diff options
Diffstat (limited to 'mm/kmemleak.c')
-rw-r--r-- | mm/kmemleak.c | 197 |
1 files changed, 107 insertions, 90 deletions
diff --git a/mm/kmemleak.c b/mm/kmemleak.c index 4ea4510e2996..5b069e4f5e48 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c | |||
@@ -93,6 +93,7 @@ | |||
93 | #include <linux/nodemask.h> | 93 | #include <linux/nodemask.h> |
94 | #include <linux/mm.h> | 94 | #include <linux/mm.h> |
95 | #include <linux/workqueue.h> | 95 | #include <linux/workqueue.h> |
96 | #include <linux/crc32.h> | ||
96 | 97 | ||
97 | #include <asm/sections.h> | 98 | #include <asm/sections.h> |
98 | #include <asm/processor.h> | 99 | #include <asm/processor.h> |
@@ -108,7 +109,6 @@ | |||
108 | #define MSECS_MIN_AGE 5000 /* minimum object age for reporting */ | 109 | #define MSECS_MIN_AGE 5000 /* minimum object age for reporting */ |
109 | #define SECS_FIRST_SCAN 60 /* delay before the first scan */ | 110 | #define SECS_FIRST_SCAN 60 /* delay before the first scan */ |
110 | #define SECS_SCAN_WAIT 600 /* subsequent auto scanning delay */ | 111 | #define SECS_SCAN_WAIT 600 /* subsequent auto scanning delay */ |
111 | #define GRAY_LIST_PASSES 25 /* maximum number of gray list scans */ | ||
112 | #define MAX_SCAN_SIZE 4096 /* maximum size of a scanned block */ | 112 | #define MAX_SCAN_SIZE 4096 /* maximum size of a scanned block */ |
113 | 113 | ||
114 | #define BYTES_PER_POINTER sizeof(void *) | 114 | #define BYTES_PER_POINTER sizeof(void *) |
@@ -119,8 +119,8 @@ | |||
119 | /* scanning area inside a memory block */ | 119 | /* scanning area inside a memory block */ |
120 | struct kmemleak_scan_area { | 120 | struct kmemleak_scan_area { |
121 | struct hlist_node node; | 121 | struct hlist_node node; |
122 | unsigned long offset; | 122 | unsigned long start; |
123 | size_t length; | 123 | size_t size; |
124 | }; | 124 | }; |
125 | 125 | ||
126 | #define KMEMLEAK_GREY 0 | 126 | #define KMEMLEAK_GREY 0 |
@@ -149,6 +149,8 @@ struct kmemleak_object { | |||
149 | int min_count; | 149 | int min_count; |
150 | /* the total number of pointers found pointing to this object */ | 150 | /* the total number of pointers found pointing to this object */ |
151 | int count; | 151 | int count; |
152 | /* checksum for detecting modified objects */ | ||
153 | u32 checksum; | ||
152 | /* memory ranges to be scanned inside an object (empty for all) */ | 154 | /* memory ranges to be scanned inside an object (empty for all) */ |
153 | struct hlist_head area_list; | 155 | struct hlist_head area_list; |
154 | unsigned long trace[MAX_TRACE]; | 156 | unsigned long trace[MAX_TRACE]; |
@@ -164,8 +166,6 @@ struct kmemleak_object { | |||
164 | #define OBJECT_REPORTED (1 << 1) | 166 | #define OBJECT_REPORTED (1 << 1) |
165 | /* flag set to not scan the object */ | 167 | /* flag set to not scan the object */ |
166 | #define OBJECT_NO_SCAN (1 << 2) | 168 | #define OBJECT_NO_SCAN (1 << 2) |
167 | /* flag set on newly allocated objects */ | ||
168 | #define OBJECT_NEW (1 << 3) | ||
169 | 169 | ||
170 | /* number of bytes to print per line; must be 16 or 32 */ | 170 | /* number of bytes to print per line; must be 16 or 32 */ |
171 | #define HEX_ROW_SIZE 16 | 171 | #define HEX_ROW_SIZE 16 |
@@ -241,8 +241,6 @@ struct early_log { | |||
241 | const void *ptr; /* allocated/freed memory block */ | 241 | const void *ptr; /* allocated/freed memory block */ |
