13c7b4e6bSCatalin Marinas /* 23c7b4e6bSCatalin Marinas * mm/kmemleak.c 33c7b4e6bSCatalin Marinas * 43c7b4e6bSCatalin Marinas * Copyright (C) 2008 ARM Limited 53c7b4e6bSCatalin Marinas * Written by Catalin Marinas <catalin.marinas@arm.com> 63c7b4e6bSCatalin Marinas * 73c7b4e6bSCatalin Marinas * This program is free software; you can redistribute it and/or modify 83c7b4e6bSCatalin Marinas * it under the terms of the GNU General Public License version 2 as 93c7b4e6bSCatalin Marinas * published by the Free Software Foundation. 103c7b4e6bSCatalin Marinas * 113c7b4e6bSCatalin Marinas * This program is distributed in the hope that it will be useful, 123c7b4e6bSCatalin Marinas * but WITHOUT ANY WARRANTY; without even the implied warranty of 133c7b4e6bSCatalin Marinas * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 143c7b4e6bSCatalin Marinas * GNU General Public License for more details. 153c7b4e6bSCatalin Marinas * 163c7b4e6bSCatalin Marinas * You should have received a copy of the GNU General Public License 173c7b4e6bSCatalin Marinas * along with this program; if not, write to the Free Software 183c7b4e6bSCatalin Marinas * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 193c7b4e6bSCatalin Marinas * 203c7b4e6bSCatalin Marinas * 213c7b4e6bSCatalin Marinas * For more information on the algorithm and kmemleak usage, please see 223c7b4e6bSCatalin Marinas * Documentation/kmemleak.txt. 233c7b4e6bSCatalin Marinas * 243c7b4e6bSCatalin Marinas * Notes on locking 253c7b4e6bSCatalin Marinas * ---------------- 263c7b4e6bSCatalin Marinas * 273c7b4e6bSCatalin Marinas * The following locks and mutexes are used by kmemleak: 283c7b4e6bSCatalin Marinas * 293c7b4e6bSCatalin Marinas * - kmemleak_lock (rwlock): protects the object_list modifications and 303c7b4e6bSCatalin Marinas * accesses to the object_tree_root. The object_list is the main list 313c7b4e6bSCatalin Marinas * holding the metadata (struct kmemleak_object) for the allocated memory 3285d3a316SMichel Lespinasse * blocks. The object_tree_root is a red black tree used to look-up 333c7b4e6bSCatalin Marinas * metadata based on a pointer to the corresponding memory block. The 343c7b4e6bSCatalin Marinas * kmemleak_object structures are added to the object_list and 353c7b4e6bSCatalin Marinas * object_tree_root in the create_object() function called from the 363c7b4e6bSCatalin Marinas * kmemleak_alloc() callback and removed in delete_object() called from the 373c7b4e6bSCatalin Marinas * kmemleak_free() callback 383c7b4e6bSCatalin Marinas * - kmemleak_object.lock (spinlock): protects a kmemleak_object. Accesses to 393c7b4e6bSCatalin Marinas * the metadata (e.g. count) are protected by this lock. Note that some 403c7b4e6bSCatalin Marinas * members of this structure may be protected by other means (atomic or 413c7b4e6bSCatalin Marinas * kmemleak_lock). This lock is also held when scanning the corresponding 423c7b4e6bSCatalin Marinas * memory block to avoid the kernel freeing it via the kmemleak_free() 433c7b4e6bSCatalin Marinas * callback. This is less heavyweight than holding a global lock like 443c7b4e6bSCatalin Marinas * kmemleak_lock during scanning 453c7b4e6bSCatalin Marinas * - scan_mutex (mutex): ensures that only one thread may scan the memory for 463c7b4e6bSCatalin Marinas * unreferenced objects at a time. The gray_list contains the objects which 473c7b4e6bSCatalin Marinas * are already referenced or marked as false positives and need to be 483c7b4e6bSCatalin Marinas * scanned. This list is only modified during a scanning episode when the 493c7b4e6bSCatalin Marinas * scan_mutex is held. At the end of a scan, the gray_list is always empty. 503c7b4e6bSCatalin Marinas * Note that the kmemleak_object.use_count is incremented when an object is 514698c1f2SCatalin Marinas * added to the gray_list and therefore cannot be freed. This mutex also 524698c1f2SCatalin Marinas * prevents multiple users of the "kmemleak" debugfs file together with 534698c1f2SCatalin Marinas * modifications to the memory scanning parameters including the scan_thread 544698c1f2SCatalin Marinas * pointer 553c7b4e6bSCatalin Marinas * 5693ada579SCatalin Marinas * Locks and mutexes are acquired/nested in the following order: 579d5a4c73SCatalin Marinas * 5893ada579SCatalin Marinas * scan_mutex [-> object->lock] -> kmemleak_lock -> other_object->lock (SINGLE_DEPTH_NESTING) 5993ada579SCatalin Marinas * 6093ada579SCatalin Marinas * No kmemleak_lock and object->lock nesting is allowed outside scan_mutex 6193ada579SCatalin Marinas * regions. 629d5a4c73SCatalin Marinas * 633c7b4e6bSCatalin Marinas * The kmemleak_object structures have a use_count incremented or decremented 643c7b4e6bSCatalin Marinas * using the get_object()/put_object() functions. When the use_count becomes 653c7b4e6bSCatalin Marinas * 0, this count can no longer be incremented and put_object() schedules the 663c7b4e6bSCatalin Marinas * kmemleak_object freeing via an RCU callback. All calls to the get_object() 673c7b4e6bSCatalin Marinas * function must be protected by rcu_read_lock() to avoid accessing a freed 683c7b4e6bSCatalin Marinas * structure. 693c7b4e6bSCatalin Marinas */ 703c7b4e6bSCatalin Marinas 71ae281064SJoe Perches #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 72ae281064SJoe Perches 733c7b4e6bSCatalin Marinas #include <linux/init.h> 743c7b4e6bSCatalin Marinas #include <linux/kernel.h> 753c7b4e6bSCatalin Marinas #include <linux/list.h> 763c7b4e6bSCatalin Marinas #include <linux/sched.h> 773c7b4e6bSCatalin Marinas #include <linux/jiffies.h> 783c7b4e6bSCatalin Marinas #include <linux/delay.h> 79b95f1b31SPaul Gortmaker #include <linux/export.h> 803c7b4e6bSCatalin Marinas #include <linux/kthread.h> 8185d3a316SMichel Lespinasse #include <linux/rbtree.h> 823c7b4e6bSCatalin Marinas #include <linux/fs.h> 833c7b4e6bSCatalin Marinas #include <linux/debugfs.h> 843c7b4e6bSCatalin Marinas #include <linux/seq_file.h> 853c7b4e6bSCatalin Marinas #include <linux/cpumask.h> 863c7b4e6bSCatalin Marinas #include <linux/spinlock.h> 873c7b4e6bSCatalin Marinas #include <linux/mutex.h> 883c7b4e6bSCatalin Marinas #include <linux/rcupdate.h> 893c7b4e6bSCatalin Marinas #include <linux/stacktrace.h> 903c7b4e6bSCatalin Marinas #include <linux/cache.h> 913c7b4e6bSCatalin Marinas #include <linux/percpu.h> 923c7b4e6bSCatalin Marinas #include <linux/hardirq.h> 933c7b4e6bSCatalin Marinas #include <linux/mmzone.h> 943c7b4e6bSCatalin Marinas #include <linux/slab.h> 953c7b4e6bSCatalin Marinas #include <linux/thread_info.h> 963c7b4e6bSCatalin Marinas #include <linux/err.h> 973c7b4e6bSCatalin Marinas #include <linux/uaccess.h> 983c7b4e6bSCatalin Marinas #include <linux/string.h> 993c7b4e6bSCatalin Marinas #include <linux/nodemask.h> 1003c7b4e6bSCatalin Marinas #include <linux/mm.h> 101179a8100SCatalin Marinas #include <linux/workqueue.h> 10204609cccSCatalin Marinas #include <linux/crc32.h> 1033c7b4e6bSCatalin Marinas 1043c7b4e6bSCatalin Marinas #include <asm/sections.h> 1053c7b4e6bSCatalin Marinas #include <asm/processor.h> 10660063497SArun Sharma #include <linux/atomic.h> 1073c7b4e6bSCatalin Marinas 108e79ed2f1SAndrey Ryabinin #include <linux/kasan.h> 1098e019366SPekka Enberg #include <linux/kmemcheck.h> 1103c7b4e6bSCatalin Marinas #include <linux/kmemleak.h> 111029aeff5SLaura Abbott #include <linux/memory_hotplug.h> 1123c7b4e6bSCatalin Marinas 1133c7b4e6bSCatalin Marinas /* 1143c7b4e6bSCatalin Marinas * Kmemleak configuration and common defines. 1153c7b4e6bSCatalin Marinas */ 1163c7b4e6bSCatalin Marinas #define MAX_TRACE 16 /* stack trace length */ 1173c7b4e6bSCatalin Marinas #define MSECS_MIN_AGE 5000 /* minimum object age for reporting */ 1183c7b4e6bSCatalin Marinas #define SECS_FIRST_SCAN 60 /* delay before the first scan */ 1193c7b4e6bSCatalin Marinas #define SECS_SCAN_WAIT 600 /* subsequent auto scanning delay */ 120af98603dSCatalin Marinas #define MAX_SCAN_SIZE 4096 /* maximum size of a scanned block */ 1213c7b4e6bSCatalin Marinas 1223c7b4e6bSCatalin Marinas #define BYTES_PER_POINTER sizeof(void *) 1233c7b4e6bSCatalin Marinas 124216c04b0SCatalin Marinas /* GFP bitmask for kmemleak internal allocations */ 1258f4fc071SVladimir Davydov #define gfp_kmemleak_mask(gfp) (((gfp) & (GFP_KERNEL | GFP_ATOMIC | \ 1268f4fc071SVladimir Davydov __GFP_NOACCOUNT)) | \ 1276ae4bd1fSCatalin Marinas __GFP_NORETRY | __GFP_NOMEMALLOC | \ 1286ae4bd1fSCatalin Marinas __GFP_NOWARN) 129216c04b0SCatalin Marinas 1303c7b4e6bSCatalin Marinas /* scanning area inside a memory block */ 1313c7b4e6bSCatalin Marinas struct kmemleak_scan_area { 1323c7b4e6bSCatalin Marinas struct hlist_node node; 133c017b4beSCatalin Marinas unsigned long start; 134c017b4beSCatalin Marinas size_t size; 1353c7b4e6bSCatalin Marinas }; 1363c7b4e6bSCatalin Marinas 137a1084c87SLuis R. Rodriguez #define KMEMLEAK_GREY 0 138a1084c87SLuis R. Rodriguez #define KMEMLEAK_BLACK -1 139a1084c87SLuis R. Rodriguez 1403c7b4e6bSCatalin Marinas /* 1413c7b4e6bSCatalin Marinas * Structure holding the metadata for each allocated memory block. 1423c7b4e6bSCatalin Marinas * Modifications to such objects should be made while holding the 1433c7b4e6bSCatalin Marinas * object->lock. Insertions or deletions from object_list, gray_list or 14485d3a316SMichel Lespinasse * rb_node are already protected by the corresponding locks or mutex (see 1453c7b4e6bSCatalin Marinas * the notes on locking above). These objects are reference-counted 1463c7b4e6bSCatalin Marinas * (use_count) and freed using the RCU mechanism. 1473c7b4e6bSCatalin Marinas */ 1483c7b4e6bSCatalin Marinas struct kmemleak_object { 1493c7b4e6bSCatalin Marinas spinlock_t lock; 1503c7b4e6bSCatalin Marinas unsigned long flags; /* object status flags */ 1513c7b4e6bSCatalin Marinas struct list_head object_list; 1523c7b4e6bSCatalin Marinas struct list_head gray_list; 15385d3a316SMichel Lespinasse struct rb_node rb_node; 1543c7b4e6bSCatalin Marinas struct rcu_head rcu; /* object_list lockless traversal */ 1553c7b4e6bSCatalin Marinas /* object usage count; object freed when use_count == 0 */ 1563c7b4e6bSCatalin Marinas atomic_t use_count; 1573c7b4e6bSCatalin Marinas unsigned long pointer; 1583c7b4e6bSCatalin Marinas size_t size; 1593c7b4e6bSCatalin Marinas /* minimum number of a pointers found before it is considered leak */ 1603c7b4e6bSCatalin Marinas int min_count; 1613c7b4e6bSCatalin Marinas /* the total number of pointers found pointing to this object */ 1623c7b4e6bSCatalin Marinas int count; 16304609cccSCatalin Marinas /* checksum for detecting modified objects */ 16404609cccSCatalin Marinas u32 checksum; 1653c7b4e6bSCatalin Marinas /* memory ranges to be scanned inside an object (empty for all) */ 1663c7b4e6bSCatalin Marinas struct hlist_head area_list; 1673c7b4e6bSCatalin Marinas unsigned long trace[MAX_TRACE]; 1683c7b4e6bSCatalin Marinas unsigned int trace_len; 1693c7b4e6bSCatalin Marinas unsigned long jiffies; /* creation timestamp */ 1703c7b4e6bSCatalin Marinas pid_t pid; /* pid of the current task */ 1713c7b4e6bSCatalin Marinas char comm[TASK_COMM_LEN]; /* executable name */ 1723c7b4e6bSCatalin Marinas }; 1733c7b4e6bSCatalin Marinas 1743c7b4e6bSCatalin Marinas /* flag representing the memory block allocation status */ 1753c7b4e6bSCatalin Marinas #define OBJECT_ALLOCATED (1 << 0) 1763c7b4e6bSCatalin Marinas /* flag set after the first reporting of an unreference object */ 1773c7b4e6bSCatalin Marinas #define OBJECT_REPORTED (1 << 1) 1783c7b4e6bSCatalin Marinas /* flag set to not scan the object */ 1793c7b4e6bSCatalin Marinas #define OBJECT_NO_SCAN (1 << 2) 1803c7b4e6bSCatalin Marinas 1810494e082SSergey Senozhatsky /* number of bytes to print per line; must be 16 or 32 */ 1820494e082SSergey Senozhatsky #define HEX_ROW_SIZE 16 1830494e082SSergey Senozhatsky /* number of bytes to print at a time (1, 2, 4, 8) */ 1840494e082SSergey Senozhatsky #define HEX_GROUP_SIZE 1 1850494e082SSergey Senozhatsky /* include ASCII after the hex output */ 1860494e082SSergey Senozhatsky #define HEX_ASCII 1 1870494e082SSergey Senozhatsky /* max number of lines to be printed */ 1880494e082SSergey Senozhatsky #define HEX_MAX_LINES 2 1890494e082SSergey Senozhatsky 1903c7b4e6bSCatalin Marinas /* the list of all allocated objects */ 1913c7b4e6bSCatalin Marinas static LIST_HEAD(object_list); 1923c7b4e6bSCatalin Marinas /* the list of gray-colored objects (see color_gray comment below) */ 1933c7b4e6bSCatalin Marinas static LIST_HEAD(gray_list); 19485d3a316SMichel Lespinasse /* search tree for object boundaries */ 19585d3a316SMichel Lespinasse static struct rb_root object_tree_root = RB_ROOT; 19685d3a316SMichel Lespinasse /* rw_lock protecting the access to object_list and object_tree_root */ 1973c7b4e6bSCatalin Marinas static DEFINE_RWLOCK(kmemleak_lock); 1983c7b4e6bSCatalin Marinas 1993c7b4e6bSCatalin Marinas /* allocation caches for kmemleak internal data */ 2003c7b4e6bSCatalin Marinas static struct kmem_cache *object_cache; 2013c7b4e6bSCatalin Marinas static struct kmem_cache *scan_area_cache; 2023c7b4e6bSCatalin Marinas 2033c7b4e6bSCatalin Marinas /* set if tracing memory operations is enabled */ 2048910ae89SLi Zefan static int kmemleak_enabled; 205c5f3b1a5SCatalin Marinas /* same as above but only for the kmemleak_free() callback */ 206c5f3b1a5SCatalin Marinas static int kmemleak_free_enabled; 2073c7b4e6bSCatalin Marinas /* set in the late_initcall if there were no errors */ 2088910ae89SLi Zefan static int kmemleak_initialized; 2093c7b4e6bSCatalin Marinas /* enables or disables early logging of the memory operations */ 2108910ae89SLi Zefan static int kmemleak_early_log = 1; 2115f79020cSCatalin Marinas /* set if a kmemleak warning was issued */ 2128910ae89SLi Zefan static int kmemleak_warning; 2135f79020cSCatalin Marinas /* set if a fatal kmemleak error has occurred */ 2148910ae89SLi Zefan static int kmemleak_error; 2153c7b4e6bSCatalin Marinas 2163c7b4e6bSCatalin Marinas /* minimum and maximum address that may be valid pointers */ 2173c7b4e6bSCatalin Marinas static unsigned long min_addr = ULONG_MAX; 2183c7b4e6bSCatalin Marinas static unsigned long max_addr; 2193c7b4e6bSCatalin Marinas 2203c7b4e6bSCatalin Marinas static struct task_struct *scan_thread; 221acf4968eSCatalin Marinas /* used to avoid reporting of recently allocated objects */ 2223c7b4e6bSCatalin Marinas static unsigned long jiffies_min_age; 223acf4968eSCatalin Marinas static unsigned long jiffies_last_scan; 2243c7b4e6bSCatalin Marinas /* delay between automatic memory scannings */ 2253c7b4e6bSCatalin Marinas static signed long jiffies_scan_wait; 2263c7b4e6bSCatalin Marinas /* enables or disables the task stacks scanning */ 227e0a2a160SCatalin Marinas static int kmemleak_stack_scan = 1; 2284698c1f2SCatalin Marinas /* protects the memory scanning, parameters and debug/kmemleak file access */ 2293c7b4e6bSCatalin Marinas static DEFINE_MUTEX(scan_mutex); 230ab0155a2SJason Baron /* setting kmemleak=on, will set this var, skipping the disable */ 231ab0155a2SJason Baron static int kmemleak_skip_disable; 232dc9b3f42SLi Zefan /* If there are leaks that can be reported */ 233dc9b3f42SLi Zefan static bool kmemleak_found_leaks; 2343c7b4e6bSCatalin Marinas 2353c7b4e6bSCatalin Marinas /* 2362030117dSCatalin Marinas * Early object allocation/freeing logging. Kmemleak is initialized after the 2373c7b4e6bSCatalin Marinas * kernel allocator. However, both the kernel allocator and kmemleak may 2382030117dSCatalin Marinas * allocate memory blocks which need to be tracked. Kmemleak defines an 2393c7b4e6bSCatalin Marinas * arbitrary buffer to hold the allocation/freeing information before it is 2403c7b4e6bSCatalin Marinas * fully initialized. 