linux/lib/debugobjects.c
<<
>>
Prefs
   1/*
   2 * Generic infrastructure for lifetime debugging of objects.
   3 *
   4 * Started by Thomas Gleixner
   5 *
   6 * Copyright (C) 2008, Thomas Gleixner <tglx@linutronix.de>
   7 *
   8 * For licencing details see kernel-base/COPYING
   9 */
  10
  11#define pr_fmt(fmt) "ODEBUG: " fmt
  12
  13#include <linux/debugobjects.h>
  14#include <linux/interrupt.h>
  15#include <linux/sched.h>
  16#include <linux/seq_file.h>
  17#include <linux/debugfs.h>
  18#include <linux/slab.h>
  19#include <linux/hash.h>
  20
  21#define ODEBUG_HASH_BITS        14
  22#define ODEBUG_HASH_SIZE        (1 << ODEBUG_HASH_BITS)
  23
  24#define ODEBUG_POOL_SIZE        1024
  25#define ODEBUG_POOL_MIN_LEVEL   256
  26
  27#define ODEBUG_CHUNK_SHIFT      PAGE_SHIFT
  28#define ODEBUG_CHUNK_SIZE       (1 << ODEBUG_CHUNK_SHIFT)
  29#define ODEBUG_CHUNK_MASK       (~(ODEBUG_CHUNK_SIZE - 1))
  30
  31struct debug_bucket {
  32        struct hlist_head       list;
  33        raw_spinlock_t          lock;
  34};
  35
  36static struct debug_bucket      obj_hash[ODEBUG_HASH_SIZE];
  37
  38static struct debug_obj         obj_static_pool[ODEBUG_POOL_SIZE] __initdata;
  39
  40static DEFINE_RAW_SPINLOCK(pool_lock);
  41
  42static HLIST_HEAD(obj_pool);
  43
  44static int                      obj_pool_min_free = ODEBUG_POOL_SIZE;
  45static int                      obj_pool_free = ODEBUG_POOL_SIZE;
  46static int                      obj_pool_used;
  47static int                      obj_pool_max_used;
  48static struct kmem_cache        *obj_cache;
  49
  50static int                      debug_objects_maxchain __read_mostly;
  51static int                      debug_objects_fixups __read_mostly;
  52static int                      debug_objects_warnings __read_mostly;
  53static int                      debug_objects_enabled __read_mostly
  54                                = CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT;
  55
  56static struct debug_obj_descr   *descr_test  __read_mostly;
  57
  58static void free_obj_work(struct work_struct *work);
  59static DECLARE_WORK(debug_obj_work, free_obj_work);
  60
  61static int __init enable_object_debug(char *str)
  62{
  63        debug_objects_enabled = 1;
  64        return 0;
  65}
  66
  67static int __init disable_object_debug(char *str)
  68{
  69        debug_objects_enabled = 0;
  70        return 0;
  71}
  72
  73early_param("debug_objects", enable_object_debug);
  74early_param("no_debug_objects", disable_object_debug);
  75
  76static const char *obj_states[ODEBUG_STATE_MAX] = {
  77        [ODEBUG_STATE_NONE]             = "none",
  78        [ODEBUG_STATE_INIT]             = "initialized",
  79        [ODEBUG_STATE_INACTIVE]         = "inactive",
  80        [ODEBUG_STATE_ACTIVE]           = "active",
  81        [ODEBUG_STATE_DESTROYED]        = "destroyed",
  82        [ODEBUG_STATE_NOTAVAILABLE]     = "not available",
  83};
  84
  85static void fill_pool(void)
  86{
  87        gfp_t gfp = GFP_ATOMIC | __GFP_NORETRY | __GFP_NOWARN;
  88        struct debug_obj *new;
  89        unsigned long flags;
  90
  91        if (likely(obj_pool_free >= ODEBUG_POOL_MIN_LEVEL))
  92                return;
  93
  94        if (unlikely(!obj_cache))
  95                return;
  96
  97        while (obj_pool_free < ODEBUG_POOL_MIN_LEVEL) {
  98
  99                new = kmem_cache_zalloc(obj_cache, gfp);
 100                if (!new)
 101                        return;
 102
 103                raw_spin_lock_irqsave(&pool_lock, flags);
 104                hlist_add_head(&new->node, &obj_pool);
 105                obj_pool_free++;
 106                raw_spin_unlock_irqrestore(&pool_lock, flags);
 107        }
 108}
 109
 110/*
 111 * Lookup an object in the hash bucket.
 112 */
 113static struct debug_obj *lookup_object(void *addr, struct debug_bucket *b)
 114{
 115        struct debug_obj *obj;
 116        int cnt = 0;
 117
 118        hlist_for_each_entry(obj, &b->list, node) {
 119                cnt++;
 120                if (obj->object == addr)
 121                        return obj;
 122        }
 123        if (cnt > debug_objects_maxchain)
 124                debug_objects_maxchain = cnt;
 125
 126        return NULL;
 127}
 128
 129/*
 130 * Allocate a new object. If the pool is empty, switch off the debugger.
 131 * Must be called with interrupts disabled.
