Merge branch 'kmemleak' of git://linux-arm.org/linux-2.6

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

* 'kmemleak' of git://linux-arm.org/linux-2.6:
kmemleak: Inform kmemleak about pid_hash
kmemleak: Do not warn if an unknown object is freed
kmemleak: Do not report new leaked objects if the scanning was stopped
kmemleak: Slightly change the policy on newly allocated objects
kmemleak: Do not trigger a scan when reading the debug/kmemleak file
kmemleak: Simplify the reports logged by the scanning thread
kmemleak: Enable task stacks scanning by default
kmemleak: Allow the early log buffer to be configurable.

Linus Torvalds 17 years ago e83c2b0f 9fcfc91b

+106 -104

4 changed files

expand all

Documentation

kmemleak.txt

kernel

pid.c

lib

Kconfig.debug

kmemleak.c

+16 -7

Documentation/kmemleak.txt

··· 16 16 ----- 17 17 18 18 CONFIG_DEBUG_KMEMLEAK in "Kernel hacking" has to be enabled. A kernel 19 - thread scans the memory every 10 minutes (by default) and prints any new 20 - unreferenced objects found. To trigger an intermediate scan and display 21 - all the possible memory leaks: 19 + thread scans the memory every 10 minutes (by default) and prints the 20 + number of new unreferenced objects found. To display the details of all 21 + the possible memory leaks: 22 22 23 23 # mount -t debugfs nodev /sys/kernel/debug/ 24 24 # cat /sys/kernel/debug/kmemleak 25 + 26 + To trigger an intermediate memory scan: 27 + 28 + # echo scan > /sys/kernel/debug/kmemleak 25 29 26 30 Note that the orphan objects are listed in the order they were allocated 27 31 and one object at the beginning of the list may cause other subsequent ··· 35 31 /sys/kernel/debug/kmemleak file. The following parameters are supported: 36 32 37 33 off - disable kmemleak (irreversible) 38 - stack=on - enable the task stacks scanning 34 + stack=on - enable the task stacks scanning (default) 39 35 stack=off - disable the tasks stacks scanning 40 - scan=on - start the automatic memory scanning thread 36 + scan=on - start the automatic memory scanning thread (default) 41 37 scan=off - stop the automatic memory scanning thread 42 - scan=<secs> - set the automatic memory scanning period in seconds (0 43 - to disable it) 38 + scan=<secs> - set the automatic memory scanning period in seconds 39 + (default 600, 0 to stop the automatic scanning) 40 + scan - trigger a memory scan 44 41 45 42 Kmemleak can also be disabled at boot-time by passing "kmemleak=off" on 46 43 the kernel command line. 44 + 45 + Memory may be allocated or freed before kmemleak is initialised and 46 + these actions are stored in an early log buffer. The size of this buffer 47 + is configured via the CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE option. 47 48 48 49 Basic Algorithm 49 50 ---------------

kernel/pid.c

··· 36 36 #include <linux/pid_namespace.h> 37 37 #include <linux/init_task.h> 38 38 #include <linux/syscalls.h> 39 + #include <linux/kmemleak.h> 39 40 40 41 #define pid_hashfn(nr, ns) \ 41 42 hash_long((unsigned long)nr + (unsigned long)ns, pidhash_shift) ··· 513 512 pid_hash = alloc_bootmem(pidhash_size * sizeof(*(pid_hash))); 514 513 if (!pid_hash) 515 514 panic("Could not alloc pidhash!\n"); 515 + /* 516 + * pid_hash contains references to allocated struct pid objects and it 517 + * must be scanned by kmemleak to avoid false positives. 518 + */ 519 + kmemleak_alloc(pid_hash, pidhash_size * sizeof(*(pid_hash)), 0, 520 + GFP_KERNEL); 516 521 for (i = 0; i < pidhash_size; i++) 517 522 INIT_HLIST_HEAD(&pid_hash[i]); 518 523 }

+12

lib/Kconfig.debug

··· 359 359 In order to access the kmemleak file, debugfs needs to be 360 360 mounted (usually at /sys/kernel/debug). 361 361 362 + config DEBUG_KMEMLEAK_EARLY_LOG_SIZE 363 + int "Maximum kmemleak early log entries" 364 + depends on DEBUG_KMEMLEAK 365 + range 200 2000 366 + default 400 367 + help 368 + Kmemleak must track all the memory allocations to avoid 369 + reporting false positives. Since memory may be allocated or 370 + freed before kmemleak is initialised, an early log buffer is 371 + used to store these actions. If kmemleak reports "early log 372 + buffer exceeded", please increase this value. 373 + 362 374 config DEBUG_KMEMLEAK_TEST 363 375 tristate "Simple test for the kernel memory leak detector" 364 376 depends on DEBUG_KMEMLEAK

