aboutsummaryrefslogtreecommitdiffstats
path: root/mm/kmemleak.c
diff options
context:
space:
mode:
Diffstat (limited to 'mm/kmemleak.c')
-rw-r--r--mm/kmemleak.c405
1 files changed, 221 insertions, 184 deletions
diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index c96f2c8700aa..5aabd41ffb8f 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -48,10 +48,10 @@
48 * scanned. This list is only modified during a scanning episode when the 48 * scanned. This list is only modified during a scanning episode when the
49 * scan_mutex is held. At the end of a scan, the gray_list is always empty. 49 * scan_mutex is held. At the end of a scan, the gray_list is always empty.
50 * Note that the kmemleak_object.use_count is incremented when an object is 50 * Note that the kmemleak_object.use_count is incremented when an object is
51 * added to the gray_list and therefore cannot be freed 51 * added to the gray_list and therefore cannot be freed. This mutex also
52 * - kmemleak_mutex (mutex): prevents multiple users of the "kmemleak" debugfs 52 * prevents multiple users of the "kmemleak" debugfs file together with
53 * file together with modifications to the memory scanning parameters 53 * modifications to the memory scanning parameters including the scan_thread
54 * including the scan_thread pointer 54 * pointer
55 * 55 *
56 * The kmemleak_object structures have a use_count incremented or decremented 56 * The kmemleak_object structures have a use_count incremented or decremented
57 * using the get_object()/put_object() functions. When the use_count becomes 57 * using the get_object()/put_object() functions. When the use_count becomes
@@ -103,11 +103,10 @@
103 * Kmemleak configuration and common defines. 103 * Kmemleak configuration and common defines.
104 */ 104 */
105#define MAX_TRACE 16 /* stack trace length */ 105#define MAX_TRACE 16 /* stack trace length */
106#define REPORTS_NR 50 /* maximum number of reported leaks */
107#define MSECS_MIN_AGE 5000 /* minimum object age for reporting */ 106#define MSECS_MIN_AGE 5000 /* minimum object age for reporting */
108#define MSECS_SCAN_YIELD 10 /* CPU yielding period */
109#define SECS_FIRST_SCAN 60 /* delay before the first scan */ 107#define SECS_FIRST_SCAN 60 /* delay before the first scan */
110#define SECS_SCAN_WAIT 600 /* subsequent auto scanning delay */ 108#define SECS_SCAN_WAIT 600 /* subsequent auto scanning delay */
109#define GRAY_LIST_PASSES 25 /* maximum number of gray list scans */
111 110
112#define BYTES_PER_POINTER sizeof(void *) 111#define BYTES_PER_POINTER sizeof(void *)
113 112
@@ -159,6 +158,8 @@ struct kmemleak_object {
159#define OBJECT_REPORTED (1 << 1) 158#define OBJECT_REPORTED (1 << 1)
160/* flag set to not scan the object */ 159/* flag set to not scan the object */
161#define OBJECT_NO_SCAN (1 << 2) 160#define OBJECT_NO_SCAN (1 << 2)
161/* flag set on newly allocated objects */
162#define OBJECT_NEW (1 << 3)
162 163
163/* the list of all allocated objects */ 164/* the list of all allocated objects */
164static LIST_HEAD(object_list); 165static LIST_HEAD(object_list);
@@ -186,22 +187,16 @@ static atomic_t kmemleak_error = ATOMIC_INIT(0);
186static unsigned long min_addr = ULONG_MAX; 187static unsigned long min_addr = ULONG_MAX;
187static unsigned long max_addr; 188static unsigned long max_addr;
188 189
189/* used for yielding the CPU to other tasks during scanning */
190static unsigned long next_scan_yield;
191static struct task_struct *scan_thread; 190static struct task_struct *scan_thread;
192static unsigned long jiffies_scan_yield; 191/* used to avoid reporting of recently allocated objects */
193static unsigned long jiffies_min_age; 192static unsigned long jiffies_min_age;
193static unsigned long jiffies_last_scan;
194/* delay between automatic memory scannings */ 194/* delay between automatic memory scannings */
195static signed long jiffies_scan_wait; 195static signed long jiffies_scan_wait;
196/* enables or disables the task stacks scanning */ 196/* enables or disables the task stacks scanning */
197static int kmemleak_stack_scan; 197static int kmemleak_stack_scan = 1;
198/* mutex protecting the memory scanning */ 198/* protects the memory scanning, parameters and debug/kmemleak file access */
199static DEFINE_MUTEX(scan_mutex); 199static DEFINE_MUTEX(scan_mutex);
200/* mutex protecting the access to the /sys/kernel/debug/kmemleak file */
201static DEFINE_MUTEX(kmemleak_mutex);
202
203/* number of leaks reported (for limitation purposes) */
204static int reported_leaks;
205 200
206/* 201/*
207 * Early object allocation/freeing logging. Kmemleak is initialized after the 202 * Early object allocation/freeing logging. Kmemleak is initialized after the
@@ -215,6 +210,7 @@ static int reported_leaks;
215enum { 210enum {
216 KMEMLEAK_ALLOC, 211 KMEMLEAK_ALLOC,
217 KMEMLEAK_FREE, 212 KMEMLEAK_FREE,
213 KMEMLEAK_FREE_PART,
218 KMEMLEAK_NOT_LEAK, 214 KMEMLEAK_NOT_LEAK,
219 KMEMLEAK_IGNORE, 215 KMEMLEAK_IGNORE,
220 KMEMLEAK_SCAN_AREA, 216 KMEMLEAK_SCAN_AREA,
@@ -235,7 +231,7 @@ struct early_log {
235}; 231};
236 232
237/* early logging buffer and current position */ 233/* early logging buffer and current position */
238static struct early_log early_log[200]; 234static struct early_log early_log[CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE];
239static int crt_early_log; 235static int crt_early_log;
240 236
241static void kmemleak_disable(void); 237static void kmemleak_disable(void);
@@ -278,13 +274,9 @@ static int color_gray(const struct kmemleak_object *object)
278 return object->min_count != -1 && object->count >= object->min_count; 274 return object->min_count != -1 && object->count >= object->min_count;
279} 275}
280 276
281/* 277static int color_black(const struct kmemleak_object *object)
282 * Objects are considered referenced if their color is gray and they have not
283 * been deleted.