 132 */
 133static struct debug_obj *
 134alloc_object(void *addr, struct debug_bucket *b, struct debug_obj_descr *descr)
 135{
 136        struct debug_obj *obj = NULL;
 137
 138        raw_spin_lock(&pool_lock);
 139        if (obj_pool.first) {
 140                obj         = hlist_entry(obj_pool.first, typeof(*obj), node);
 141
 142                obj->object = addr;
 143                obj->descr  = descr;
 144                obj->state  = ODEBUG_STATE_NONE;
 145                obj->astate = 0;
 146                hlist_del(&obj->node);
 147
 148                hlist_add_head(&obj->node, &b->list);
 149
 150                obj_pool_used++;
 151                if (obj_pool_used > obj_pool_max_used)
 152                        obj_pool_max_used = obj_pool_used;
 153
 154                obj_pool_free--;
 155                if (obj_pool_free < obj_pool_min_free)
 156                        obj_pool_min_free = obj_pool_free;
 157        }
 158        raw_spin_unlock(&pool_lock);
 159
 160        return obj;
 161}
 162
 163/*
 164 * workqueue function to free objects.
 165 */
 166static void free_obj_work(struct work_struct *work)
 167{
 168        struct debug_obj *obj;
 169        unsigned long flags;
 170
 171        raw_spin_lock_irqsave(&pool_lock, flags);
 172        while (obj_pool_free > ODEBUG_POOL_SIZE) {
 173                obj = hlist_entry(obj_pool.first, typeof(*obj), node);
 174                hlist_del(&obj->node);
 175                obj_pool_free--;
 176                /*
 177                 * We release pool_lock across kmem_cache_free() to
 178                 * avoid contention on pool_lock.
 179                 */
 180                raw_spin_unlock_irqrestore(&pool_lock, flags);
 181                kmem_cache_free(obj_cache, obj);
 182                raw_spin_lock_irqsave(&pool_lock, flags);
 183        }
 184        raw_spin_unlock_irqrestore(&pool_lock, flags);
 185}
 186
 187/*
 188 * Put the object back into the pool and schedule work to free objects
 189 * if necessary.
 190 */
 191static void free_object(struct debug_obj *obj)
 192{
 193        unsigned long flags;
 194        int sched = 0;
 195
 196        raw_spin_lock_irqsave(&pool_lock, flags);
 197        /*
 198         * schedule work when the pool is filled and the cache is
 199         * initialized:
 200         */
 201        if (obj_pool_free > ODEBUG_POOL_SIZE && obj_cache)
 202                sched = keventd_up();
 203        hlist_add_head(&obj->node, &obj_pool);
 204        obj_pool_free++;
 205        obj_pool_used--;
 206        raw_spin_unlock_irqrestore(&pool_lock, flags);
 207        if (sched)
 208                schedule_work(&debug_obj_work);
 209}
 210
 211/*
 212 * We run out of memory. That means we probably have tons of objects
 213 * allocated.
 214 */
 215static void debug_objects_oom(void)
 216{
 217        struct debug_bucket *db = obj_hash;
 218        struct hlist_node *tmp;
 219        HLIST_HEAD(freelist);
 220        struct debug_obj *obj;
 221        unsigned long flags;
 222        int i;
 223
 224        pr_warn("Out of memory. ODEBUG disabled\n");
 225
 226        for (i = 0; i < ODEBUG_HASH_SIZE; i++, db++) {
 227                raw_spin_lock_irqsave(&db->lock, flags);
 228                hlist_move_list(&db->list, &freelist);
 229                raw_spin_unlock_irqrestore(&db->lock, flags);
 230
 231                /* Now free them */
 232                hlist_for_each_entry_safe(obj, tmp, &freelist, node) {
 233                        hlist_del(&obj->node);
 234                        free_object(obj);
 235                }
 236        }
 237}
 238
 239/*
 240 * We use the pfn of the address for the hash. That way we can check
 241 * for freed objects simply by checking the affected bucket.
 242 */
 243static struct debug_bucket *get_bucket(unsigned long addr)
 244{
 245        unsigned long hash;
 246
 247        hash = hash_long((addr >> ODEBUG_CHUNK_SHIFT), ODEBUG_HASH_BITS);
 248        return &obj_hash[hash];
 249}
 250
 251static void debug_print_object(struct debug_obj *obj, char *msg)
 252{
 253        struct debug_obj_descr *descr = obj->descr;
 254        static int limit;
 255
 256        if (limit < 5 && descr != descr_test) {
 257                void *hint = descr->debug_hint ?
 258                        descr->debug_hint(obj->object) : NULL;
 259                limit++;
 260                WARN(1, KERN_ERR "ODEBUG: %s %s (active state %u) "
 261                                 "object type: %s hint: %pS\n",
 262                        msg, obj_states[obj->state], obj->astate,
 263                        descr->name, hint);
 264        }
 265        debug_objects_warnings++;
 266}
 267
 268/*
 269 * Try to repair the damage, so we have a better chance to get useful
 270 * debug output.