+71 -97

mm/kmemleak.c

··· 48 48 * scanned. This list is only modified during a scanning episode when the 49 49 * scan_mutex is held. At the end of a scan, the gray_list is always empty. 50 50 * Note that the kmemleak_object.use_count is incremented when an object is 51 - * added to the gray_list and therefore cannot be freed 52 - * - kmemleak_mutex (mutex): prevents multiple users of the "kmemleak" debugfs 53 - * file together with modifications to the memory scanning parameters 54 - * including the scan_thread pointer 51 + * added to the gray_list and therefore cannot be freed. This mutex also 52 + * prevents multiple users of the "kmemleak" debugfs file together with 53 + * modifications to the memory scanning parameters including the scan_thread 54 + * pointer 55 55 * 56 56 * The kmemleak_object structures have a use_count incremented or decremented 57 57 * using the get_object()/put_object() functions. When the use_count becomes ··· 190 190 static unsigned long next_scan_yield; 191 191 static struct task_struct *scan_thread; 192 192 static unsigned long jiffies_scan_yield; 193 + /* used to avoid reporting of recently allocated objects */ 193 194 static unsigned long jiffies_min_age; 195 + static unsigned long jiffies_last_scan; 194 196 /* delay between automatic memory scannings */ 195 197 static signed long jiffies_scan_wait; 196 198 /* enables or disables the task stacks scanning */ 197 - static int kmemleak_stack_scan; 198 - /* mutex protecting the memory scanning */ 199 + static int kmemleak_stack_scan = 1; 200 + /* protects the memory scanning, parameters and debug/kmemleak file access */ 199 201 static DEFINE_MUTEX(scan_mutex); 200 - /* mutex protecting the access to the /sys/kernel/debug/kmemleak file */ 201 - static DEFINE_MUTEX(kmemleak_mutex); 202 202 203 203 /* number of leaks reported (for limitation purposes) */ 204 204 static int reported_leaks; ··· 235 235 }; 236 236 237 237 /* early logging buffer and current position */ 238 - static struct early_log early_log[200]; 238 + static struct early_log early_log[CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE]; 239 239 static int crt_early_log; 240 240 241 241 static void kmemleak_disable(void); ··· 279 279 } 280 280 281 281 /* 282 - * Objects are considered referenced if their color is gray and they have not 283 - * been deleted. 284 - */ 285 - static int referenced_object(struct kmemleak_object *object) 286 - { 287 - return (object->flags & OBJECT_ALLOCATED) && color_gray(object); 288 - } 289 - 290 - /* 291 282 * Objects are considered unreferenced only if their color is white, they have 292 283 * not be deleted and have a minimum age to avoid false positives caused by 293 284 * pointers temporarily stored in CPU registers. ··· 286 295 static int unreferenced_object(struct kmemleak_object *object) 287 296 { 288 297 return (object->flags & OBJECT_ALLOCATED) && color_white(object) && 289 - time_is_before_eq_jiffies(object->jiffies + jiffies_min_age); 298 + time_before_eq(object->jiffies + jiffies_min_age, 299 + jiffies_last_scan); 290 300 } 291 301 292 302 /* 293 - * Printing of the (un)referenced objects information, either to the seq file 294 - * or to the kernel log. The print_referenced/print_unreferenced functions 295 - * must be called with the object->lock held. 303 + * Printing of the unreferenced objects information to the seq file. The 304 + * print_unreferenced function must be called with the object->lock held. 296 305 */ 297 - #define print_helper(seq, x...) do { \ 298 - struct seq_file *s = (seq); \ 299 - if (s) \ 300 - seq_printf(s, x); \ 301 - else \ 302 - pr_info(x); \ 303 - } while (0) 304 - 305 - static void print_referenced(struct kmemleak_object *object) 306 - { 307 - pr_info("referenced object 0x%08lx (size %zu)\n", 308 - object->pointer, object->size); 309 - } 310 - 311 