284 */
285static int referenced_object(struct kmemleak_object *object)
286{ 278{
287 return (object->flags & OBJECT_ALLOCATED) && color_gray(object); 279 return object->min_count == -1;
288} 280}
289 281
290/* 282/*
@@ -295,42 +287,28 @@ static int referenced_object(struct kmemleak_object *object)
295static int unreferenced_object(struct kmemleak_object *object) 287static int unreferenced_object(struct kmemleak_object *object)
296{ 288{
297 return (object->flags & OBJECT_ALLOCATED) && color_white(object) && 289 return (object->flags & OBJECT_ALLOCATED) && color_white(object) &&
298 time_is_before_eq_jiffies(object->jiffies + jiffies_min_age); 290 time_before_eq(object->jiffies + jiffies_min_age,
291 jiffies_last_scan);
299} 292}
300 293
301/* 294/*
302 * Printing of the (un)referenced objects information, either to the seq file 295 * Printing of the unreferenced objects information to the seq file. The
303 * or to the kernel log. The print_referenced/print_unreferenced functions 296 * print_unreferenced function must be called with the object->lock held.
304 * must be called with the object->lock held.
305 */ 297 */
306#define print_helper(seq, x...) do { \
307 struct seq_file *s = (seq); \
308 if (s) \
309 seq_printf(s, x); \
310 else \
311 pr_info(x); \
312} while (0)
313
314static void print_referenced(struct kmemleak_object *object)
315{
316 pr_info("referenced object 0x%08lx (size %zu)\n",
317 object->pointer, object->size);
318}
319
320static void print_unreferenced(struct seq_file *seq, 298static void print_unreferenced(struct seq_file *seq,
321 struct kmemleak_object *object) 299 struct kmemleak_object *object)
322{ 300{
323 int i; 301 int i;
324 302
325 print_helper(seq, "unreferenced object 0x%08lx (size %zu):\n", 303 seq_printf(seq, "unreferenced object 0x%08lx (size %zu):\n",
326 object->pointer, object->size); 304 object->pointer, object->size);
327 print_helper(seq, " comm \"%s\", pid %d, jiffies %lu\n", 305 seq_printf(seq, " comm \"%s\", pid %d, jiffies %lu\n",
328 object->comm, object->pid, object->jiffies); 306 object->comm, object->pid, object->jiffies);
329 print_helper(seq, " backtrace:\n"); 307 seq_printf(seq, " backtrace:\n");
330 308
331 for (i = 0; i < object->trace_len; i++) { 309 for (i = 0; i < object->trace_len; i++) {
332 void *ptr = (void *)object->trace[i]; 310 void *ptr = (void *)object->trace[i];
333 print_helper(seq, " [<%p>] %pS\n", ptr, ptr); 311 seq_printf(seq, " [<%p>] %pS\n", ptr, ptr);
334 } 312 }
335} 313}
336 314
@@ -478,7 +456,7 @@ static void create_object(unsigned long ptr, size_t size, int min_count,
478 INIT_HLIST_HEAD(&object->area_list); 456 INIT_HLIST_HEAD(&object->area_list);
479 spin_lock_init(&object->lock); 457 spin_lock_init(&object->lock);
480 atomic_set(&object->use_count, 1); 458 atomic_set(&object->use_count, 1);
481 object->flags = OBJECT_ALLOCATED; 459 object->flags = OBJECT_ALLOCATED | OBJECT_NEW;
482 object->pointer = ptr; 460 object->pointer = ptr;
483 object->size = size; 461 object->size = size;
484 object->min_count = min_count; 462 object->min_count = min_count;
@@ -546,39 +524,87 @@ out:
546 * Remove the metadata (struct kmemleak_object) for a memory block from the 524 * Remove the metadata (struct kmemleak_object) for a memory block from the
547 * object_list and object_tree_root and decrement its use_count. 525 * object_list and object_tree_root and decrement its use_count.