 271 */
 272static bool
 273debug_object_fixup(bool (*fixup)(void *addr, enum debug_obj_state state),
 274                   void * addr, enum debug_obj_state state)
 275{
 276        if (fixup && fixup(addr, state)) {
 277                debug_objects_fixups++;
 278                return true;
 279        }
 280        return false;
 281}
 282
 283static void debug_object_is_on_stack(void *addr, int onstack)
 284{
 285        int is_on_stack;
 286        static int limit;
 287
 288        if (limit > 4)
 289                return;
 290
 291        is_on_stack = object_is_on_stack(addr);
 292        if (is_on_stack == onstack)
 293                return;
 294
 295        limit++;
 296        if (is_on_stack)
 297                pr_warn("object is on stack, but not annotated\n");
 298        else
 299                pr_warn("object is not on stack, but annotated\n");
 300        WARN_ON(1);
 301}
 302
 303static void
 304__debug_object_init(void *addr, struct debug_obj_descr *descr, int onstack)
 305{
 306        enum debug_obj_state state;
 307        struct debug_bucket *db;
 308        struct debug_obj *obj;
 309        unsigned long flags;
 310
 311        fill_pool();
 312
 313        db = get_bucket((unsigned long) addr);
 314
 315        raw_spin_lock_irqsave(&db->lock, flags);
 316
 317        obj = lookup_object(addr, db);
 318        if (!obj) {
 319                obj = alloc_object(addr, db, descr);
 320                if (!obj) {
 321                        debug_objects_enabled = 0;
 322                        raw_spin_unlock_irqrestore(&db->lock, flags);
 323                        debug_objects_oom();
 324                        return;
 325                }
 326                debug_object_is_on_stack(addr, onstack);
 327        }
 328
 329        switch (obj->state) {
 330        case ODEBUG_STATE_NONE:
 331        case ODEBUG_STATE_INIT:
 332        case ODEBUG_STATE_INACTIVE:
 333                obj->state = ODEBUG_STATE_INIT;
 334                break;
 335
 336        case ODEBUG_STATE_ACTIVE:
 337                debug_print_object(obj, "init");
 338                state = obj->state;
 339                raw_spin_unlock_irqrestore(&db->lock, flags);
 340                debug_object_fixup(descr->fixup_init, addr, state);
 341                return;
 342
 343        case ODEBUG_STATE_DESTROYED:
 344                debug_print_object(obj, "init");
 345                break;
 346        default:
 347                break;
 348        }
 349
 350        raw_spin_unlock_irqrestore(&db->lock, flags);
 351}
 352
 353/**
 354 * debug_object_init - debug checks when an object is initialized
 355 * @addr:       address of the object
 356 * @descr:      pointer to an object specific debug description structure
 357 */
 358void debug_object_init(void *addr, struct debug_obj_descr *descr)
 359{
 360        if (!debug_objects_enabled)
 361                return;
 362
 363        __debug_object_init(addr, descr, 0);
 364}
 365EXPORT_SYMBOL_GPL(debug_object_init);
 366
 367/**
 368 * debug_object_init_on_stack - debug checks when an object on stack is
 369 *                              initialized
 370 * @addr:       address of the object
 371 * @descr:      pointer to an object specific debug description structure
 372 */
 373void debug_object_init_on_stack(void *addr, struct debug_obj_descr *descr)
 374{
 375        if (!debug_objects_enabled)
 376                return;
 377
 378        __debug_object_init(addr, descr, 1);
 379}
 380EXPORT_SYMBOL_GPL(debug_object_init_on_stack);
 381
 382/**
 383 * debug_object_activate - debug checks when an object is activated
 384 * @addr:       address of the object
 385 * @descr:      pointer to an object specific debug description structure
 386 * Returns 0 for success, -EINVAL for check failed.
 387 */
 388int debug_object_activate(void *addr, struct debug_obj_descr *descr)
 389{
 390        enum debug_obj_state state;
 391        struct debug_bucket *db;
 392        struct debug_obj *obj;
 393        unsigned long flags;
 394        int ret;
 395        struct debug_obj o = { .object = addr,
 396                               .state = ODEBUG_STATE_NOTAVAILABLE,
 397                               .descr = descr };
 398
 399        if (!debug_objects_enabled)
 400                return 0;
 401
 402        db = get_bucket((unsigned long) addr);
 403
 404        raw_spin_lock_irqsave(&db->lock, flags);
 405
 406        obj = lookup_object(addr, db);
 407        if (obj) {
 408                switch (obj->state) {
 409                case ODEBUG_STATE_INIT:
 410                case ODEBUG_STATE_INACTIVE:
 411                        obj->state = ODEBUG_STATE_ACTIVE;
 412                        ret = 0;
 413                        break;
 414
 415                case ODEBUG_STATE_ACTIVE:
 416                        debug_print_object(obj, "activate");
 417                        state = obj->state;
 418                        raw_spin_unlock_irqrestore(&db->lock, flags);
 419                        ret = debug_object_fixup(descr->fixup_activate, addr, state);
 420                        return ret ? 0 : -EINVAL;
 421
 422                case ODEBUG_STATE_DESTROYED:
 423                        debug_print_object(obj, "activate");
 424                        ret = -EINVAL;
 425                        break;
 426                default:
 427                        ret = 0;
 428                        break;
 429                }
 430                raw_spin_unlock_irqrestore(&db->lock, flags);
 431                return ret;
 432        }
 433
 434        raw_spin_unlock_irqrestore(&db->lock, flags);
 435        /*
 436         * We are here when a static object is activated. We
 437         * let the type specific code confirm whether this is
 438         * true or not. if true, we just make sure that the
 439         * static object is tracked in the object tracker. If
 440         * not, this must be a bug, so we try to fix it up.
