1. 20 6月, 2011 1 次提交
    • M
      debugobjects: Fix boot crash when kmemleak and debugobjects enabled · 161b6ae0
      Marcin Slusarz 提交于
      Order of initialization look like this:
      ...
      debugobjects
      kmemleak
      ...(lots of other subsystems)...
      workqueues (through early initcall)
      ...
      
      debugobjects use schedule_work for batch freeing of its data and kmemleak
      heavily use debugobjects, so when it comes to freeing and workqueues were
      not initialized yet, kernel crashes:
      
      BUG: unable to handle kernel NULL pointer dereference at           (null)
      IP: [<ffffffff810854d1>] __queue_work+0x29/0x41a
       [<ffffffff81085910>] queue_work_on+0x16/0x1d
       [<ffffffff81085abc>] queue_work+0x29/0x55
       [<ffffffff81085afb>] schedule_work+0x13/0x15
       [<ffffffff81242de1>] free_object+0x90/0x95
       [<ffffffff81242f6d>] debug_check_no_obj_freed+0x187/0x1d3
       [<ffffffff814b6504>] ? _raw_spin_unlock_irqrestore+0x30/0x4d
       [<ffffffff8110bd14>] ? free_object_rcu+0x68/0x6d
       [<ffffffff8110890c>] kmem_cache_free+0x64/0x12c
       [<ffffffff8110bd14>] free_object_rcu+0x68/0x6d
       [<ffffffff810b58bc>] __rcu_process_callbacks+0x1b6/0x2d9
      ...
      
      because system_wq is NULL.
      
      Fix it by checking if workqueues susbystem was initialized before using.
      Signed-off-by: NMarcin Slusarz <marcin.slusarz@gmail.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Dipankar Sarma <dipankar@in.ibm.com>
      Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
      Cc: stable@kernel.org
      Link: http://lkml.kernel.org/r/20110528112342.GA3068@joi.lanSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
      161b6ae0
  2. 08 3月, 2011 1 次提交
    • S
      debugobjects: Add hint for better object identification · 99777288
      Stanislaw Gruszka 提交于
      In complex subsystems like mac80211 structures can contain several
      timers and work structs, so identifying a specific instance from the
      call trace and object type output of debugobjects can be hard.
      
      Allow the subsystems which support debugobjects to provide a hint
      function. This function returns a pointer to a kernel address
      (preferrably the objects callback function) which is printed along
      with the debugobjects type.
      
      Add hint methods for timer_list, work_struct and hrtimer.
      
      [ tglx: Massaged changelog, made it compile ]
      Signed-off-by: NStanislaw Gruszka <sgruszka@redhat.com>
      LKML-Reference: <20110307085809.GA9334@redhat.com>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      99777288
  3. 11 5月, 2010 1 次提交
    • M
      Debugobjects transition check · a5d8e467
      Mathieu Desnoyers 提交于
      Implement a basic state machine checker in the debugobjects.
      
      This state machine checker detects races and inconsistencies within the "active"
      life of a debugobject. The checker only keeps track of the current state; all
      the state machine logic is kept at the object instance level.
      
      The checker works by adding a supplementary "unsigned int astate" field to the
      debug_obj structure. It keeps track of the current "active state" of the object.
      
      The only constraints that are imposed on the states by the debugobjects system
      is that:
      
      - activation of an object sets the current active state to 0,
      - deactivation of an object expects the current active state to be 0.
      
      For the rest of the states, the state mapping is determined by the specific
      object instance. Therefore, the logic keeping track of the state machine is
      within the specialized instance, without any need to know about it at the
      debugobject level.
      
      The current object active state is changed by calling:
      
      debug_object_active_state(addr, descr, expect, next)
      
      where "expect" is the expected state and "next" is the next state to move to if
      the expected state is found. A warning is generated if the expected is not
      found.
      Signed-off-by: NMathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Reviewed-by: NThomas Gleixner <tglx@linutronix.de>
      Acked-by: NDavid S. Miller <davem@davemloft.net>
      CC: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
      CC: akpm@linux-foundation.org
      CC: mingo@elte.hu
      CC: laijs@cn.fujitsu.com
      CC: dipankar@in.ibm.com
      CC: josh@joshtriplett.org
      CC: dvhltc@us.ibm.com
      CC: niv@us.ibm.com
      CC: peterz@infradead.org
      CC: rostedt@goodmis.org
      CC: Valdis.Kletnieks@vt.edu
      CC: dhowells@redhat.com
      CC: eric.dumazet@gmail.com
      CC: Alexey Dobriyan <adobriyan@gmail.com>
      Signed-off-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      a5d8e467
  4. 30 3月, 2010 1 次提交
    • T
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking... · 5a0e3ad6
      Tejun Heo 提交于
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
      