2413c7b4e6bSCatalin Marinas */ 2423c7b4e6bSCatalin Marinas 2433c7b4e6bSCatalin Marinas /* kmemleak operation type for early logging */ 2443c7b4e6bSCatalin Marinas enum { 2453c7b4e6bSCatalin Marinas KMEMLEAK_ALLOC, 246f528f0b8SCatalin Marinas KMEMLEAK_ALLOC_PERCPU, 2473c7b4e6bSCatalin Marinas KMEMLEAK_FREE, 24853238a60SCatalin Marinas KMEMLEAK_FREE_PART, 249f528f0b8SCatalin Marinas KMEMLEAK_FREE_PERCPU, 2503c7b4e6bSCatalin Marinas KMEMLEAK_NOT_LEAK, 2513c7b4e6bSCatalin Marinas KMEMLEAK_IGNORE, 2523c7b4e6bSCatalin Marinas KMEMLEAK_SCAN_AREA, 2533c7b4e6bSCatalin Marinas KMEMLEAK_NO_SCAN 2543c7b4e6bSCatalin Marinas }; 2553c7b4e6bSCatalin Marinas 2563c7b4e6bSCatalin Marinas /* 2573c7b4e6bSCatalin Marinas * Structure holding the information passed to kmemleak callbacks during the 2583c7b4e6bSCatalin Marinas * early logging. 2593c7b4e6bSCatalin Marinas */ 2603c7b4e6bSCatalin Marinas struct early_log { 2613c7b4e6bSCatalin Marinas int op_type; /* kmemleak operation type */ 2623c7b4e6bSCatalin Marinas const void *ptr; /* allocated/freed memory block */ 2633c7b4e6bSCatalin Marinas size_t size; /* memory block size */ 2643c7b4e6bSCatalin Marinas int min_count; /* minimum reference count */ 265fd678967SCatalin Marinas unsigned long trace[MAX_TRACE]; /* stack trace */ 266fd678967SCatalin Marinas unsigned int trace_len; /* stack trace length */ 2673c7b4e6bSCatalin Marinas }; 2683c7b4e6bSCatalin Marinas 2693c7b4e6bSCatalin Marinas /* early logging buffer and current position */ 270a6186d89SCatalin Marinas static struct early_log 271a6186d89SCatalin Marinas early_log[CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE] __initdata; 272a6186d89SCatalin Marinas static int crt_early_log __initdata; 2733c7b4e6bSCatalin Marinas 2743c7b4e6bSCatalin Marinas static void kmemleak_disable(void); 2753c7b4e6bSCatalin Marinas 2763c7b4e6bSCatalin Marinas /* 2773c7b4e6bSCatalin Marinas * Print a warning and dump the stack trace. 2783c7b4e6bSCatalin Marinas */ 2793c7b4e6bSCatalin Marinas #define kmemleak_warn(x...) do { \ 2803c7b4e6bSCatalin Marinas pr_warning(x); \ 2813c7b4e6bSCatalin Marinas dump_stack(); \ 2828910ae89SLi Zefan kmemleak_warning = 1; \ 2833c7b4e6bSCatalin Marinas } while (0) 2843c7b4e6bSCatalin Marinas 2853c7b4e6bSCatalin Marinas /* 28625985edcSLucas De Marchi * Macro invoked when a serious kmemleak condition occurred and cannot be 2872030117dSCatalin Marinas * recovered from. Kmemleak will be disabled and further allocation/freeing 2883c7b4e6bSCatalin Marinas * tracing no longer available. 2893c7b4e6bSCatalin Marinas */ 290000814f4SCatalin Marinas #define kmemleak_stop(x...) do { \ 2913c7b4e6bSCatalin Marinas kmemleak_warn(x); \ 2923c7b4e6bSCatalin Marinas kmemleak_disable(); \ 2933c7b4e6bSCatalin Marinas } while (0) 2943c7b4e6bSCatalin Marinas 2953c7b4e6bSCatalin Marinas /* 2960494e082SSergey Senozhatsky * Printing of the objects hex dump to the seq file. The number of lines to be 2970494e082SSergey Senozhatsky * printed is limited to HEX_MAX_LINES to prevent seq file spamming. The 2980494e082SSergey Senozhatsky * actual number of printed bytes depends on HEX_ROW_SIZE. It must be called 2990494e082SSergey Senozhatsky * with the object->lock held. 3000494e082SSergey Senozhatsky */ 3010494e082SSergey Senozhatsky static void hex_dump_object(struct seq_file *seq, 3020494e082SSergey Senozhatsky struct kmemleak_object *object) 3030494e082SSergey Senozhatsky { 3040494e082SSergey Senozhatsky const u8 *ptr = (const u8 *)object->pointer; 3056fc37c49SAndy Shevchenko size_t len; 3060494e082SSergey Senozhatsky 3070494e082SSergey Senozhatsky /* limit the number of lines to HEX_MAX_LINES */ 3086fc37c49SAndy Shevchenko len = min_t(size_t, object->size, HEX_MAX_LINES * HEX_ROW_SIZE); 3090494e082SSergey Senozhatsky 3106fc37c49SAndy Shevchenko seq_printf(seq, " hex dump (first %zu bytes):\n", len); 3116fc37c49SAndy Shevchenko seq_hex_dump(seq, " ", DUMP_PREFIX_NONE, HEX_ROW_SIZE, 3126fc37c49SAndy Shevchenko HEX_GROUP_SIZE, ptr, len, HEX_ASCII); 3130494e082SSergey Senozhatsky } 3140494e082SSergey Senozhatsky 3150494e082SSergey Senozhatsky /* 3163c7b4e6bSCatalin Marinas * Object colors, encoded with count and min_count: 3173c7b4e6bSCatalin Marinas * - white - orphan object, not enough references to it (count < min_count) 3183c7b4e6bSCatalin Marinas * - gray - not orphan, not marked as false positive (min_count == 0) or 3193c7b4e6bSCatalin Marinas * sufficient references to it (count >= min_count) 3203c7b4e6bSCatalin Marinas * - black - ignore, it doesn't contain references (e.g. text section) 3213c7b4e6bSCatalin Marinas * (min_count == -1). No function defined for this color. 3223c7b4e6bSCatalin Marinas * Newly created objects don't have any color assigned (object->count == -1) 3233c7b4e6bSCatalin Marinas * before the next memory scan when they become white. 3243c7b4e6bSCatalin Marinas */ 3254a558dd6SLuis R. Rodriguez static bool color_white(const struct kmemleak_object *object) 3263c7b4e6bSCatalin Marinas { 327a1084c87SLuis R. Rodriguez return object->count != KMEMLEAK_BLACK && 328a1084c87SLuis R. Rodriguez object->count < object->min_count; 3293c7b4e6bSCatalin Marinas } 3303c7b4e6bSCatalin Marinas 3314a558dd6SLuis R. Rodriguez static bool color_gray(const struct kmemleak_object *object) 3323c7b4e6bSCatalin Marinas { 333a1084c87SLuis R. Rodriguez return object->min_count != KMEMLEAK_BLACK && 334a1084c87SLuis R. Rodriguez object->count >= object->min_count; 3353c7b4e6bSCatalin Marinas } 3363c7b4e6bSCatalin Marinas 3373c7b4e6bSCatalin Marinas /* 3383c7b4e6bSCatalin Marinas * Objects are considered unreferenced only if their color is white, they have 3393c7b4e6bSCatalin Marinas * not be deleted and have a minimum age to avoid false positives caused by 3403c7b4e6bSCatalin Marinas * pointers temporarily stored in CPU registers. 3413c7b4e6bSCatalin Marinas */ 3424a558dd6SLuis R. Rodriguez static bool unreferenced_object(struct kmemleak_object *object) 3433c7b4e6bSCatalin Marinas { 34404609cccSCatalin Marinas return (color_white(object) && object->flags & OBJECT_ALLOCATED) && 345acf4968eSCatalin Marinas time_before_eq(object->jiffies + jiffies_min_age, 346acf4968eSCatalin Marinas jiffies_last_scan); 3473c7b4e6bSCatalin Marinas } 3483c7b4e6bSCatalin Marinas 3493c7b4e6bSCatalin Marinas /* 350bab4a34aSCatalin Marinas * Printing of the unreferenced objects information to the seq file. The 351bab4a34aSCatalin Marinas * print_unreferenced function must be called with the object->lock held. 3523c7b4e6bSCatalin Marinas */ 3533c7b4e6bSCatalin Marinas static void print_unreferenced(struct seq_file *seq, 3543c7b4e6bSCatalin Marinas struct kmemleak_object *object) 3553c7b4e6bSCatalin Marinas { 3563c7b4e6bSCatalin Marinas int i; 357fefdd336SCatalin Marinas unsigned int msecs_age = jiffies_to_msecs(jiffies - object->jiffies); 3583c7b4e6bSCatalin Marinas 359bab4a34aSCatalin Marinas seq_printf(seq, "unreferenced object 0x%08lx (size %zu):\n", 3603c7b4e6bSCatalin Marinas object->pointer, object->size); 361fefdd336SCatalin Marinas seq_printf(seq, " comm \"%s\", pid %d, jiffies %lu (age %d.%03ds)\n", 362fefdd336SCatalin Marinas object->comm, object->pid, object->jiffies, 363fefdd336SCatalin Marinas msecs_age / 1000, msecs_age % 1000); 3640494e082SSergey Senozhatsky hex_dump_object(seq, object); 365bab4a34aSCatalin Marinas seq_printf(seq, " backtrace:\n"); 3663c7b4e6bSCatalin Marinas 3673c7b4e6bSCatalin Marinas for (i = 0; i < object->trace_len; i++) { 3683c7b4e6bSCatalin Marinas void *ptr = (void *)object->trace[i]; 369bab4a34aSCatalin Marinas seq_printf(seq, " [<%p>] %pS\n", ptr, ptr); 3703c7b4e6bSCatalin Marinas } 3713c7b4e6bSCatalin Marinas } 3723c7b4e6bSCatalin Marinas 3733c7b4e6bSCatalin Marinas /* 3743c7b4e6bSCatalin Marinas * Print the kmemleak_object information. This function is used mainly for 3753c7b4e6bSCatalin Marinas * debugging special cases when kmemleak operations. It must be called with 3763c7b4e6bSCatalin Marinas * the object->lock held. 3773c7b4e6bSCatalin Marinas */ 3783c7b4e6bSCatalin Marinas static void dump_object_info(struct kmemleak_object *object) 3793c7b4e6bSCatalin Marinas { 3803c7b4e6bSCatalin Marinas struct stack_trace trace; 3813c7b4e6bSCatalin Marinas 3823c7b4e6bSCatalin Marinas trace.nr_entries = object->trace_len; 3833c7b4e6bSCatalin Marinas trace.entries = object->trace; 3843c7b4e6bSCatalin Marinas 385ae281064SJoe Perches pr_notice("Object 0x%08lx (size %zu):\n", 38685d3a316SMichel Lespinasse object->pointer, object->size); 3873c7b4e6bSCatalin Marinas pr_notice(" comm \"%s\", pid %d, jiffies %lu\n", 3883c7b4e6bSCatalin Marinas object->comm, object->pid, object->jiffies); 3893c7b4e6bSCatalin Marinas pr_notice(" min_count = %d\n", object->min_count); 3903c7b4e6bSCatalin Marinas pr_notice(" count = %d\n", object->count); 391189d84edSCatalin Marinas pr_notice(" flags = 0x%lx\n", object->flags); 392aae0ad7aSJianpeng Ma pr_notice(" checksum = %u\n", object->checksum); 3933c7b4e6bSCatalin Marinas pr_notice(" backtrace:\n"); 3943c7b4e6bSCatalin Marinas print_stack_trace(&trace, 4); 3953c7b4e6bSCatalin Marinas } 3963c7b4e6bSCatalin Marinas 3973c7b4e6bSCatalin Marinas /* 39885d3a316SMichel Lespinasse * Look-up a memory block metadata (kmemleak_object) in the object search 3993c7b4e6bSCatalin Marinas * tree based on a pointer value. If alias is 0, only values pointing to the 4003c7b4e6bSCatalin Marinas * beginning of the memory block are allowed. The kmemleak_lock must be held 4013c7b4e6bSCatalin Marinas * when calling this function. 4023c7b4e6bSCatalin Marinas */ 4033c7b4e6bSCatalin Marinas static struct kmemleak_object *lookup_object(unsigned long ptr, int alias) 4043c7b4e6bSCatalin Marinas { 40585d3a316SMichel Lespinasse struct rb_node *rb = object_tree_root.rb_node; 4063c7b4e6bSCatalin Marinas 40785d3a316SMichel Lespinasse while (rb) { 40885d3a316SMichel Lespinasse struct kmemleak_object *object = 40985d3a316SMichel Lespinasse rb_entry(rb, struct kmemleak_object, rb_node); 41085d3a316SMichel Lespinasse if (ptr < object->pointer) 41185d3a316SMichel Lespinasse rb = object->rb_node.rb_left; 41285d3a316SMichel Lespinasse else if (object->pointer + object->size <= ptr) 41385d3a316SMichel Lespinasse rb = object->rb_node.rb_right; 41485d3a316SMichel Lespinasse else if (object->pointer == ptr || alias) 41585d3a316SMichel Lespinasse return object; 41685d3a316SMichel Lespinasse else { 4175f79020cSCatalin Marinas kmemleak_warn("Found object by alias at 0x%08lx\n", 4185f79020cSCatalin Marinas ptr); 419a7686a45SCatalin Marinas dump_object_info(object); 42085d3a316SMichel Lespinasse break; 4213c7b4e6bSCatalin Marinas } 42285d3a316SMichel Lespinasse } 42385d3a316SMichel Lespinasse return NULL; 4243c7b4e6bSCatalin Marinas } 4253c7b4e6bSCatalin Marinas 4263c7b4e6bSCatalin Marinas /* 4273c7b4e6bSCatalin Marinas * Increment the object use_count. Return 1 if successful or 0 otherwise. Note 4283c7b4e6bSCatalin Marinas * that once an object's use_count reached 0, the RCU freeing was already 4293c7b4e6bSCatalin Marinas * registered and the object should no longer be used. This function must be 4303c7b4e6bSCatalin Marinas * called under the protection of rcu_read_lock(). 4313c7b4e6bSCatalin Marinas */ 4323c7b4e6bSCatalin Marinas static int get_object(struct kmemleak_object *object) 4333c7b4e6bSCatalin Marinas { 4343c7b4e6bSCatalin Marinas return atomic_inc_not_zero(&object->use_count); 4353c7b4e6bSCatalin Marinas } 4363c7b4e6bSCatalin Marinas 4373c7b4e6bSCatalin Marinas /* 4383c7b4e6bSCatalin Marinas * RCU callback to free a kmemleak_object. 