 441         */
 442        if (descr->is_static_object && descr->is_static_object(addr)) {
 443                /* track this static object */
 444                debug_object_init(addr, descr);
 445                debug_object_activate(addr, descr);
 446        } else {
 447                debug_print_object(&o, "activate");
 448                ret = debug_object_fixup(descr->fixup_activate, addr,
 449                                        ODEBUG_STATE_NOTAVAILABLE);
 450                return ret ? 0 : -EINVAL;
 451        }
 452        return 0;
 453}
 454EXPORT_SYMBOL_GPL(debug_object_activate);
 455
 456/**
 457 * debug_object_deactivate - debug checks when an object is deactivated
 458 * @addr:       address of the object
 459 * @descr:      pointer to an object specific debug description structure
 460 */
 461void debug_object_deactivate(void *addr, struct debug_obj_descr *descr)
 462{
 463        struct debug_bucket *db;
 464        struct debug_obj *obj;
 465        unsigned long flags;
 466
 467        if (!debug_objects_enabled)
 468                return;
 469
 470        db = get_bucket((unsigned long) addr);
 471
 472        raw_spin_lock_irqsave(&db->lock, flags);
 473
 474        obj = lookup_object(addr, db);
 475        if (obj) {
 476                switch (obj->state) {
 477                case ODEBUG_STATE_INIT:
 478                case ODEBUG_STATE_INACTIVE:
 479                case ODEBUG_STATE_ACTIVE:
 480                        if (!obj->astate)
 481                                obj->state = ODEBUG_STATE_INACTIVE;
 482                        else
 483                                debug_print_object(obj, "deactivate");
 484                        break;
 485
 486                case ODEBUG_STATE_DESTROYED:
 487                        debug_print_object(obj, "deactivate");
 488                        break;
 489                default:
 490                        break;
 491                }
 492        } else {
 493                struct debug_obj o = { .object = addr,
 494                                       .state = ODEBUG_STATE_NOTAVAILABLE,
 495                                       .descr = descr };
 496
 497                debug_print_object(&o, "deactivate");
 498        }
 499
 500        raw_spin_unlock_irqrestore(&db->lock, flags);
 501}
 502EXPORT_SYMBOL_GPL(debug_object_deactivate);
 503
 504/**
 505 * debug_object_destroy - debug checks when an object is destroyed
 506 * @addr:       address of the object
 507 * @descr:      pointer to an object specific debug description structure
 508 */
 509void debug_object_destroy(void *addr, struct debug_obj_descr *descr)
 510{
 511        enum debug_obj_state state;
 512        struct debug_bucket *db;
 513        struct debug_obj *obj;
 514        unsigned long flags;
 515
 516        if (!debug_objects_enabled)
 517                return;
 518
 519        db = get_bucket((unsigned long) addr);
 520
 521        raw_spin_lock_irqsave(&db->lock, flags);
 522
 523        obj = lookup_object(addr, db);
 524        if (!obj)
 525                goto out_unlock;
 526
 527        switch (obj->state) {
 528        case ODEBUG_STATE_NONE:
 529        case ODEBUG_STATE_INIT:
 530        case ODEBUG_STATE_INACTIVE:
 531                obj->state = ODEBUG_STATE_DESTROYED;
 532                break;
 533        case ODEBUG_STATE_ACTIVE:
 534                debug_print_object(obj, "destroy");
 535                state = obj->state;
 536                raw_spin_unlock_irqrestore(&db->lock, flags);
 537                debug_object_fixup(descr->fixup_destroy, addr, state);
 538                return;
 539
 540        case ODEBUG_STATE_DESTROYED:
 541                debug_print_object(obj, "destroy");
 542                break;
 543        default:
 544                break;
 545        }
 546out_unlock:
 547        raw_spin_unlock_irqrestore(&db->lock, flags);
 548}
 549EXPORT_SYMBOL_GPL(debug_object_destroy);
 550
 551/**
 552 * debug_object_free - debug checks when an object is freed
 553 * @addr:       address of the object
 554 * @descr:      pointer to an object specific debug description structure
 555 */
 556void debug_object_free(void *addr, struct debug_obj_descr *descr)
 557{
 558        enum debug_obj_state state;
 559        struct debug_bucket *db;
 560        struct debug_obj *obj;
 561        unsigned long flags;
 562
 563        if (!debug_objects_enabled)
 564                return;
 565
 566        db = get_bucket((unsigned long) addr);
 567
 568        raw_spin_lock_irqsave(&db->lock, flags);
 569
 570        obj = lookup_object(addr, db);
 571        if (!obj)
 572                goto out_unlock;
 573
 574        switch (obj->state) {
 575        case ODEBUG_STATE_ACTIVE:
 576                debug_print_object(obj, "free");
 577                state = obj->state;
 578                raw_spin_unlock_irqrestore(&db->lock, flags);
 579                debug_object_fixup(descr->fixup_free, addr, state);