306 static void print_unreferenced(struct seq_file *seq, 312 307 struct kmemleak_object *object) 313 308 { 314 309 int i; 315 310 316 - print_helper(seq, "unreferenced object 0x%08lx (size %zu):\n", 317 - object->pointer, object->size); 318 - print_helper(seq, " comm \"%s\", pid %d, jiffies %lu\n", 319 - object->comm, object->pid, object->jiffies); 320 - print_helper(seq, " backtrace:\n"); 311 + seq_printf(seq, "unreferenced object 0x%08lx (size %zu):\n", 312 + object->pointer, object->size); 313 + seq_printf(seq, " comm \"%s\", pid %d, jiffies %lu\n", 314 + object->comm, object->pid, object->jiffies); 315 + seq_printf(seq, " backtrace:\n"); 321 316 322 317 for (i = 0; i < object->trace_len; i++) { 323 318 void *ptr = (void *)object->trace[i]; 324 - print_helper(seq, " [<%p>] %pS\n", ptr, ptr); 319 + seq_printf(seq, " [<%p>] %pS\n", ptr, ptr); 325 320 } 326 321 } 327 322 ··· 531 554 write_lock_irqsave(&kmemleak_lock, flags); 532 555 object = lookup_object(ptr, 0); 533 556 if (!object) { 557 + #ifdef DEBUG 534 558 kmemleak_warn("Freeing unknown object at 0x%08lx\n", 535 559 ptr); 560 + #endif 536 561 write_unlock_irqrestore(&kmemleak_lock, flags); 537 562 return; 538 563 } ··· 550 571 * cannot be freed when it is being scanned. 551 572 */ 552 573 spin_lock_irqsave(&object->lock, flags); 553 - if (object->flags & OBJECT_REPORTED) 554 - print_referenced(object); 555 574 object->flags &= ~OBJECT_ALLOCATED; 556 575 spin_unlock_irqrestore(&object->lock, flags); 557 576 put_object(object); ··· 673 696 struct early_log *log; 674 697 675 698 if (crt_early_log >= ARRAY_SIZE(early_log)) { 676 - kmemleak_stop("Early log buffer exceeded\n"); 699 + pr_warning("Early log buffer exceeded\n"); 700 + kmemleak_disable(); 677 701 return; 678 702 } 679 703 ··· 930 952 struct kmemleak_object *object, *tmp; 931 953 struct task_struct *task; 932 954 int i; 955 + int new_leaks = 0; 956 + 957 + jiffies_last_scan = jiffies; 933 958 934 959 /* prepare the kmemleak_object's */ 935 960 rcu_read_lock(); ··· 1030 1049 object = tmp; 1031 1050 } 1032 1051 WARN_ON(!list_empty(&gray_list)); 1052 + 1053 + /* 1054 + * If scanning was stopped do not report any new unreferenced objects. 1055 + */ 1056 + if (scan_should_stop()) 1057 + return; 1058 + 1059 + /* 1060 + * Scanning result reporting. 1061 + */ 1062 + rcu_read_lock(); 1063 + list_for_each_entry_rcu(object, &object_list, object_list) { 1064 + spin_lock_irqsave(&object->lock, flags); 1065 + if (unreferenced_object(object) && 1066 + !(object->flags & OBJECT_REPORTED)) { 1067 + object->flags |= OBJECT_REPORTED; 1068 + new_leaks++; 1069 + } 1070 + spin_unlock_irqrestore(&object->lock, flags); 1071 + } 1072 + rcu_read_unlock(); 1073 + 1074 + if (new_leaks) 1075 + pr_info("%d new suspected memory leaks (see " 1076 + "/sys/kernel/debug/kmemleak)\n", new_leaks); 1077 + 1033 1078 } 1034 1079 1035 1080 /* ··· 1077 1070 } 1078 1071 1079 1072 while (!kthread_should_stop()) { 1080 - struct kmemleak_object *object; 1081 1073 signed long timeout = jiffies_scan_wait; 1082 1074 1083 1075 mutex_lock(&scan_mutex); 1084 - 1085 1076 kmemleak_scan(); 1086 - reported_leaks = 0; 1087 - 1088 - rcu_read_lock(); 1089 - list_for_each_entry_rcu(object, &object_list, object_list) { 1090 - unsigned long flags; 1091 - 1092 - if (reported_leaks >= REPORTS_NR) 1093 - break; 1094 - spin_lock_irqsave(&object->lock, flags); 1095 - if (!