4393c7b4e6bSCatalin Marinas */ 4403c7b4e6bSCatalin Marinas static void free_object_rcu(struct rcu_head *rcu) 4413c7b4e6bSCatalin Marinas { 442b67bfe0dSSasha Levin struct hlist_node *tmp; 4433c7b4e6bSCatalin Marinas struct kmemleak_scan_area *area; 4443c7b4e6bSCatalin Marinas struct kmemleak_object *object = 4453c7b4e6bSCatalin Marinas container_of(rcu, struct kmemleak_object, rcu); 4463c7b4e6bSCatalin Marinas 4473c7b4e6bSCatalin Marinas /* 4483c7b4e6bSCatalin Marinas * Once use_count is 0 (guaranteed by put_object), there is no other 4493c7b4e6bSCatalin Marinas * code accessing this object, hence no need for locking. 4503c7b4e6bSCatalin Marinas */ 451b67bfe0dSSasha Levin hlist_for_each_entry_safe(area, tmp, &object->area_list, node) { 452b67bfe0dSSasha Levin hlist_del(&area->node); 4533c7b4e6bSCatalin Marinas kmem_cache_free(scan_area_cache, area); 4543c7b4e6bSCatalin Marinas } 4553c7b4e6bSCatalin Marinas kmem_cache_free(object_cache, object); 4563c7b4e6bSCatalin Marinas } 4573c7b4e6bSCatalin Marinas 4583c7b4e6bSCatalin Marinas /* 4593c7b4e6bSCatalin Marinas * Decrement the object use_count. Once the count is 0, free the object using 4603c7b4e6bSCatalin Marinas * an RCU callback. Since put_object() may be called via the kmemleak_free() -> 4613c7b4e6bSCatalin Marinas * delete_object() path, the delayed RCU freeing ensures that there is no 4623c7b4e6bSCatalin Marinas * recursive call to the kernel allocator. Lock-less RCU object_list traversal 4633c7b4e6bSCatalin Marinas * is also possible. 4643c7b4e6bSCatalin Marinas */ 4653c7b4e6bSCatalin Marinas static void put_object(struct kmemleak_object *object) 4663c7b4e6bSCatalin Marinas { 4673c7b4e6bSCatalin Marinas if (!atomic_dec_and_test(&object->use_count)) 4683c7b4e6bSCatalin Marinas return; 4693c7b4e6bSCatalin Marinas 4703c7b4e6bSCatalin Marinas /* should only get here after delete_object was called */ 4713c7b4e6bSCatalin Marinas WARN_ON(object->flags & OBJECT_ALLOCATED); 4723c7b4e6bSCatalin Marinas 4733c7b4e6bSCatalin Marinas call_rcu(&object->rcu, free_object_rcu); 4743c7b4e6bSCatalin Marinas } 4753c7b4e6bSCatalin Marinas 4763c7b4e6bSCatalin Marinas /* 47785d3a316SMichel Lespinasse * Look up an object in the object search tree and increase its use_count. 4783c7b4e6bSCatalin Marinas */ 4793c7b4e6bSCatalin Marinas static struct kmemleak_object *find_and_get_object(unsigned long ptr, int alias) 4803c7b4e6bSCatalin Marinas { 4813c7b4e6bSCatalin Marinas unsigned long flags; 4829fbed254SAlexey Klimov struct kmemleak_object *object; 4833c7b4e6bSCatalin Marinas 4843c7b4e6bSCatalin Marinas rcu_read_lock(); 4853c7b4e6bSCatalin Marinas read_lock_irqsave(&kmemleak_lock, flags); 4863c7b4e6bSCatalin Marinas object = lookup_object(ptr, alias); 4873c7b4e6bSCatalin Marinas read_unlock_irqrestore(&kmemleak_lock, flags); 4883c7b4e6bSCatalin Marinas 4893c7b4e6bSCatalin Marinas /* check whether the object is still available */ 4903c7b4e6bSCatalin Marinas if (object && !get_object(object)) 4913c7b4e6bSCatalin Marinas object = NULL; 4923c7b4e6bSCatalin Marinas rcu_read_unlock(); 4933c7b4e6bSCatalin Marinas 4943c7b4e6bSCatalin Marinas return object; 4953c7b4e6bSCatalin Marinas } 4963c7b4e6bSCatalin Marinas 4973c7b4e6bSCatalin Marinas /* 498e781a9abSCatalin Marinas * Look up an object in the object search tree and remove it from both 499e781a9abSCatalin Marinas * object_tree_root and object_list. The returned object's use_count should be 500e781a9abSCatalin Marinas * at least 1, as initially set by create_object(). 501e781a9abSCatalin Marinas */ 502e781a9abSCatalin Marinas static struct kmemleak_object *find_and_remove_object(unsigned long ptr, int alias) 503e781a9abSCatalin Marinas { 504e781a9abSCatalin Marinas unsigned long flags; 505e781a9abSCatalin Marinas struct kmemleak_object *object; 506e781a9abSCatalin Marinas 507e781a9abSCatalin Marinas write_lock_irqsave(&kmemleak_lock, flags); 508e781a9abSCatalin Marinas object = lookup_object(ptr, alias); 509e781a9abSCatalin Marinas if (object) { 510e781a9abSCatalin Marinas rb_erase(&object->rb_node, &object_tree_root); 511e781a9abSCatalin Marinas list_del_rcu(&object->object_list); 512e781a9abSCatalin Marinas } 513e781a9abSCatalin Marinas write_unlock_irqrestore(&kmemleak_lock, flags); 514e781a9abSCatalin Marinas 515e781a9abSCatalin Marinas return object; 516e781a9abSCatalin Marinas } 517e781a9abSCatalin Marinas 518e781a9abSCatalin Marinas /* 519fd678967SCatalin Marinas * Save stack trace to the given array of MAX_TRACE size. 520fd678967SCatalin Marinas */ 521fd678967SCatalin Marinas static int __save_stack_trace(unsigned long *trace) 522fd678967SCatalin Marinas { 523fd678967SCatalin Marinas struct stack_trace stack_trace; 524fd678967SCatalin Marinas 525fd678967SCatalin Marinas stack_trace.max_entries = MAX_TRACE; 526fd678967SCatalin Marinas stack_trace.nr_entries = 0; 527fd678967SCatalin Marinas stack_trace.entries = trace; 528fd678967SCatalin Marinas stack_trace.skip = 2; 529fd678967SCatalin Marinas save_stack_trace(&stack_trace); 530fd678967SCatalin Marinas 531fd678967SCatalin Marinas return stack_trace.nr_entries; 532fd678967SCatalin Marinas } 533fd678967SCatalin Marinas 534fd678967SCatalin Marinas /* 5353c7b4e6bSCatalin Marinas * Create the metadata (struct kmemleak_object) corresponding to an allocated 5363c7b4e6bSCatalin Marinas * memory block and add it to the object_list and object_tree_root. 5373c7b4e6bSCatalin Marinas */ 538fd678967SCatalin Marinas static struct kmemleak_object *create_object(unsigned long ptr, size_t size, 539fd678967SCatalin Marinas int min_count, gfp_t gfp) 5403c7b4e6bSCatalin Marinas { 5413c7b4e6bSCatalin Marinas unsigned long flags; 54285d3a316SMichel Lespinasse struct kmemleak_object *object, *parent; 54385d3a316SMichel Lespinasse struct rb_node **link, *rb_parent; 5443c7b4e6bSCatalin Marinas 5456ae4bd1fSCatalin Marinas object = kmem_cache_alloc(object_cache, gfp_kmemleak_mask(gfp)); 5463c7b4e6bSCatalin Marinas if (!object) { 5476ae4bd1fSCatalin Marinas pr_warning("Cannot allocate a kmemleak_object structure\n"); 5486ae4bd1fSCatalin Marinas kmemleak_disable(); 549fd678967SCatalin Marinas return NULL; 5503c7b4e6bSCatalin Marinas } 5513c7b4e6bSCatalin Marinas 5523c7b4e6bSCatalin Marinas INIT_LIST_HEAD(&object->object_list); 5533c7b4e6bSCatalin Marinas INIT_LIST_HEAD(&object->gray_list); 5543c7b4e6bSCatalin Marinas INIT_HLIST_HEAD(&object->area_list); 5553c7b4e6bSCatalin Marinas spin_lock_init(&object->lock); 5563c7b4e6bSCatalin Marinas atomic_set(&object->use_count, 1); 55704609cccSCatalin Marinas object->flags = OBJECT_ALLOCATED; 5583c7b4e6bSCatalin Marinas object->pointer = ptr; 5593c7b4e6bSCatalin Marinas object->size = size; 5603c7b4e6bSCatalin Marinas object->min_count = min_count; 56104609cccSCatalin Marinas object->count = 0; /* white color initially */ 5623c7b4e6bSCatalin Marinas object->jiffies = jiffies; 56304609cccSCatalin Marinas object->checksum = 0; 5643c7b4e6bSCatalin Marinas 5653c7b4e6bSCatalin Marinas /* task information */ 5663c7b4e6bSCatalin Marinas if (in_irq()) { 5673c7b4e6bSCatalin Marinas object->pid = 0; 5683c7b4e6bSCatalin Marinas strncpy(object->comm, "hardirq", sizeof(object->comm)); 5693c7b4e6bSCatalin Marinas } else if (in_softirq()) { 5703c7b4e6bSCatalin Marinas object->pid = 0; 5713c7b4e6bSCatalin Marinas strncpy(object->comm, "softirq", sizeof(object->comm)); 5723c7b4e6bSCatalin Marinas } else { 5733c7b4e6bSCatalin Marinas object->pid = current->pid; 5743c7b4e6bSCatalin Marinas /* 5753c7b4e6bSCatalin Marinas * There is a small chance of a race with set_task_comm(), 5763c7b4e6bSCatalin Marinas * however using get_task_comm() here may cause locking 5773c7b4e6bSCatalin Marinas * dependency issues with current->alloc_lock. In the worst 5783c7b4e6bSCatalin Marinas * case, the command line is not correct. 5793c7b4e6bSCatalin Marinas */ 5803c7b4e6bSCatalin Marinas strncpy(object->comm, current->comm, sizeof(object->comm)); 5813c7b4e6bSCatalin Marinas } 5823c7b4e6bSCatalin Marinas 5833c7b4e6bSCatalin Marinas /* kernel backtrace */ 584fd678967SCatalin Marinas object->trace_len = __save_stack_trace(object->trace); 5853c7b4e6bSCatalin Marinas 5863c7b4e6bSCatalin Marinas write_lock_irqsave(&kmemleak_lock, flags); 5870580a181SLuis R. Rodriguez 5883c7b4e6bSCatalin Marinas min_addr = min(min_addr, ptr); 5893c7b4e6bSCatalin Marinas max_addr = max(max_addr, ptr + size); 59085d3a316SMichel Lespinasse link = &object_tree_root.rb_node; 59185d3a316SMichel Lespinasse rb_parent = NULL; 59285d3a316SMichel Lespinasse while (*link) { 59385d3a316SMichel Lespinasse rb_parent = *link; 59485d3a316SMichel Lespinasse parent = rb_entry(rb_parent, struct kmemleak_object, rb_node); 59585d3a316SMichel Lespinasse if (ptr + size <= parent->pointer) 59685d3a316SMichel Lespinasse link = &parent->rb_node.rb_left; 59785d3a316SMichel Lespinasse else if (parent->pointer + parent->size <= ptr) 59885d3a316SMichel Lespinasse link = &parent->rb_node.rb_right; 59985d3a316SMichel Lespinasse else { 60085d3a316SMichel Lespinasse kmemleak_stop("Cannot insert 0x%lx into the object " 60185d3a316SMichel Lespinasse "search tree (overlaps existing)\n", 60285d3a316SMichel Lespinasse ptr); 6039d5a4c73SCatalin Marinas /* 6049d5a4c73SCatalin Marinas * No need for parent->lock here since "parent" cannot 6059d5a4c73SCatalin Marinas * be freed while the kmemleak_lock is held. 6069d5a4c73SCatalin Marinas */ 6079d5a4c73SCatalin Marinas dump_object_info(parent); 60885d3a316SMichel Lespinasse kmem_cache_free(object_cache, object); 6099d5a4c73SCatalin Marinas object = NULL; 6103c7b4e6bSCatalin Marinas goto out; 6113c7b4e6bSCatalin Marinas } 61285d3a316SMichel Lespinasse } 61385d3a316SMichel Lespinasse rb_link_node(&object->rb_node, rb_parent, link); 61485d3a316SMichel Lespinasse rb_insert_color(&object->rb_node, &object_tree_root); 61585d3a316SMichel Lespinasse 6163c7b4e6bSCatalin Marinas list_add_tail_rcu(&object->object_list, &object_list); 6173c7b4e6bSCatalin Marinas out: 6183c7b4e6bSCatalin Marinas write_unlock_irqrestore(&kmemleak_lock, flags); 619fd678967SCatalin Marinas return object; 6203c7b4e6bSCatalin Marinas } 6213c7b4e6bSCatalin Marinas 6223c7b4e6bSCatalin Marinas /* 623e781a9abSCatalin Marinas * Mark the object as not allocated and schedule RCU freeing via put_object(). 6243c7b4e6bSCatalin Marinas */ 62553238a60SCatalin Marinas static void __delete_object(struct kmemleak_object *object) 6263c7b4e6bSCatalin Marinas { 6273c7b4e6bSCatalin Marinas unsigned long flags; 6283c7b4e6bSCatalin Marinas 6293c7b4e6bSCatalin Marinas WARN_ON(!(object->flags & OBJECT_ALLOCATED)); 630e781a9abSCatalin Marinas WARN_ON(atomic_read(&object->use_count) < 1); 6313c7b4e6bSCatalin Marinas 6323c7b4e6bSCatalin Marinas /* 6333c7b4e6bSCatalin Marinas * Locking here also ensures that the corresponding memory block 6343c7b4e6bSCatalin Marinas * cannot be freed when it is being scanned. 6353c7b4e6bSCatalin Marinas */ 6363c7b4e6bSCatalin Marinas spin_lock_irqsave(&object->lock, flags); 6373c7b4e6bSCatalin Marinas object->flags &= ~OBJECT_ALLOCATED; 6383c7b4e6bSCatalin Marinas spin_unlock_irqrestore(&object->lock, flags); 6393c7b4e6bSCatalin Marinas put_object(object); 6403c7b4e6bSCatalin Marinas } 6413c7b4e6bSCatalin Marinas 6423c7b4e6bSCatalin Marinas /* 64353238a60SCatalin Marinas * Look up the metadata (struct kmemleak_object) corresponding to ptr and 64453238a60SCatalin Marinas * delete it. 64553238a60SCatalin Marinas */ 64653238a60SCatalin Marinas static void delete_object_full(unsigned long ptr) 64753238a60SCatalin Marinas { 64853238a60SCatalin Marinas struct kmemleak_object *object; 64953238a60SCatalin Marinas 650e781a9abSCatalin Marinas object = find_and_remove_object(ptr, 0); 65153238a60SCatalin Marinas if (!object) { 65253238a60SCatalin Marinas #ifdef DEBUG 65353238a60SCatalin Marinas kmemleak_warn("Freeing unknown object at 0x%08lx\n", 65453238a60SCatalin Marinas ptr); 65553238a60SCatalin Marinas #endif 65653238a60SCatalin Marinas return; 65753238a60SCatalin Marinas } 65853238a60SCatalin Marinas __delete_object(object); 65953238a60SCatalin Marinas } 66053238a60SCatalin Marinas 66153238a60SCatalin Marinas /* 66253238a60SCatalin Marinas * Look up the metadata (struct kmemleak_object) corresponding to ptr and 66353238a60SCatalin Marinas * delete it. If the memory block is partially freed, the function may create 66453238a60SCatalin Marinas * additional metadata for the remaining parts of the block. 66553238a60SCatalin Marinas */ 66653238a60SCatalin Marinas static void delete_object_part(unsigned long ptr, size_t size) 66753238a60SCatalin Marinas { 66853238a60SCatalin Marinas struct kmemleak_object *object; 66953238a60SCatalin Marinas unsigned long start, end; 67053238a60SCatalin Marinas 671e781a9abSCatalin Marinas object = find_and_remove_object(ptr, 1); 67253238a60SCatalin Marinas if (!object) { 67353238a60SCatalin Marinas #ifdef DEBUG 67453238a60SCatalin Marinas kmemleak_warn("Partially freeing unknown object at 0x%08lx " 67553238a60SCatalin Marinas "(size %zu)\n", ptr, size); 67653238a60SCatalin Marinas #endif 67753238a60SCatalin Marinas return; 67853238a60SCatalin Marinas } 67953238a60SCatalin Marinas 68053238a60SCatalin Marinas /* 68153238a60SCatalin Marinas * Create one or two objects that may result from the memory block 68253238a60SCatalin Marinas * split. Note that partial freeing is only done by free_bootmem() and 68353238a60SCatalin Marinas * this happens before kmemleak_init() is called. The path below is 68453238a60SCatalin Marinas * only executed during early log recording in kmemleak_init(), so 68553238a60SCatalin Marinas * GFP_KERNEL is enough. 