_size) { 3181 if (umem_readvar(&seg_size, "vmem_seg_size") == -1) { 3182 mdb_warn("failed to read 'vmem_seg_size'"); 3183 seg_size = sizeof (vmem_seg_t); 3184 } 3185 } 3186 3187 if (seg_size < sizeof (seg)) 3188 bzero((caddr_t)&seg + seg_size, sizeof (seg) - seg_size); 3189 3190 if (mdb_vread(&seg, seg_size, addr) == -1) { 3191 mdb_warn("couldn't read vmem_seg at %p", addr); 3192 return (WALK_ERR); 3193 } 3194 3195 vsw->vsw_current = (uintptr_t)seg.vs_anext; 3196 if (vsw->vsw_type != VMEM_NONE && seg.vs_type != vsw->vsw_type) { 3197 rval = WALK_NEXT; 3198 } else { 3199 rval = wsp->walk_callback(addr, &seg, wsp->walk_cbdata); 3200 } 3201 3202 if (vsw->vsw_current == vsw->vsw_start) 3203 return (WALK_DONE); 3204 3205 return (rval); 3206 } 3207 3208 void 3209 vmem_seg_walk_fini(mdb_walk_state_t *wsp) 3210 { 3211 vmem_seg_walk_t *vsw = wsp->walk_data; 3212 3213 mdb_free(vsw, sizeof (vmem_seg_walk_t)); 3214 } 3215 3216 #define VMEM_NAMEWIDTH 22 3217 3218 int 3219 vmem(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv) 3220 { 3221 vmem_t v, parent; 3222 uintptr_t paddr; 3223 int ident = 0; 3224 char c[VMEM_NAMEWIDTH]; 3225 3226 if (!(flags & DCMD_ADDRSPEC)) { 3227 if (mdb_walk_dcmd("vmem", "vmem", argc, argv) == -1) { 3228 mdb_warn("can't walk vmem"); 3229 return (DCMD_ERR); 3230 } 3231 return (DCMD_OK); 3232 } 3233 3234 if (DCMD_HDRSPEC(flags)) 3235 mdb_printf("%-?s %-*s %10s %12s %9s %5s\n", 3236 "ADDR", VMEM_NAMEWIDTH, "NAME", "INUSE", 3237 "TOTAL", "SUCCEED", "FAIL"); 3238 3239 if (mdb_vread(&v, sizeof (v), addr) == -1) { 3240 mdb_warn("couldn't read vmem at %p", addr); 3241 return (DCMD_ERR); 3242 } 3243 3244 for (paddr = (uintptr_t)v.vm_source; paddr != NULL; ident += 2) { 3245 if (mdb_vread(&parent, sizeof (parent), paddr) == -1) { 3246 mdb_warn("couldn't trace %p's ancestry", addr); 3247 ident = 0; 3248 break; 3249 } 3250 paddr = (uintptr_t)parent.vm_source; 3251 } 3252 3253 (void) mdb_snprintf(c, VMEM_NAMEWIDTH, "%*s%s", ident, "", v.vm_name); 3254 3255 mdb_printf("%0?p %-*s %10llu %12llu %9llu %5llu\n", 3256 addr, VMEM_NAMEWIDTH, c, 3257 v.vm_kstat.vk_mem_inuse, v.vm_kstat.vk_mem_total, 3258 v.vm_kstat.vk_alloc, v.vm_kstat.vk_fail); 3259 3260 return (DCMD_OK); 3261 } 3262 3263 void 3264 vmem_seg_help(void) 3265 { 3266 mdb_printf("%s\n", 3267 "Display the contents of vmem_seg_ts, with optional filtering.\n" 3268 "\n" 3269 "A vmem_seg_t represents a range of addresses (or arbitrary numbers),\n" 3270 "representing a single chunk of data. Only ALLOC segments have debugging\n" 3271 "information.\n"); 3272 mdb_dec_indent(2); 3273 mdb_printf("%<b>OPTIONS%</b>\n"); 3274 mdb_inc_indent(2); 3275 mdb_printf("%s", 3276 " -v Display the full content of the vmem_seg, including its stack trace\n" 3277 " -s report the size of the segment, instead of the end address\n" 3278 " -c caller\n" 3279 " filter out segments without the function/PC in their stack trace\n" 3280 " -e earliest\n" 3281 " filter out segments timestamped before earliest\n" 3282 " -l latest\n" 3283 " filter out segments timestamped after latest\n" 3284 " -m minsize\n" 3285 " filer out segments smaller than minsize\n" 3286 " -M maxsize\n" 3287 " filer out segments larger than maxsize\n" 3288 " -t thread\n" 3289 " filter out segments not involving thread\n" 3290 " -T type\n" 3291 " filter out segments not of type 'type'\n" 3292 " type is one of: ALLOC/FREE/SPAN/ROTOR/WALKER\n"); 3293 } 3294 3295 3296 /*ARGSUSED*/ 3297 int 3298 vmem_seg(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv) 3299 { 3300 vmem_seg_t vs; 3301 uintptr_t *stk = vs.vs_stack; 3302 uintptr_t sz; 3303 uint8_t t; 3304 const char *type = NULL; 3305 GElf_Sym sym; 3306 char c[MDB_SYM_NAMLEN]; 3307 int no_debug; 3308 int i; 3309 int depth; 3310 uintptr_t laddr, haddr; 3311 3312 uintptr_t caller = NULL, thread = NULL; 3313 uintptr_t minsize = 0, maxsize = 0; 3314 3315 hrtime_t earliest = 0, latest = 0; 3316 3317 uint_t size = 0; 3318 uint_t verbose = 0; 3319 3320 if (!(flags & DCMD_ADDRSPEC)) 3321 return (DCMD_USAGE); 3322 3323 if (mdb_getopts(argc, argv, 3324 'c', MDB_OPT_UINTPTR, &caller, 3325 'e', MDB_OPT_UINT64, &earliest, 3326 'l', MDB_OPT_UINT64, &latest, 3327 's', MDB_OPT_SETBITS, TRUE, &size, 3328 'm', MDB_OPT_UINTPTR, &minsize, 3329 'M', MDB_OPT_UINTPTR, &maxsize, 3330 't', MDB_OPT_UINTPTR, &thread, 3331 'T', MDB_OPT_STR, &type, 3332 'v', MDB_OPT_SETBITS, TRUE, &verbose, 3333 NULL) != argc) 3334 return (DCMD_USAGE); 3335 3336 if (DCMD_HDRSPEC(flags) && !