(object->flags & OBJECT_REPORTED) && 1096 - unreferenced_object(object)) { 1097 - print_unreferenced(NULL, object); 1098 - object->flags |= OBJECT_REPORTED; 1099 - reported_leaks++; 1100 - } else if ((object->flags & OBJECT_REPORTED) && 1101 - referenced_object(object)) { 1102 - print_referenced(object); 1103 - object->flags &= ~OBJECT_REPORTED; 1104 - } 1105 - spin_unlock_irqrestore(&object->lock, flags); 1106 - } 1107 - rcu_read_unlock(); 1108 - 1109 1077 mutex_unlock(&scan_mutex); 1078 + 1110 1079 /* wait before the next scan */ 1111 1080 while (timeout && !kthread_should_stop()) 1112 1081 timeout = schedule_timeout_interruptible(timeout); ··· 1095 1112 1096 1113 /* 1097 1114 * Start the automatic memory scanning thread. This function must be called 1098 - * with the kmemleak_mutex held. 1115 + * with the scan_mutex held. 1099 1116 */ 1100 1117 void start_scan_thread(void) 1101 1118 { ··· 1110 1127 1111 1128 /* 1112 1129 * Stop the automatic memory scanning thread. This function must be called 1113 - * with the kmemleak_mutex held. 1130 + * with the scan_mutex held. 1114 1131 */ 1115 1132 void stop_scan_thread(void) 1116 1133 { ··· 1130 1147 struct kmemleak_object *object; 1131 1148 loff_t n = *pos; 1132 1149 1133 - if (!n) { 1134 - kmemleak_scan(); 1150 + if (!n) 1135 1151 reported_leaks = 0; 1136 - } 1137 1152 if (reported_leaks >= REPORTS_NR) 1138 1153 return NULL; 1139 1154 ··· 1192 1211 unsigned long flags; 1193 1212 1194 1213 spin_lock_irqsave(&object->lock, flags); 1195 - if (!unreferenced_object(object)) 1196 - goto out; 1197 - print_unreferenced(seq, object); 1198 - reported_leaks++; 1199 - out: 1214 + if ((object->flags & OBJECT_REPORTED) && unreferenced_object(object)) { 1215 + print_unreferenced(seq, object); 1216 + reported_leaks++; 1217 + } 1200 1218 spin_unlock_irqrestore(&object->lock, flags); 1201 1219 return 0; 1202 1220 } ··· 1214 1234 if (!atomic_read(&kmemleak_enabled)) 1215 1235 return -EBUSY; 1216 1236 1217 - ret = mutex_lock_interruptible(&kmemleak_mutex); 1237 + ret = mutex_lock_interruptible(&scan_mutex); 1218 1238 if (ret < 0) 1219 1239 goto out; 1220 1240 if (file->f_mode & FMODE_READ) { 1221 - ret = mutex_lock_interruptible(&scan_mutex); 1222 - if (ret < 0) 1223 - goto kmemleak_unlock; 1224 1241 ret = seq_open(file, &kmemleak_seq_ops); 1225 1242 if (ret < 0) 1226 1243 goto scan_unlock; ··· 1226 1249 1227 1250 scan_unlock: 1228 1251 mutex_unlock(&scan_mutex); 1229 - kmemleak_unlock: 1230 - mutex_unlock(&kmemleak_mutex); 1231 1252 out: 1232 1253 return ret; 1233 1254 } ··· 1234 1259 { 1235 1260 int ret = 0; 1236 1261 1237 - if (file->f_mode & FMODE_READ) { 1262 + if (file->f_mode & FMODE_READ) 1238 1263 seq_release(inode, file); 1239 - mutex_unlock(&scan_mutex); 1240 - } 1241 - mutex_unlock(&kmemleak_mutex); 1264 + mutex_unlock(&scan_mutex); 1242 1265 1243 1266 return ret; 1244 1267 } ··· 1251 1278 * scan=off - stop the automatic memory scanning thread 1252 1279 * scan=... - set the automatic memory scanning period in seconds (0 to 1253 1280 * disable it) 1281 + * scan - trigger a memory scan 1254 1282 */ 1255 1283 static ssize_t kmemleak_write(struct file *file, const char __user *user_buf, 1256 1284 size_t size, loff_t *ppos) ··· 1289 1315 jiffies_scan_wait = msecs_to_jiffies(secs * 1000); 1290 1316 start_scan_thread(); 1291 1317 } 1292 - } else 1318 + } else if (strncmp(buf, "scan", 4) == 0) 1319 + kmemleak_scan(); 1320 + else 1293 1321 return -EINVAL; 1294 1322 1295 1323 /* ignore the rest of the buffer, only one command at a time */ ··· 1316 1340 { 1317 1341 struct kmemleak_object *object; 1318 1342 1319 - mutex_lock(&kmemleak_mutex); 1320 - stop_scan_thread(); 1321 - mutex_unlock(&kmemleak_mutex); 1322 - 1323 1343 mutex_lock(&scan_mutex); 1344 + stop_scan_thread(); 1345 + 1324 1346 rcu_read_lock(); 1325 1347 list_for_each_entry_rcu(object, &object_list, object_list) 1326 1348 delete_object(object->pointer); ··· 1460 1486 &kmemleak_fops); 1461 1487 if (!dentry) 1462 1488 pr_warning("Failed to create the debugfs kmemleak file\n"); 1463 - mutex_lock(&kmemleak_mutex); 1489 + mutex_lock(&scan_mutex); 1464 1490 start_scan_thread(); 1465 - mutex_unlock(&kmemleak_mutex); 1491 + mutex_unlock(&scan_mutex); 1466 1492 1467 1493 pr_info("Kernel memory leak detector initialized\n"); 1468 1494