548 */ 526 */
549static void delete_object(unsigned long ptr) 527static void __delete_object(struct kmemleak_object *object)
550{ 528{
551 unsigned long flags; 529 unsigned long flags;
552 struct kmemleak_object *object;
553 530
554 write_lock_irqsave(&kmemleak_lock, flags); 531 write_lock_irqsave(&kmemleak_lock, flags);
555 object = lookup_object(ptr, 0);
556 if (!object) {
557 kmemleak_warn("Freeing unknown object at 0x%08lx\n",
558 ptr);
559 write_unlock_irqrestore(&kmemleak_lock, flags);
560 return;
561 }
562 prio_tree_remove(&object_tree_root, &object->tree_node); 532 prio_tree_remove(&object_tree_root, &object->tree_node);
563 list_del_rcu(&object->object_list); 533 list_del_rcu(&object->object_list);
564 write_unlock_irqrestore(&kmemleak_lock, flags); 534 write_unlock_irqrestore(&kmemleak_lock, flags);
565 535
566 WARN_ON(!(object->flags & OBJECT_ALLOCATED)); 536 WARN_ON(!(object->flags & OBJECT_ALLOCATED));
567 WARN_ON(atomic_read(&object->use_count) < 1); 537 WARN_ON(atomic_read(&object->use_count) < 2);
568 538
569 /* 539 /*
570 * Locking here also ensures that the corresponding memory block 540 * Locking here also ensures that the corresponding memory block
571 * cannot be freed when it is being scanned. 541 * cannot be freed when it is being scanned.
572 */ 542 */
573 spin_lock_irqsave(&object->lock, flags); 543 spin_lock_irqsave(&object->lock, flags);
574 if (object->flags & OBJECT_REPORTED)
575 print_referenced(object);
576 object->flags &= ~OBJECT_ALLOCATED; 544 object->flags &= ~OBJECT_ALLOCATED;
577 spin_unlock_irqrestore(&object->lock, flags); 545 spin_unlock_irqrestore(&object->lock, flags);
578 put_object(object); 546 put_object(object);
579} 547}
580 548
581/* 549/*
550 * Look up the metadata (struct kmemleak_object) corresponding to ptr and
551 * delete it.
552 */
553static void delete_object_full(unsigned long ptr)
554{
555 struct kmemleak_object *object;
556
557 object = find_and_get_object(ptr, 0);
558 if (!object) {
559#ifdef DEBUG
560 kmemleak_warn("Freeing unknown object at 0x%08lx\n",
561 ptr);
562#endif
563 return;
564 }
565 __delete_object(object);
566 put_object(object);
567}
568
569/*
570 * Look up the metadata (struct kmemleak_object) corresponding to ptr and
571 * delete it. If the memory block is partially freed, the function may create
572 * additional metadata for the remaining parts of the block.
573 */
574static void delete_object_part(unsigned long ptr, size_t size)
575{
576 struct kmemleak_object *object;
577 unsigned long start, end;
578
579 object = find_and_get_object(ptr, 1);
580 if (!object) {
581#ifdef DEBUG
582 kmemleak_warn("Partially freeing unknown object at 0x%08lx "
583 "(size %zu)\n", ptr, size);
584#endif
585 return;
586 }
587 __delete_object(object);
588
589 /*
590 * Create one or two objects that may result from the memory block
591 * split. Note that partial freeing is only done by free_bootmem() and
592 * this happens before kmemleak_init() is called. The path below is
593 * only executed during early log recording in kmemleak_init(), so
594 * GFP_KERNEL is enough.
595 */
596 start = object->pointer;
597 end = object->pointer + object->size;
598 if (ptr > start)
599 create_object(start, ptr - start, object->min_count,
600 GFP_KERNEL);
601 if (ptr + size < end)
602 create_object(ptr + size, end - ptr - size, object->min_count,
603 GFP_KERNEL);
604
605 put_object(object);
606}
607/*
582 * Make a object permanently as gray-colored so that it can no longer be 608 * Make a object permanently as gray-colored so that it can no longer be
583 * reported as a leak. This is used in general to mark a false positive. 609 * reported as a leak. This is used in general to mark a false positive.
584 */ 610 */
@@ -696,7 +722,8 @@ static void log_early(int op_type, const void *ptr, size_t size,
696 struct early_log *log; 722 struct early_log *log;
697 723
698 if (crt_early_log >= ARRAY_SIZE(early_log)) { 724 if (crt_early_log >= ARRAY_SIZE(early_log)) {
699 kmemleak_stop("Early log buffer exceeded\n"); 725 pr_warning("Early log buffer exceeded\n");
726 kmemleak_disable();
700 return; 727 return;
701 } 728 }
702 729
@@ -741,13 +768,28 @@ void kmemleak_free(const void *ptr)
741 pr_debug("%s(0x%p)\n", __func__, ptr); 768 pr_debug("%s(0x%p)\n", __func__, ptr);
742 769
743 if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr)) 770 if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr))
744 delete_object((unsigned long)ptr); 771 delete_object_full((unsigned long)ptr);
745 else if (atomic_read(&kmemleak_early_log)) 772 else if (atomic_read(&kmemleak_early_log))
746 log_early(KMEMLEAK_FREE, ptr, 0, 0, 0, 0); 773 log_early(KMEMLEAK_FREE, ptr, 0, 0, 0, 0);
747} 774}
748EXPORT_SYMBOL_GPL(kmemleak_free); 775EXPORT_SYMBOL_GPL(kmemleak_free);
749 776
750/* 777/*
778 * Partial memory freeing function callback. This function is usually called
779 * from bootmem allocator when (part of) a memory block is freed.