242 | size_t size; /* memory block size */ | 242 | size_t size; /* memory block size */ |
243 | int min_count; /* minimum reference count */ | 243 | int min_count; /* minimum reference count */ |
244 | unsigned long offset; /* scan area offset */ | ||
245 | size_t length; /* scan area length */ | ||
246 | unsigned long trace[MAX_TRACE]; /* stack trace */ | 244 | unsigned long trace[MAX_TRACE]; /* stack trace */ |
247 | unsigned int trace_len; /* stack trace length */ | 245 | unsigned int trace_len; /* stack trace length */ |
248 | }; | 246 | }; |
@@ -323,11 +321,6 @@ static bool color_gray(const struct kmemleak_object *object) | |||
323 | object->count >= object->min_count; | 321 | object->count >= object->min_count; |
324 | } | 322 | } |
325 | 323 | ||
326 | static bool color_black(const struct kmemleak_object *object) | ||
327 | { | ||
328 | return object->min_count == KMEMLEAK_BLACK; | ||
329 | } | ||
330 | |||
331 | /* | 324 | /* |
332 | * Objects are considered unreferenced only if their color is white, they have | 325 | * Objects are considered unreferenced only if their color is white, they have |
333 | * not be deleted and have a minimum age to avoid false positives caused by | 326 | * not be deleted and have a minimum age to avoid false positives caused by |
@@ -335,7 +328,7 @@ static bool color_black(const struct kmemleak_object *object) | |||
335 | */ | 328 | */ |
336 | static bool unreferenced_object(struct kmemleak_object *object) | 329 | static bool unreferenced_object(struct kmemleak_object *object) |
337 | { | 330 | { |
338 | return (object->flags & OBJECT_ALLOCATED) && color_white(object) && | 331 | return (color_white(object) && object->flags & OBJECT_ALLOCATED) && |
339 | time_before_eq(object->jiffies + jiffies_min_age, | 332 | time_before_eq(object->jiffies + jiffies_min_age, |
340 | jiffies_last_scan); | 333 | jiffies_last_scan); |
341 | } | 334 | } |
@@ -348,11 +341,13 @@ static void print_unreferenced(struct seq_file *seq, | |||
348 | struct kmemleak_object *object) | 341 | struct kmemleak_object *object) |
349 | { | 342 | { |
350 | int i; | 343 | int i; |
344 | unsigned int msecs_age = jiffies_to_msecs(jiffies - object->jiffies); | ||
351 | 345 | ||
352 | seq_printf(seq, "unreferenced object 0x%08lx (size %zu):\n", | 346 | seq_printf(seq, "unreferenced object 0x%08lx (size %zu):\n", |
353 | object->pointer, object->size); | 347 | object->pointer, object->size); |
354 | seq_printf(seq, " comm \"%s\", pid %d, jiffies %lu\n", | 348 | seq_printf(seq, " comm \"%s\", pid %d, jiffies %lu (age %d.%03ds)\n", |
355 | object->comm, object->pid, object->jiffies); | 349 | object->comm, object->pid, object->jiffies, |
350 | msecs_age / 1000, msecs_age % 1000); | ||
356 | hex_dump_object(seq, object); | 351 | hex_dump_object(seq, object); |
357 | seq_printf(seq, " backtrace:\n"); | 352 | seq_printf(seq, " backtrace:\n"); |
358 | 353 | ||
@@ -381,6 +376,7 @@ static void dump_object_info(struct kmemleak_object *object) | |||
381 | pr_notice(" min_count = %d\n", object->min_count); | 376 | pr_notice(" min_count = %d\n", object->min_count); |
382 | pr_notice(" count = %d\n", object->count); | 377 | pr_notice(" count = %d\n", object->count); |
383 | pr_notice(" flags = 0x%lx\n", object->flags); | 378 | pr_notice(" flags = 0x%lx\n", object->flags); |
379 | pr_notice(" checksum = %d\n", object->checksum); | ||