      percpu.h is included by sched.h and module.h and thus ends up being
      included when building most .c files.  percpu.h includes slab.h which
      in turn includes gfp.h making everything defined by the two files
      universally available and complicating inclusion dependencies.
      
      percpu.h -> slab.h dependency is about to be removed.  Prepare for
      this change by updating users of gfp and slab facilities include those
      headers directly instead of assuming availability.  As this conversion
      needs to touch large number of source files, the following script is
      used as the basis of conversion.
      
        http://userweb.kernel.org/~tj/misc/slabh-sweep.py
      
      The script does the followings.
      
      * Scan files for gfp and slab usages and update includes such that
        only the necessary includes are there.  ie. if only gfp is used,
        gfp.h, if slab is used, slab.h.
      
      * When the script inserts a new include, it looks at the include
        blocks and try to put the new include such that its order conforms
        to its surrounding.  It's put in the include block which contains
        core kernel includes, in the same order that the rest are ordered -
        alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
        doesn't seem to be any matching order.
      
      * If the script can't find a place to put a new include (mostly
        because the file doesn't have fitting include block), it prints out
        an error message indicating which .h file needs to be added to the
        file.
      
      The conversion was done in the following steps.
      
      1. The initial automatic conversion of all .c files updated slightly
         over 4000 files, deleting around 700 includes and adding ~480 gfp.h
         and ~3000 slab.h inclusions.  The script emitted errors for ~400
         files.
      
      2. Each error was manually checked.  Some didn't need the inclusion,
         some needed manual addition while adding it to implementation .h or
         embedding .c file was more appropriate for others.  This step added
         inclusions to around 150 files.
      
      3. The script was run again and the output was compared to the edits
         from #2 to make sure no file was left behind.
      
      4. Several build tests were done and a couple of problems were fixed.
         e.g. lib/decompress_*.c used malloc/free() wrappers around slab
         APIs requiring slab.h to be added manually.
      
      5. The script was run on all .h files but without automatically
         editing them as sprinkling gfp.h and slab.h inclusions around .h
         files could easily lead to inclusion dependency hell.  Most gfp.h
         inclusion directives were ignored as stuff from gfp.h was usually
         wildly available and often used in preprocessor macros.  Each
         slab.h inclusion directive was examined and added manually as
         necessary.
      
      6. percpu.h was updated not to include slab.h.
      
      7. Build test were done on the following configurations and failures
         were fixed.  CONFIG_GCOV_KERNEL was turned off for all tests (as my
         distributed build env didn't work with gcov compiles) and a few
         more options had to be turned off depending on archs to make things
         build (like ipr on powerpc/64 which failed due to missing writeq).
      
         * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
         * powerpc and powerpc64 SMP allmodconfig
         * sparc and sparc64 SMP allmodconfig
         * ia64 SMP allmodconfig
         * s390 SMP allmodconfig
         * alpha SMP allmodconfig
         * um on x86_64 SMP allmodconfig
      
      8. percpu.h modifications were reverted so that it could be applied as
         a separate patch and serve as bisection point.
      
      Given the fact that I had only a couple of failures from tests on step
      6, I'm fairly confident about the coverage of this conversion patch.
      If there is a breakage, it's likely to be something in one of the arch
      headers which should be easily discoverable easily on most builds of
      the specific arch.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Guess-its-ok-by: NChristoph Lameter <cl@linux-foundation.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
      5a0e3ad6
  5. 27 3月, 2010 1 次提交
    • H
      debugobjects: Section mismatch cleanup · 1fb2f77c
      Henrik Kretzschmar 提交于
      This patch marks two functions, which only get called at
      initialization, as __init.
      
      Here is also interesting, that modpost doesn't catch here the right
      function name.
      
