1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * mm/debug.c
4 *
5 * mm/ specific debug routines.
6 *
7 */
8
9 #include <linux/kernel.h>
10 #include <linux/mm.h>
11 #include <linux/trace_events.h>
12 #include <linux/memcontrol.h>
13 #include <trace/events/mmflags.h>
14 #include <linux/migrate.h>
15 #include <linux/page_owner.h>
16 #include <linux/ctype.h>
17
18 #include "internal.h"
19
20 const char *migrate_reason_names[MR_TYPES] = {
21 "compaction",
22 "memory_failure",
23 "memory_hotplug",
24 "syscall_or_cpuset",
25 "mempolicy_mbind",
26 "numa_misplaced",
27 "cma",
28 };
29
30 const struct trace_print_flags pageflag_names[] = {
31 __def_pageflag_names,
32 {0, NULL}
33 };
34
35 const struct trace_print_flags gfpflag_names[] = {
36 __def_gfpflag_names,
37 {0, NULL}
38 };
39
40 const struct trace_print_flags vmaflag_names[] = {
41 __def_vmaflag_names,
42 {0, NULL}
43 };
44
__dump_page(struct page * page,const char * reason)45 void __dump_page(struct page *page, const char *reason)
46 {
47 struct page *head = compound_head(page);
48 struct address_space *mapping;
49 bool page_poisoned = PagePoisoned(page);
50 bool compound = PageCompound(page);
51 /*
52 * Accessing the pageblock without the zone lock. It could change to
53 * "isolate" again in the meantime, but since we are just dumping the
54 * state for debugging, it should be fine to accept a bit of
55 * inaccuracy here due to racing.
56 */
57 bool page_cma = is_migrate_cma_page(page);
58 int mapcount;
59 char *type = "";
60
61 /*
62 * If struct page is poisoned don't access Page*() functions as that
63 * leads to recursive loop. Page*() check for poisoned pages, and calls
64 * dump_page() when detected.
65 */
66 if (page_poisoned) {
67 pr_warn("page:%px is uninitialized and poisoned", page);
68 goto hex_only;
69 }
70
71 if (page < head || (page >= head + MAX_ORDER_NR_PAGES)) {
72 /*
73 * Corrupt page, so we cannot call page_mapping. Instead, do a
74 * safe subset of the steps that page_mapping() does. Caution:
75 * this will be misleading for tail pages, PageSwapCache pages,
76 * and potentially other situations. (See the page_mapping()
77 * implementation for what's missing here.)
78 */
79 unsigned long tmp = (unsigned long)page->mapping;
80
81 if (tmp & PAGE_MAPPING_ANON)
82 mapping = NULL;
83 else
84 mapping = (void *)(tmp & ~PAGE_MAPPING_FLAGS);
85 head = page;
86 compound = false;
87 } else {
88 mapping = page_mapping(page);
89 }
90
91 /*
92 * Avoid VM_BUG_ON() in page_mapcount().
93 * page->_mapcount space in struct page is used by sl[aou]b pages to
94 * encode own info.