68653238a60SCatalin Marinas */ 68753238a60SCatalin Marinas start = object->pointer; 68853238a60SCatalin Marinas end = object->pointer + object->size; 68953238a60SCatalin Marinas if (ptr > start) 69053238a60SCatalin Marinas create_object(start, ptr - start, object->min_count, 69153238a60SCatalin Marinas GFP_KERNEL); 69253238a60SCatalin Marinas if (ptr + size < end) 69353238a60SCatalin Marinas create_object(ptr + size, end - ptr - size, object->min_count, 69453238a60SCatalin Marinas GFP_KERNEL); 69553238a60SCatalin Marinas 696e781a9abSCatalin Marinas __delete_object(object); 69753238a60SCatalin Marinas } 698a1084c87SLuis R. Rodriguez 699a1084c87SLuis R. Rodriguez static void __paint_it(struct kmemleak_object *object, int color) 700a1084c87SLuis R. Rodriguez { 701a1084c87SLuis R. Rodriguez object->min_count = color; 702a1084c87SLuis R. Rodriguez if (color == KMEMLEAK_BLACK) 703a1084c87SLuis R. Rodriguez object->flags |= OBJECT_NO_SCAN; 704a1084c87SLuis R. Rodriguez } 705a1084c87SLuis R. Rodriguez 706a1084c87SLuis R. Rodriguez static void paint_it(struct kmemleak_object *object, int color) 707a1084c87SLuis R. Rodriguez { 708a1084c87SLuis R. Rodriguez unsigned long flags; 709a1084c87SLuis R. Rodriguez 710a1084c87SLuis R. Rodriguez spin_lock_irqsave(&object->lock, flags); 711a1084c87SLuis R. Rodriguez __paint_it(object, color); 712a1084c87SLuis R. Rodriguez spin_unlock_irqrestore(&object->lock, flags); 713a1084c87SLuis R. Rodriguez } 714a1084c87SLuis R. Rodriguez 715a1084c87SLuis R. Rodriguez static void paint_ptr(unsigned long ptr, int color) 716a1084c87SLuis R. Rodriguez { 717a1084c87SLuis R. Rodriguez struct kmemleak_object *object; 718a1084c87SLuis R. Rodriguez 719a1084c87SLuis R. Rodriguez object = find_and_get_object(ptr, 0); 720a1084c87SLuis R. Rodriguez if (!object) { 721a1084c87SLuis R. Rodriguez kmemleak_warn("Trying to color unknown object " 722a1084c87SLuis R. Rodriguez "at 0x%08lx as %s\n", ptr, 723a1084c87SLuis R. Rodriguez (color == KMEMLEAK_GREY) ? "Grey" : 724a1084c87SLuis R. Rodriguez (color == KMEMLEAK_BLACK) ? "Black" : "Unknown"); 725a1084c87SLuis R. Rodriguez return; 726a1084c87SLuis R. Rodriguez } 727a1084c87SLuis R. Rodriguez paint_it(object, color); 728a1084c87SLuis R. Rodriguez put_object(object); 729a1084c87SLuis R. Rodriguez } 730a1084c87SLuis R. Rodriguez 73153238a60SCatalin Marinas /* 732145b64b9SHolger Hans Peter Freyther * Mark an object permanently as gray-colored so that it can no longer be 7333c7b4e6bSCatalin Marinas * reported as a leak. This is used in general to mark a false positive. 7343c7b4e6bSCatalin Marinas */ 7353c7b4e6bSCatalin Marinas static void make_gray_object(unsigned long ptr) 7363c7b4e6bSCatalin Marinas { 737a1084c87SLuis R. Rodriguez paint_ptr(ptr, KMEMLEAK_GREY); 7383c7b4e6bSCatalin Marinas } 7393c7b4e6bSCatalin Marinas 7403c7b4e6bSCatalin Marinas /* 7413c7b4e6bSCatalin Marinas * Mark the object as black-colored so that it is ignored from scans and 7423c7b4e6bSCatalin Marinas * reporting. 7433c7b4e6bSCatalin Marinas */ 7443c7b4e6bSCatalin Marinas static void make_black_object(unsigned long ptr) 7453c7b4e6bSCatalin Marinas { 746a1084c87SLuis R. Rodriguez paint_ptr(ptr, KMEMLEAK_BLACK); 7473c7b4e6bSCatalin Marinas } 7483c7b4e6bSCatalin Marinas 7493c7b4e6bSCatalin Marinas /* 7503c7b4e6bSCatalin Marinas * Add a scanning area to the object. If at least one such area is added, 7513c7b4e6bSCatalin Marinas * kmemleak will only scan these ranges rather than the whole memory block. 7523c7b4e6bSCatalin Marinas */ 753c017b4beSCatalin Marinas static void add_scan_area(unsigned long ptr, size_t size, gfp_t gfp) 7543c7b4e6bSCatalin Marinas { 7553c7b4e6bSCatalin Marinas unsigned long flags; 7563c7b4e6bSCatalin Marinas struct kmemleak_object *object; 7573c7b4e6bSCatalin Marinas struct kmemleak_scan_area *area; 7583c7b4e6bSCatalin Marinas 759c017b4beSCatalin Marinas object = find_and_get_object(ptr, 1); 7603c7b4e6bSCatalin Marinas if (!object) { 761ae281064SJoe Perches kmemleak_warn("Adding scan area to unknown object at 0x%08lx\n", 762ae281064SJoe Perches ptr); 7633c7b4e6bSCatalin Marinas return; 7643c7b4e6bSCatalin Marinas } 7653c7b4e6bSCatalin Marinas 7666ae4bd1fSCatalin Marinas area = kmem_cache_alloc(scan_area_cache, gfp_kmemleak_mask(gfp)); 7673c7b4e6bSCatalin Marinas if (!area) { 7686ae4bd1fSCatalin Marinas pr_warning("Cannot allocate a scan area\n"); 7693c7b4e6bSCatalin Marinas goto out; 7703c7b4e6bSCatalin Marinas } 7713c7b4e6bSCatalin Marinas 7723c7b4e6bSCatalin Marinas spin_lock_irqsave(&object->lock, flags); 7737f88f88fSCatalin Marinas if (size == SIZE_MAX) { 7747f88f88fSCatalin Marinas size = object->pointer + object->size - ptr; 7757f88f88fSCatalin Marinas } else if (ptr + size > object->pointer + object->size) { 776ae281064SJoe Perches kmemleak_warn("Scan area larger than object 0x%08lx\n", ptr); 7773c7b4e6bSCatalin Marinas dump_object_info(object); 7783c7b4e6bSCatalin Marinas kmem_cache_free(scan_area_cache, area); 7793c7b4e6bSCatalin Marinas goto out_unlock; 7803c7b4e6bSCatalin Marinas } 7813c7b4e6bSCatalin Marinas 7823c7b4e6bSCatalin Marinas INIT_HLIST_NODE(&area->node); 783c017b4beSCatalin Marinas area->start = ptr; 784c017b4beSCatalin Marinas area->size = size; 7853c7b4e6bSCatalin Marinas 7863c7b4e6bSCatalin Marinas hlist_add_head(&area->node, &object->area_list); 7873c7b4e6bSCatalin Marinas out_unlock: 7883c7b4e6bSCatalin Marinas spin_unlock_irqrestore(&object->lock, flags); 7893c7b4e6bSCatalin Marinas out: 7903c7b4e6bSCatalin Marinas put_object(object); 7913c7b4e6bSCatalin Marinas } 7923c7b4e6bSCatalin Marinas 7933c7b4e6bSCatalin Marinas /* 7943c7b4e6bSCatalin Marinas * Set the OBJECT_NO_SCAN flag for the object corresponding to the give 7953c7b4e6bSCatalin Marinas * pointer. Such object will not be scanned by kmemleak but references to it 7963c7b4e6bSCatalin Marinas * are searched. 7973c7b4e6bSCatalin Marinas */ 7983c7b4e6bSCatalin Marinas static void object_no_scan(unsigned long ptr) 7993c7b4e6bSCatalin Marinas { 8003c7b4e6bSCatalin Marinas unsigned long flags; 8013c7b4e6bSCatalin Marinas struct kmemleak_object *object; 8023c7b4e6bSCatalin Marinas 8033c7b4e6bSCatalin Marinas object = find_and_get_object(ptr, 0); 8043c7b4e6bSCatalin Marinas if (!object) { 805ae281064SJoe Perches kmemleak_warn("Not scanning unknown object at 0x%08lx\n", ptr); 8063c7b4e6bSCatalin Marinas return; 8073c7b4e6bSCatalin Marinas } 8083c7b4e6bSCatalin Marinas 8093c7b4e6bSCatalin Marinas spin_lock_irqsave(&object->lock, flags); 8103c7b4e6bSCatalin Marinas object->flags |= OBJECT_NO_SCAN; 8113c7b4e6bSCatalin Marinas spin_unlock_irqrestore(&object->lock, flags); 8123c7b4e6bSCatalin Marinas put_object(object); 8133c7b4e6bSCatalin Marinas } 8143c7b4e6bSCatalin Marinas 8153c7b4e6bSCatalin Marinas /* 8163c7b4e6bSCatalin Marinas * Log an early kmemleak_* call to the early_log buffer. These calls will be 8173c7b4e6bSCatalin Marinas * processed later once kmemleak is fully initialized. 8183c7b4e6bSCatalin Marinas */ 819a6186d89SCatalin Marinas static void __init log_early(int op_type, const void *ptr, size_t size, 820c017b4beSCatalin Marinas int min_count) 8213c7b4e6bSCatalin Marinas { 8223c7b4e6bSCatalin Marinas unsigned long flags; 8233c7b4e6bSCatalin Marinas struct early_log *log; 8243c7b4e6bSCatalin Marinas 8258910ae89SLi Zefan if (kmemleak_error) { 826b6693005SCatalin Marinas /* kmemleak stopped recording, just count the requests */ 827b6693005SCatalin Marinas crt_early_log++; 828b6693005SCatalin Marinas return; 829b6693005SCatalin Marinas } 830b6693005SCatalin Marinas 8313c7b4e6bSCatalin Marinas if (crt_early_log >= ARRAY_SIZE(early_log)) { 83221cd3a60SWang Kai crt_early_log++; 833a9d9058aSCatalin Marinas kmemleak_disable(); 8343c7b4e6bSCatalin Marinas return; 8353c7b4e6bSCatalin Marinas } 8363c7b4e6bSCatalin Marinas 8373c7b4e6bSCatalin Marinas /* 8383c7b4e6bSCatalin Marinas * There is no need for locking since the kernel is still in UP mode 8393c7b4e6bSCatalin Marinas * at this stage. Disabling the IRQs is enough. 8403c7b4e6bSCatalin Marinas */ 8413c7b4e6bSCatalin Marinas local_irq_save(flags); 8423c7b4e6bSCatalin Marinas log = &early_log[crt_early_log]; 8433c7b4e6bSCatalin Marinas log->op_type = op_type; 8443c7b4e6bSCatalin Marinas log->ptr = ptr; 8453c7b4e6bSCatalin Marinas log->size = size; 8463c7b4e6bSCatalin Marinas log->min_count = min_count; 847fd678967SCatalin Marinas log->trace_len = __save_stack_trace(log->trace); 8483c7b4e6bSCatalin Marinas crt_early_log++; 8493c7b4e6bSCatalin Marinas local_irq_restore(flags); 8503c7b4e6bSCatalin Marinas } 8513c7b4e6bSCatalin Marinas 8523c7b4e6bSCatalin Marinas /* 853fd678967SCatalin Marinas * Log an early allocated block and populate the stack trace. 854fd678967SCatalin Marinas */ 855fd678967SCatalin Marinas static void early_alloc(struct early_log *log) 856fd678967SCatalin Marinas { 857fd678967SCatalin Marinas struct kmemleak_object *object; 858fd678967SCatalin Marinas unsigned long flags; 859fd678967SCatalin Marinas int i; 860fd678967SCatalin Marinas 8618910ae89SLi Zefan if (!kmemleak_enabled || !log->ptr || IS_ERR(log->ptr)) 862fd678967SCatalin Marinas return; 863fd678967SCatalin Marinas 864fd678967SCatalin Marinas /* 865fd678967SCatalin Marinas * RCU locking needed to ensure object is not freed via put_object(). 866fd678967SCatalin Marinas */ 867fd678967SCatalin Marinas rcu_read_lock(); 868fd678967SCatalin Marinas object = create_object((unsigned long)log->ptr, log->size, 869c1bcd6b3STetsuo Handa log->min_count, GFP_ATOMIC); 8700d5d1aadSCatalin Marinas if (!object) 8710d5d1aadSCatalin Marinas goto out; 872fd678967SCatalin Marinas spin_lock_irqsave(&object->lock, flags); 873fd678967SCatalin Marinas for (i = 0; i < log->trace_len; i++) 874fd678967SCatalin Marinas object->trace[i] = log->trace[i]; 875fd678967SCatalin Marinas object->trace_len = log->trace_len; 876fd678967SCatalin Marinas spin_unlock_irqrestore(&object->lock, flags); 8770d5d1aadSCatalin Marinas out: 878fd678967SCatalin Marinas rcu_read_unlock(); 879fd678967SCatalin Marinas } 880fd678967SCatalin Marinas 881f528f0b8SCatalin Marinas /* 882f528f0b8SCatalin Marinas * Log an early allocated block and populate the stack trace. 883f528f0b8SCatalin Marinas */ 884f528f0b8SCatalin Marinas static void early_alloc_percpu(struct early_log *log) 885f528f0b8SCatalin Marinas { 886f528f0b8SCatalin Marinas unsigned int cpu; 887f528f0b8SCatalin Marinas const void __percpu *ptr = log->ptr; 888f528f0b8SCatalin Marinas 889f528f0b8SCatalin Marinas for_each_possible_cpu(cpu) { 890f528f0b8SCatalin Marinas log->ptr = per_cpu_ptr(ptr, cpu); 891f528f0b8SCatalin Marinas early_alloc(log); 892f528f0b8SCatalin Marinas } 893f528f0b8SCatalin Marinas } 894f528f0b8SCatalin Marinas 895a2b6bf63SCatalin Marinas /** 896a2b6bf63SCatalin Marinas * kmemleak_alloc - register a newly allocated object 897a2b6bf63SCatalin Marinas * @ptr: pointer to beginning of the object 898a2b6bf63SCatalin Marinas * @size: size of the object 899a2b6bf63SCatalin Marinas * @min_count: minimum number of references to this object. If during memory 900a2b6bf63SCatalin Marinas * scanning a number of references less than @min_count is found, 901a2b6bf63SCatalin Marinas * the object is reported as a memory leak. If @min_count is 0, 902a2b6bf63SCatalin Marinas * the object is never reported as a leak. If @min_count is -1, 903a2b6bf63SCatalin Marinas * the object is ignored (not scanned and not reported as a leak) 904a2b6bf63SCatalin Marinas * @gfp: kmalloc() flags used for kmemleak internal memory allocations 905a2b6bf63SCatalin Marinas * 906a2b6bf63SCatalin Marinas * This function is called from the kernel allocators when a new object 907a2b6bf63SCatalin Marinas * (memory block) is allocated (kmem_cache_alloc, kmalloc, vmalloc etc.). 9083c7b4e6bSCatalin Marinas */ 909a6186d89SCatalin Marinas void __ref kmemleak_alloc(const void *ptr, size_t size, int min_count, 910a6186d89SCatalin Marinas gfp_t gfp) 9113c7b4e6bSCatalin Marinas { 9123c7b4e6bSCatalin Marinas pr_debug("%s(0x%p, %zu, %d)\n", __func__, ptr, size, min_count); 9133c7b4e6bSCatalin Marinas 9148910ae89SLi Zefan if (kmemleak_enabled && ptr && !IS_ERR(ptr)) 9153c7b4e6bSCatalin Marinas create_object((unsigned long)ptr, size, min_count, gfp); 9168910ae89SLi Zefan else if (kmemleak_early_log) 917c017b4beSCatalin Marinas log_early(KMEMLEAK_ALLOC, ptr, size, min_count); 9183c7b4e6bSCatalin Marinas } 9193c7b4e6bSCatalin Marinas EXPORT_SYMBOL_GPL(kmemleak_alloc); 9203c7b4e6bSCatalin Marinas 921a2b6bf63SCatalin Marinas /** 922f528f0b8SCatalin Marinas * kmemleak_alloc_percpu - register a newly allocated __percpu object 923f528f0b8SCatalin Marinas * @ptr: __percpu pointer to beginning of the object 924f528f0b8SCatalin Marinas * @size: size of the object 9258a8c35faSLarry Finger * @gfp: flags used for kmemleak internal memory allocations 926f528f0b8SCatalin Marinas * 927f528f0b8SCatalin Marinas * This function is called from the kernel percpu allocator when a new object 9288a8c35faSLarry Finger * (memory block) is allocated (alloc_percpu). 929f528f0b8SCatalin Marinas */ 9308a8c35faSLarry Finger void __ref kmemleak_alloc_percpu(const void __percpu *ptr, size_t size, 9318a8c35faSLarry Finger gfp_t gfp) 932f528f0b8SCatalin Marinas { 933f528f0b8SCatalin Marinas unsigned int cpu; 934f528f0b8SCatalin Marinas 935f528f0b8SCatalin Marinas pr_debug("%s(0x%p, %zu)\n", __func__, ptr, size); 936f528f0b8SCatalin Marinas 937f528f0b8SCatalin Marinas /* 938f528f0b8SCatalin Marinas * Percpu allocations are only scanned and not reported as leaks 939f528f0b8SCatalin Marinas * (min_count is set to 0). 