(flags & DCMD_PIPE_OUT)) { 3337 if (verbose) { 3338 mdb_printf("%16s %4s %16s %16s %16s\n" 3339 "%<u>%16s %4s %16s %16s %16s%</u>\n", 3340 "ADDR", "TYPE", "START", "END", "SIZE", 3341 "", "", "THREAD", "TIMESTAMP", ""); 3342 } else { 3343 mdb_printf("%?s %4s %?s %?s %s\n", "ADDR", "TYPE", 3344 "START", size? "SIZE" : "END", "WHO"); 3345 } 3346 } 3347 3348 if (mdb_vread(&vs, sizeof (vs), addr) == -1) { 3349 mdb_warn("couldn't read vmem_seg at %p", addr); 3350 return (DCMD_ERR); 3351 } 3352 3353 if (type != NULL) { 3354 if (strcmp(type, "ALLC") == 0 || strcmp(type, "ALLOC") == 0) 3355 t = VMEM_ALLOC; 3356 else if (strcmp(type, "FREE") == 0) 3357 t = VMEM_FREE; 3358 else if (strcmp(type, "SPAN") == 0) 3359 t = VMEM_SPAN; 3360 else if (strcmp(type, "ROTR") == 0 || 3361 strcmp(type, "ROTOR") == 0) 3362 t = VMEM_ROTOR; 3363 else if (strcmp(type, "WLKR") == 0 || 3364 strcmp(type, "WALKER") == 0) 3365 t = VMEM_WALKER; 3366 else { 3367 mdb_warn("\"%s\" is not a recognized vmem_seg type\n", 3368 type); 3369 return (DCMD_ERR); 3370 } 3371 3372 if (vs.vs_type != t) 3373 return (DCMD_OK); 3374 } 3375 3376 sz = vs.vs_end - vs.vs_start; 3377 3378 if (minsize != 0 && sz < minsize) 3379 return (DCMD_OK); 3380 3381 if (maxsize != 0 && sz > maxsize) 3382 return (DCMD_OK); 3383 3384 t = vs.vs_type; 3385 depth = vs.vs_depth; 3386 3387 /* 3388 * debug info, when present, is only accurate for VMEM_ALLOC segments 3389 */ 3390 no_debug = (t != VMEM_ALLOC) || 3391 (depth == 0 || depth > VMEM_STACK_DEPTH); 3392 3393 if (no_debug) { 3394 if (caller != NULL || thread != NULL || earliest != 0 || 3395 latest != 0) 3396 return (DCMD_OK); /* not enough info */ 3397 } else { 3398 if (caller != NULL) { 3399 laddr = caller; 3400 haddr = caller + sizeof (caller); 3401 3402 if (mdb_lookup_by_addr(caller, MDB_SYM_FUZZY, c, 3403 sizeof (c), &sym) != -1 && 3404 caller == (uintptr_t)sym.st_value) { 3405 /* 3406 * We were provided an exact symbol value; any 3407 * address in the function is valid. 3408 */ 3409 laddr = (uintptr_t)sym.st_value; 3410 haddr = (uintptr_t)sym.st_value + sym.st_size; 3411 } 3412 3413 for (i = 0; i < depth; i++) 3414 if (vs.vs_stack[i] >= laddr && 3415 vs.vs_stack[i] < haddr) 3416 break; 3417 3418 if (i == depth) 3419 return (DCMD_OK); 3420 } 3421 3422 if (thread != NULL && (uintptr_t)vs.vs_thread != thread) 3423 return (DCMD_OK); 3424 3425 if (earliest != 0 && vs.vs_timestamp < earliest) 3426 return (DCMD_OK); 3427 3428 if (latest != 0 && vs.vs_timestamp > latest) 3429 return (DCMD_OK); 3430 } 3431 3432 type = (t == VMEM_ALLOC ? "ALLC" : 3433 t == VMEM_FREE ? "FREE" : 3434 t == VMEM_SPAN ? "SPAN" : 3435 t == VMEM_ROTOR ? "ROTR" : 3436 t == VMEM_WALKER ? "WLKR" : 3437 "????"); 3438 3439 if (flags & DCMD_PIPE_OUT) { 3440 mdb_printf("%#r\n", addr); 3441 return (DCMD_OK); 3442 } 3443 3444 if (verbose) { 3445 mdb_printf("%<b>%16p%</b> %4s %16p %16p %16d\n", 3446 addr, type, vs.vs_start, vs.vs_end, sz); 3447 3448 if (no_debug) 3449 return (DCMD_OK); 3450 3451 mdb_printf("%16s %4s %16d %16llx\n", 3452 "", "", vs.vs_thread, vs.vs_timestamp); 3453 3454 mdb_inc_indent(17); 3455 for (i = 0; i < depth; i++) { 3456 mdb_printf("%a\n", stk[i]); 3457 } 3458 mdb_dec_indent(17); 3459 mdb_printf("\n"); 3460 } else { 3461 mdb_printf("%0?p %4s %0?p %0?p", addr, type, 3462 vs.vs_start, size? sz : vs.vs_end); 3463 3464 if (no_debug) { 3465 mdb_printf("\n"); 3466 return (DCMD_OK); 3467 } 3468 3469 for (i = 0; i < depth; i++) { 3470 if (mdb_lookup_by_addr(stk[i], MDB_SYM_FUZZY, 3471 c, sizeof (c), &sym) == -1) 3472 continue; 3473 if (is_umem_sym(c, "vmem_")) 3474 continue; 3475 break; 3476 } 3477 mdb_printf(" %a\n", stk[i]); 3478 } 3479 return (DCMD_OK); 3480 } 3481 3482 /*ARGSUSED*/ 3483 static int 3484 showbc(uintptr_t addr, const umem_bufctl_audit_t *bcp, hrtime_t *newest) 3485 { 3486 char name[UMEM_CACHE_NAMELEN + 1]; 3487 hrtime_t delta; 3488 int i, depth; 3489 3490 if (bcp->bc_timestamp == 0) 3491 return (WALK_DONE); 3492 3493 if (*newest == 0) 3494 *newest = bcp->bc_timestamp; 3495 3496 delta = *newest - bcp->bc_timestamp; 3497 depth = MIN(bcp->bc_depth, umem_stack_depth); 3498 3499 if (mdb_readstr(name, sizeof (name), (uintptr_t) 3500 &bcp->bc_cache->cache_name) <= 0) 3501 (void) mdb_snprintf(name, sizeof (name), "%a", bcp->bc_cache); 3502 3503 mdb_printf("\nT-%lld.