95 */
96 mapcount = PageSlab(head) ? 0 : page_mapcount(page);
97
98 pr_warn("page:%p refcount:%d mapcount:%d mapping:%p index:%#lx pfn:%#lx\n",
99 page, page_ref_count(head), mapcount, mapping,
100 page_to_pgoff(page), page_to_pfn(page));
101 if (compound) {
102 if (hpage_pincount_available(page)) {
103 pr_warn("head:%p order:%u compound_mapcount:%d compound_pincount:%d\n",
104 head, compound_order(head),
105 head_compound_mapcount(head),
106 head_compound_pincount(head));
107 } else {
108 pr_warn("head:%p order:%u compound_mapcount:%d\n",
109 head, compound_order(head),
110 head_compound_mapcount(head));
111 }
112 }
113 if (PageKsm(page))
114 type = "ksm ";
115 else if (PageAnon(page))
116 type = "anon ";
117 else if (mapping) {
118 struct inode *host;
119 const struct address_space_operations *a_ops;
120 struct hlist_node *dentry_first;
121 struct dentry *dentry_ptr;
122 struct dentry dentry;
123 unsigned long ino;
124
125 /*
126 * mapping can be invalid pointer and we don't want to crash
127 * accessing it, so probe everything depending on it carefully
128 */
129 if (get_kernel_nofault(host, &mapping->host) ||
130 get_kernel_nofault(a_ops, &mapping->a_ops)) {
131 pr_warn("failed to read mapping contents, not a valid kernel address?\n");
132 goto out_mapping;
133 }
134
135 if (!host) {
136 pr_warn("aops:%ps\n", a_ops);
137 goto out_mapping;
138 }
139
140 if (get_kernel_nofault(dentry_first, &host->i_dentry.first) ||
141 get_kernel_nofault(ino, &host->i_ino)) {
142 pr_warn("aops:%ps with invalid host inode %px\n",
143 a_ops, host);
144 goto out_mapping;
145 }
146
147 if (!dentry_first) {
148 pr_warn("aops:%ps ino:%lx\n", a_ops, ino);
149 goto out_mapping;
150 }
151
152 dentry_ptr = container_of(dentry_first, struct dentry, d_u.d_alias);
153 if (get_kernel_nofault(dentry, dentry_ptr)) {
154 pr_warn("aops:%ps ino:%lx with invalid dentry %px\n",
155 a_ops, ino, dentry_ptr);
156 } else {
157 /*
158 * if dentry is corrupted, the %pd handler may still
159 * crash, but it's unlikely that we reach here with a
160 * corrupted struct page
161 */
162 pr_warn("aops:%ps ino:%lx dentry name:\"%pd\"\n",
163 a_ops, ino, &dentry);
164 }
165 }
166 out_mapping:
167 BUILD_BUG_ON(ARRAY_SIZE(pageflag_names) != __NR_PAGEFLAGS + 1);
168
169 pr_warn("%sflags: %#lx(%pGp)%s\n", type, head->flags, &head->flags,
170 page_cma ? " CMA" : "");
171
172 hex_only:
173 print_hex_dump(KERN_WARNING, "raw: ", DUMP_PREFIX_NONE, 32,
174 sizeof(unsigned long), page,
175 sizeof(struct page), false);
176 if (head != page)
177 print_hex_dump(KERN_WARNING, "head: ", DUMP_PREFIX_NONE, 32,
178 sizeof(unsigned long), head,
179 sizeof(struct page), false);
180
181 if (reason)
182 pr_warn("page dumped because: %s\n", reason);
183
184 #ifdef CONFIG_MEMCG
185 if (!page_poisoned && page->mem_cgroup)
186 pr_warn("page->mem_cgroup:%px\n", page->mem_cgroup);
187 #endif
188 }
189
dump_page(struct page * page,const char * reason)190 void dump_page(struct page *page, const char *reason)
191 {
192 __dump_page(page, reason);
193 dump_page_owner(page);
194 }
195 EXPORT_SYMBOL(dump_page);
196
197 #ifdef CONFIG_DEBUG_VM
198
dump_vma(const struct vm_area_struct * vma)199 void dump_vma(const struct vm_area_struct *vma)
200 {
201 pr_emerg("vma %px start %px end %px\n"
202 "next %px prev %px mm %px\n"
203 "prot %lx anon_vma %px vm_ops %px\n"
204 "pgoff %lx file %px private_data %px\n"
205 "flags: %#lx(%pGv)\n",
206 vma, (void *)vma->vm_start, (void *)vma->vm_end, vma->vm_next,
207 vma->vm_prev, vma->vm_mm,