940f528f0b8SCatalin Marinas */ 9418910ae89SLi Zefan if (kmemleak_enabled && ptr && !IS_ERR(ptr)) 942f528f0b8SCatalin Marinas for_each_possible_cpu(cpu) 943f528f0b8SCatalin Marinas create_object((unsigned long)per_cpu_ptr(ptr, cpu), 9448a8c35faSLarry Finger size, 0, gfp); 9458910ae89SLi Zefan else if (kmemleak_early_log) 946f528f0b8SCatalin Marinas log_early(KMEMLEAK_ALLOC_PERCPU, ptr, size, 0); 947f528f0b8SCatalin Marinas } 948f528f0b8SCatalin Marinas EXPORT_SYMBOL_GPL(kmemleak_alloc_percpu); 949f528f0b8SCatalin Marinas 950f528f0b8SCatalin Marinas /** 951a2b6bf63SCatalin Marinas * kmemleak_free - unregister a previously registered object 952a2b6bf63SCatalin Marinas * @ptr: pointer to beginning of the object 953a2b6bf63SCatalin Marinas * 954a2b6bf63SCatalin Marinas * This function is called from the kernel allocators when an object (memory 955a2b6bf63SCatalin Marinas * block) is freed (kmem_cache_free, kfree, vfree etc.). 9563c7b4e6bSCatalin Marinas */ 957a6186d89SCatalin Marinas void __ref kmemleak_free(const void *ptr) 9583c7b4e6bSCatalin Marinas { 9593c7b4e6bSCatalin Marinas pr_debug("%s(0x%p)\n", __func__, ptr); 9603c7b4e6bSCatalin Marinas 961c5f3b1a5SCatalin Marinas if (kmemleak_free_enabled && ptr && !IS_ERR(ptr)) 96253238a60SCatalin Marinas delete_object_full((unsigned long)ptr); 9638910ae89SLi Zefan else if (kmemleak_early_log) 964c017b4beSCatalin Marinas log_early(KMEMLEAK_FREE, ptr, 0, 0); 9653c7b4e6bSCatalin Marinas } 9663c7b4e6bSCatalin Marinas EXPORT_SYMBOL_GPL(kmemleak_free); 9673c7b4e6bSCatalin Marinas 968a2b6bf63SCatalin Marinas /** 969a2b6bf63SCatalin Marinas * kmemleak_free_part - partially unregister a previously registered object 970a2b6bf63SCatalin Marinas * @ptr: pointer to the beginning or inside the object. This also 971a2b6bf63SCatalin Marinas * represents the start of the range to be freed 972a2b6bf63SCatalin Marinas * @size: size to be unregistered 973a2b6bf63SCatalin Marinas * 974a2b6bf63SCatalin Marinas * This function is called when only a part of a memory block is freed 975a2b6bf63SCatalin Marinas * (usually from the bootmem allocator). 97653238a60SCatalin Marinas */ 977a6186d89SCatalin Marinas void __ref kmemleak_free_part(const void *ptr, size_t size) 97853238a60SCatalin Marinas { 97953238a60SCatalin Marinas pr_debug("%s(0x%p)\n", __func__, ptr); 98053238a60SCatalin Marinas 9818910ae89SLi Zefan if (kmemleak_enabled && ptr && !IS_ERR(ptr)) 98253238a60SCatalin Marinas delete_object_part((unsigned long)ptr, size); 9838910ae89SLi Zefan else if (kmemleak_early_log) 984c017b4beSCatalin Marinas log_early(KMEMLEAK_FREE_PART, ptr, size, 0); 98553238a60SCatalin Marinas } 98653238a60SCatalin Marinas EXPORT_SYMBOL_GPL(kmemleak_free_part); 98753238a60SCatalin Marinas 988a2b6bf63SCatalin Marinas /** 989f528f0b8SCatalin Marinas * kmemleak_free_percpu - unregister a previously registered __percpu object 990f528f0b8SCatalin Marinas * @ptr: __percpu pointer to beginning of the object 991f528f0b8SCatalin Marinas * 992f528f0b8SCatalin Marinas * This function is called from the kernel percpu allocator when an object 993f528f0b8SCatalin Marinas * (memory block) is freed (free_percpu). 994f528f0b8SCatalin Marinas */ 995f528f0b8SCatalin Marinas void __ref kmemleak_free_percpu(const void __percpu *ptr) 996f528f0b8SCatalin Marinas { 997f528f0b8SCatalin Marinas unsigned int cpu; 998f528f0b8SCatalin Marinas 999f528f0b8SCatalin Marinas pr_debug("%s(0x%p)\n", __func__, ptr); 1000f528f0b8SCatalin Marinas 1001c5f3b1a5SCatalin Marinas if (kmemleak_free_enabled && ptr && !IS_ERR(ptr)) 1002f528f0b8SCatalin Marinas for_each_possible_cpu(cpu) 1003f528f0b8SCatalin Marinas delete_object_full((unsigned long)per_cpu_ptr(ptr, 1004f528f0b8SCatalin Marinas cpu)); 10058910ae89SLi Zefan else if (kmemleak_early_log) 1006f528f0b8SCatalin Marinas log_early(KMEMLEAK_FREE_PERCPU, ptr, 0, 0); 1007f528f0b8SCatalin Marinas } 1008f528f0b8SCatalin Marinas EXPORT_SYMBOL_GPL(kmemleak_free_percpu); 1009f528f0b8SCatalin Marinas 1010f528f0b8SCatalin Marinas /** 1011ffe2c748SCatalin Marinas * kmemleak_update_trace - update object allocation stack trace 1012ffe2c748SCatalin Marinas * @ptr: pointer to beginning of the object 1013ffe2c748SCatalin Marinas * 1014ffe2c748SCatalin Marinas * Override the object allocation stack trace for cases where the actual 1015ffe2c748SCatalin Marinas * allocation place is not always useful. 1016ffe2c748SCatalin Marinas */ 1017ffe2c748SCatalin Marinas void __ref kmemleak_update_trace(const void *ptr) 1018ffe2c748SCatalin Marinas { 1019ffe2c748SCatalin Marinas struct kmemleak_object *object; 1020ffe2c748SCatalin Marinas unsigned long flags; 1021ffe2c748SCatalin Marinas 1022ffe2c748SCatalin Marinas pr_debug("%s(0x%p)\n", __func__, ptr); 1023ffe2c748SCatalin Marinas 1024ffe2c748SCatalin Marinas if (!kmemleak_enabled || IS_ERR_OR_NULL(ptr)) 1025ffe2c748SCatalin Marinas return; 1026ffe2c748SCatalin Marinas 1027ffe2c748SCatalin Marinas object = find_and_get_object((unsigned long)ptr, 1); 1028ffe2c748SCatalin Marinas if (!object) { 1029ffe2c748SCatalin Marinas #ifdef DEBUG 1030ffe2c748SCatalin Marinas kmemleak_warn("Updating stack trace for unknown object at %p\n", 1031ffe2c748SCatalin Marinas ptr); 1032ffe2c748SCatalin Marinas #endif 1033ffe2c748SCatalin Marinas return; 1034ffe2c748SCatalin Marinas } 1035ffe2c748SCatalin Marinas 1036ffe2c748SCatalin Marinas spin_lock_irqsave(&object->lock, flags); 1037ffe2c748SCatalin Marinas object->trace_len = __save_stack_trace(object->trace); 1038ffe2c748SCatalin Marinas spin_unlock_irqrestore(&object->lock, flags); 1039ffe2c748SCatalin Marinas 1040ffe2c748SCatalin Marinas put_object(object); 1041ffe2c748SCatalin Marinas } 1042ffe2c748SCatalin Marinas EXPORT_SYMBOL(kmemleak_update_trace); 1043ffe2c748SCatalin Marinas 1044ffe2c748SCatalin Marinas /** 1045a2b6bf63SCatalin Marinas * kmemleak_not_leak - mark an allocated object as false positive 1046a2b6bf63SCatalin Marinas * @ptr: pointer to beginning of the object 1047a2b6bf63SCatalin Marinas * 1048a2b6bf63SCatalin Marinas * Calling this function on an object will cause the memory block to no longer 1049a2b6bf63SCatalin Marinas * be reported as leak and always be scanned. 10503c7b4e6bSCatalin Marinas */ 1051a6186d89SCatalin Marinas void __ref kmemleak_not_leak(const void *ptr) 10523c7b4e6bSCatalin Marinas { 10533c7b4e6bSCatalin Marinas pr_debug("%s(0x%p)\n", __func__, ptr); 10543c7b4e6bSCatalin Marinas 10558910ae89SLi Zefan if (kmemleak_enabled && ptr && !IS_ERR(ptr)) 10563c7b4e6bSCatalin Marinas make_gray_object((unsigned long)ptr); 10578910ae89SLi Zefan else if (kmemleak_early_log) 1058c017b4beSCatalin Marinas log_early(KMEMLEAK_NOT_LEAK, ptr, 0, 0); 10593c7b4e6bSCatalin Marinas } 10603c7b4e6bSCatalin Marinas EXPORT_SYMBOL(kmemleak_not_leak); 10613c7b4e6bSCatalin Marinas 1062a2b6bf63SCatalin Marinas /** 1063a2b6bf63SCatalin Marinas * kmemleak_ignore - ignore an allocated object 1064a2b6bf63SCatalin Marinas * @ptr: pointer to beginning of the object 1065a2b6bf63SCatalin Marinas * 1066a2b6bf63SCatalin Marinas * Calling this function on an object will cause the memory block to be 1067a2b6bf63SCatalin Marinas * ignored (not scanned and not reported as a leak). This is usually done when 1068a2b6bf63SCatalin Marinas * it is known that the corresponding block is not a leak and does not contain 1069a2b6bf63SCatalin Marinas * any references to other allocated memory blocks. 10703c7b4e6bSCatalin Marinas */ 1071a6186d89SCatalin Marinas void __ref kmemleak_ignore(const void *ptr) 10723c7b4e6bSCatalin Marinas { 10733c7b4e6bSCatalin Marinas pr_debug("%s(0x%p)\n", __func__, ptr); 10743c7b4e6bSCatalin Marinas 10758910ae89SLi Zefan if (kmemleak_enabled && ptr && !IS_ERR(ptr)) 10763c7b4e6bSCatalin Marinas make_black_object((unsigned long)ptr); 10778910ae89SLi Zefan else if (kmemleak_early_log) 1078c017b4beSCatalin Marinas log_early(KMEMLEAK_IGNORE, ptr, 0, 0); 10793c7b4e6bSCatalin Marinas } 10803c7b4e6bSCatalin Marinas EXPORT_SYMBOL(kmemleak_ignore); 10813c7b4e6bSCatalin Marinas 1082a2b6bf63SCatalin Marinas /** 1083a2b6bf63SCatalin Marinas * kmemleak_scan_area - limit the range to be scanned in an allocated object 1084a2b6bf63SCatalin Marinas * @ptr: pointer to beginning or inside the object. This also 1085a2b6bf63SCatalin Marinas * represents the start of the scan area 1086a2b6bf63SCatalin Marinas * @size: size of the scan area 1087a2b6bf63SCatalin Marinas * @gfp: kmalloc() flags used for kmemleak internal memory allocations 1088a2b6bf63SCatalin Marinas * 1089a2b6bf63SCatalin Marinas * This function is used when it is known that only certain parts of an object 1090a2b6bf63SCatalin Marinas * contain references to other objects. Kmemleak will only scan these areas 1091a2b6bf63SCatalin Marinas * reducing the number false negatives. 10923c7b4e6bSCatalin Marinas */ 1093c017b4beSCatalin Marinas void __ref kmemleak_scan_area(const void *ptr, size_t size, gfp_t gfp) 10943c7b4e6bSCatalin Marinas { 10953c7b4e6bSCatalin Marinas pr_debug("%s(0x%p)\n", __func__, ptr); 10963c7b4e6bSCatalin Marinas 10978910ae89SLi Zefan if (kmemleak_enabled && ptr && size && !IS_ERR(ptr)) 1098c017b4beSCatalin Marinas add_scan_area((unsigned long)ptr, size, gfp); 10998910ae89SLi Zefan else if (kmemleak_early_log) 1100c017b4beSCatalin Marinas log_early(KMEMLEAK_SCAN_AREA, ptr, size, 0); 11013c7b4e6bSCatalin Marinas } 11023c7b4e6bSCatalin Marinas EXPORT_SYMBOL(kmemleak_scan_area); 11033c7b4e6bSCatalin Marinas 1104a2b6bf63SCatalin Marinas /** 1105a2b6bf63SCatalin Marinas * kmemleak_no_scan - do not scan an allocated object 1106a2b6bf63SCatalin Marinas * @ptr: pointer to beginning of the object 1107a2b6bf63SCatalin Marinas * 1108a2b6bf63SCatalin Marinas * This function notifies kmemleak not to scan the given memory block. Useful 1109a2b6bf63SCatalin Marinas * in situations where it is known that the given object does not contain any 1110a2b6bf63SCatalin Marinas * references to other objects. Kmemleak will not scan such objects reducing 1111a2b6bf63SCatalin Marinas * the number of false negatives. 11123c7b4e6bSCatalin Marinas */ 1113a6186d89SCatalin Marinas void __ref kmemleak_no_scan(const void *ptr) 11143c7b4e6bSCatalin Marinas { 11153c7b4e6bSCatalin Marinas pr_debug("%s(0x%p)\n", __func__, ptr); 11163c7b4e6bSCatalin Marinas 11178910ae89SLi Zefan if (kmemleak_enabled && ptr && !IS_ERR(ptr)) 11183c7b4e6bSCatalin Marinas object_no_scan((unsigned long)ptr); 11198910ae89SLi Zefan else if (kmemleak_early_log) 1120c017b4beSCatalin Marinas log_early(KMEMLEAK_NO_SCAN, ptr, 0, 0); 11213c7b4e6bSCatalin Marinas } 11223c7b4e6bSCatalin Marinas EXPORT_SYMBOL(kmemleak_no_scan); 11233c7b4e6bSCatalin Marinas 11243c7b4e6bSCatalin Marinas /* 112504609cccSCatalin Marinas * Update an object's checksum and return true if it was modified. 112604609cccSCatalin Marinas */ 112704609cccSCatalin Marinas static bool update_checksum(struct kmemleak_object *object) 112804609cccSCatalin Marinas { 112904609cccSCatalin Marinas u32 old_csum = object->checksum; 113004609cccSCatalin Marinas 113104609cccSCatalin Marinas if (!kmemcheck_is_obj_initialized(object->pointer, object->size)) 113204609cccSCatalin Marinas return false; 113304609cccSCatalin Marinas 1134e79ed2f1SAndrey Ryabinin kasan_disable_current(); 113504609cccSCatalin Marinas object->checksum = crc32(0, (void *)object->pointer, object->size); 1136e79ed2f1SAndrey Ryabinin kasan_enable_current(); 1137e79ed2f1SAndrey Ryabinin 113804609cccSCatalin Marinas return object->checksum != old_csum; 113904609cccSCatalin Marinas } 114004609cccSCatalin Marinas 114104609cccSCatalin Marinas /* 11423c7b4e6bSCatalin Marinas * Memory scanning is a long process and it needs to be interruptable. This 114325985edcSLucas De Marchi * function checks whether such interrupt condition occurred. 11443c7b4e6bSCatalin Marinas */ 11453c7b4e6bSCatalin Marinas static int scan_should_stop(void) 11463c7b4e6bSCatalin Marinas { 11478910ae89SLi Zefan if (!kmemleak_enabled) 11483c7b4e6bSCatalin Marinas return 1; 11493c7b4e6bSCatalin Marinas 11503c7b4e6bSCatalin Marinas /* 11513c7b4e6bSCatalin Marinas * This function may be called from either process or kthread context, 11523c7b4e6bSCatalin Marinas * hence the need to check for both stop conditions. 11533c7b4e6bSCatalin Marinas */ 11543c7b4e6bSCatalin Marinas if (current->mm) 11553c7b4e6bSCatalin Marinas return signal_pending(current); 11563c7b4e6bSCatalin Marinas else 11573c7b4e6bSCatalin Marinas return kthread_should_stop(); 11583c7b4e6bSCatalin Marinas 11593c7b4e6bSCatalin Marinas return 0; 11603c7b4e6bSCatalin Marinas } 11613c7b4e6bSCatalin Marinas 11623c7b4e6bSCatalin Marinas /* 11633c7b4e6bSCatalin Marinas * Scan a memory block (exclusive range) for valid pointers and add those 11643c7b4e6bSCatalin Marinas * found to the gray list. 11653c7b4e6bSCatalin Marinas */ 11663c7b4e6bSCatalin Marinas static void scan_block(void *_start, void *_end, 116793ada579SCatalin Marinas struct kmemleak_object *scanned) 11683c7b4e6bSCatalin Marinas { 11693c7b4e6bSCatalin Marinas unsigned long *ptr; 11703c7b4e6bSCatalin Marinas unsigned long *start = PTR_ALIGN(_start, BYTES_PER_POINTER); 11713c7b4e6bSCatalin Marinas unsigned long *end = _end - (BYTES_PER_POINTER - 1); 117293ada579SCatalin Marinas unsigned long flags; 11733c7b4e6bSCatalin Marinas 117493ada579SCatalin Marinas read_lock_irqsave(&kmemleak_lock, flags); 11753c7b4e6bSCatalin Marinas for (ptr = start; ptr < end; ptr++) { 11763c7b4e6bSCatalin Marinas struct kmemleak_object *object; 11778e019366SPekka Enberg unsigned long pointer; 11783c7b4e6bSCatalin Marinas 11793c7b4e6bSCatalin Marinas if (scan_should_stop()) 11803c7b4e6bSCatalin Marinas break; 11813c7b4e6bSCatalin Marinas 11828e019366SPekka Enberg /* don't scan uninitialized memory */ 11838e019366SPekka Enberg if (!kmemcheck_is_obj_initialized((unsigned long)ptr, 11848e019366SPekka Enberg BYTES_PER_POINTER)) 11858e019366SPekka Enberg continue; 11868e019366SPekka Enberg 1187e79ed2f1SAndrey Ryabinin kasan_disable_current(); 11888e019366SPekka Enberg pointer = *ptr; 1189e79ed2f1SAndrey Ryabinin kasan_enable_current(); 11908e019366SPekka Enberg 119193ada579SCatalin Marinas if (pointer < min_addr || pointer >= max_addr) 119293ada579SCatalin Marinas continue; 119393ada579SCatalin Marinas 119493ada579SCatalin Marinas /* 119593ada579SCatalin Marinas * No need for get_object() here since we hold kmemleak_lock. 119693ada579SCatalin Marinas * object->use_count cannot be dropped to 0 while the object 119793ada579SCatalin Marinas * is still present in object_tree_root and object_list 119893ada579SCatalin Marinas * (with updates protected by kmemleak_lock). 