384 | pr_notice(" backtrace:\n"); | 380 | pr_notice(" backtrace:\n"); |
385 | print_stack_trace(&trace, 4); | 381 | print_stack_trace(&trace, 4); |
386 | } | 382 | } |
@@ -522,12 +518,13 @@ static struct kmemleak_object *create_object(unsigned long ptr, size_t size, | |||
522 | INIT_HLIST_HEAD(&object->area_list); | 518 | INIT_HLIST_HEAD(&object->area_list); |
523 | spin_lock_init(&object->lock); | 519 | spin_lock_init(&object->lock); |
524 | atomic_set(&object->use_count, 1); | 520 | atomic_set(&object->use_count, 1); |
525 | object->flags = OBJECT_ALLOCATED | OBJECT_NEW; | 521 | object->flags = OBJECT_ALLOCATED; |
526 | object->pointer = ptr; | 522 | object->pointer = ptr; |
527 | object->size = size; | 523 | object->size = size; |
528 | object->min_count = min_count; | 524 | object->min_count = min_count; |
529 | object->count = -1; /* no color initially */ | 525 | object->count = 0; /* white color initially */ |
530 | object->jiffies = jiffies; | 526 | object->jiffies = jiffies; |
527 | object->checksum = 0; | ||
531 | 528 | ||
532 | /* task information */ | 529 | /* task information */ |
533 | if (in_irq()) { | 530 | if (in_irq()) { |
@@ -720,14 +717,13 @@ static void make_black_object(unsigned long ptr) | |||
720 | * Add a scanning area to the object. If at least one such area is added, | 717 | * Add a scanning area to the object. If at least one such area is added, |
721 | * kmemleak will only scan these ranges rather than the whole memory block. | 718 | * kmemleak will only scan these ranges rather than the whole memory block. |
722 | */ | 719 | */ |
723 | static void add_scan_area(unsigned long ptr, unsigned long offset, | 720 | static void add_scan_area(unsigned long ptr, size_t size, gfp_t gfp) |
724 | size_t length, gfp_t gfp) | ||
725 | { | 721 | { |
726 | unsigned long flags; | 722 | unsigned long flags; |
727 | struct kmemleak_object *object; | 723 | struct kmemleak_object *object; |
728 | struct kmemleak_scan_area *area; | 724 | struct kmemleak_scan_area *area; |
729 | 725 | ||
730 | object = find_and_get_object(ptr, 0); | 726 | object = find_and_get_object(ptr, 1); |
731 | if (!object) { | 727 | if (!object) { |
732 | kmemleak_warn("Adding scan area to unknown object at 0x%08lx\n", | 728 | kmemleak_warn("Adding scan area to unknown object at 0x%08lx\n", |
733 | ptr); | 729 | ptr); |
@@ -741,7 +737,7 @@ static void add_scan_area(unsigned long ptr, unsigned long offset, | |||
741 | } | 737 | } |
742 | 738 | ||
743 | spin_lock_irqsave(&object->lock, flags); | 739 | spin_lock_irqsave(&object->lock, flags); |
744 | if (offset + length > object->size) { | 740 | if (ptr + size > object->pointer + object->size) { |
745 | kmemleak_warn("Scan area larger than object 0x%08lx\n", ptr); | 741 | kmemleak_warn("Scan area larger than object 0x%08lx\n", ptr); |
746 | dump_object_info(object); | 742 | dump_object_info(object); |
747 | kmem_cache_free(scan_area_cache, area); | 743 | kmem_cache_free(scan_area_cache, area); |
@@ -749,8 +745,8 @@ static void add_scan_area(unsigned long ptr, unsigned long offset, | |||
749 | } | 745 | } |
750 | 746 | ||
751 | INIT_HLIST_NODE(&area->node); | 747 | INIT_HLIST_NODE(&area->node); |
752 | area->offset = offset; | 748 | area->start = ptr; |
753 | area->length = length; | 749 | area->size = size; |
754 | 750 | ||
755 | hlist_add_head(&area->node, &object->area_list); | 751 | hlist_add_head(&area->node, &object->area_list); |