%09lld addr=%p %s\n", 3504 delta / NANOSEC, delta % NANOSEC, bcp->bc_addr, name); 3505 3506 for (i = 0; i < depth; i++) 3507 mdb_printf("\t %a\n", bcp->bc_stack[i]); 3508 3509 return (WALK_NEXT); 3510 } 3511 3512 int 3513 umalog(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv) 3514 { 3515 const char *logname = "umem_transaction_log"; 3516 hrtime_t newest = 0; 3517 3518 if ((flags & DCMD_ADDRSPEC) || argc > 1) 3519 return (DCMD_USAGE); 3520 3521 if (argc > 0) { 3522 if (argv->a_type != MDB_TYPE_STRING) 3523 return (DCMD_USAGE); 3524 if (strcmp(argv->a_un.a_str, "fail") == 0) 3525 logname = "umem_failure_log"; 3526 else if (strcmp(argv->a_un.a_str, "slab") == 0) 3527 logname = "umem_slab_log"; 3528 else 3529 return (DCMD_USAGE); 3530 } 3531 3532 if (umem_readvar(&addr, logname) == -1) { 3533 mdb_warn("failed to read %s log header pointer"); 3534 return (DCMD_ERR); 3535 } 3536 3537 if (mdb_pwalk("umem_log", (mdb_walk_cb_t)showbc, &newest, addr) == -1) { 3538 mdb_warn("failed to walk umem log"); 3539 return (DCMD_ERR); 3540 } 3541 3542 return (DCMD_OK); 3543 } 3544 3545 /* 3546 * As the final lure for die-hard crash(1M) users, we provide ::umausers here. 3547 * The first piece is a structure which we use to accumulate umem_cache_t 3548 * addresses of interest. The umc_add is used as a callback for the umem_cache 3549 * walker; we either add all caches, or ones named explicitly as arguments. 3550 */ 3551 3552 typedef struct umclist { 3553 const char *umc_name; /* Name to match (or NULL) */ 3554 uintptr_t *umc_caches; /* List of umem_cache_t addrs */ 3555 int umc_nelems; /* Num entries in umc_caches */ 3556 int umc_size; /* Size of umc_caches array */ 3557 } umclist_t; 3558 3559 static int 3560 umc_add(uintptr_t addr, const umem_cache_t *cp, umclist_t *umc) 3561 { 3562 void *p; 3563 int s; 3564 3565 if (umc->umc_name == NULL || 3566 strcmp(cp->cache_name, umc->umc_name) == 0) { 3567 /* 3568 * If we have a match, grow our array (if necessary), and then 3569 * add the virtual address of the matching cache to our list. 3570 */ 3571 if (umc->umc_nelems >= umc->umc_size) { 3572 s = umc->umc_size ? umc->umc_size * 2 : 256; 3573 p = mdb_alloc(sizeof (uintptr_t) * s, UM_SLEEP | UM_GC); 3574 3575 bcopy(umc->umc_caches, p, 3576 sizeof (uintptr_t) * umc->umc_size); 3577 3578 umc->umc_caches = p; 3579 umc->umc_size = s; 3580 } 3581 3582 umc->umc_caches[umc->umc_nelems++] = addr; 3583 return (umc->umc_name ? WALK_DONE : WALK_NEXT); 3584 } 3585 3586 return (WALK_NEXT); 3587 } 3588 3589 /* 3590 * The second piece of ::umausers is a hash table of allocations. Each 3591 * allocation owner is identified by its stack trace and data_size. We then 3592 * track the total bytes of all such allocations, and the number of allocations 3593 * to report at the end. Once we have a list of caches, we walk through the 3594 * allocated bufctls of each, and update our hash table accordingly. 3595 */ 3596 3597 typedef struct umowner { 3598 struct umowner *umo_head; /* First hash elt in bucket */ 3599 struct umowner *umo_next; /* Next hash elt in chain */ 3600 size_t umo_signature; /* Hash table signature */ 3601 uint_t umo_num; /* Number of allocations */ 3602 size_t umo_data_size; /* Size of each allocation */ 3603 size_t umo_total_size; /* Total bytes of allocation */ 3604 int umo_depth; /* Depth of stack trace */ 3605 uintptr_t *umo_stack; /* Stack trace */ 3606 } umowner_t; 3607 3608 typedef struct umusers { 3609 const umem_cache_t *umu_cache; /* Current umem cache */ 3610 umowner_t *umu_hash; /* Hash table of owners */ 3611 uintptr_t *umu_stacks; /* stacks for owners */ 3612 int umu_nelems; /* Number of entries in use */ 3613 int umu_size; /* Total number of entries */ 3614 } umusers_t; 3615 3616 static void 3617 umu_add(umusers_t *umu, const umem_bufctl_audit_t *bcp, 3618 size_t size, size_t data_size) 3619 { 3620 int i, depth = MIN(bcp->bc_depth, umem_stack_depth); 3621 size_t bucket, signature = data_size; 3622 umowner_t *umo, *umoend; 3623 3624 /* 3625 * If the hash table is full, double its size and rehash everything. 