      WARNING: lib/built-in.o(.text+0x585f): Section mismatch in reference
      from the function T.506() to the variable .init.data:obj
      The function T.506() references the variable __initdata obj.
      This is often because T.506 lacks a __initdata annotation or the 
      annotation of obj is wrong.
      Signed-off-by: NHenrik Kretzschmar <henne@nachtwindheim.de>
      LKML-Reference: <1269632315-19403-1-git-send-email-henne@nachtwindheim.de>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      1fb2f77c
  6. 15 12月, 2009 1 次提交
  7. 12 10月, 2009 1 次提交
  8. 17 3月, 2009 2 次提交
    • T
      debugobjects: delay free of internal objects · 337fff8b
      Thomas Gleixner 提交于
      Impact: avoid recursive kfree calls, less slab activity on heavy load
      
      debugobjects checks on kfree whether tracked objects are freed. When a
      tracked object is freed debugobjects frees the internal reference
      object as well. The debug object slab cache is marked to not recurse
      into debugobjects when a slab objects is freed, but the recursive call
      can be problematic versus locking in the memory allocator.
      
      Defer the freeing of debug slab objects via schedule_work. The reasons
      not to use RCU are:
      
      1) rcu makes the data structure larger
      2) there is no real need for rcu as nothing references the obj after
         we freed it
      3) under heavy load it is easier to reuse the to be freed objects instead
         of allocating new objects from the slab. This lowered the slab activity
         significantly in a heavy load networking test where lots of timers are
         created/destroyed. The workqueue based delayed free allows us just to
         put the to be freed objects back into the object pool and reuse them
         right away.
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      LKML-Reference: <200903162049.58058.nickpiggin@yahoo.com.au>
      337fff8b
    • T
      debugobjects: replace static objects when slab cache becomes available · 1be1cb7b
      Thomas Gleixner 提交于
      Impact: refactor/consolidate object management, prepare for delayed free
      
      debugobjects allocates static reference objects to track objects which
      are initialized or activated before the slab cache becomes
      available. These static reference objects have to be handled
      seperately in free_object(). The handling of these objects is in the
      way of implementing a delayed free functionality. The delayed free is
      required to avoid callbacks into the mm code from
      debug_check_no_obj_freed().
      
      Replace the static object references with dynamic ones after the slab
      cache has been initialized. The static objects are now marked initdata.
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      LKML-Reference: <200903162049.58058.nickpiggin@yahoo.com.au>
      1be1cb7b
  9. 02 3月, 2009 1 次提交
  10. 26 11月, 2008 1 次提交
    • I
      debugobjects: add boot parameter default value · 3ae70205
      Ingo Molnar 提交于
      Impact: add .config driven boot parameter default value
      
      Right now debugobjects can only be activated if the debug_objects
      boot parameter is passed in via the boot command line.
      
      Make this more convenient (and randomizable) by also providing
      a .config method. Enable it by default. (DEBUG_OBJECTS itself
      is default-off)
      Signed-off-by: NIngo Molnar <mingo@elte.hu>
      3ae70205
  11. 01 9月, 2008 1 次提交
    • V
      debugobjects: fix lockdep warning · 673d62cc
      Vegard Nossum 提交于
      Daniel J. Blueman reported:
      > =======================================================
      > [ INFO: possible circular locking dependency detected ]
      > 2.6.27-rc4-224c #1
      > -------------------------------------------------------
      > hald/4680 is trying to acquire lock:
      >  (&n->list_lock){++..}, at: [<ffffffff802bfa26>] add_partial+0x26/0x80
      >
      > but task is already holding lock:
      >  (&obj_hash[i].lock){++..}, at: [<ffffffff8041cfdc>]
      > debug_object_free+0x5c/0x120
      
      We fix it by moving the actual freeing to outside the lock (the lock
      now only protects the list).
      
      The pool lock is also promoted to irq-safe (suggested by Dan). It's
      necessary because free_pool is now called outside the irq disabled
      region. So we need to protect against an interrupt handler which calls
      debug_object_init().
      