756 | out_unlock: | 752 | out_unlock: |
@@ -786,7 +782,7 @@ static void object_no_scan(unsigned long ptr) | |||
786 | * processed later once kmemleak is fully initialized. | 782 | * processed later once kmemleak is fully initialized. |
787 | */ | 783 | */ |
788 | static void __init log_early(int op_type, const void *ptr, size_t size, | 784 | static void __init log_early(int op_type, const void *ptr, size_t size, |
789 | int min_count, unsigned long offset, size_t length) | 785 | int min_count) |
790 | { | 786 | { |
791 | unsigned long flags; | 787 | unsigned long flags; |
792 | struct early_log *log; | 788 | struct early_log *log; |
@@ -808,8 +804,6 @@ static void __init log_early(int op_type, const void *ptr, size_t size, | |||
808 | log->ptr = ptr; | 804 | log->ptr = ptr; |
809 | log->size = size; | 805 | log->size = size; |
810 | log->min_count = min_count; | 806 | log->min_count = min_count; |
811 | log->offset = offset; | ||
812 | log->length = length; | ||
813 | if (op_type == KMEMLEAK_ALLOC) | 807 | if (op_type == KMEMLEAK_ALLOC) |
814 | log->trace_len = __save_stack_trace(log->trace); | 808 | log->trace_len = __save_stack_trace(log->trace); |
815 | crt_early_log++; | 809 | crt_early_log++; |
@@ -833,12 +827,15 @@ static void early_alloc(struct early_log *log) | |||
833 | */ | 827 | */ |
834 | rcu_read_lock(); | 828 | rcu_read_lock(); |
835 | object = create_object((unsigned long)log->ptr, log->size, | 829 | object = create_object((unsigned long)log->ptr, log->size, |
836 | log->min_count, GFP_KERNEL); | 830 | log->min_count, GFP_ATOMIC); |
831 | if (!object) | ||
832 | goto out; | ||
837 | spin_lock_irqsave(&object->lock, flags); | 833 | spin_lock_irqsave(&object->lock, flags); |
838 | for (i = 0; i < log->trace_len; i++) | 834 | for (i = 0; i < log->trace_len; i++) |
839 | object->trace[i] = log->trace[i]; | 835 | object->trace[i] = log->trace[i]; |
840 | object->trace_len = log->trace_len; | 836 | object->trace_len = log->trace_len; |
841 | spin_unlock_irqrestore(&object->lock, flags); | 837 | spin_unlock_irqrestore(&object->lock, flags); |
838 | out: | ||
842 | rcu_read_unlock(); | 839 | rcu_read_unlock(); |
843 | } | 840 | } |
844 | 841 | ||
@@ -855,7 +852,7 @@ void __ref kmemleak_alloc(const void *ptr, size_t size, int min_count, | |||
855 | if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) | 852 | if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) |
856 | create_object((unsigned long)ptr, size, min_count, gfp); | 853 | create_object((unsigned long)ptr, size, min_count, gfp); |
857 | else if (atomic_read(&kmemleak_early_log)) | 854 | else if (atomic_read(&kmemleak_early_log)) |
858 | log_early(KMEMLEAK_ALLOC, ptr, size, min_count, 0, 0); | 855 | log_early(KMEMLEAK_ALLOC, ptr, size, min_count); |
859 | } | 856 | } |
860 | EXPORT_SYMBOL_GPL(kmemleak_alloc); | 857 | EXPORT_SYMBOL_GPL(kmemleak_alloc); |
861 | 858 | ||
@@ -870,7 +867,7 @@ void __ref kmemleak_free(const void *ptr) | |||
870 | if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) | 867 | if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) |
871 | delete_object_full((unsigned long)ptr); | 868 | delete_object_full((unsigned long)ptr); |
872 | else if (atomic_read(&kmemleak_early_log)) | 869 | else if (atomic_read(&kmemleak_early_log)) |
873 | log_early(KMEMLEAK_FREE, ptr, 0, 0, 0, 0); | 870 | log_early(KMEMLEAK_FREE, ptr, 0, 0); |