3626 */ 3627 if (umu->umu_nelems >= umu->umu_size) { 3628 int s = umu->umu_size ? umu->umu_size * 2 : 1024; 3629 size_t umowner_size = sizeof (umowner_t); 3630 size_t trace_size = umem_stack_depth * sizeof (uintptr_t); 3631 uintptr_t *new_stacks; 3632 3633 umo = mdb_alloc(umowner_size * s, UM_SLEEP | UM_GC); 3634 new_stacks = mdb_alloc(trace_size * s, UM_SLEEP | UM_GC); 3635 3636 bcopy(umu->umu_hash, umo, umowner_size * umu->umu_size); 3637 bcopy(umu->umu_stacks, new_stacks, trace_size * umu->umu_size); 3638 umu->umu_hash = umo; 3639 umu->umu_stacks = new_stacks; 3640 umu->umu_size = s; 3641 3642 umoend = umu->umu_hash + umu->umu_size; 3643 for (umo = umu->umu_hash; umo < umoend; umo++) { 3644 umo->umo_head = NULL; 3645 umo->umo_stack = &umu->umu_stacks[ 3646 umem_stack_depth * (umo - umu->umu_hash)]; 3647 } 3648 3649 umoend = umu->umu_hash + umu->umu_nelems; 3650 for (umo = umu->umu_hash; umo < umoend; umo++) { 3651 bucket = umo->umo_signature & (umu->umu_size - 1); 3652 umo->umo_next = umu->umu_hash[bucket].umo_head; 3653 umu->umu_hash[bucket].umo_head = umo; 3654 } 3655 } 3656 3657 /* 3658 * Finish computing the hash signature from the stack trace, and then 3659 * see if the owner is in the hash table. If so, update our stats. 3660 */ 3661 for (i = 0; i < depth; i++) 3662 signature += bcp->bc_stack[i]; 3663 3664 bucket = signature & (umu->umu_size - 1); 3665 3666 for (umo = umu->umu_hash[bucket].umo_head; umo; umo = umo->umo_next) { 3667 if (umo->umo_signature == signature) { 3668 size_t difference = 0; 3669 3670 difference |= umo->umo_data_size - data_size; 3671 difference |= umo->umo_depth - depth; 3672 3673 for (i = 0; i < depth; i++) { 3674 difference |= umo->umo_stack[i] - 3675 bcp->bc_stack[i]; 3676 } 3677 3678 if (difference == 0) { 3679 umo->umo_total_size += size; 3680 umo->umo_num++; 3681 return; 3682 } 3683 } 3684 } 3685 3686 /* 3687 * If the owner is not yet hashed, grab the next element and fill it 3688 * in based on the allocation information. 3689 */ 3690 umo = &umu->umu_hash[umu->umu_nelems++]; 3691 umo->umo_next = umu->umu_hash[bucket].umo_head; 3692 umu->umu_hash[bucket].umo_head = umo; 3693 3694 umo->umo_signature = signature; 3695 umo->umo_num = 1; 3696 umo->umo_data_size = data_size; 3697 umo->umo_total_size = size; 3698 umo->umo_depth = depth; 3699 3700 for (i = 0; i < depth; i++) 3701 umo->umo_stack[i] = bcp->bc_stack[i]; 3702 } 3703 3704 /* 3705 * When ::umausers is invoked without the -f flag, we simply update our hash 3706 * table with the information from each allocated bufctl. 3707 */ 3708 /*ARGSUSED*/ 3709 static int 3710 umause1(uintptr_t addr, const umem_bufctl_audit_t *bcp, umusers_t *umu) 3711 { 3712 const umem_cache_t *cp = umu->umu_cache; 3713 3714 umu_add(umu, bcp, cp->cache_bufsize, cp->cache_bufsize); 3715 return (WALK_NEXT); 3716 } 3717 3718 /* 3719 * When ::umausers is invoked with the -f flag, we print out the information 3720 * for each bufctl as well as updating the hash table. 3721 */ 3722 static int 3723 umause2(uintptr_t addr, const umem_bufctl_audit_t *bcp, umusers_t *umu) 3724 { 3725 int i, depth = MIN(bcp->bc_depth, umem_stack_depth); 3726 const umem_cache_t *cp = umu->umu_cache; 3727 3728 mdb_printf("size %d, addr %p, thread %p, cache %s\n", 3729 cp->cache_bufsize, addr, bcp->bc_thread, cp->cache_name); 3730 3731 for (i = 0; i < depth; i++) 3732 mdb_printf("\t %a\n", bcp->bc_stack[i]); 3733 3734 umu_add(umu, bcp, cp->cache_bufsize, cp->cache_bufsize); 3735 return (WALK_NEXT); 3736 } 3737 3738 /* 3739 * We sort our results by allocation size before printing them. 3740 */ 3741 static int 3742 umownercmp(const void *lp, const void *rp) 3743 { 3744 const umowner_t *lhs = lp; 3745 const umowner_t *rhs = rp; 3746 3747 return (rhs->umo_total_size - lhs->umo_total_size); 3748 } 3749 3750 /* 3751 * The main engine of ::umausers is relatively straightforward: First we 3752 * accumulate our list of umem_cache_t addresses into the umclist_t. Next we 3753 * iterate over the allocated bufctls of each cache in the list. Finally, 3754 * we sort and print our results. 