119993ada579SCatalin Marinas */ 120093ada579SCatalin Marinas object = lookup_object(pointer, 1); 12013c7b4e6bSCatalin Marinas if (!object) 12023c7b4e6bSCatalin Marinas continue; 120393ada579SCatalin Marinas if (object == scanned) 12043c7b4e6bSCatalin Marinas /* self referenced, ignore */ 12053c7b4e6bSCatalin Marinas continue; 12063c7b4e6bSCatalin Marinas 12073c7b4e6bSCatalin Marinas /* 12083c7b4e6bSCatalin Marinas * Avoid the lockdep recursive warning on object->lock being 12093c7b4e6bSCatalin Marinas * previously acquired in scan_object(). These locks are 12103c7b4e6bSCatalin Marinas * enclosed by scan_mutex. 12113c7b4e6bSCatalin Marinas */ 121293ada579SCatalin Marinas spin_lock_nested(&object->lock, SINGLE_DEPTH_NESTING); 12133c7b4e6bSCatalin Marinas if (!color_white(object)) { 12143c7b4e6bSCatalin Marinas /* non-orphan, ignored or new */ 121593ada579SCatalin Marinas spin_unlock(&object->lock); 12163c7b4e6bSCatalin Marinas continue; 12173c7b4e6bSCatalin Marinas } 12183c7b4e6bSCatalin Marinas 12193c7b4e6bSCatalin Marinas /* 12203c7b4e6bSCatalin Marinas * Increase the object's reference count (number of pointers 12213c7b4e6bSCatalin Marinas * to the memory block). If this count reaches the required 12223c7b4e6bSCatalin Marinas * minimum, the object's color will become gray and it will be 12233c7b4e6bSCatalin Marinas * added to the gray_list. 12243c7b4e6bSCatalin Marinas */ 12253c7b4e6bSCatalin Marinas object->count++; 12260587da40SCatalin Marinas if (color_gray(object)) { 122793ada579SCatalin Marinas /* put_object() called when removing from gray_list */ 122893ada579SCatalin Marinas WARN_ON(!get_object(object)); 12293c7b4e6bSCatalin Marinas list_add_tail(&object->gray_list, &gray_list); 123093ada579SCatalin Marinas } 123193ada579SCatalin Marinas spin_unlock(&object->lock); 123293ada579SCatalin Marinas } 123393ada579SCatalin Marinas read_unlock_irqrestore(&kmemleak_lock, flags); 12340587da40SCatalin Marinas } 12350587da40SCatalin Marinas 123693ada579SCatalin Marinas /* 123793ada579SCatalin Marinas * Scan a large memory block in MAX_SCAN_SIZE chunks to reduce the latency. 123893ada579SCatalin Marinas */ 123993ada579SCatalin Marinas static void scan_large_block(void *start, void *end) 124093ada579SCatalin Marinas { 124193ada579SCatalin Marinas void *next; 124293ada579SCatalin Marinas 124393ada579SCatalin Marinas while (start < end) { 124493ada579SCatalin Marinas next = min(start + MAX_SCAN_SIZE, end); 124593ada579SCatalin Marinas scan_block(start, next, NULL); 124693ada579SCatalin Marinas start = next; 124793ada579SCatalin Marinas cond_resched(); 12483c7b4e6bSCatalin Marinas } 12493c7b4e6bSCatalin Marinas } 12503c7b4e6bSCatalin Marinas 12513c7b4e6bSCatalin Marinas /* 12523c7b4e6bSCatalin Marinas * Scan a memory block corresponding to a kmemleak_object. A condition is 12533c7b4e6bSCatalin Marinas * that object->use_count >= 1. 12543c7b4e6bSCatalin Marinas */ 12553c7b4e6bSCatalin Marinas static void scan_object(struct kmemleak_object *object) 12563c7b4e6bSCatalin Marinas { 12573c7b4e6bSCatalin Marinas struct kmemleak_scan_area *area; 12583c7b4e6bSCatalin Marinas unsigned long flags; 12593c7b4e6bSCatalin Marinas 12603c7b4e6bSCatalin Marinas /* 126121ae2956SUwe Kleine-König * Once the object->lock is acquired, the corresponding memory block 126221ae2956SUwe Kleine-König * cannot be freed (the same lock is acquired in delete_object). 12633c7b4e6bSCatalin Marinas */ 12643c7b4e6bSCatalin Marinas spin_lock_irqsave(&object->lock, flags); 12653c7b4e6bSCatalin Marinas if (object->flags & OBJECT_NO_SCAN) 12663c7b4e6bSCatalin Marinas goto out; 12673c7b4e6bSCatalin Marinas if (!(object->flags & OBJECT_ALLOCATED)) 12683c7b4e6bSCatalin Marinas /* already freed object */ 12693c7b4e6bSCatalin Marinas goto out; 1270af98603dSCatalin Marinas if (hlist_empty(&object->area_list)) { 1271af98603dSCatalin Marinas void *start = (void *)object->pointer; 1272af98603dSCatalin Marinas void *end = (void *)(object->pointer + object->size); 127393ada579SCatalin Marinas void *next; 1274af98603dSCatalin Marinas 127593ada579SCatalin Marinas do { 127693ada579SCatalin Marinas next = min(start + MAX_SCAN_SIZE, end); 127793ada579SCatalin Marinas scan_block(start, next, object); 127893ada579SCatalin Marinas 127993ada579SCatalin Marinas start = next; 128093ada579SCatalin Marinas if (start >= end) 128193ada579SCatalin Marinas break; 1282af98603dSCatalin Marinas 1283af98603dSCatalin Marinas spin_unlock_irqrestore(&object->lock, flags); 1284af98603dSCatalin Marinas cond_resched(); 1285af98603dSCatalin Marinas spin_lock_irqsave(&object->lock, flags); 128693ada579SCatalin Marinas } while (object->flags & OBJECT_ALLOCATED); 1287af98603dSCatalin Marinas } else 1288b67bfe0dSSasha Levin hlist_for_each_entry(area, &object->area_list, node) 1289c017b4beSCatalin Marinas scan_block((void *)area->start, 1290c017b4beSCatalin Marinas (void *)(area->start + area->size), 129193ada579SCatalin Marinas object); 12923c7b4e6bSCatalin Marinas out: 12933c7b4e6bSCatalin Marinas spin_unlock_irqrestore(&object->lock, flags); 12943c7b4e6bSCatalin Marinas } 12953c7b4e6bSCatalin Marinas 12963c7b4e6bSCatalin Marinas /* 129704609cccSCatalin Marinas * Scan the objects already referenced (gray objects). More objects will be 129804609cccSCatalin Marinas * referenced and, if there are no memory leaks, all the objects are scanned. 129904609cccSCatalin Marinas */ 130004609cccSCatalin Marinas static void scan_gray_list(void) 130104609cccSCatalin Marinas { 130204609cccSCatalin Marinas struct kmemleak_object *object, *tmp; 130304609cccSCatalin Marinas 130404609cccSCatalin Marinas /* 130504609cccSCatalin Marinas * The list traversal is safe for both tail additions and removals 130604609cccSCatalin Marinas * from inside the loop. The kmemleak objects cannot be freed from 130704609cccSCatalin Marinas * outside the loop because their use_count was incremented. 130804609cccSCatalin Marinas */ 130904609cccSCatalin Marinas object = list_entry(gray_list.next, typeof(*object), gray_list); 131004609cccSCatalin Marinas while (&object->gray_list != &gray_list) { 131104609cccSCatalin Marinas cond_resched(); 131204609cccSCatalin Marinas 131304609cccSCatalin Marinas /* may add new objects to the list */ 131404609cccSCatalin Marinas if (!scan_should_stop()) 131504609cccSCatalin Marinas scan_object(object); 131604609cccSCatalin Marinas 131704609cccSCatalin Marinas tmp = list_entry(object->gray_list.next, typeof(*object), 131804609cccSCatalin Marinas gray_list); 131904609cccSCatalin Marinas 132004609cccSCatalin Marinas /* remove the object from the list and release it */ 132104609cccSCatalin Marinas list_del(&object->gray_list); 132204609cccSCatalin Marinas put_object(object); 132304609cccSCatalin Marinas 132404609cccSCatalin Marinas object = tmp; 132504609cccSCatalin Marinas } 132604609cccSCatalin Marinas WARN_ON(!list_empty(&gray_list)); 132704609cccSCatalin Marinas } 132804609cccSCatalin Marinas 132904609cccSCatalin Marinas /* 13303c7b4e6bSCatalin Marinas * Scan data sections and all the referenced memory blocks allocated via the 13313c7b4e6bSCatalin Marinas * kernel's standard allocators. This function must be called with the 13323c7b4e6bSCatalin Marinas * scan_mutex held. 13333c7b4e6bSCatalin Marinas */ 13343c7b4e6bSCatalin Marinas static void kmemleak_scan(void) 13353c7b4e6bSCatalin Marinas { 13363c7b4e6bSCatalin Marinas unsigned long flags; 133704609cccSCatalin Marinas struct kmemleak_object *object; 13383c7b4e6bSCatalin Marinas int i; 13394698c1f2SCatalin Marinas int new_leaks = 0; 13403c7b4e6bSCatalin Marinas 1341acf4968eSCatalin Marinas jiffies_last_scan = jiffies; 1342acf4968eSCatalin Marinas 13433c7b4e6bSCatalin Marinas /* prepare the kmemleak_object's */ 13443c7b4e6bSCatalin Marinas rcu_read_lock(); 13453c7b4e6bSCatalin Marinas list_for_each_entry_rcu(object, &object_list, object_list) { 13463c7b4e6bSCatalin Marinas spin_lock_irqsave(&object->lock, flags); 13473c7b4e6bSCatalin Marinas #ifdef DEBUG 13483c7b4e6bSCatalin Marinas /* 13493c7b4e6bSCatalin Marinas * With a few exceptions there should be a maximum of 13503c7b4e6bSCatalin Marinas * 1 reference to any object at this point. 13513c7b4e6bSCatalin Marinas */ 13523c7b4e6bSCatalin Marinas if (atomic_read(&object->use_count) > 1) { 1353ae281064SJoe Perches pr_debug("object->use_count = %d\n", 13543c7b4e6bSCatalin Marinas atomic_read(&object->use_count)); 13553c7b4e6bSCatalin Marinas dump_object_info(object); 13563c7b4e6bSCatalin Marinas } 13573c7b4e6bSCatalin Marinas #endif 13583c7b4e6bSCatalin Marinas /* reset the reference count (whiten the object) */ 13593c7b4e6bSCatalin Marinas object->count = 0; 13603c7b4e6bSCatalin Marinas if (color_gray(object) && get_object(object)) 13613c7b4e6bSCatalin Marinas list_add_tail(&object->gray_list, &gray_list); 13623c7b4e6bSCatalin Marinas 13633c7b4e6bSCatalin Marinas spin_unlock_irqrestore(&object->lock, flags); 13643c7b4e6bSCatalin Marinas } 13653c7b4e6bSCatalin Marinas rcu_read_unlock(); 13663c7b4e6bSCatalin Marinas 13673c7b4e6bSCatalin Marinas /* data/bss scanning */ 136893ada579SCatalin Marinas scan_large_block(_sdata, _edata); 136993ada579SCatalin Marinas scan_large_block(__bss_start, __bss_stop); 13703c7b4e6bSCatalin Marinas 13713c7b4e6bSCatalin Marinas #ifdef CONFIG_SMP 13723c7b4e6bSCatalin Marinas /* per-cpu sections scanning */ 13733c7b4e6bSCatalin Marinas for_each_possible_cpu(i) 137493ada579SCatalin Marinas scan_large_block(__per_cpu_start + per_cpu_offset(i), 137593ada579SCatalin Marinas __per_cpu_end + per_cpu_offset(i)); 13763c7b4e6bSCatalin Marinas #endif 13773c7b4e6bSCatalin Marinas 13783c7b4e6bSCatalin Marinas /* 1379029aeff5SLaura Abbott * Struct page scanning for each node. 13803c7b4e6bSCatalin Marinas */ 1381bfc8c901SVladimir Davydov get_online_mems(); 13823c7b4e6bSCatalin Marinas for_each_online_node(i) { 1383108bcc96SCody P Schafer unsigned long start_pfn = node_start_pfn(i); 1384108bcc96SCody P Schafer unsigned long end_pfn = node_end_pfn(i); 13853c7b4e6bSCatalin Marinas unsigned long pfn; 13863c7b4e6bSCatalin Marinas 13873c7b4e6bSCatalin Marinas for (pfn = start_pfn; pfn < end_pfn; pfn++) { 13883c7b4e6bSCatalin Marinas struct page *page; 13893c7b4e6bSCatalin Marinas 13903c7b4e6bSCatalin Marinas if (!pfn_valid(pfn)) 13913c7b4e6bSCatalin Marinas continue; 13923c7b4e6bSCatalin Marinas page = pfn_to_page(pfn); 13933c7b4e6bSCatalin Marinas /* only scan if page is in use */ 13943c7b4e6bSCatalin Marinas if (page_count(page) == 0) 13953c7b4e6bSCatalin Marinas continue; 139693ada579SCatalin Marinas scan_block(page, page + 1, NULL); 13973c7b4e6bSCatalin Marinas } 13983c7b4e6bSCatalin Marinas } 1399bfc8c901SVladimir Davydov put_online_mems(); 14003c7b4e6bSCatalin Marinas 14013c7b4e6bSCatalin Marinas /* 140243ed5d6eSCatalin Marinas * Scanning the task stacks (may introduce false negatives). 14033c7b4e6bSCatalin Marinas */ 14043c7b4e6bSCatalin Marinas if (kmemleak_stack_scan) { 140543ed5d6eSCatalin Marinas struct task_struct *p, *g; 140643ed5d6eSCatalin Marinas 14073c7b4e6bSCatalin Marinas read_lock(&tasklist_lock); 140843ed5d6eSCatalin Marinas do_each_thread(g, p) { 140943ed5d6eSCatalin Marinas scan_block(task_stack_page(p), task_stack_page(p) + 141093ada579SCatalin Marinas THREAD_SIZE, NULL); 141143ed5d6eSCatalin Marinas } while_each_thread(g, p); 14123c7b4e6bSCatalin Marinas read_unlock(&tasklist_lock); 14133c7b4e6bSCatalin Marinas } 14143c7b4e6bSCatalin Marinas 14153c7b4e6bSCatalin Marinas /* 14163c7b4e6bSCatalin Marinas * Scan the objects already referenced from the sections scanned 141704609cccSCatalin Marinas * above. 14183c7b4e6bSCatalin Marinas */ 141904609cccSCatalin Marinas scan_gray_list(); 14202587362eSCatalin Marinas 14212587362eSCatalin Marinas /* 142204609cccSCatalin Marinas * Check for new or unreferenced objects modified since the previous 142304609cccSCatalin Marinas * scan and color them gray until the next scan. 14242587362eSCatalin Marinas */ 14252587362eSCatalin Marinas rcu_read_lock(); 14262587362eSCatalin Marinas list_for_each_entry_rcu(object, &object_list, object_list) { 14272587362eSCatalin Marinas spin_lock_irqsave(&object->lock, flags); 142804609cccSCatalin Marinas if (color_white(object) && (object->flags & OBJECT_ALLOCATED) 142904609cccSCatalin Marinas && update_checksum(object) && get_object(object)) { 143004609cccSCatalin Marinas /* color it gray temporarily */ 143104609cccSCatalin Marinas object->count = object->min_count; 14322587362eSCatalin Marinas list_add_tail(&object->gray_list, &gray_list); 14332587362eSCatalin Marinas } 14342587362eSCatalin Marinas spin_unlock_irqrestore(&object->lock, flags); 14352587362eSCatalin Marinas } 14362587362eSCatalin Marinas rcu_read_unlock(); 14372587362eSCatalin Marinas 143804609cccSCatalin Marinas /* 143904609cccSCatalin Marinas * Re-scan the gray list for modified unreferenced objects. 