 580                return;
 581        default:
 582                hlist_del(&obj->node);
 583                raw_spin_unlock_irqrestore(&db->lock, flags);
 584                free_object(obj);
 585                return;
 586        }
 587out_unlock:
 588        raw_spin_unlock_irqrestore(&db->lock, flags);
 589}
 590EXPORT_SYMBOL_GPL(debug_object_free);
 591
 592/**
 593 * debug_object_assert_init - debug checks when object should be init-ed
 594 * @addr:       address of the object
 595 * @descr:      pointer to an object specific debug description structure
 596 */
 597void debug_object_assert_init(void *addr, struct debug_obj_descr *descr)
 598{
 599        struct debug_bucket *db;
 600        struct debug_obj *obj;
 601        unsigned long flags;
 602
 603        if (!debug_objects_enabled)
 604                return;
 605
 606        db = get_bucket((unsigned long) addr);
 607
 608        raw_spin_lock_irqsave(&db->lock, flags);
 609
 610        obj = lookup_object(addr, db);
 611        if (!obj) {
 612                struct debug_obj o = { .object = addr,
 613                                       .state = ODEBUG_STATE_NOTAVAILABLE,
 614                                       .descr = descr };
 615
 616                raw_spin_unlock_irqrestore(&db->lock, flags);
 617                /*
 618                 * Maybe the object is static, and we let the type specific
 619                 * code confirm. Track this static object if true, else invoke
 620                 * fixup.
 621                 */
 622                if (descr->is_static_object && descr->is_static_object(addr)) {
 623                        /* Track this static object */
 624                        debug_object_init(addr, descr);
 625                } else {
 626                        debug_print_object(&o, "assert_init");
 627                        debug_object_fixup(descr->fixup_assert_init, addr,
 628                                           ODEBUG_STATE_NOTAVAILABLE);
 629                }
 630                return;
 631        }
 632
 633        raw_spin_unlock_irqrestore(&db->lock, flags);
 634}
 635EXPORT_SYMBOL_GPL(debug_object_assert_init);
 636
 637/**
 638 * debug_object_active_state - debug checks object usage state machine
 639 * @addr:       address of the object
 640 * @descr:      pointer to an object specific debug description structure
 641 * @expect:     expected state
 642 * @next:       state to move to if expected state is found
 643 */
 644void
 645debug_object_active_state(void *addr, struct debug_obj_descr *descr,
 646                          unsigned int expect, unsigned int next)
 647{
 648        struct debug_bucket *db;
 649        struct debug_obj *obj;
 650        unsigned long flags;
 651
 652        if (!debug_objects_enabled)
 653                return;
 654
 655        db = get_bucket((unsigned long) addr);
 656
 657        raw_spin_lock_irqsave(&db->lock, flags);
 658
 659        obj = lookup_object(addr, db);
 660        if (obj) {
 661                switch (obj->state) {
 662                case ODEBUG_STATE_ACTIVE:
 663                        if (obj->astate == expect)
 664                                obj->astate = next;
 665                        else
 666                                debug_print_object(obj, "active_state");
 667                        break;
 668
 669                default:
 670                        debug_print_object(obj, "active_state");
 671                        break;
 672                }
 673        } else {
 674                struct debug_obj o = { .object = addr,
 675                                       .state = ODEBUG_STATE_NOTAVAILABLE,
 676                                       .descr = descr };
 677
 678                debug_print_object(&o, "active_state");
 679        }
 680
 681        raw_spin_unlock_irqrestore(&db->lock, flags);
 682}
 683EXPORT_SYMBOL_GPL(debug_object_active_state);
 684
 685#ifdef CONFIG_DEBUG_OBJECTS_FREE
 686static void __debug_check_no_obj_freed(const void *address, unsigned long size)
 687{
 688        unsigned long flags, oaddr, saddr, eaddr, paddr, chunks;
 689        struct hlist_node *tmp;
 690        HLIST_HEAD(freelist);
 691        struct debug_obj_descr *descr;
 692        enum debug_obj_state state;
 693        struct debug_bucket *db;
 694        struct debug_obj *obj;
 695        int cnt;
 696
 697        saddr = (unsigned long) address;
 698        eaddr = saddr + size;
 699        paddr = saddr & ODEBUG_CHUNK_MASK;
 700        chunks = ((eaddr - paddr) + (ODEBUG_CHUNK_SIZE - 1));
 701        chunks >>= ODEBUG_CHUNK_SHIFT;
 702
 703        for (;chunks > 0; chunks--, paddr += ODEBUG_CHUNK_SIZE) {
 704                db = get_bucket(paddr);
 705
 706repeat:
 707                cnt = 0;
 708                raw_spin_lock_irqsave(&db->lock, flags);
 709                hlist_for_each_entry_safe(obj, tmp, &db->list, node) {
 710                        cnt++;
 711                        oaddr = (unsigned long) obj->object;