3755 */ 3756 /*ARGSUSED*/ 3757 int 3758 umausers(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv) 3759 { 3760 int mem_threshold = 8192; /* Minimum # bytes for printing */ 3761 int cnt_threshold = 100; /* Minimum # blocks for printing */ 3762 int audited_caches = 0; /* Number of UMF_AUDIT caches found */ 3763 int do_all_caches = 1; /* Do all caches (no arguments) */ 3764 int opt_e = FALSE; /* Include "small" users */ 3765 int opt_f = FALSE; /* Print stack traces */ 3766 3767 mdb_walk_cb_t callback = (mdb_walk_cb_t)umause1; 3768 umowner_t *umo, *umoend; 3769 int i, oelems; 3770 3771 umclist_t umc; 3772 umusers_t umu; 3773 3774 if (flags & DCMD_ADDRSPEC) 3775 return (DCMD_USAGE); 3776 3777 bzero(&umc, sizeof (umc)); 3778 bzero(&umu, sizeof (umu)); 3779 3780 while ((i = mdb_getopts(argc, argv, 3781 'e', MDB_OPT_SETBITS, TRUE, &opt_e, 3782 'f', MDB_OPT_SETBITS, TRUE, &opt_f, NULL)) != argc) { 3783 3784 argv += i; /* skip past options we just processed */ 3785 argc -= i; /* adjust argc */ 3786 3787 if (argv->a_type != MDB_TYPE_STRING || *argv->a_un.a_str == '-') 3788 return (DCMD_USAGE); 3789 3790 oelems = umc.umc_nelems; 3791 umc.umc_name = argv->a_un.a_str; 3792 (void) mdb_walk("umem_cache", (mdb_walk_cb_t)umc_add, &umc); 3793 3794 if (umc.umc_nelems == oelems) { 3795 mdb_warn("unknown umem cache: %s\n", umc.umc_name); 3796 return (DCMD_ERR); 3797 } 3798 3799 do_all_caches = 0; 3800 argv++; 3801 argc--; 3802 } 3803 3804 if (opt_e) 3805 mem_threshold = cnt_threshold = 0; 3806 3807 if (opt_f) 3808 callback = (mdb_walk_cb_t)umause2; 3809 3810 if (do_all_caches) { 3811 umc.umc_name = NULL; /* match all cache names */ 3812 (void) mdb_walk("umem_cache", (mdb_walk_cb_t)umc_add, &umc); 3813 } 3814 3815 for (i = 0; i < umc.umc_nelems; i++) { 3816 uintptr_t cp = umc.umc_caches[i]; 3817 umem_cache_t c; 3818 3819 if (mdb_vread(&c, sizeof (c), cp) == -1) { 3820 mdb_warn("failed to read cache at %p", cp); 3821 continue; 3822 } 3823 3824 if (!(c.cache_flags & UMF_AUDIT)) { 3825 if (!do_all_caches) { 3826 mdb_warn("UMF_AUDIT is not enabled for %s\n", 3827 c.cache_name); 3828 } 3829 continue; 3830 } 3831 3832 umu.umu_cache = &c; 3833 (void) mdb_pwalk("bufctl", callback, &umu, cp); 3834 audited_caches++; 3835 } 3836 3837 if (audited_caches == 0 && do_all_caches) { 3838 mdb_warn("UMF_AUDIT is not enabled for any caches\n"); 3839 return (DCMD_ERR); 3840 } 3841 3842 qsort(umu.umu_hash, umu.umu_nelems, sizeof (umowner_t), umownercmp); 3843 umoend = umu.umu_hash + umu.umu_nelems; 3844 3845 for (umo = umu.umu_hash; umo < umoend; umo++) { 3846 if (umo->umo_total_size < mem_threshold && 3847 umo->umo_num < cnt_threshold) 3848 continue; 3849 mdb_printf("%lu bytes for %u allocations with data size %lu:\n", 3850 umo->umo_total_size, umo->umo_num, umo->umo_data_size); 3851 for (i = 0; i < umo->umo_depth; i++) 3852 mdb_printf("\t %a\n", umo->umo_stack[i]); 3853 } 3854 3855 return (DCMD_OK); 3856 } 3857 3858 struct malloc_data { 3859 uint32_t malloc_size; 3860 uint32_t malloc_stat; /* == UMEM_MALLOC_ENCODE(state, malloc_size) */ 3861 }; 3862 3863 #ifdef _LP64 3864 #define UMI_MAX_BUCKET (UMEM_MAXBUF - 2*sizeof (struct malloc_data)) 3865 #else 3866 #define UMI_MAX_BUCKET (UMEM_MAXBUF - sizeof (struct malloc_data)) 3867 #endif 3868 3869 typedef struct umem_malloc_info { 3870 size_t um_total; /* total allocated buffers */ 3871 size_t um_malloc; /* malloc buffers */ 3872 size_t um_malloc_size; /* sum of malloc buffer sizes */ 3873 size_t um_malloc_overhead; /* sum of in-chunk overheads */ 3874 3875 umem_cache_t *um_cp; 3876 3877 uint_t *um_bucket; 3878 } umem_malloc_info_t; 3879 3880 static void 3881 umem_malloc_print_dist(uint_t *um_bucket, size_t minmalloc, size_t maxmalloc, 3882 size_t maxbuckets, size_t minbucketsize, int geometric) 3883 { 3884 uint64_t um_malloc; 3885 int minb = -1; 3886 int maxb = -1; 3887 int buckets; 3888 int nbucks; 3889 int i; 3890 int b; 3891 const int *distarray; 3892 3893 minb = (int)minmalloc; 3894 maxb = (int)maxmalloc; 3895 3896 nbucks = buckets = maxb - minb + 1; 3897 3898 um_malloc = 0; 3899 for (b = minb; b <= maxb; b++) 3900 um_malloc += um_bucket[b]; 3901 3902 if (maxbuckets != 0) 3903 buckets = MIN(buckets, maxbuckets); 3904 3905 if (minbucketsize > 1) { 3906 buckets = MIN(buckets, nbucks/minbucketsize); 3907 if (buckets == 0) { 3908 buckets = 1; 3909 minbucketsize = nbucks; 3910 } 3911 } 3912 3913 if (geometric) 3914 distarray = dist_geometric(buckets, minb, maxb, minbucketsize); 3915 else 3916 