      [tglx@linutronix.de: added hlist_move_list helper to avoid looping
      		     through the list twice]
      Reported-by: NDaniel J Blueman <daniel.blueman@gmail.com>
      Signed-off-by: NVegard Nossum <vegard.nossum@gmail.com>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      673d62cc
  12. 27 7月, 2008 1 次提交
  13. 25 7月, 2008 1 次提交
  14. 18 6月, 2008 1 次提交
    • V
      debugobjects: fix lockdep warning · 50db04dd
      Vegard Nossum 提交于
      Daniel J Blueman reported:
      | =======================================================
      | [ INFO: possible circular locking dependency detected ]
      | 2.6.26-rc5-201c #1
      | -------------------------------------------------------
      | nscd/3669 is trying to acquire lock:
      |  (&n->list_lock){.+..}, at: [<ffffffff802bab03>] deactivate_slab+0x173/0x1e0
      |
      | but task is already holding lock:
      |  (&obj_hash[i].lock){++..}, at: [<ffffffff803fa56f>]
      | __debug_object_init+0x2f/0x350
      |
      | which lock already depends on the new lock.
      
      There are two locks involved here; the first is a SLUB-local lock, and
      the second is a debugobjects-local lock. They are basically taken in two
      different orders:
      
      1. SLUB { debugobjects { ... } }
      2. debugobjects { SLUB { ... } }
      
      This patch changes pattern #2 by trying to fill the memory pool (e.g.
      the call into SLUB/kmalloc()) outside the debugobjects lock, so now the
      two patterns look like this:
      
      1. SLUB { debugobjects { ... } }
      2. SLUB { } debugobjects { ... }
      
      [ daniel.blueman@gmail.com: pool_lock needs to be taken irq safe in fill_pool ]
      Reported-by: NDaniel J Blueman <daniel.blueman@gmail.com>
      Signed-off-by: NVegard Nossum <vegard.nossum@gmail.com>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      50db04dd
  15. 30 4月, 2008 1 次提交
    • T
      infrastructure to debug (dynamic) objects · 3ac7fe5a
      Thomas Gleixner 提交于
      We can see an ever repeating problem pattern with objects of any kind in the
      kernel:
      
      1) freeing of active objects
      2) reinitialization of active objects
      
      Both problems can be hard to debug because the crash happens at a point where
      we have no chance to decode the root cause anymore.  One problem spot are
      kernel timers, where the detection of the problem often happens in interrupt
      context and usually causes the machine to panic.
      
      While working on a timer related bug report I had to hack specialized code
      into the timer subsystem to get a reasonable hint for the root cause.  This
      debug hack was fine for temporary use, but far from a mergeable solution due
      to the intrusiveness into the timer code.
      
      The code further lacked the ability to detect and report the root cause
      instantly and keep the system operational.
      
      Keeping the system operational is important to get hold of the debug
      information without special debugging aids like serial consoles and special
      knowledge of the bug reporter.
      
      The problems described above are not restricted to timers, but timers tend to
      expose it usually in a full system crash.  Other objects are less explosive,
      but the symptoms caused by such mistakes can be even harder to debug.
      
      Instead of creating specialized debugging code for the timer subsystem a
      generic infrastructure is created which allows developers to verify their code
      and provides an easy to enable debug facility for users in case of trouble.
      
      The debugobjects core code keeps track of operations on static and dynamic
      objects by inserting them into a hashed list and sanity checking them on
      object operations and provides additional checks whenever kernel memory is
      freed.
      
      The tracked object operations are:
      - initializing an object
      - adding an object to a subsystem list
      - deleting an object from a subsystem list
      
      Each operation is sanity checked before the operation is executed and the
      subsystem specific code can provide a fixup function which allows to prevent
      the damage of the operation.  When the sanity check triggers a warning message
      and a stack trace is printed.
      
      The list of operations can be extended if the need arises.  For now it's
      limited to the requirements of the first user (timers).
      
      The core code enqueues the objects into hash buckets.  The hash index is
      generated from the address of the object to simplify the lookup for the check
      on kfree/vfree.  Each bucket has it's own spinlock to avoid contention on a
      global lock.
      
      The debug code can be compiled in without being active.  The runtime overhead
      is minimal and could be optimized by asm alternatives.  A kernel command line
      option enables the debugging code.
      
      Thanks to Ingo Molnar for review, suggestions and cleanup patches.
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NIngo Molnar <mingo@elte.hu>
      Cc: Greg KH <greg@kroah.com>
      Cc: Randy Dunlap <randy.dunlap@oracle.com>
      Cc: Kay Sievers <kay.sievers@vrfy.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      3ac7fe5a