780 */
781void kmemleak_free_part(const void *ptr, size_t size)
782{
783 pr_debug("%s(0x%p)\n", __func__, ptr);
784
785 if (atomic_read(&kmemleak_enabled) && ptr && !IS_ERR(ptr))
786 delete_object_part((unsigned long)ptr, size);
787 else if (atomic_read(&kmemleak_early_log))
788 log_early(KMEMLEAK_FREE_PART, ptr, size, 0, 0, 0);
789}
790EXPORT_SYMBOL_GPL(kmemleak_free_part);
791
792/*
751 * Mark an already allocated memory block as a false positive. This will cause 793 * Mark an already allocated memory block as a false positive. This will cause
752 * the block to no longer be reported as leak and always be scanned. 794 * the block to no longer be reported as leak and always be scanned.
753 */ 795 */
@@ -808,21 +850,6 @@ void kmemleak_no_scan(const void *ptr)
808EXPORT_SYMBOL(kmemleak_no_scan); 850EXPORT_SYMBOL(kmemleak_no_scan);
809 851
810/* 852/*
811 * Yield the CPU so that other tasks get a chance to run. The yielding is
812 * rate-limited to avoid excessive number of calls to the schedule() function
813 * during memory scanning.
814 */
815static void scan_yield(void)
816{
817 might_sleep();
818
819 if (time_is_before_eq_jiffies(next_scan_yield)) {
820 schedule();
821 next_scan_yield = jiffies + jiffies_scan_yield;
822 }
823}
824
825/*
826 * Memory scanning is a long process and it needs to be interruptable. This 853 * Memory scanning is a long process and it needs to be interruptable. This
827 * function checks whether such interrupt condition occured. 854 * function checks whether such interrupt condition occured.
828 */ 855 */
@@ -848,7 +875,7 @@ static int scan_should_stop(void)
848 * found to the gray list. 875 * found to the gray list.
849 */ 876 */
850static void scan_block(void *_start, void *_end, 877static void scan_block(void *_start, void *_end,
851 struct kmemleak_object *scanned) 878 struct kmemleak_object *scanned, int allow_resched)
852{ 879{
853 unsigned long *ptr; 880 unsigned long *ptr;
854 unsigned long *start = PTR_ALIGN(_start, BYTES_PER_POINTER); 881 unsigned long *start = PTR_ALIGN(_start, BYTES_PER_POINTER);
@@ -859,18 +886,11 @@ static void scan_block(void *_start, void *_end,
859 unsigned long pointer = *ptr; 886 unsigned long pointer = *ptr;
860 struct kmemleak_object *object; 887 struct kmemleak_object *object;
861 888
889 if (allow_resched)
890 cond_resched();
862 if (scan_should_stop()) 891 if (scan_should_stop())
863 break; 892 break;
864 893
865 /*
866 * When scanning a memory block with a corresponding
867 * kmemleak_object, the CPU yielding is handled in the calling
868 * code since it holds the object->lock to avoid the block
869 * freeing.
870 */
871 if (!scanned)
872 scan_yield();
873
874 object = find_and_get_object(pointer, 1); 894 object = find_and_get_object(pointer, 1);
875 if (!object) 895 if (!object)
876 continue; 896 continue;
@@ -931,12 +951,12 @@ static void scan_object(struct kmemleak_object *object)
931 goto out; 951 goto out;
932 if (hlist_empty(&object->area_list)) 952 if (hlist_empty(&object->area_list))
933 scan_block((void *)object->pointer, 953 scan_block((void *)object->pointer,
934 (void *)(object->pointer + object->size), object); 954 (void *)(object->pointer + object->size), object, 0);
935 else 955 else
936 hlist_for_each_entry(area, elem, &object->area_list, node) 956 hlist_for_each_entry(area, elem, &object->area_list, node)
937 scan_block((void *)(object->pointer + area->offset), 957 scan_block((void *)(object->pointer + area->offset),
938 (void *)(object->pointer + area->offset 958 (void *)(object->pointer + area->offset
939 + area->length), object); 959 + area->length), object, 0);
940out: 960out:
941 spin_unlock_irqrestore(&object->lock, flags); 961 spin_unlock_irqrestore(&object->lock, flags);
942} 962}
@@ -952,6 +972,10 @@ static void kmemleak_scan(void)
952 struct kmemleak_object *object, *tmp; 972 struct kmemleak_object *object, *tmp;
953 struct task_struct *task; 973 struct task_struct *task;
954 int i; 974 int i;
975 int new_leaks = 0;
976 int gray_list_pass = 0;
977
978 jiffies_last_scan = jiffies;
955 979