 712                        if (oaddr < saddr || oaddr >= eaddr)
 713                                continue;
 714
 715                        switch (obj->state) {
 716                        case ODEBUG_STATE_ACTIVE:
 717                                debug_print_object(obj, "free");
 718                                descr = obj->descr;
 719                                state = obj->state;
 720                                raw_spin_unlock_irqrestore(&db->lock, flags);
 721                                debug_object_fixup(descr->fixup_free,
 722                                                   (void *) oaddr, state);
 723                                goto repeat;
 724                        default:
 725                                hlist_del(&obj->node);
 726                                hlist_add_head(&obj->node, &freelist);
 727                                break;
 728                        }
 729                }
 730                raw_spin_unlock_irqrestore(&db->lock, flags);
 731
 732                /* Now free them */
 733                hlist_for_each_entry_safe(obj, tmp, &freelist, node) {
 734                        hlist_del(&obj->node);
 735                        free_object(obj);
 736                }
 737
 738                if (cnt > debug_objects_maxchain)
 739                        debug_objects_maxchain = cnt;
 740        }
 741}
 742
 743void debug_check_no_obj_freed(const void *address, unsigned long size)
 744{
 745        if (debug_objects_enabled)
 746                __debug_check_no_obj_freed(address, size);
 747}
 748#endif
 749
 750#ifdef CONFIG_DEBUG_FS
 751
 752static int debug_stats_show(struct seq_file *m, void *v)
 753{
 754        seq_printf(m, "max_chain     :%d\n", debug_objects_maxchain);
 755        seq_printf(m, "warnings      :%d\n", debug_objects_warnings);
 756        seq_printf(m, "fixups        :%d\n", debug_objects_fixups);
 757        seq_printf(m, "pool_free     :%d\n", obj_pool_free);
 758        seq_printf(m, "pool_min_free :%d\n", obj_pool_min_free);
 759        seq_printf(m, "pool_used     :%d\n", obj_pool_used);
 760        seq_printf(m, "pool_max_used :%d\n", obj_pool_max_used);
 761        return 0;
 762}
 763
 764static int debug_stats_open(struct inode *inode, struct file *filp)
 765{
 766        return single_open(filp, debug_stats_show, NULL);
 767}
 768
 769static const struct file_operations debug_stats_fops = {
 770        .open           = debug_stats_open,
 771        .read           = seq_read,
 772        .llseek         = seq_lseek,
 773        .release        = single_release,
 774};
 775
 776static int __init debug_objects_init_debugfs(void)
 777{
 778        struct dentry *dbgdir, *dbgstats;
 779
 780        if (!debug_objects_enabled)
 781                return 0;
 782
 783        dbgdir = debugfs_create_dir("debug_objects", NULL);
 784        if (!dbgdir)
 785                return -ENOMEM;
 786
 787        dbgstats = debugfs_create_file("stats", 0444, dbgdir, NULL,
 788                                       &debug_stats_fops);
 789        if (!dbgstats)
 790                goto err;
 791
 792        return 0;
 793
 794err:
 795        debugfs_remove(dbgdir);
 796
 797        return -ENOMEM;
 798}
 799__initcall(debug_objects_init_debugfs);
 800
 801#else
 802static inline void debug_objects_init_debugfs(void) { }
 803#endif
 804
 805#ifdef CONFIG_DEBUG_OBJECTS_SELFTEST
 806
 807/* Random data structure for the self test */
 808struct self_test {
 809        unsigned long   dummy1[6];
 810        int             static_init;
 811        unsigned long   dummy2[3];
 812};
 813
 814static __initdata struct debug_obj_descr descr_type_test;
 815
 816static bool __init is_static_object(void *addr)
 817{
 818        struct self_test *obj = addr;
 819
 820        return obj->static_init;
 821}
 822
 823/*
 824 * fixup_init is called when:
 825 * - an active object is initialized
 826 */
 827static bool __init fixup_init(void *addr, enum debug_obj_state state)
 828{
 829        struct self_test *obj = addr;
 830
 831        switch (state) {
 832        case ODEBUG_STATE_ACTIVE:
 833                debug_object_deactivate(obj, &descr_type_test);
 834                debug_object_init(obj, &descr_type_test);
 835                return true;
 836        default:
 837                return false;
 838        }
 839}
 840
 841/*
 842 * fixup_activate is called when:
 843 * - an active object is activated
 844 * - an unknown non-static object is activated
 845 */
 846static bool __init fixup_activate(void *addr, enum debug_obj_state state)
 847{
 848        struct self_test *obj = addr;
 849
 850        switch (state) {
 851        case ODEBUG_STATE_NOTAVAILABLE:
 852                return true;
 853        case ODEBUG_STATE_ACTIVE:
 854                debug_object_deactivate(obj, &descr_type_test);
 855                debug_object_activate(obj, &descr_type_test);
 856                return true;
 857