874 | } | 871 | } |
875 | EXPORT_SYMBOL_GPL(kmemleak_free); | 872 | EXPORT_SYMBOL_GPL(kmemleak_free); |
876 | 873 | ||
@@ -885,7 +882,7 @@ void __ref kmemleak_free_part(const void *ptr, size_t size) | |||
885 | if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) | 882 | if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) |
886 | delete_object_part((unsigned long)ptr, size); | 883 | delete_object_part((unsigned long)ptr, size); |
887 | else if (atomic_read(&kmemleak_early_log)) | 884 | else if (atomic_read(&kmemleak_early_log)) |
888 | log_early(KMEMLEAK_FREE_PART, ptr, size, 0, 0, 0); | 885 | log_early(KMEMLEAK_FREE_PART, ptr, size, 0); |
889 | } | 886 | } |
890 | EXPORT_SYMBOL_GPL(kmemleak_free_part); | 887 | EXPORT_SYMBOL_GPL(kmemleak_free_part); |
891 | 888 | ||
@@ -900,7 +897,7 @@ void __ref kmemleak_not_leak(const void *ptr) | |||
900 | if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) | 897 | if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) |
901 | make_gray_object((unsigned long)ptr); | 898 | make_gray_object((unsigned long)ptr); |
902 | else if (atomic_read(&kmemleak_early_log)) | 899 | else if (atomic_read(&kmemleak_early_log)) |
903 | log_early(KMEMLEAK_NOT_LEAK, ptr, 0, 0, 0, 0); | 900 | log_early(KMEMLEAK_NOT_LEAK, ptr, 0, 0); |
904 | } | 901 | } |
905 | EXPORT_SYMBOL(kmemleak_not_leak); | 902 | EXPORT_SYMBOL(kmemleak_not_leak); |
906 | 903 | ||
@@ -916,22 +913,21 @@ void __ref kmemleak_ignore(const void *ptr) | |||
916 | if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) | 913 | if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) |
917 | make_black_object((unsigned long)ptr); | 914 | make_black_object((unsigned long)ptr); |
918 | else if (atomic_read(&kmemleak_early_log)) | 915 | else if (atomic_read(&kmemleak_early_log)) |
919 | log_early(KMEMLEAK_IGNORE, ptr, 0, 0, 0, 0); | 916 | log_early(KMEMLEAK_IGNORE, ptr, 0, 0); |
920 | } | 917 | } |
921 | EXPORT_SYMBOL(kmemleak_ignore); | 918 | EXPORT_SYMBOL(kmemleak_ignore); |
922 | 919 | ||
923 | /* | 920 | /* |
924 | * Limit the range to be scanned in an allocated memory block. | 921 | * Limit the range to be scanned in an allocated memory block. |
925 | */ | 922 | */ |
926 | void __ref kmemleak_scan_area(const void *ptr, unsigned long offset, | 923 | void __ref kmemleak_scan_area(const void *ptr, size_t size, gfp_t gfp) |
927 | size_t length, gfp_t gfp) | ||
928 | { | 924 | { |
929 | pr_debug("%s(0x%p)\n", __func__, ptr); | 925 | pr_debug("%s(0x%p)\n", __func__, ptr); |
930 | 926 | ||
931 | if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) | 927 | if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) |
932 | add_scan_area((unsigned long)ptr, offset, length, gfp); | 928 | add_scan_area((unsigned long)ptr, size, gfp); |
933 | else if (atomic_read(&kmemleak_early_log)) | 929 | else if (atomic_read(&kmemleak_early_log)) |
934 | log_early(KMEMLEAK_SCAN_AREA, ptr, 0, 0, offset, length); | 930 | log_early(KMEMLEAK_SCAN_AREA, ptr, size, 0); |
935 | } | 931 | } |
936 | EXPORT_SYMBOL(kmemleak_scan_area); | 932 | EXPORT_SYMBOL(kmemleak_scan_area); |
937 | 933 | ||
@@ -945,11 +941,25 @@ void __ref kmemleak_no_scan(const void *ptr) | |||
945 | if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) | 941 | if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) |