144004609cccSCatalin Marinas */ 144104609cccSCatalin Marinas scan_gray_list(); 14424698c1f2SCatalin Marinas 14434698c1f2SCatalin Marinas /* 144404609cccSCatalin Marinas * If scanning was stopped do not report any new unreferenced objects. 144517bb9e0dSCatalin Marinas */ 144604609cccSCatalin Marinas if (scan_should_stop()) 144717bb9e0dSCatalin Marinas return; 144817bb9e0dSCatalin Marinas 144917bb9e0dSCatalin Marinas /* 14504698c1f2SCatalin Marinas * Scanning result reporting. 14514698c1f2SCatalin Marinas */ 14524698c1f2SCatalin Marinas rcu_read_lock(); 14534698c1f2SCatalin Marinas list_for_each_entry_rcu(object, &object_list, object_list) { 14544698c1f2SCatalin Marinas spin_lock_irqsave(&object->lock, flags); 14554698c1f2SCatalin Marinas if (unreferenced_object(object) && 14564698c1f2SCatalin Marinas !(object->flags & OBJECT_REPORTED)) { 14574698c1f2SCatalin Marinas object->flags |= OBJECT_REPORTED; 14584698c1f2SCatalin Marinas new_leaks++; 14594698c1f2SCatalin Marinas } 14604698c1f2SCatalin Marinas spin_unlock_irqrestore(&object->lock, flags); 14614698c1f2SCatalin Marinas } 14624698c1f2SCatalin Marinas rcu_read_unlock(); 14634698c1f2SCatalin Marinas 1464dc9b3f42SLi Zefan if (new_leaks) { 1465dc9b3f42SLi Zefan kmemleak_found_leaks = true; 1466dc9b3f42SLi Zefan 14674698c1f2SCatalin Marinas pr_info("%d new suspected memory leaks (see " 14684698c1f2SCatalin Marinas "/sys/kernel/debug/kmemleak)\n", new_leaks); 1469dc9b3f42SLi Zefan } 14704698c1f2SCatalin Marinas 14713c7b4e6bSCatalin Marinas } 14723c7b4e6bSCatalin Marinas 14733c7b4e6bSCatalin Marinas /* 14743c7b4e6bSCatalin Marinas * Thread function performing automatic memory scanning. Unreferenced objects 14753c7b4e6bSCatalin Marinas * at the end of a memory scan are reported but only the first time. 14763c7b4e6bSCatalin Marinas */ 14773c7b4e6bSCatalin Marinas static int kmemleak_scan_thread(void *arg) 14783c7b4e6bSCatalin Marinas { 14793c7b4e6bSCatalin Marinas static int first_run = 1; 14803c7b4e6bSCatalin Marinas 1481ae281064SJoe Perches pr_info("Automatic memory scanning thread started\n"); 1482bf2a76b3SCatalin Marinas set_user_nice(current, 10); 14833c7b4e6bSCatalin Marinas 14843c7b4e6bSCatalin Marinas /* 14853c7b4e6bSCatalin Marinas * Wait before the first scan to allow the system to fully initialize. 14863c7b4e6bSCatalin Marinas */ 14873c7b4e6bSCatalin Marinas if (first_run) { 14883c7b4e6bSCatalin Marinas first_run = 0; 14893c7b4e6bSCatalin Marinas ssleep(SECS_FIRST_SCAN); 14903c7b4e6bSCatalin Marinas } 14913c7b4e6bSCatalin Marinas 14923c7b4e6bSCatalin Marinas while (!kthread_should_stop()) { 14933c7b4e6bSCatalin Marinas signed long timeout = jiffies_scan_wait; 14943c7b4e6bSCatalin Marinas 14953c7b4e6bSCatalin Marinas mutex_lock(&scan_mutex); 14963c7b4e6bSCatalin Marinas kmemleak_scan(); 14973c7b4e6bSCatalin Marinas mutex_unlock(&scan_mutex); 14984698c1f2SCatalin Marinas 14993c7b4e6bSCatalin Marinas /* wait before the next scan */ 15003c7b4e6bSCatalin Marinas while (timeout && !kthread_should_stop()) 15013c7b4e6bSCatalin Marinas timeout = schedule_timeout_interruptible(timeout); 15023c7b4e6bSCatalin Marinas } 15033c7b4e6bSCatalin Marinas 1504ae281064SJoe Perches pr_info("Automatic memory scanning thread ended\n"); 15053c7b4e6bSCatalin Marinas 15063c7b4e6bSCatalin Marinas return 0; 15073c7b4e6bSCatalin Marinas } 15083c7b4e6bSCatalin Marinas 15093c7b4e6bSCatalin Marinas /* 15103c7b4e6bSCatalin Marinas * Start the automatic memory scanning thread. This function must be called 15114698c1f2SCatalin Marinas * with the scan_mutex held. 15123c7b4e6bSCatalin Marinas */ 15137eb0d5e5SLuis R. Rodriguez static void start_scan_thread(void) 15143c7b4e6bSCatalin Marinas { 15153c7b4e6bSCatalin Marinas if (scan_thread) 15163c7b4e6bSCatalin Marinas return; 15173c7b4e6bSCatalin Marinas scan_thread = kthread_run(kmemleak_scan_thread, NULL, "kmemleak"); 15183c7b4e6bSCatalin Marinas if (IS_ERR(scan_thread)) { 1519ae281064SJoe Perches pr_warning("Failed to create the scan thread\n"); 15203c7b4e6bSCatalin Marinas scan_thread = NULL; 15213c7b4e6bSCatalin Marinas } 15223c7b4e6bSCatalin Marinas } 15233c7b4e6bSCatalin Marinas 15243c7b4e6bSCatalin Marinas /* 15253c7b4e6bSCatalin Marinas * Stop the automatic memory scanning thread. This function must be called 15264698c1f2SCatalin Marinas * with the scan_mutex held. 15273c7b4e6bSCatalin Marinas */ 15287eb0d5e5SLuis R. Rodriguez static void stop_scan_thread(void) 15293c7b4e6bSCatalin Marinas { 15303c7b4e6bSCatalin Marinas if (scan_thread) { 15313c7b4e6bSCatalin Marinas kthread_stop(scan_thread); 15323c7b4e6bSCatalin Marinas scan_thread = NULL; 15333c7b4e6bSCatalin Marinas } 15343c7b4e6bSCatalin Marinas } 15353c7b4e6bSCatalin Marinas 15363c7b4e6bSCatalin Marinas /* 15373c7b4e6bSCatalin Marinas * Iterate over the object_list and return the first valid object at or after 15383c7b4e6bSCatalin Marinas * the required position with its use_count incremented. The function triggers 15393c7b4e6bSCatalin Marinas * a memory scanning when the pos argument points to the first position. 15403c7b4e6bSCatalin Marinas */ 15413c7b4e6bSCatalin Marinas static void *kmemleak_seq_start(struct seq_file *seq, loff_t *pos) 15423c7b4e6bSCatalin Marinas { 15433c7b4e6bSCatalin Marinas struct kmemleak_object *object; 15443c7b4e6bSCatalin Marinas loff_t n = *pos; 1545b87324d0SCatalin Marinas int err; 1546b87324d0SCatalin Marinas 1547b87324d0SCatalin Marinas err = mutex_lock_interruptible(&scan_mutex); 1548b87324d0SCatalin Marinas if (err < 0) 1549b87324d0SCatalin Marinas return ERR_PTR(err); 15503c7b4e6bSCatalin Marinas 15513c7b4e6bSCatalin Marinas rcu_read_lock(); 15523c7b4e6bSCatalin Marinas list_for_each_entry_rcu(object, &object_list, object_list) { 15533c7b4e6bSCatalin Marinas if (n-- > 0) 15543c7b4e6bSCatalin Marinas continue; 15553c7b4e6bSCatalin Marinas if (get_object(object)) 15563c7b4e6bSCatalin Marinas goto out; 15573c7b4e6bSCatalin Marinas } 15583c7b4e6bSCatalin Marinas object = NULL; 15593c7b4e6bSCatalin Marinas out: 15603c7b4e6bSCatalin Marinas return object; 15613c7b4e6bSCatalin Marinas } 15623c7b4e6bSCatalin Marinas 15633c7b4e6bSCatalin Marinas /* 15643c7b4e6bSCatalin Marinas * Return the next object in the object_list. The function decrements the 15653c7b4e6bSCatalin Marinas * use_count of the previous object and increases that of the next one. 15663c7b4e6bSCatalin Marinas */ 15673c7b4e6bSCatalin Marinas static void *kmemleak_seq_next(struct seq_file *seq, void *v, loff_t *pos) 15683c7b4e6bSCatalin Marinas { 15693c7b4e6bSCatalin Marinas struct kmemleak_object *prev_obj = v; 15703c7b4e6bSCatalin Marinas struct kmemleak_object *next_obj = NULL; 157158fac095SMichael Wang struct kmemleak_object *obj = prev_obj; 15723c7b4e6bSCatalin Marinas 15733c7b4e6bSCatalin Marinas ++(*pos); 15743c7b4e6bSCatalin Marinas 157558fac095SMichael Wang list_for_each_entry_continue_rcu(obj, &object_list, object_list) { 157652c3ce4eSCatalin Marinas if (get_object(obj)) { 157752c3ce4eSCatalin Marinas next_obj = obj; 15783c7b4e6bSCatalin Marinas break; 15793c7b4e6bSCatalin Marinas } 158052c3ce4eSCatalin Marinas } 1581288c857dSCatalin Marinas 15823c7b4e6bSCatalin Marinas put_object(prev_obj); 15833c7b4e6bSCatalin Marinas return next_obj; 15843c7b4e6bSCatalin Marinas } 15853c7b4e6bSCatalin Marinas 15863c7b4e6bSCatalin Marinas /* 15873c7b4e6bSCatalin Marinas * Decrement the use_count of the last object required, if any. 15883c7b4e6bSCatalin Marinas */ 15893c7b4e6bSCatalin Marinas static void kmemleak_seq_stop(struct seq_file *seq, void *v) 15903c7b4e6bSCatalin Marinas { 1591b87324d0SCatalin Marinas if (!IS_ERR(v)) { 1592b87324d0SCatalin Marinas /* 1593b87324d0SCatalin Marinas * kmemleak_seq_start may return ERR_PTR if the scan_mutex 1594b87324d0SCatalin Marinas * waiting was interrupted, so only release it if !IS_ERR. 1595b87324d0SCatalin Marinas */ 1596f5886c7fSCatalin Marinas rcu_read_unlock(); 1597b87324d0SCatalin Marinas mutex_unlock(&scan_mutex); 15983c7b4e6bSCatalin Marinas if (v) 15993c7b4e6bSCatalin Marinas put_object(v); 16003c7b4e6bSCatalin Marinas } 1601b87324d0SCatalin Marinas } 16023c7b4e6bSCatalin Marinas 16033c7b4e6bSCatalin Marinas /* 16043c7b4e6bSCatalin Marinas * Print the information for an unreferenced object to the seq file. 16053c7b4e6bSCatalin Marinas */ 16063c7b4e6bSCatalin Marinas static int kmemleak_seq_show(struct seq_file *seq, void *v) 16073c7b4e6bSCatalin Marinas { 16083c7b4e6bSCatalin Marinas struct kmemleak_object *object = v; 16093c7b4e6bSCatalin Marinas unsigned long flags; 16103c7b4e6bSCatalin Marinas 16113c7b4e6bSCatalin Marinas spin_lock_irqsave(&object->lock, flags); 1612288c857dSCatalin Marinas if ((object->flags & OBJECT_REPORTED) && unreferenced_object(object)) 16133c7b4e6bSCatalin Marinas print_unreferenced(seq, object); 16143c7b4e6bSCatalin Marinas spin_unlock_irqrestore(&object->lock, flags); 16153c7b4e6bSCatalin Marinas return 0; 16163c7b4e6bSCatalin Marinas } 16173c7b4e6bSCatalin Marinas 16183c7b4e6bSCatalin Marinas static const struct seq_operations kmemleak_seq_ops = { 16193c7b4e6bSCatalin Marinas .start = kmemleak_seq_start, 16203c7b4e6bSCatalin Marinas .next = kmemleak_seq_next, 16213c7b4e6bSCatalin Marinas .stop = kmemleak_seq_stop, 16223c7b4e6bSCatalin Marinas .show = kmemleak_seq_show, 16233c7b4e6bSCatalin Marinas }; 16243c7b4e6bSCatalin Marinas 16253c7b4e6bSCatalin Marinas static int kmemleak_open(struct inode *inode, struct file *file) 16263c7b4e6bSCatalin Marinas { 1627b87324d0SCatalin Marinas return seq_open(file, &kmemleak_seq_ops); 16283c7b4e6bSCatalin Marinas } 16293c7b4e6bSCatalin Marinas 1630189d84edSCatalin Marinas static int dump_str_object_info(const char *str) 1631189d84edSCatalin Marinas { 1632189d84edSCatalin Marinas unsigned long flags; 1633189d84edSCatalin Marinas struct kmemleak_object *object; 1634189d84edSCatalin Marinas unsigned long addr; 1635189d84edSCatalin Marinas 1636dc053733SAbhijit Pawar if (kstrtoul(str, 0, &addr)) 1637dc053733SAbhijit Pawar return -EINVAL; 1638189d84edSCatalin Marinas object = find_and_get_object(addr, 0); 1639189d84edSCatalin Marinas if (!object) { 1640189d84edSCatalin Marinas pr_info("Unknown object at 0x%08lx\n", addr); 1641189d84edSCatalin Marinas return -EINVAL; 1642189d84edSCatalin Marinas } 1643189d84edSCatalin Marinas 1644189d84edSCatalin Marinas spin_lock_irqsave(&object->lock, flags); 1645189d84edSCatalin Marinas dump_object_info(object); 1646189d84edSCatalin Marinas spin_unlock_irqrestore(&object->lock, flags); 1647189d84edSCatalin Marinas 1648189d84edSCatalin Marinas put_object(object); 1649189d84edSCatalin Marinas return 0; 1650189d84edSCatalin Marinas } 1651189d84edSCatalin Marinas 16523c7b4e6bSCatalin Marinas /* 165330b37101SLuis R. Rodriguez * We use grey instead of black to ensure we can do future scans on the same 165430b37101SLuis R. Rodriguez * objects. If we did not do future scans these black objects could 165530b37101SLuis R. Rodriguez * potentially contain references to newly allocated objects in the future and 165630b37101SLuis R. Rodriguez * we'd end up with false positives. 165730b37101SLuis R. Rodriguez */ 165830b37101SLuis R. Rodriguez static void kmemleak_clear(void) 165930b37101SLuis R. Rodriguez { 166030b37101SLuis R. Rodriguez struct kmemleak_object *object; 166130b37101SLuis R. Rodriguez unsigned long flags; 166230b37101SLuis R. Rodriguez 166330b37101SLuis R. Rodriguez rcu_read_lock(); 166430b37101SLuis R. Rodriguez list_for_each_entry_rcu(object, &object_list, object_list) { 166530b37101SLuis R. Rodriguez spin_lock_irqsave(&object->lock, flags); 166630b37101SLuis R. Rodriguez if ((object->flags & OBJECT_REPORTED) && 166730b37101SLuis R. Rodriguez unreferenced_object(object)) 1668a1084c87SLuis R. Rodriguez __paint_it(object, KMEMLEAK_GREY); 166930b37101SLuis R. Rodriguez spin_unlock_irqrestore(&object->lock, flags); 167030b37101SLuis R. Rodriguez } 167130b37101SLuis R. Rodriguez rcu_read_unlock(); 1672dc9b3f42SLi Zefan 1673dc9b3f42SLi Zefan kmemleak_found_leaks = false; 167430b37101SLuis R. Rodriguez } 167530b37101SLuis R. Rodriguez 1676c89da70cSLi Zefan static void __kmemleak_do_cleanup(void); 1677c89da70cSLi Zefan 167830b37101SLuis R. Rodriguez /* 16793c7b4e6bSCatalin Marinas * File write operation to configure kmemleak at run-time. The following 16803c7b4e6bSCatalin Marinas * commands can be written to the /sys/kernel/debug/kmemleak file: 16813c7b4e6bSCatalin Marinas * off - disable kmemleak (irreversible) 16823c7b4e6bSCatalin Marinas * stack=on - enable the task stacks scanning 16833c7b4e6bSCatalin Marinas * stack=off - disable the tasks stacks scanning 16843c7b4e6bSCatalin Marinas * scan=on - start the automatic memory scanning thread 16853c7b4e6bSCatalin Marinas * scan=off - stop the automatic memory scanning thread 16863c7b4e6bSCatalin Marinas * scan=... - set the automatic memory scanning period in seconds (0 to 16873c7b4e6bSCatalin Marinas * disable it) 16884698c1f2SCatalin Marinas * scan - trigger a memory scan 168930b37101SLuis R. Rodriguez * clear - mark all current reported unreferenced kmemleak objects as 1690c89da70cSLi Zefan * grey to ignore printing them, or free all kmemleak objects 1691c89da70cSLi Zefan * if kmemleak has been disabled. 