distarray = dist_linear(buckets, minb, maxb); 3917 3918 dist_print_header("malloc size", 11, "count"); 3919 for (i = 0; i < buckets; i++) { 3920 dist_print_bucket(distarray, i, um_bucket, um_malloc, 11); 3921 } 3922 mdb_printf("\n"); 3923 } 3924 3925 /* 3926 * A malloc()ed buffer looks like: 3927 * 3928 * <----------- mi.malloc_size ---> 3929 * <----------- cp.cache_bufsize ------------------> 3930 * <----------- cp.cache_chunksize --------------------------------> 3931 * +-------+-----------------------+---------------+---------------+ 3932 * |/tag///| mallocsz |/round-off/////|/debug info////| 3933 * +-------+---------------------------------------+---------------+ 3934 * <-- usable space ------> 3935 * 3936 * mallocsz is the argument to malloc(3C). 3937 * mi.malloc_size is the actual size passed to umem_alloc(), which 3938 * is rounded up to the smallest available cache size, which is 3939 * cache_bufsize. If there is debugging or alignment overhead in 3940 * the cache, that is reflected in a larger cache_chunksize. 3941 * 3942 * The tag at the beginning of the buffer is either 8-bytes or 16-bytes, 3943 * depending upon the ISA's alignment requirements. For 32-bit allocations, 3944 * it is always a 8-byte tag. For 64-bit allocations larger than 8 bytes, 3945 * the tag has 8 bytes of padding before it. 3946 * 3947 * 32-byte, 64-byte buffers <= 8 bytes: 3948 * +-------+-------+--------- ... 3949 * |/size//|/stat//| mallocsz ... 3950 * +-------+-------+--------- ... 3951 * ^ 3952 * pointer returned from malloc(3C) 3953 * 3954 * 64-byte buffers > 8 bytes: 3955 * +---------------+-------+-------+--------- ... 3956 * |/padding///////|/size//|/stat//| mallocsz ... 3957 * +---------------+-------+-------+--------- ... 3958 * ^ 3959 * pointer returned from malloc(3C) 3960 * 3961 * The "size" field is "malloc_size", which is mallocsz + the padding. 3962 * The "stat" field is derived from malloc_size, and functions as a 3963 * validation that this buffer is actually from malloc(3C). 3964 */ 3965 /*ARGSUSED*/ 3966 static int 3967 um_umem_buffer_cb(uintptr_t addr, void *buf, umem_malloc_info_t *ump) 3968 { 3969 struct malloc_data md; 3970 size_t m_addr = addr; 3971 size_t overhead = sizeof (md); 3972 size_t mallocsz; 3973 3974 ump->um_total++; 3975 3976 #ifdef _LP64 3977 if (ump->um_cp->cache_bufsize > UMEM_SECOND_ALIGN) { 3978 m_addr += overhead; 3979 overhead += sizeof (md); 3980 } 3981 #endif 3982 3983 if (mdb_vread(&md, sizeof (md), m_addr) == -1) { 3984 mdb_warn("unable to read malloc header at %p", m_addr); 3985 return (WALK_NEXT); 3986 } 3987 3988 switch (UMEM_MALLOC_DECODE(md.malloc_stat, md.malloc_size)) { 3989 case MALLOC_MAGIC: 3990 #ifdef _LP64 3991 case MALLOC_SECOND_MAGIC: 3992 #endif 3993 mallocsz = md.malloc_size - overhead; 3994 3995 ump->um_malloc++; 3996 ump->um_malloc_size += mallocsz; 3997 ump->um_malloc_overhead += overhead; 3998 3999 /* include round-off and debug overhead */ 4000 ump->um_malloc_overhead += 4001 ump->um_cp->cache_chunksize - md.malloc_size; 4002 4003 if (ump->um_bucket != NULL && mallocsz <= UMI_MAX_BUCKET) 4004 ump->um_bucket[mallocsz]++; 4005 4006 break; 4007 default: 4008 break; 4009 } 4010 4011 return (WALK_NEXT); 4012 } 4013 4014 int 4015 get_umem_alloc_sizes(int **out, size_t *out_num) 4016 { 4017 GElf_Sym sym; 4018 4019 if (umem_lookup_by_name("umem_alloc_sizes", &sym) == -1) { 4020 mdb_warn("unable to look up umem_alloc_sizes"); 4021 return (-1); 4022 } 4023 4024 *out = mdb_alloc(sym.st_size, UM_SLEEP | UM_GC); 4025 *out_num = sym.st_size / sizeof (int); 4026 4027 if (mdb_vread(*out, sym.st_size, sym.st_value) == -1) { 4028 mdb_warn("unable to read umem_alloc_sizes (%p)", sym.st_value); 4029 *out = NULL; 4030 return (-1); 4031 } 4032 4033 return (0); 4034 } 4035 4036 4037 static int 4038 um_umem_cache_cb(uintptr_t addr, umem_cache_t *cp, umem_malloc_info_t *ump) 4039 { 4040 if (strncmp(cp->cache_name, "umem_alloc_", strlen("umem_alloc_")) != 0) 4041 return (WALK_NEXT); 4042 4043 ump->um_cp = cp; 4044 4045 if (mdb_pwalk("umem", (mdb_walk_cb_t)um_umem_buffer_cb, ump, addr) == 4046 -1) { 4047 mdb_warn("can't walk 'umem' for cache %p", addr); 4048 return (WALK_ERR); 4049 } 4050 4051 return (WALK_NEXT); 4052 } 4053 4054 void 4055 umem_malloc_dist_help(void) 4056 { 4057 