946 | object_no_scan((unsigned long)ptr); | 942 | object_no_scan((unsigned long)ptr); |
947 | else if (atomic_read(&kmemleak_early_log)) | 943 | else if (atomic_read(&kmemleak_early_log)) |
948 | log_early(KMEMLEAK_NO_SCAN, ptr, 0, 0, 0, 0); | 944 | log_early(KMEMLEAK_NO_SCAN, ptr, 0, 0); |
949 | } | 945 | } |
950 | EXPORT_SYMBOL(kmemleak_no_scan); | 946 | EXPORT_SYMBOL(kmemleak_no_scan); |
951 | 947 | ||
952 | /* | 948 | /* |
949 | * Update an object's checksum and return true if it was modified. | ||
950 | */ | ||
951 | static bool update_checksum(struct kmemleak_object *object) | ||
952 | { | ||
953 | u32 old_csum = object->checksum; | ||
954 | |||
955 | if (!kmemcheck_is_obj_initialized(object->pointer, object->size)) | ||
956 | return false; | ||
957 | |||
958 | object->checksum = crc32(0, (void *)object->pointer, object->size); | ||
959 | return object->checksum != old_csum; | ||
960 | } | ||
961 | |||
962 | /* | ||
953 | * Memory scanning is a long process and it needs to be interruptable. This | 963 | * Memory scanning is a long process and it needs to be interruptable. This |
954 | * function checks whether such interrupt condition occured. | 964 | * function checks whether such interrupt condition occured. |
955 | */ | 965 | */ |
@@ -1028,11 +1038,14 @@ static void scan_block(void *_start, void *_end, | |||
1028 | * added to the gray_list. | 1038 | * added to the gray_list. |
1029 | */ | 1039 | */ |
1030 | object->count++; | 1040 | object->count++; |
1031 | if (color_gray(object)) | 1041 | if (color_gray(object)) { |
1032 | list_add_tail(&object->gray_list, &gray_list); | 1042 | list_add_tail(&object->gray_list, &gray_list); |
1033 | else | 1043 | spin_unlock_irqrestore(&object->lock, flags); |
1034 | put_object(object); | 1044 | continue; |
1045 | } | ||
1046 | |||
1035 | spin_unlock_irqrestore(&object->lock, flags); | 1047 | spin_unlock_irqrestore(&object->lock, flags); |
1048 | put_object(object); | ||
1036 | } | 1049 | } |
1037 | } | 1050 | } |
1038 | 1051 | ||
@@ -1047,8 +1060,8 @@ static void scan_object(struct kmemleak_object *object) | |||
1047 | unsigned long flags; | 1060 | unsigned long flags; |
1048 | 1061 | ||
1049 | /* | 1062 | /* |
1050 | * Once the object->lock is aquired, the corresponding memory block | 1063 | * Once the object->lock is acquired, the corresponding memory block |
1051 | * cannot be freed (the same lock is aquired in delete_object). | 1064 | * cannot be freed (the same lock is acquired in delete_object). |
1052 | */ | 1065 | */ |
1053 | spin_lock_irqsave(&object->lock, flags); | 1066 | spin_lock_irqsave(&object->lock, flags); |
1054 | if (object->flags & OBJECT_NO_SCAN) | 1067 | if (object->flags & OBJECT_NO_SCAN) |
@@ -1072,14 +1085,47 @@ static void scan_object(struct kmemleak_object *object) | |||
1072 | } | 1085 | } |
1073 | } else | 1086 | } else |
1074 | hlist_for_each_entry(area, elem, &object->area_list, node) | 1087 | hlist_for_each_entry(area, elem, &object->area_list, node) |
1075 | scan_block((void *)(object->pointer + area->offset), | 1088 | scan_block((void *)area->start, |
1076 | (void *)(object->pointer + area->offset | 1089 | (void *)(area->start + area->size), |
1077 | + area->length), object, 0); | 1090 | object, 0); |
1078 | out: | 1091 | out: |
1079 | spin_unlock_irqrestore(&object->lock, flags); | 1092 | spin_unlock_irqrestore(&object->lock, flags); |
1080 | } | 1093 | } |