1692189d84edSCatalin Marinas * dump=... - dump information about the object found at the given address 16933c7b4e6bSCatalin Marinas */ 16943c7b4e6bSCatalin Marinas static ssize_t kmemleak_write(struct file *file, const char __user *user_buf, 16953c7b4e6bSCatalin Marinas size_t size, loff_t *ppos) 16963c7b4e6bSCatalin Marinas { 16973c7b4e6bSCatalin Marinas char buf[64]; 16983c7b4e6bSCatalin Marinas int buf_size; 1699b87324d0SCatalin Marinas int ret; 17003c7b4e6bSCatalin Marinas 17013c7b4e6bSCatalin Marinas buf_size = min(size, (sizeof(buf) - 1)); 17023c7b4e6bSCatalin Marinas if (strncpy_from_user(buf, user_buf, buf_size) < 0) 17033c7b4e6bSCatalin Marinas return -EFAULT; 17043c7b4e6bSCatalin Marinas buf[buf_size] = 0; 17053c7b4e6bSCatalin Marinas 1706b87324d0SCatalin Marinas ret = mutex_lock_interruptible(&scan_mutex); 1707b87324d0SCatalin Marinas if (ret < 0) 1708b87324d0SCatalin Marinas return ret; 1709b87324d0SCatalin Marinas 1710c89da70cSLi Zefan if (strncmp(buf, "clear", 5) == 0) { 17118910ae89SLi Zefan if (kmemleak_enabled) 1712c89da70cSLi Zefan kmemleak_clear(); 1713c89da70cSLi Zefan else 1714c89da70cSLi Zefan __kmemleak_do_cleanup(); 1715c89da70cSLi Zefan goto out; 1716c89da70cSLi Zefan } 1717c89da70cSLi Zefan 17188910ae89SLi Zefan if (!kmemleak_enabled) { 1719c89da70cSLi Zefan ret = -EBUSY; 1720c89da70cSLi Zefan goto out; 1721c89da70cSLi Zefan } 1722c89da70cSLi Zefan 17233c7b4e6bSCatalin Marinas if (strncmp(buf, "off", 3) == 0) 17243c7b4e6bSCatalin Marinas kmemleak_disable(); 17253c7b4e6bSCatalin Marinas else if (strncmp(buf, "stack=on", 8) == 0) 17263c7b4e6bSCatalin Marinas kmemleak_stack_scan = 1; 17273c7b4e6bSCatalin Marinas else if (strncmp(buf, "stack=off", 9) == 0) 17283c7b4e6bSCatalin Marinas kmemleak_stack_scan = 0; 17293c7b4e6bSCatalin Marinas else if (strncmp(buf, "scan=on", 7) == 0) 17303c7b4e6bSCatalin Marinas start_scan_thread(); 17313c7b4e6bSCatalin Marinas else if (strncmp(buf, "scan=off", 8) == 0) 17323c7b4e6bSCatalin Marinas stop_scan_thread(); 17333c7b4e6bSCatalin Marinas else if (strncmp(buf, "scan=", 5) == 0) { 17343c7b4e6bSCatalin Marinas unsigned long secs; 17353c7b4e6bSCatalin Marinas 17363dbb95f7SJingoo Han ret = kstrtoul(buf + 5, 0, &secs); 1737b87324d0SCatalin Marinas if (ret < 0) 1738b87324d0SCatalin Marinas goto out; 17393c7b4e6bSCatalin Marinas stop_scan_thread(); 17403c7b4e6bSCatalin Marinas if (secs) { 17413c7b4e6bSCatalin Marinas jiffies_scan_wait = msecs_to_jiffies(secs * 1000); 17423c7b4e6bSCatalin Marinas start_scan_thread(); 17433c7b4e6bSCatalin Marinas } 17444698c1f2SCatalin Marinas } else if (strncmp(buf, "scan", 4) == 0) 17454698c1f2SCatalin Marinas kmemleak_scan(); 1746189d84edSCatalin Marinas else if (strncmp(buf, "dump=", 5) == 0) 1747189d84edSCatalin Marinas ret = dump_str_object_info(buf + 5); 17484698c1f2SCatalin Marinas else 1749b87324d0SCatalin Marinas ret = -EINVAL; 1750b87324d0SCatalin Marinas 1751b87324d0SCatalin Marinas out: 1752b87324d0SCatalin Marinas mutex_unlock(&scan_mutex); 1753b87324d0SCatalin Marinas if (ret < 0) 1754b87324d0SCatalin Marinas return ret; 17553c7b4e6bSCatalin Marinas 17563c7b4e6bSCatalin Marinas /* ignore the rest of the buffer, only one command at a time */ 17573c7b4e6bSCatalin Marinas *ppos += size; 17583c7b4e6bSCatalin Marinas return size; 17593c7b4e6bSCatalin Marinas } 17603c7b4e6bSCatalin Marinas 17613c7b4e6bSCatalin Marinas static const struct file_operations kmemleak_fops = { 17623c7b4e6bSCatalin Marinas .owner = THIS_MODULE, 17633c7b4e6bSCatalin Marinas .open = kmemleak_open, 17643c7b4e6bSCatalin Marinas .read = seq_read, 17653c7b4e6bSCatalin Marinas .write = kmemleak_write, 17663c7b4e6bSCatalin Marinas .llseek = seq_lseek, 17675f3bf19aSLi Zefan .release = seq_release, 17683c7b4e6bSCatalin Marinas }; 17693c7b4e6bSCatalin Marinas 1770c89da70cSLi Zefan static void __kmemleak_do_cleanup(void) 1771c89da70cSLi Zefan { 1772c89da70cSLi Zefan struct kmemleak_object *object; 1773c89da70cSLi Zefan 1774c89da70cSLi Zefan rcu_read_lock(); 1775c89da70cSLi Zefan list_for_each_entry_rcu(object, &object_list, object_list) 1776c89da70cSLi Zefan delete_object_full(object->pointer); 1777c89da70cSLi Zefan rcu_read_unlock(); 1778c89da70cSLi Zefan } 1779c89da70cSLi Zefan 17803c7b4e6bSCatalin Marinas /* 178174341703SCatalin Marinas * Stop the memory scanning thread and free the kmemleak internal objects if 178274341703SCatalin Marinas * no previous scan thread (otherwise, kmemleak may still have some useful 178374341703SCatalin Marinas * information on memory leaks). 17843c7b4e6bSCatalin Marinas */ 1785179a8100SCatalin Marinas static void kmemleak_do_cleanup(struct work_struct *work) 17863c7b4e6bSCatalin Marinas { 17874698c1f2SCatalin Marinas stop_scan_thread(); 17884698c1f2SCatalin Marinas 1789c5f3b1a5SCatalin Marinas /* 1790c5f3b1a5SCatalin Marinas * Once the scan thread has stopped, it is safe to no longer track 1791c5f3b1a5SCatalin Marinas * object freeing. Ordering of the scan thread stopping and the memory 1792c5f3b1a5SCatalin Marinas * accesses below is guaranteed by the kthread_stop() function. 1793c5f3b1a5SCatalin Marinas */ 1794c5f3b1a5SCatalin Marinas kmemleak_free_enabled = 0; 1795c5f3b1a5SCatalin Marinas 1796c89da70cSLi Zefan if (!kmemleak_found_leaks) 1797c89da70cSLi Zefan __kmemleak_do_cleanup(); 1798c89da70cSLi Zefan else 1799c89da70cSLi Zefan pr_info("Kmemleak disabled without freeing internal data. " 1800c89da70cSLi Zefan "Reclaim the memory with \"echo clear > /sys/kernel/debug/kmemleak\"\n"); 18013c7b4e6bSCatalin Marinas } 18023c7b4e6bSCatalin Marinas 1803179a8100SCatalin Marinas static DECLARE_WORK(cleanup_work, kmemleak_do_cleanup); 18043c7b4e6bSCatalin Marinas 18053c7b4e6bSCatalin Marinas /* 18063c7b4e6bSCatalin Marinas * Disable kmemleak. No memory allocation/freeing will be traced once this 18073c7b4e6bSCatalin Marinas * function is called. Disabling kmemleak is an irreversible operation. 18083c7b4e6bSCatalin Marinas */ 18093c7b4e6bSCatalin Marinas static void kmemleak_disable(void) 18103c7b4e6bSCatalin Marinas { 18113c7b4e6bSCatalin Marinas /* atomically check whether it was already invoked */ 18128910ae89SLi Zefan if (cmpxchg(&kmemleak_error, 0, 1)) 18133c7b4e6bSCatalin Marinas return; 18143c7b4e6bSCatalin Marinas 18153c7b4e6bSCatalin Marinas /* stop any memory operation tracing */ 18168910ae89SLi Zefan kmemleak_enabled = 0; 18173c7b4e6bSCatalin Marinas 18183c7b4e6bSCatalin Marinas /* check whether it is too early for a kernel thread */ 18198910ae89SLi Zefan if (kmemleak_initialized) 1820179a8100SCatalin Marinas schedule_work(&cleanup_work); 1821c5f3b1a5SCatalin Marinas else 1822c5f3b1a5SCatalin Marinas kmemleak_free_enabled = 0; 18233c7b4e6bSCatalin Marinas 18243c7b4e6bSCatalin Marinas pr_info("Kernel memory leak detector disabled\n"); 18253c7b4e6bSCatalin Marinas } 18263c7b4e6bSCatalin Marinas 18273c7b4e6bSCatalin Marinas /* 18283c7b4e6bSCatalin Marinas * Allow boot-time kmemleak disabling (enabled by default). 18293c7b4e6bSCatalin Marinas */ 18303c7b4e6bSCatalin Marinas static int kmemleak_boot_config(char *str) 18313c7b4e6bSCatalin Marinas { 18323c7b4e6bSCatalin Marinas if (!str) 18333c7b4e6bSCatalin Marinas return -EINVAL; 18343c7b4e6bSCatalin Marinas if (strcmp(str, "off") == 0) 18353c7b4e6bSCatalin Marinas kmemleak_disable(); 1836ab0155a2SJason Baron else if (strcmp(str, "on") == 0) 1837ab0155a2SJason Baron kmemleak_skip_disable = 1; 1838ab0155a2SJason Baron else 18393c7b4e6bSCatalin Marinas return -EINVAL; 18403c7b4e6bSCatalin Marinas return 0; 18413c7b4e6bSCatalin Marinas } 18423c7b4e6bSCatalin Marinas early_param("kmemleak", kmemleak_boot_config); 18433c7b4e6bSCatalin Marinas 18445f79020cSCatalin Marinas static void __init print_log_trace(struct early_log *log) 18455f79020cSCatalin Marinas { 18465f79020cSCatalin Marinas struct stack_trace trace; 18475f79020cSCatalin Marinas 18485f79020cSCatalin Marinas trace.nr_entries = log->trace_len; 18495f79020cSCatalin Marinas trace.entries = log->trace; 18505f79020cSCatalin Marinas 18515f79020cSCatalin Marinas pr_notice("Early log backtrace:\n"); 18525f79020cSCatalin Marinas print_stack_trace(&trace, 2); 18535f79020cSCatalin Marinas } 18545f79020cSCatalin Marinas 18553c7b4e6bSCatalin Marinas /* 18562030117dSCatalin Marinas * Kmemleak initialization. 18573c7b4e6bSCatalin Marinas */ 18583c7b4e6bSCatalin Marinas void __init kmemleak_init(void) 18593c7b4e6bSCatalin Marinas { 18603c7b4e6bSCatalin Marinas int i; 18613c7b4e6bSCatalin Marinas unsigned long flags; 18623c7b4e6bSCatalin Marinas 1863ab0155a2SJason Baron #ifdef CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF 1864ab0155a2SJason Baron if (!kmemleak_skip_disable) { 18653551a928SCatalin Marinas kmemleak_early_log = 0; 1866ab0155a2SJason Baron kmemleak_disable(); 1867ab0155a2SJason Baron return; 1868ab0155a2SJason Baron } 1869ab0155a2SJason Baron #endif 1870ab0155a2SJason Baron 18713c7b4e6bSCatalin Marinas jiffies_min_age = msecs_to_jiffies(MSECS_MIN_AGE); 18723c7b4e6bSCatalin Marinas jiffies_scan_wait = msecs_to_jiffies(SECS_SCAN_WAIT * 1000); 18733c7b4e6bSCatalin Marinas 18743c7b4e6bSCatalin Marinas object_cache = KMEM_CACHE(kmemleak_object, SLAB_NOLEAKTRACE); 18753c7b4e6bSCatalin Marinas scan_area_cache = KMEM_CACHE(kmemleak_scan_area, SLAB_NOLEAKTRACE); 18763c7b4e6bSCatalin Marinas 187721cd3a60SWang Kai if (crt_early_log > ARRAY_SIZE(early_log)) 1878b6693005SCatalin Marinas pr_warning("Early log buffer exceeded (%d), please increase " 1879b6693005SCatalin Marinas "DEBUG_KMEMLEAK_EARLY_LOG_SIZE\n", crt_early_log); 1880b6693005SCatalin Marinas 18813c7b4e6bSCatalin Marinas /* the kernel is still in UP mode, so disabling the IRQs is enough */ 18823c7b4e6bSCatalin Marinas local_irq_save(flags); 18833551a928SCatalin Marinas kmemleak_early_log = 0; 18848910ae89SLi Zefan if (kmemleak_error) { 1885b6693005SCatalin Marinas local_irq_restore(flags); 1886b6693005SCatalin Marinas return; 1887c5f3b1a5SCatalin Marinas } else { 18888910ae89SLi Zefan kmemleak_enabled = 1; 1889c5f3b1a5SCatalin Marinas kmemleak_free_enabled = 1; 1890c5f3b1a5SCatalin Marinas } 18913c7b4e6bSCatalin Marinas local_irq_restore(flags); 18923c7b4e6bSCatalin Marinas 18933c7b4e6bSCatalin Marinas /* 18943c7b4e6bSCatalin Marinas * This is the point where tracking allocations is safe. Automatic 18953c7b4e6bSCatalin Marinas * scanning is started during the late initcall. Add the early logged 18963c7b4e6bSCatalin Marinas * callbacks to the kmemleak infrastructure. 18973c7b4e6bSCatalin Marinas */ 18983c7b4e6bSCatalin Marinas for (i = 0; i < crt_early_log; i++) { 18993c7b4e6bSCatalin Marinas struct early_log *log = &early_log[i]; 19003c7b4e6bSCatalin Marinas 19013c7b4e6bSCatalin Marinas switch (log->op_type) { 19023c7b4e6bSCatalin Marinas case KMEMLEAK_ALLOC: 1903fd678967SCatalin Marinas early_alloc(log); 19043c7b4e6bSCatalin Marinas break; 1905f528f0b8SCatalin Marinas case KMEMLEAK_ALLOC_PERCPU: 1906f528f0b8SCatalin Marinas early_alloc_percpu(log); 1907f528f0b8SCatalin Marinas break; 19083c7b4e6bSCatalin Marinas case KMEMLEAK_FREE: 19093c7b4e6bSCatalin Marinas kmemleak_free(log->ptr); 19103c7b4e6bSCatalin Marinas break; 191153238a60SCatalin Marinas case KMEMLEAK_FREE_PART: 191253238a60SCatalin Marinas kmemleak_free_part(log->ptr, log->size); 191353238a60SCatalin Marinas break; 1914f528f0b8SCatalin Marinas case KMEMLEAK_FREE_PERCPU: 1915f528f0b8SCatalin Marinas kmemleak_free_percpu(log->ptr); 1916f528f0b8SCatalin Marinas break; 19173c7b4e6bSCatalin Marinas case KMEMLEAK_NOT_LEAK: 19183c7b4e6bSCatalin Marinas kmemleak_not_leak(log->ptr); 19193c7b4e6bSCatalin Marinas break; 19203c7b4e6bSCatalin Marinas case KMEMLEAK_IGNORE: 19213c7b4e6bSCatalin Marinas kmemleak_ignore(log->ptr); 19223c7b4e6bSCatalin Marinas break; 19233c7b4e6bSCatalin Marinas case KMEMLEAK_SCAN_AREA: 1924c017b4beSCatalin Marinas kmemleak_scan_area(log->ptr, log->size, GFP_KERNEL); 19253c7b4e6bSCatalin Marinas break; 19263c7b4e6bSCatalin Marinas case KMEMLEAK_NO_SCAN: 19273c7b4e6bSCatalin Marinas kmemleak_no_scan(log->ptr); 19283c7b4e6bSCatalin Marinas break; 19293c7b4e6bSCatalin Marinas default: 19305f79020cSCatalin Marinas kmemleak_warn("Unknown early log operation: %d\n", 19315f79020cSCatalin Marinas log->op_type); 19325f79020cSCatalin Marinas } 19335f79020cSCatalin Marinas 19348910ae89SLi Zefan if (kmemleak_warning) { 19355f79020cSCatalin Marinas print_log_trace(log); 19368910ae89SLi Zefan kmemleak_warning = 0; 19373c7b4e6bSCatalin Marinas } 19383c7b4e6bSCatalin Marinas } 19393c7b4e6bSCatalin Marinas } 19403c7b4e6bSCatalin Marinas 19413c7b4e6bSCatalin Marinas /* 19423c7b4e6bSCatalin Marinas * Late initialization function. 19433c7b4e6bSCatalin Marinas */ 19443c7b4e6bSCatalin Marinas static int __init kmemleak_late_init(void) 19453c7b4e6bSCatalin Marinas { 19463c7b4e6bSCatalin Marinas struct dentry *dentry; 19473c7b4e6bSCatalin Marinas 19488910ae89SLi Zefan kmemleak_initialized = 1; 19493c7b4e6bSCatalin Marinas 19508910ae89SLi Zefan if (kmemleak_error) { 19513c7b4e6bSCatalin Marinas /* 195225985edcSLucas De Marchi * Some error occurred and kmemleak was disabled. There is a 19533c7b4e6bSCatalin Marinas * small chance that kmemleak_disable() was called immediately 19543c7b4e6bSCatalin Marinas * after setting kmemleak_initialized and we may end up with 19553c7b4e6bSCatalin Marinas * two clean-up threads but serialized by scan_mutex. 19563c7b4e6bSCatalin Marinas */ 1957179a8100SCatalin Marinas schedule_work(&cleanup_work); 19583c7b4e6bSCatalin Marinas return -ENOMEM; 19593c7b4e6bSCatalin Marinas } 19603c7b4e6bSCatalin Marinas 19613c7b4e6bSCatalin Marinas dentry = debugfs_create_file("kmemleak", S_IRUGO, NULL, NULL, 19623c7b4e6bSCatalin Marinas &kmemleak_fops); 19633c7b4e6bSCatalin Marinas if (!dentry) 1964ae281064SJoe Perches pr_warning("Failed to create the debugfs kmemleak file\n"); 19654698c1f2SCatalin Marinas mutex_lock(&scan_mutex); 19663c7b4e6bSCatalin Marinas start_scan_thread(); 19674698c1f2SCatalin Marinas mutex_unlock(&scan_mutex); 19683c7b4e6bSCatalin Marinas 19693c7b4e6bSCatalin Marinas pr_info("Kernel memory leak detector initialized\n"); 19703c7b4e6bSCatalin Marinas 19713c7b4e6bSCatalin Marinas return 0; 19723c7b4e6bSCatalin Marinas } 19733c7b4e6bSCatalin Marinas late_initcall(kmemleak_late_init); 1974