956 /* prepare the kmemleak_object's */ 980 /* prepare the kmemleak_object's */
957 rcu_read_lock(); 981 rcu_read_lock();
@@ -970,6 +994,7 @@ static void kmemleak_scan(void)
970#endif 994#endif
971 /* reset the reference count (whiten the object) */ 995 /* reset the reference count (whiten the object) */
972 object->count = 0; 996 object->count = 0;
997 object->flags &= ~OBJECT_NEW;
973 if (color_gray(object) && get_object(object)) 998 if (color_gray(object) && get_object(object))
974 list_add_tail(&object->gray_list, &gray_list); 999 list_add_tail(&object->gray_list, &gray_list);
975 1000
@@ -978,14 +1003,14 @@ static void kmemleak_scan(void)
978 rcu_read_unlock(); 1003 rcu_read_unlock();
979 1004
980 /* data/bss scanning */ 1005 /* data/bss scanning */
981 scan_block(_sdata, _edata, NULL); 1006 scan_block(_sdata, _edata, NULL, 1);
982 scan_block(__bss_start, __bss_stop, NULL); 1007 scan_block(__bss_start, __bss_stop, NULL, 1);
983 1008
984#ifdef CONFIG_SMP 1009#ifdef CONFIG_SMP
985 /* per-cpu sections scanning */ 1010 /* per-cpu sections scanning */
986 for_each_possible_cpu(i) 1011 for_each_possible_cpu(i)
987 scan_block(__per_cpu_start + per_cpu_offset(i), 1012 scan_block(__per_cpu_start + per_cpu_offset(i),
988 __per_cpu_end + per_cpu_offset(i), NULL); 1013 __per_cpu_end + per_cpu_offset(i), NULL, 1);
989#endif 1014#endif
990 1015
991 /* 1016 /*
@@ -1007,7 +1032,7 @@ static void kmemleak_scan(void)
1007 /* only scan if page is in use */ 1032 /* only scan if page is in use */
1008 if (page_count(page) == 0) 1033 if (page_count(page) == 0)
1009 continue; 1034 continue;
1010 scan_block(page, page + 1, NULL); 1035 scan_block(page, page + 1, NULL, 1);
1011 } 1036 }
1012 } 1037 }
1013 1038
@@ -1019,7 +1044,8 @@ static void kmemleak_scan(void)
1019 read_lock(&tasklist_lock); 1044 read_lock(&tasklist_lock);
1020 for_each_process(task) 1045 for_each_process(task)
1021 scan_block(task_stack_page(task), 1046 scan_block(task_stack_page(task),
1022 task_stack_page(task) + THREAD_SIZE, NULL); 1047 task_stack_page(task) + THREAD_SIZE,
1048 NULL, 0);
1023 read_unlock(&tasklist_lock); 1049 read_unlock(&tasklist_lock);
1024 } 1050 }
1025 1051
@@ -1031,9 +1057,10 @@ static void kmemleak_scan(void)
1031 * kmemleak objects cannot be freed from outside the loop because their 1057 * kmemleak objects cannot be freed from outside the loop because their
1032 * use_count was increased. 1058 * use_count was increased.
1033 */ 1059 */
1060repeat:
1034 object = list_entry(gray_list.next, typeof(*object), gray_list); 1061 object = list_entry(gray_list.next, typeof(*object), gray_list);
1035 while (&object->gray_list != &gray_list) { 1062 while (&object->gray_list != &gray_list) {
1036 scan_yield(); 1063 cond_resched();
1037 1064
1038 /* may add new objects to the list */ 1065 /* may add new objects to the list */
1039 if (!scan_should_stop()) 1066 if (!scan_should_stop())
@@ -1048,7 +1075,59 @@ static void kmemleak_scan(void)
1048 1075
1049 object = tmp; 1076 object = tmp;
1050 } 1077 }
1078
1079 if (scan_should_stop() || ++gray_list_pass >= GRAY_LIST_PASSES)
1080 goto scan_end;
1081
1082 /*
1083 * Check for new objects allocated during this scanning and add them
1084 * to the gray list.
1085 */
1086 rcu_read_lock();
1087 list_for_each_entry_rcu(object, &object_list, object_list) {
1088 spin_lock_irqsave(&object->lock, flags);
1089 if ((object->flags & OBJECT_NEW) && !color_black(object) &&
1090 get_object(object)) {
1091 object->flags &= ~OBJECT_NEW;
1092 list_add_tail(&object->gray_list, &gray_list);
1093 }
1094 spin_unlock_irqrestore(&object->lock, flags);
1095 }
1096 rcu_read_unlock();
1097
1098 if (!list_empty(&gray_list))
1099 goto repeat;
1100
1101scan_end:
1051 WARN_ON(!list_empty(&gray_list)); 1102 WARN_ON(!list_empty(&gray_list));
1103
1104 /*
1105 * If scanning was stopped or new objects were being allocated at a
1106 * higher rate than gray list scanning, do not report any new
1107 * unreferenced objects.
1108 */
1109 if (scan_should_stop() || gray_list_pass >= GRAY_LIST_PASSES)
1110 return;
1111
1112 /*
1113 * Scanning result reporting.