1081 | 1094 | ||
1082 | /* | 1095 | /* |
1096 | * Scan the objects already referenced (gray objects). More objects will be | ||
1097 | * referenced and, if there are no memory leaks, all the objects are scanned. | ||
1098 | */ | ||
1099 | static void scan_gray_list(void) | ||
1100 | { | ||
1101 | struct kmemleak_object *object, *tmp; | ||
1102 | |||
1103 | /* | ||
1104 | * The list traversal is safe for both tail additions and removals | ||
1105 | * from inside the loop. The kmemleak objects cannot be freed from | ||
1106 | * outside the loop because their use_count was incremented. | ||
1107 | */ | ||
1108 | object = list_entry(gray_list.next, typeof(*object), gray_list); | ||
1109 | while (&object->gray_list != &gray_list) { | ||
1110 | cond_resched(); | ||
1111 | |||
1112 | /* may add new objects to the list */ | ||
1113 | if (!scan_should_stop()) | ||
1114 | scan_object(object); | ||
1115 | |||
1116 | tmp = list_entry(object->gray_list.next, typeof(*object), | ||
1117 | gray_list); | ||
1118 | |||
1119 | /* remove the object from the list and release it */ | ||
1120 | list_del(&object->gray_list); | ||
1121 | put_object(object); | ||
1122 | |||
1123 | object = tmp; | ||
1124 | } | ||
1125 | WARN_ON(!list_empty(&gray_list)); | ||
1126 | } | ||
1127 | |||
1128 | /* | ||
1083 | * Scan data sections and all the referenced memory blocks allocated via the | 1129 | * Scan data sections and all the referenced memory blocks allocated via the |
1084 | * kernel's standard allocators. This function must be called with the | 1130 | * kernel's standard allocators. This function must be called with the |
1085 | * scan_mutex held. | 1131 | * scan_mutex held. |
@@ -1087,10 +1133,9 @@ out: | |||
1087 | static void kmemleak_scan(void) | 1133 | static void kmemleak_scan(void) |
1088 | { | 1134 | { |
1089 | unsigned long flags; | 1135 | unsigned long flags; |
1090 | struct kmemleak_object *object, *tmp; | 1136 | struct kmemleak_object *object; |
1091 | int i; | 1137 | int i; |
1092 | int new_leaks = 0; | 1138 | int new_leaks = 0; |
1093 | int gray_list_pass = 0; | ||
1094 | 1139 | ||
1095 | jiffies_last_scan = jiffies; | 1140 | jiffies_last_scan = jiffies; |
1096 | 1141 | ||
@@ -1111,7 +1156,6 @@ static void kmemleak_scan(void) | |||
1111 | #endif | 1156 | #endif |
1112 | /* reset the reference count (whiten the object) */ | 1157 | /* reset the reference count (whiten the object) */ |
1113 | object->count = 0; | 1158 | object->count = 0; |
1114 | object->flags &= ~OBJECT_NEW; | ||
1115 | if (color_gray(object) && get_object(object)) | 1159 | if (color_gray(object) && get_object(object)) |
1116 | list_add_tail(&object->gray_list, &gray_list); | 1160 | list_add_tail(&object->gray_list, &gray_list); |
1117 | 1161 | ||
@@ -1169,62 +1213,36 @@ static void kmemleak_scan(void) | |||
1169 | 1213 | ||
1170 | /* | 1214 | /* |
1171 | * Scan the objects already referenced from the sections scanned | 1215 | * Scan the objects already referenced from the sections scanned |
1172 | * above. More objects will be referenced and, if there are no memory | 1216 | * above. |
1173 | * leaks, all the objects will be scanned. The list traversal is safe | ||
1174 | * for both tail additions and removals from inside the loop. The | ||
1175 | * kmemleak objects cannot be freed from outside the loop because their | ||
1176 | * use_count was increased. | ||