mdb_printf("%s\n", 4058 "report distribution of outstanding malloc()s"); 4059 mdb_dec_indent(2); 4060 mdb_printf("%<b>OPTIONS%</b>\n"); 4061 mdb_inc_indent(2); 4062 mdb_printf("%s", 4063 " -b maxbins\n" 4064 " Use at most maxbins bins for the data\n" 4065 " -B minbinsize\n" 4066 " Make the bins at least minbinsize bytes apart\n" 4067 " -d dump the raw data out, without binning\n" 4068 " -g use geometric binning instead of linear binning\n"); 4069 } 4070 4071 /*ARGSUSED*/ 4072 int 4073 umem_malloc_dist(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv) 4074 { 4075 umem_malloc_info_t mi; 4076 uint_t geometric = 0; 4077 uint_t dump = 0; 4078 size_t maxbuckets = 0; 4079 size_t minbucketsize = 0; 4080 4081 size_t minalloc = 0; 4082 size_t maxalloc = UMI_MAX_BUCKET; 4083 4084 if (flags & DCMD_ADDRSPEC) 4085 return (DCMD_USAGE); 4086 4087 if (mdb_getopts(argc, argv, 4088 'd', MDB_OPT_SETBITS, TRUE, &dump, 4089 'g', MDB_OPT_SETBITS, TRUE, &geometric, 4090 'b', MDB_OPT_UINTPTR, &maxbuckets, 4091 'B', MDB_OPT_UINTPTR, &minbucketsize, 4092 0) != argc) 4093 return (DCMD_USAGE); 4094 4095 bzero(&mi, sizeof (mi)); 4096 mi.um_bucket = mdb_zalloc((UMI_MAX_BUCKET + 1) * sizeof (*mi.um_bucket), 4097 UM_SLEEP | UM_GC); 4098 4099 if (mdb_walk("umem_cache", (mdb_walk_cb_t)um_umem_cache_cb, 4100 &mi) == -1) { 4101 mdb_warn("unable to walk 'umem_cache'"); 4102 return (DCMD_ERR); 4103 } 4104 4105 if (dump) { 4106 int i; 4107 for (i = minalloc; i <= maxalloc; i++) 4108 mdb_printf("%d\t%d\n", i, mi.um_bucket[i]); 4109 4110 return (DCMD_OK); 4111 } 4112 4113 umem_malloc_print_dist(mi.um_bucket, minalloc, maxalloc, 4114 maxbuckets, minbucketsize, geometric); 4115 4116 return (DCMD_OK); 4117 } 4118 4119 void 4120 umem_malloc_info_help(void) 4121 { 4122 mdb_printf("%s\n", 4123 "report information about malloc()s by cache. "); 4124 mdb_dec_indent(2); 4125 mdb_printf("%<b>OPTIONS%</b>\n"); 4126 mdb_inc_indent(2); 4127 mdb_printf("%s", 4128 " -b maxbins\n" 4129 " Use at most maxbins bins for the data\n" 4130 " -B minbinsize\n" 4131 " Make the bins at least minbinsize bytes apart\n" 4132 " -d dump the raw distribution data without binning\n" 4133 #ifndef _KMDB 4134 " -g use geometric binning instead of linear binning\n" 4135 #endif 4136 ""); 4137 } 4138 int 4139 umem_malloc_info(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv) 4140 { 4141 umem_cache_t c; 4142 umem_malloc_info_t mi; 4143 4144 int skip = 0; 4145 4146 size_t maxmalloc; 4147 size_t overhead; 4148 size_t allocated; 4149 size_t avg_malloc; 4150 size_t overhead_pct; /* 1000 * overhead_percent */ 4151 4152 uint_t verbose = 0; 4153 uint_t dump = 0; 4154 uint_t geometric = 0; 4155 size_t maxbuckets = 0; 4156 size_t minbucketsize = 0; 4157 4158 int *alloc_sizes; 4159 int idx; 4160 size_t num; 4161 size_t minmalloc; 4162 4163 if (mdb_getopts(argc, argv, 4164 'd', MDB_OPT_SETBITS, TRUE, &dump, 4165 'g', MDB_OPT_SETBITS, TRUE, &geometric, 4166 'b', MDB_OPT_UINTPTR, &maxbuckets, 4167 'B', MDB_OPT_UINTPTR, &minbucketsize, 4168 0) != argc) 4169 return (DCMD_USAGE); 4170 4171 if (dump || geometric || (maxbuckets != 0) || (minbucketsize != 0)) 4172 verbose = 1; 4173 4174 if (!(flags & DCMD_ADDRSPEC)) { 4175 if (mdb_walk_dcmd("umem_cache", "umem_malloc_info", 4176 argc, argv) == -1) { 4177 mdb_warn("can't walk umem_cache"); 4178 return (DCMD_ERR); 4179 } 4180 return (DCMD_OK); 4181 } 4182 4183 if (!mdb_vread(&c, sizeof (c), addr)) { 4184 mdb_warn("unable to read cache at %p", addr); 4185 return (DCMD_ERR); 4186 } 4187 4188 if (strncmp(c.cache_name, "umem_alloc_", strlen("umem_alloc_")) != 0) { 4189 if (!(flags & DCMD_LOOP)) 4190 mdb_warn("umem_malloc_info: cache \"%s\" is not used " 4191 "by malloc()\n", c.cache_name); 4192 skip = 1; 4193 } 4194 4195 /* 4196 * normally, print the header only the first time. In verbose mode, 4197 * print the header on every non-skipped buffer 4198 */ 4199 if ((!verbose && DCMD_HDRSPEC(flags)) || (verbose && !skip)) 4200 mdb_printf("%<ul>%-?s %6s %6s %8s %8s %10s %10s %6s%</ul>\n", 4201 "CACHE", "BUFSZ", "MAXMAL", 4202 "BUFMALLC", "AVG_MAL", "MALLOCED", "OVERHEAD", "%OVER"); 4203 4204 if (skip) 4205 return (DCMD_OK); 4206 4207 maxmalloc = c.cache_bufsize - sizeof (struct malloc_data); 4208 #ifdef _LP64 4209 if (c.cache_bufsize > UMEM_SECOND_ALIGN) 