 858        default:
 859                return false;
 860        }
 861}
 862
 863/*
 864 * fixup_destroy is called when:
 865 * - an active object is destroyed
 866 */
 867static bool __init fixup_destroy(void *addr, enum debug_obj_state state)
 868{
 869        struct self_test *obj = addr;
 870
 871        switch (state) {
 872        case ODEBUG_STATE_ACTIVE:
 873                debug_object_deactivate(obj, &descr_type_test);
 874                debug_object_destroy(obj, &descr_type_test);
 875                return true;
 876        default:
 877                return false;
 878        }
 879}
 880
 881/*
 882 * fixup_free is called when:
 883 * - an active object is freed
 884 */
 885static bool __init fixup_free(void *addr, enum debug_obj_state state)
 886{
 887        struct self_test *obj = addr;
 888
 889        switch (state) {
 890        case ODEBUG_STATE_ACTIVE:
 891                debug_object_deactivate(obj, &descr_type_test);
 892                debug_object_free(obj, &descr_type_test);
 893                return true;
 894        default:
 895                return false;
 896        }
 897}
 898
 899static int __init
 900check_results(void *addr, enum debug_obj_state state, int fixups, int warnings)
 901{
 902        struct debug_bucket *db;
 903        struct debug_obj *obj;
 904        unsigned long flags;
 905        int res = -EINVAL;
 906
 907        db = get_bucket((unsigned long) addr);
 908
 909        raw_spin_lock_irqsave(&db->lock, flags);
 910
 911        obj = lookup_object(addr, db);
 912        if (!obj && state != ODEBUG_STATE_NONE) {
 913                WARN(1, KERN_ERR "ODEBUG: selftest object not found\n");
 914                goto out;
 915        }
 916        if (obj && obj->state != state) {
 917                WARN(1, KERN_ERR "ODEBUG: selftest wrong state: %d != %d\n",
 918                       obj->state, state);
 919                goto out;
 920        }
 921        if (fixups != debug_objects_fixups) {
 922                WARN(1, KERN_ERR "ODEBUG: selftest fixups failed %d != %d\n",
 923                       fixups, debug_objects_fixups);
 924                goto out;
 925        }
 926        if (warnings != debug_objects_warnings) {
 927                WARN(1, KERN_ERR "ODEBUG: selftest warnings failed %d != %d\n",
 928                       warnings, debug_objects_warnings);
 929                goto out;
 930        }
 931        res = 0;
 932out:
 933        raw_spin_unlock_irqrestore(&db->lock, flags);
 934        if (res)
 935                debug_objects_enabled = 0;
 936        return res;
 937}
 938
 939static __initdata struct debug_obj_descr descr_type_test = {
 940        .name                   = "selftest",
 941        .is_static_object       = is_static_object,
 942        .fixup_init             = fixup_init,
 943        .fixup_activate         = fixup_activate,
 944        .fixup_destroy          = fixup_destroy,
 945        .fixup_free             = fixup_free,
 946};
 947
 948static __initdata struct self_test obj = { .static_init = 0 };
 949
 950static void __init debug_objects_selftest(void)
 951{
 952        int fixups, oldfixups, warnings, oldwarnings;
 953        unsigned long flags;
 954
 955        local_irq_save(flags);
 956
 957        fixups = oldfixups = debug_objects_fixups;
 958        warnings = oldwarnings = debug_objects_warnings;
 959        descr_test = &descr_type_test;
 960
 961        debug_object_init(&obj, &descr_type_test);
 962        if (check_results(&obj, ODEBUG_STATE_INIT, fixups, warnings))
 963                goto out;
 964        debug_object_activate(&obj, &descr_type_test);
 965        if (check_results(&obj, ODEBUG_STATE_ACTIVE, fixups, warnings))
 966                goto out;
 967        debug_object_activate(&obj, &descr_type_test);
 968        if (check_results(&obj, ODEBUG_STATE_ACTIVE, ++fixups, ++warnings))
 969                goto out;
 970        debug_object_deactivate(&obj, &descr_type_test);
 971        if (check_results(&obj, ODEBUG_STATE_INACTIVE, fixups, warnings))
 972                goto out;
 973        debug_object_destroy(&obj, &descr_type_test);
 974        if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, warnings))
 975                goto out;
 976        debug_object_init(&obj, &descr_type_test);
 977        if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, ++warnings))
 978                goto out;
 979        debug_object_activate(&obj, &descr_type_test);
 980        if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, ++warnings))
 981                goto out;
 982        debug_object_deactivate(&obj, &descr_type_test);
 983        if (check_results(&obj, ODEBUG_STATE_DESTROYED, fixups, ++warnings))
 984                goto out;
 985        debug_object_free(&obj, &descr_type_test);
 986        if (check_results(&obj, ODEBUG_STATE_NONE, fixups, warnings))
 987                goto out;
 988
 989        obj.static_init = 1;