1177 | */ | 1217 | */ |
1178 | repeat: | 1218 | scan_gray_list(); |
1179 | object = list_entry(gray_list.next, typeof(*object), gray_list); | ||
1180 | while (&object->gray_list != &gray_list) { | ||
1181 | cond_resched(); | ||
1182 | |||
1183 | /* may add new objects to the list */ | ||
1184 | if (!scan_should_stop()) | ||
1185 | scan_object(object); | ||
1186 | |||
1187 | tmp = list_entry(object->gray_list.next, typeof(*object), | ||
1188 | gray_list); | ||
1189 | |||
1190 | /* remove the object from the list and release it */ | ||
1191 | list_del(&object->gray_list); | ||
1192 | put_object(object); | ||
1193 | |||
1194 | object = tmp; | ||
1195 | } | ||
1196 | |||
1197 | if (scan_should_stop() || ++gray_list_pass >= GRAY_LIST_PASSES) | ||
1198 | goto scan_end; | ||
1199 | 1219 | ||
1200 | /* | 1220 | /* |
1201 | * Check for new objects allocated during this scanning and add them | 1221 | * Check for new or unreferenced objects modified since the previous |
1202 | * to the gray list. | 1222 | * scan and color them gray until the next scan. |
1203 | */ | 1223 | */ |
1204 | rcu_read_lock(); | 1224 | rcu_read_lock(); |
1205 | list_for_each_entry_rcu(object, &object_list, object_list) { | 1225 | list_for_each_entry_rcu(object, &object_list, object_list) { |
1206 | spin_lock_irqsave(&object->lock, flags); | 1226 | spin_lock_irqsave(&object->lock, flags); |
1207 | if ((object->flags & OBJECT_NEW) && !color_black(object) && | 1227 | if (color_white(object) && (object->flags & OBJECT_ALLOCATED) |
1208 | get_object(object)) { | 1228 | && update_checksum(object) && get_object(object)) { |
1209 | object->flags &= ~OBJECT_NEW; | 1229 | /* color it gray temporarily */ |
1230 | object->count = object->min_count; | ||
1210 | list_add_tail(&object->gray_list, &gray_list); | 1231 | list_add_tail(&object->gray_list, &gray_list); |
1211 | } | 1232 | } |
1212 | spin_unlock_irqrestore(&object->lock, flags); | 1233 | spin_unlock_irqrestore(&object->lock, flags); |
1213 | } | 1234 | } |
1214 | rcu_read_unlock(); | 1235 | rcu_read_unlock(); |
1215 | 1236 | ||
1216 | if (!list_empty(&gray_list)) | 1237 | /* |
1217 | goto repeat; | 1238 | * Re-scan the gray list for modified unreferenced objects. |
1218 | 1239 | */ | |
1219 | scan_end: | 1240 | scan_gray_list(); |
1220 | WARN_ON(!list_empty(&gray_list)); | ||
1221 | 1241 | ||
1222 | /* | 1242 | /* |
1223 | * If scanning was stopped or new objects were being allocated at a | 1243 | * If scanning was stopped do not report any new unreferenced objects. |
1224 | * higher rate than gray list scanning, do not report any new | ||
1225 | * unreferenced objects. | ||
1226 | */ | 1244 | */ |
1227 | if (scan_should_stop() || gray_list_pass >= GRAY_LIST_PASSES) | 1245 | if (scan_should_stop()) |
1228 | return; | 1246 | return; |
1229 | 1247 | ||
1230 | /* | 1248 | /* |
@@ -1639,8 +1657,7 @@ void __init kmemleak_init(void) | |||
1639 | kmemleak_ignore(log->ptr); | 1657 | kmemleak_ignore(log->ptr); |
1640 | break; | 1658 | break; |
1641 | case KMEMLEAK_SCAN_AREA: | 1659 | case KMEMLEAK_SCAN_AREA: |
1642 | kmemleak_scan_area(log->ptr, log->offset, log->length, | 1660 | kmemleak_scan_area(log->ptr, log->size, GFP_KERNEL); |
1643 | GFP_KERNEL); | ||
1644 | break; | 1661 | break; |
1645 | case KMEMLEAK_NO_SCAN: | 1662 | case KMEMLEAK_NO_SCAN: |
1646 | kmemleak_no_scan(log->ptr); | 1663 | kmemleak_no_scan(log->ptr); |