4210 maxmalloc -= sizeof (struct malloc_data); 4211 #endif 4212 4213 bzero(&mi, sizeof (mi)); 4214 mi.um_cp = &c; 4215 if (verbose) 4216 mi.um_bucket = 4217 mdb_zalloc((UMI_MAX_BUCKET + 1) * sizeof (*mi.um_bucket), 4218 UM_SLEEP | UM_GC); 4219 4220 if (mdb_pwalk("umem", (mdb_walk_cb_t)um_umem_buffer_cb, &mi, addr) == 4221 -1) { 4222 mdb_warn("can't walk 'umem'"); 4223 return (DCMD_ERR); 4224 } 4225 4226 overhead = mi.um_malloc_overhead; 4227 allocated = mi.um_malloc_size; 4228 4229 /* do integer round off for the average */ 4230 if (mi.um_malloc != 0) 4231 avg_malloc = (allocated + (mi.um_malloc - 1)/2) / mi.um_malloc; 4232 else 4233 avg_malloc = 0; 4234 4235 /* 4236 * include per-slab overhead 4237 * 4238 * Each slab in a given cache is the same size, and has the same 4239 * number of chunks in it; we read in the first slab on the 4240 * slab list to get the number of chunks for all slabs. To 4241 * compute the per-slab overhead, we just subtract the chunk usage 4242 * from the slabsize: 4243 * 4244 * +------------+-------+-------+ ... --+-------+-------+-------+ 4245 * |////////////| | | ... | |///////|///////| 4246 * |////color///| chunk | chunk | ... | chunk |/color/|/slab//| 4247 * |////////////| | | ... | |///////|///////| 4248 * +------------+-------+-------+ ... --+-------+-------+-------+ 4249 * | \_______chunksize * chunks_____/ | 4250 * \__________________________slabsize__________________________/ 4251 * 4252 * For UMF_HASH caches, there is an additional source of overhead; 4253 * the external umem_slab_t and per-chunk bufctl structures. We 4254 * include those in our per-slab overhead. 4255 * 4256 * Once we have a number for the per-slab overhead, we estimate 4257 * the actual overhead by treating the malloc()ed buffers as if 4258 * they were densely packed: 4259 * 4260 * additional overhead = (# mallocs) * (per-slab) / (chunks); 4261 * 4262 * carefully ordering the multiply before the divide, to avoid 4263 * round-off error. 4264 */ 4265 if (mi.um_malloc != 0) { 4266 umem_slab_t slab; 4267 uintptr_t saddr = (uintptr_t)c.cache_nullslab.slab_next; 4268 4269 if (mdb_vread(&slab, sizeof (slab), saddr) == -1) { 4270 mdb_warn("unable to read slab at %p\n", saddr); 4271 } else { 4272 long chunks = slab.slab_chunks; 4273 if (chunks != 0 && c.cache_chunksize != 0 && 4274 chunks <= c.cache_slabsize / c.cache_chunksize) { 4275 uintmax_t perslab = 4276 c.cache_slabsize - 4277 (c.cache_chunksize * chunks); 4278 4279 if (c.cache_flags & UMF_HASH) { 4280 perslab += sizeof (umem_slab_t) + 4281 chunks * 4282 ((c.cache_flags & UMF_AUDIT) ? 4283 sizeof (umem_bufctl_audit_t) : 4284 sizeof (umem_bufctl_t)); 4285 } 4286 overhead += 4287 (perslab * (uintmax_t)mi.um_malloc)/chunks; 4288 } else { 4289 mdb_warn("invalid #chunks (%d) in slab %p\n", 4290 chunks, saddr); 4291 } 4292 } 4293 } 4294 4295 if (allocated != 0) 4296 overhead_pct = (1000ULL * overhead) / allocated; 4297 else 4298 overhead_pct = 0; 4299 4300 mdb_printf("%0?p %6ld %6ld %8ld %8ld %10ld %10ld %3ld.%01ld%%\n", 4301 addr, c.cache_bufsize, maxmalloc, 4302 mi.um_malloc, avg_malloc, allocated, overhead, 4303 overhead_pct / 10, overhead_pct % 10); 4304 4305 if (!verbose) 4306 return (DCMD_OK); 4307 4308 if (!dump) 4309 mdb_printf("\n"); 4310 4311 if (get_umem_alloc_sizes(&alloc_sizes, &num) == -1) 4312 return (DCMD_ERR); 4313 4314 for (idx = 0; idx < num; idx++) { 4315 if (alloc_sizes[idx] == c.cache_bufsize) 4316 break; 4317 if (alloc_sizes[idx] == 0) { 4318 idx = num; /* 0-terminated array */ 4319 break; 4320 } 4321 } 4322 if (idx == num) { 4323 mdb_warn( 4324 "cache %p's size (%d) not in umem_alloc_sizes\n", 4325 addr, c.cache_bufsize); 4326 return (DCMD_ERR); 4327 } 4328 4329 minmalloc = (idx == 0)? 0 : alloc_sizes[idx - 1]; 4330 if (minmalloc > 0) { 4331 #ifdef _LP64 4332 if (minmalloc > UMEM_SECOND_ALIGN) 4333 minmalloc -= sizeof (struct malloc_data); 4334 #endif 4335 minmalloc -= sizeof (struct malloc_data); 4336 minmalloc += 1; 4337 } 4338 4339 if (dump) { 4340 for (idx = minmalloc; idx <= maxmalloc; idx++) 4341 mdb_printf("%d\t%d\n", idx, mi.um_bucket[idx]); 4342 mdb_printf("\n"); 4343 } else { 4344 umem_malloc_print_dist(mi.um_bucket, minmalloc, maxmalloc, 4345 maxbuckets, minbucketsize, geometric); 4346 } 4347 4348 return (DCMD_OK); 4349 } 4350