1114 */
1115 rcu_read_lock();
1116 list_for_each_entry_rcu(object, &object_list, object_list) {
1117 spin_lock_irqsave(&object->lock, flags);
1118 if (unreferenced_object(object) &&
1119 !(object->flags & OBJECT_REPORTED)) {
1120 object->flags |= OBJECT_REPORTED;
1121 new_leaks++;
1122 }
1123 spin_unlock_irqrestore(&object->lock, flags);
1124 }
1125 rcu_read_unlock();
1126
1127 if (new_leaks)
1128 pr_info("%d new suspected memory leaks (see "
1129 "/sys/kernel/debug/kmemleak)\n", new_leaks);
1130
1052} 1131}
1053 1132
1054/* 1133/*
@@ -1060,6 +1139,7 @@ static int kmemleak_scan_thread(void *arg)
1060 static int first_run = 1; 1139 static int first_run = 1;
1061 1140
1062 pr_info("Automatic memory scanning thread started\n"); 1141 pr_info("Automatic memory scanning thread started\n");
1142 set_user_nice(current, 10);
1063 1143
1064 /* 1144 /*
1065 * Wait before the first scan to allow the system to fully initialize. 1145 * Wait before the first scan to allow the system to fully initialize.
@@ -1070,36 +1150,12 @@ static int kmemleak_scan_thread(void *arg)
1070 } 1150 }
1071 1151
1072 while (!kthread_should_stop()) { 1152 while (!kthread_should_stop()) {
1073 struct kmemleak_object *object;
1074 signed long timeout = jiffies_scan_wait; 1153 signed long timeout = jiffies_scan_wait;
1075 1154
1076 mutex_lock(&scan_mutex); 1155 mutex_lock(&scan_mutex);
1077
1078 kmemleak_scan(); 1156 kmemleak_scan();
1079 reported_leaks = 0;
1080
1081 rcu_read_lock();
1082 list_for_each_entry_rcu(object, &object_list, object_list) {
1083 unsigned long flags;
1084
1085 if (reported_leaks >= REPORTS_NR)
1086 break;
1087 spin_lock_irqsave(&object->lock, flags);
1088 if (!(object->flags & OBJECT_REPORTED) &&
1089 unreferenced_object(object)) {
1090 print_unreferenced(NULL, object);
1091 object->flags |= OBJECT_REPORTED;
1092 reported_leaks++;
1093 } else if ((object->flags & OBJECT_REPORTED) &&
1094 referenced_object(object)) {
1095 print_referenced(object);
1096 object->flags &= ~OBJECT_REPORTED;
1097 }
1098 spin_unlock_irqrestore(&object->lock, flags);
1099 }
1100 rcu_read_unlock();
1101
1102 mutex_unlock(&scan_mutex); 1157 mutex_unlock(&scan_mutex);
1158
1103 /* wait before the next scan */ 1159 /* wait before the next scan */
1104 while (timeout && !kthread_should_stop()) 1160 while (timeout && !kthread_should_stop())
1105 timeout = schedule_timeout_interruptible(timeout); 1161 timeout = schedule_timeout_interruptible(timeout);
@@ -1112,7 +1168,7 @@ static int kmemleak_scan_thread(void *arg)
1112 1168
1113/* 1169/*
1114 * Start the automatic memory scanning thread. This function must be called 1170 * Start the automatic memory scanning thread. This function must be called
1115 * with the kmemleak_mutex held. 1171 * with the scan_mutex held.
1116 */ 1172 */
1117void start_scan_thread(void) 1173void start_scan_thread(void)
1118{ 1174{
@@ -1127,7 +1183,7 @@ void start_scan_thread(void)
1127 1183
1128/* 1184/*
1129 * Stop the automatic memory scanning thread. This function must be called 1185 * Stop the automatic memory scanning thread. This function must be called
1130 * with the kmemleak_mutex held. 1186 * with the scan_mutex held.
1131 */ 1187 */
1132void stop_scan_thread(void) 1188void stop_scan_thread(void)
1133{ 1189{
@@ -1146,13 +1202,11 @@ static void *kmemleak_seq_start(struct seq_file *seq, loff_t *pos)
1146{ 1202{
1147 struct kmemleak_object *object; 1203 struct kmemleak_object *object;
1148 loff_t n = *pos; 1204 loff_t n = *pos;
1205 int err;
1149 1206
1150 if (!n) { 1207 err = mutex_lock_interruptible(&scan_mutex);
1151 kmemleak_scan(); 1208 if (err < 0)
1152 reported_leaks = 0; 1209 return ERR_PTR(err);
1153 }
1154 if (reported_leaks >= REPORTS_NR)
1155 return NULL;
1156 1210
1157 rcu_read_lock(); 1211 rcu_read_lock();
1158 list_for_each_entry_rcu(object, &object_list, object_list) { 1212 list_for_each_entry_rcu(object, &object_list, object_list) {
@@ -1178,8 +1232,6 @@ static void *kmemleak_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1178 struct list_head *n = &prev_obj->object_list; 1232 struct list_head *n = &prev_obj->object_list;
1179 1233
1180 ++(*pos); 1234 ++(*pos);
1181 if (reported_leaks >= REPORTS_NR)
1182 goto out;
1183 1235
1184 rcu_read_lock(); 1236 rcu_read_lock();
1185 list_for_each_continue_rcu(n, &object_list) { 1237 list_for_each_continue_rcu(n, &object_list) {
@@ -1188,7 +1240,7 @@ static void *kmemleak_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1188 break; 1240 break;
1189 } 1241 }
1190 rcu_read_unlock(); 1242 rcu_read_unlock();
1191out: 1243
1192 put_object(prev_obj); 1244 put_object(prev_obj);
1193 return next_obj; 1245 return next_obj;
1194} 1246}
@@ -1198,8 +1250,15 @@ out:
1198 */ 1250 */
1199static void kmemleak_seq_stop(struct seq_file *seq, void *v) 1251static void kmemleak_seq_stop(struct seq_file *seq, void *v)
1200{ 1252{
1201 if (v) 1253 if (!IS_ERR(v)) {
1202 put_object(v); 1254 /*
1255 * kmemleak_seq_start may return ERR_PTR if the scan_mutex
1256 * waiting was interrupted, so only release it if !IS_ERR.