 990        debug_object_activate(&obj, &descr_type_test);
 991        if (check_results(&obj, ODEBUG_STATE_ACTIVE, fixups, warnings))
 992                goto out;
 993        debug_object_init(&obj, &descr_type_test);
 994        if (check_results(&obj, ODEBUG_STATE_INIT, ++fixups, ++warnings))
 995                goto out;
 996        debug_object_free(&obj, &descr_type_test);
 997        if (check_results(&obj, ODEBUG_STATE_NONE, fixups, warnings))
 998                goto out;
 999
1000#ifdef CONFIG_DEBUG_OBJECTS_FREE
1001        debug_object_init(&obj, &descr_type_test);
1002        if (check_results(&obj, ODEBUG_STATE_INIT, fixups, warnings))
1003                goto out;
1004        debug_object_activate(&obj, &descr_type_test);
1005        if (check_results(&obj, ODEBUG_STATE_ACTIVE, fixups, warnings))
1006                goto out;
1007        __debug_check_no_obj_freed(&obj, sizeof(obj));
1008        if (check_results(&obj, ODEBUG_STATE_NONE, ++fixups, ++warnings))
1009                goto out;
1010#endif
1011        pr_info("selftest passed\n");
1012
1013out:
1014        debug_objects_fixups = oldfixups;
1015        debug_objects_warnings = oldwarnings;
1016        descr_test = NULL;
1017
1018        local_irq_restore(flags);
1019}
1020#else
1021static inline void debug_objects_selftest(void) { }
1022#endif
1023
1024/*
1025 * Called during early boot to initialize the hash buckets and link
1026 * the static object pool objects into the poll list. After this call
1027 * the object tracker is fully operational.
1028 */
1029void __init debug_objects_early_init(void)
1030{
1031        int i;
1032
1033        for (i = 0; i < ODEBUG_HASH_SIZE; i++)
1034                raw_spin_lock_init(&obj_hash[i].lock);
1035
1036        for (i = 0; i < ODEBUG_POOL_SIZE; i++)
1037                hlist_add_head(&obj_static_pool[i].node, &obj_pool);
1038}
1039
1040/*
1041 * Convert the statically allocated objects to dynamic ones:
1042 */
1043static int __init debug_objects_replace_static_objects(void)
1044{
1045        struct debug_bucket *db = obj_hash;
1046        struct hlist_node *tmp;
1047        struct debug_obj *obj, *new;
1048        HLIST_HEAD(objects);
1049        int i, cnt = 0;
1050
1051        for (i = 0; i < ODEBUG_POOL_SIZE; i++) {
1052                obj = kmem_cache_zalloc(obj_cache, GFP_KERNEL);
1053                if (!obj)
1054                        goto free;
1055                hlist_add_head(&obj->node, &objects);
1056        }
1057
1058        /*
1059         * When debug_objects_mem_init() is called we know that only
1060         * one CPU is up, so disabling interrupts is enough
1061         * protection. This avoids the lockdep hell of lock ordering.
1062         */
1063        local_irq_disable();
1064
1065        /* Remove the statically allocated objects from the pool */
1066        hlist_for_each_entry_safe(obj, tmp, &obj_pool, node)
1067                hlist_del(&obj->node);
1068        /* Move the allocated objects to the pool */
1069        hlist_move_list(&objects, &obj_pool);
1070
1071        /* Replace the active object references */
1072        for (i = 0; i < ODEBUG_HASH_SIZE; i++, db++) {
1073                hlist_move_list(&db->list, &objects);
1074
1075                hlist_for_each_entry(obj, &objects, node) {
1076                        new = hlist_entry(obj_pool.first, typeof(*obj), node);
1077                        hlist_del(&new->node);
1078                        /* copy object data */
1079                        *new = *obj;
1080                        hlist_add_head(&new->node, &db->list);
1081                        cnt++;
1082                }
1083        }
1084        local_irq_enable();
1085
1086        pr_debug("%d of %d active objects replaced\n",
1087                 cnt, obj_pool_used);
1088        return 0;
1089free:
1090        hlist_for_each_entry_safe(obj, tmp, &objects, node) {
1091                hlist_del(&obj->node);
1092                kmem_cache_free(obj_cache, obj);
1093        }
1094        return -ENOMEM;
1095}
1096
1097/*
1098 * Called after the kmem_caches are functional to setup a dedicated
1099 * cache pool, which has the SLAB_DEBUG_OBJECTS flag set. This flag
1100 * prevents that the debug code is called on kmem_cache_free() for the
1101 * debug tracker objects to avoid recursive calls.
1102 */
1103void __init debug_objects_mem_init(void)
1104{
1105        if (!debug_objects_enabled)
1106                return;
1107
1108        obj_cache = kmem_cache_create("debug_objects_cache",
1109                                      sizeof (struct debug_obj), 0,
1110                                      SLAB_DEBUG_OBJECTS, NULL);
1111
1112        if (!obj_cache || debug_objects_replace_static_objects()) {
1113                debug_objects_enabled = 0;
1114                if (obj_cache)
1115                        kmem_cache_destroy(obj_cache);
1116                pr_warn("out of memory.\n");
1117        } else
1118                debug_objects_selftest();
1119}
1120