208 (unsigned long)pgprot_val(vma->vm_page_prot),
209 vma->anon_vma, vma->vm_ops, vma->vm_pgoff,
210 vma->vm_file, vma->vm_private_data,
211 vma->vm_flags, &vma->vm_flags);
212 }
213 EXPORT_SYMBOL(dump_vma);
214
dump_mm(const struct mm_struct * mm)215 void dump_mm(const struct mm_struct *mm)
216 {
217 pr_emerg("mm %px mmap %px seqnum %llu task_size %lu\n"
218 #ifdef CONFIG_MMU
219 "get_unmapped_area %px\n"
220 #endif
221 "mmap_base %lu mmap_legacy_base %lu highest_vm_end %lu\n"
222 "pgd %px mm_users %d mm_count %d pgtables_bytes %lu map_count %d\n"
223 "hiwater_rss %lx hiwater_vm %lx total_vm %lx locked_vm %lx\n"
224 "pinned_vm %llx data_vm %lx exec_vm %lx stack_vm %lx\n"
225 "start_code %lx end_code %lx start_data %lx end_data %lx\n"
226 "start_brk %lx brk %lx start_stack %lx\n"
227 "arg_start %lx arg_end %lx env_start %lx env_end %lx\n"
228 "binfmt %px flags %lx core_state %px\n"
229 #ifdef CONFIG_AIO
230 "ioctx_table %px\n"
231 #endif
232 #ifdef CONFIG_MEMCG
233 "owner %px "
234 #endif
235 "exe_file %px\n"
236 #ifdef CONFIG_MMU_NOTIFIER
237 "notifier_subscriptions %px\n"
238 #endif
239 #ifdef CONFIG_NUMA_BALANCING
240 "numa_next_scan %lu numa_scan_offset %lu numa_scan_seq %d\n"
241 #endif
242 "tlb_flush_pending %d\n"
243 "def_flags: %#lx(%pGv)\n",
244
245 mm, mm->mmap, (long long) mm->vmacache_seqnum, mm->task_size,
246 #ifdef CONFIG_MMU
247 mm->get_unmapped_area,
248 #endif
249 mm->mmap_base, mm->mmap_legacy_base, mm->highest_vm_end,
250 mm->pgd, atomic_read(&mm->mm_users),
251 atomic_read(&mm->mm_count),
252 mm_pgtables_bytes(mm),
253 mm->map_count,
254 mm->hiwater_rss, mm->hiwater_vm, mm->total_vm, mm->locked_vm,
255 (u64)atomic64_read(&mm->pinned_vm),
256 mm->data_vm, mm->exec_vm, mm->stack_vm,
257 mm->start_code, mm->end_code, mm->start_data, mm->end_data,
258 mm->start_brk, mm->brk, mm->start_stack,
259 mm->arg_start, mm->arg_end, mm->env_start, mm->env_end,
260 mm->binfmt, mm->flags, mm->core_state,
261 #ifdef CONFIG_AIO
262 mm->ioctx_table,
263 #endif
264 #ifdef CONFIG_MEMCG
265 mm->owner,
266 #endif
267 mm->exe_file,
268 #ifdef CONFIG_MMU_NOTIFIER
269 mm->notifier_subscriptions,
270 #endif
271 #ifdef CONFIG_NUMA_BALANCING
272 mm->numa_next_scan, mm->numa_scan_offset, mm->numa_scan_seq,
273 #endif
274 atomic_read(&mm->tlb_flush_pending),
275 mm->def_flags, &mm->def_flags
276 );
277 }
278
279 static bool page_init_poisoning __read_mostly = true;
280
setup_vm_debug(char * str)281 static int __init setup_vm_debug(char *str)
282 {
283 bool __page_init_poisoning = true;
284
285 /*
286 * Calling vm_debug with no arguments is equivalent to requesting
287 * to enable all debugging options we can control.
288 */
289 if (*str++ != '=' || !*str)
290 goto out;
291
292 __page_init_poisoning = false;
293 if (*str == '-')
294 goto out;
295
296 while (*str) {
297 switch (tolower(*str)) {
298 case'p':
299 __page_init_poisoning = true;
300 break;
301 default:
302 pr_err("vm_debug option '%c' unknown. skipped\n",
303 *str);
304 }
305
306 str++;
307 }
308 out:
309 if (page_init_poisoning && !__page_init_poisoning)
310 pr_warn("Page struct poisoning disabled by kernel command line option 'vm_debug'\n");
311
312 page_init_poisoning = __page_init_poisoning;
313
314 return 1;
315 }
316 __setup("vm_debug", setup_vm_debug);
317
page_init_poison(struct page * page,size_t size)318 void page_init_poison(struct page *page, size_t size)
319 {
320 if (page_init_poisoning)
321 memset(page, PAGE_POISON_PATTERN, size);
322 }
323 EXPORT_SYMBOL_GPL(page_init_poison);
324 #endif /* CONFIG_DEBUG_VM */
325