1257 */
1258 mutex_unlock(&scan_mutex);
1259 if (v)
1260 put_object(v);
1261 }
1203} 1262}
1204 1263
1205/* 1264/*
@@ -1211,11 +1270,8 @@ static int kmemleak_seq_show(struct seq_file *seq, void *v)
1211 unsigned long flags; 1270 unsigned long flags;
1212 1271
1213 spin_lock_irqsave(&object->lock, flags); 1272 spin_lock_irqsave(&object->lock, flags);
1214 if (!unreferenced_object(object)) 1273 if ((object->flags & OBJECT_REPORTED) && unreferenced_object(object))
1215 goto out; 1274 print_unreferenced(seq, object);
1216 print_unreferenced(seq, object);
1217 reported_leaks++;
1218out:
1219 spin_unlock_irqrestore(&object->lock, flags); 1275 spin_unlock_irqrestore(&object->lock, flags);
1220 return 0; 1276 return 0;
1221} 1277}
@@ -1229,43 +1285,15 @@ static const struct seq_operations kmemleak_seq_ops = {
1229 1285
1230static int kmemleak_open(struct inode *inode, struct file *file) 1286static int kmemleak_open(struct inode *inode, struct file *file)
1231{ 1287{
1232 int ret = 0;
1233
1234 if (!atomic_read(&kmemleak_enabled)) 1288 if (!atomic_read(&kmemleak_enabled))
1235 return -EBUSY; 1289 return -EBUSY;
1236 1290
1237 ret = mutex_lock_interruptible(&kmemleak_mutex); 1291 return seq_open(file, &kmemleak_seq_ops);
1238 if (ret < 0)
1239 goto out;
1240 if (file->f_mode & FMODE_READ) {
1241 ret = mutex_lock_interruptible(&scan_mutex);
1242 if (ret < 0)
1243 goto kmemleak_unlock;
1244 ret = seq_open(file, &kmemleak_seq_ops);
1245 if (ret < 0)
1246 goto scan_unlock;
1247 }
1248 return ret;
1249
1250scan_unlock:
1251 mutex_unlock(&scan_mutex);
1252kmemleak_unlock:
1253 mutex_unlock(&kmemleak_mutex);
1254out:
1255 return ret;
1256} 1292}
1257 1293
1258static int kmemleak_release(struct inode *inode, struct file *file) 1294static int kmemleak_release(struct inode *inode, struct file *file)
1259{ 1295{
1260 int ret = 0; 1296 return seq_release(inode, file);
1261
1262 if (file->f_mode & FMODE_READ) {
1263 seq_release(inode, file);
1264 mutex_unlock(&scan_mutex);
1265 }
1266 mutex_unlock(&kmemleak_mutex);
1267
1268 return ret;
1269} 1297}
1270 1298
1271/* 1299/*
@@ -1278,21 +1306,24 @@ static int kmemleak_release(struct inode *inode, struct file *file)
1278 * scan=off - stop the automatic memory scanning thread 1306 * scan=off - stop the automatic memory scanning thread
1279 * scan=... - set the automatic memory scanning period in seconds (0 to 1307 * scan=... - set the automatic memory scanning period in seconds (0 to
1280 * disable it) 1308 * disable it)
1309 * scan - trigger a memory scan
1281 */ 1310 */
1282static ssize_t kmemleak_write(struct file *file, const char __user *user_buf, 1311static ssize_t kmemleak_write(struct file *file, const char __user *user_buf,
1283 size_t size, loff_t *ppos) 1312 size_t size, loff_t *ppos)
1284{ 1313{
1285 char buf[64]; 1314 char buf[64];
1286 int buf_size; 1315 int buf_size;
1287 1316 int ret;
1288 if (!atomic_read(&kmemleak_enabled))
1289 return -EBUSY;
1290 1317
1291 buf_size = min(size, (sizeof(buf) - 1)); 1318 buf_size = min(size, (sizeof(buf) - 1));
1292 if (strncpy_from_user(buf, user_buf, buf_size) < 0) 1319 if (strncpy_from_user(buf, user_buf, buf_size) < 0)
1293 return -EFAULT; 1320 return -EFAULT;
1294 buf[buf_size] = 0; 1321 buf[buf_size] = 0;
1295 1322
1323 ret = mutex_lock_interruptible(&scan_mutex);
1324 if (ret < 0)
1325 return ret;
1326
1296 if (strncmp(buf, "off", 3) == 0) 1327 if (strncmp(buf, "off", 3) == 0)
1297 kmemleak_disable(); 1328 kmemleak_disable();
1298 else if (strncmp(buf, "stack=on", 8) == 0) 1329 else if (strncmp(buf, "stack=on", 8) == 0)
@@ -1305,18 +1336,24 @@ static ssize_t kmemleak_write(struct file *file, const char __user *user_buf,
1305 stop_scan_thread(); 1336 stop_scan_thread();
1306 else if (strncmp(buf, "scan=", 5) == 0) { 1337 else if (strncmp(buf, "scan=", 5) == 0) {
1307 unsigned long secs; 1338 unsigned long secs;
1308 int err;
1309 1339
1310 err = strict_strtoul(buf + 5, 0, &secs); 1340 ret = strict_strtoul(buf + 5, 0, &secs);
1311 if (err < 0) 1341 if (ret < 0)
1312 return err; 1342 goto out;
1313 stop_scan_thread(); 1343 stop_scan_thread();
1314 if (secs) { 1344 if (secs) {
1315 jiffies_scan_wait = msecs_to_jiffies(secs * 1000); 1345 jiffies_scan_wait = msecs_to_jiffies(secs * 1000);
1316 start_scan_thread(); 1346 start_scan_thread();
1317 } 1347 }
1318 } else 1348 } else if (strncmp(buf, "scan", 4) == 0)
1319 return -EINVAL; 1349 kmemleak_scan();
1350 else
1351 ret = -EINVAL;
1352
1353out:
1354 mutex_unlock(&scan_mutex);
1355 if (ret < 0)
1356 return ret;
1320 1357
1321 /* ignore the rest of the buffer, only one command at a time */ 1358 /* ignore the rest of the buffer, only one command at a time */
1322 *ppos += size; 1359 *ppos += size;
@@ -1340,14 +1377,12 @@ static int kmemleak_cleanup_thread(void *arg)
1340{ 1377{
1341 struct kmemleak_object *object; 1378 struct kmemleak_object *object;
1342 1379
1343 mutex_lock(&kmemleak_mutex); 1380 mutex_lock(&scan_mutex);
1344 stop_scan_thread(); 1381 stop_scan_thread();
1345 mutex_unlock(&kmemleak_mutex);
1346 1382
1347 mutex_lock(&scan_mutex);
1348 rcu_read_lock(); 1383 rcu_read_lock();
1349 list_for_each_entry_rcu(object, &object_list, object_list) 1384 list_for_each_entry_rcu(object, &object_list, object_list)
1350 delete_object(object->pointer); 1385 delete_object_full(object->pointer);
1351 rcu_read_unlock(); 1386 rcu_read_unlock();
1352 mutex_unlock(&scan_mutex); 1387 mutex_unlock(&scan_mutex);
1353 1388
@@ -1411,7 +1446,6 @@ void __init kmemleak_init(void)
1411 int i; 1446 int i;
1412 unsigned long flags; 1447 unsigned long flags;
1413 1448
1414 jiffies_scan_yield = msecs_to_jiffies(MSECS_SCAN_YIELD);
1415 jiffies_min_age = msecs_to_jiffies(MSECS_MIN_AGE); 1449 jiffies_min_age = msecs_to_jiffies(MSECS_MIN_AGE);
1416 jiffies_scan_wait = msecs_to_jiffies(SECS_SCAN_WAIT * 1000); 1450 jiffies_scan_wait = msecs_to_jiffies(SECS_SCAN_WAIT * 1000);
1417 1451
@@ -1443,6 +1477,9 @@ void __init kmemleak_init(void)
1443 case KMEMLEAK_FREE: 1477 case KMEMLEAK_FREE:
1444 kmemleak_free(log->ptr); 1478 kmemleak_free(log->ptr);
1445 break; 1479 break;
1480 case KMEMLEAK_FREE_PART:
1481 kmemleak_free_part(log->ptr, log->size);
1482 break;
1446 case KMEMLEAK_NOT_LEAK: 1483 case KMEMLEAK_NOT_LEAK:
1447 kmemleak_not_leak(log->ptr); 1484 kmemleak_not_leak(log->ptr);
1448 break; 1485 break;
@@ -1486,9 +1523,9 @@ static int __init kmemleak_late_init(void)
1486 &kmemleak_fops); 1523 &kmemleak_fops);
1487 if (!dentry) 1524 if (!dentry)
1488 pr_warning("Failed to create the debugfs kmemleak file\n"); 1525 pr_warning("Failed to create the debugfs kmemleak file\n");
1489 mutex_lock(&kmemleak_mutex); 1526 mutex_lock(&scan_mutex);
1490 start_scan_thread(); 1527 start_scan_thread();
1491 mutex_unlock(&kmemleak_mutex); 1528 mutex_unlock(&scan_mutex);
1492 1529
1493 pr_info("Kernel memory leak detector initialized\n"); 1530 pr_info("Kernel memory leak detector initialized\n");
1494 1531
generated by cgit v1.2.2 (git 2.25.0) at 2025-06-02 21:34:43 -0400