1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * mm/debug.c
4  *
5  * mm/ specific debug routines.
6  *
7  */
8 
9 #include <linux/kernel.h>
10 #include <linux/mm.h>
11 #include <linux/trace_events.h>
12 #include <linux/memcontrol.h>
13 #include <trace/events/mmflags.h>
14 #include <linux/migrate.h>
15 #include <linux/page_owner.h>
16 #include <linux/ctype.h>
17 
18 #include "internal.h"
19 
20 const char *migrate_reason_names[MR_TYPES] = {
21 	"compaction",
22 	"memory_failure",
23 	"memory_hotplug",
24 	"syscall_or_cpuset",
25 	"mempolicy_mbind",
26 	"numa_misplaced",
27 	"contig_range",
28 	"longterm_pin",
29 	"demotion",
30 };
31 
32 const struct trace_print_flags pageflag_names[] = {
33 	__def_pageflag_names,
34 	{0, NULL}
35 };
36 
37 const struct trace_print_flags gfpflag_names[] = {
38 	__def_gfpflag_names,
39 	{0, NULL}
40 };
41 
42 const struct trace_print_flags vmaflag_names[] = {
43 	__def_vmaflag_names,
44 	{0, NULL}
45 };
46 
__dump_page(struct page * page)47 static void __dump_page(struct page *page)
48 {
49 	struct page *head = compound_head(page);
50 	struct address_space *mapping;
51 	bool compound = PageCompound(page);
52 	/*
53 	 * Accessing the pageblock without the zone lock. It could change to
54 	 * "isolate" again in the meantime, but since we are just dumping the
55 	 * state for debugging, it should be fine to accept a bit of
56 	 * inaccuracy here due to racing.
57 	 */
58 	bool page_cma = is_migrate_cma_page(page);
59 	int mapcount;
60 	char *type = "";
61 
62 	if (page < head || (page >= head + MAX_ORDER_NR_PAGES)) {
63 		/*
64 		 * Corrupt page, so we cannot call page_mapping. Instead, do a
65 		 * safe subset of the steps that page_mapping() does. Caution:
66 		 * this will be misleading for tail pages, PageSwapCache pages,
67 		 * and potentially other situations. (See the page_mapping()
68 		 * implementation for what's missing here.)
69 		 */
70 		unsigned long tmp = (unsigned long)page->mapping;
71 
72 		if (tmp & PAGE_MAPPING_ANON)
73 			mapping = NULL;
74 		else
75 			mapping = (void *)(tmp & ~PAGE_MAPPING_FLAGS);
76 		head = page;
77 		compound = false;
78 	} else {
79 		mapping = page_mapping(page);
80 	}
81 
82 	/*
83 	 * Avoid VM_BUG_ON() in page_mapcount().
84 	 * page->_mapcount space in struct page is used by sl[aou]b pages to
85 	 * encode own info.
86 	 */
87 	mapcount = PageSlab(head) ? 0 : page_mapcount(page);
88 
89 	pr_warn("page:%p refcount:%d mapcount:%d mapping:%p index:%#lx pfn:%#lx\n",
90 			page, page_ref_count(head), mapcount, mapping,
91 			page_to_pgoff(page), page_to_pfn(page));
92 	if (compound) {
93 		if (hpage_pincount_available(page)) {
94 			pr_warn("head:%p order:%u compound_mapcount:%d compound_pincount:%d\n",
95 					head, compound_order(head),
96 					head_compound_mapcount(head),
97 					head_compound_pincount(head));
98 		} else {
99 			pr_warn("head:%p order:%u compound_mapcount:%d\n",
100 					head, compound_order(head),
101 					head_compound_mapcount(head));
102 		}
103 	}
104 
105 #ifdef CONFIG_MEMCG
106 	if (head->memcg_data)
107 		pr_warn("memcg:%lx\n", head->memcg_data);
108 #endif
109 	if (PageKsm(page))
110 		type = "ksm ";
111 	else if (PageAnon(page))
112 		type = "anon ";
113 	else if (mapping) {
114 		struct inode *host;
115 		const struct address_space_operations *a_ops;
116 		struct hlist_node *dentry_first;
117 		struct dentry *dentry_ptr;
118 		struct dentry dentry;
119 		unsigned long ino;
120 
121 		/*
122 		 * mapping can be invalid pointer and we don't want to crash
123 		 * accessing it, so probe everything depending on it carefully
124 		 */
125 		if (get_kernel_nofault(host, &mapping->host) ||
126 		    get_kernel_nofault(a_ops, &mapping->a_ops)) {
127 			pr_warn("failed to read mapping contents, not a valid kernel address?\n");
128 			goto out_mapping;
129 		}
130 
131 		if (!host) {
132 			pr_warn("aops:%ps\n", a_ops);
133 			goto out_mapping;
134 		}
135 
136 		if (get_kernel_nofault(dentry_first, &host->i_dentry.first) ||
137 		    get_kernel_nofault(ino, &host->i_ino)) {
138 			pr_warn("aops:%ps with invalid host inode %px\n",
139 					a_ops, host);
140 			goto out_mapping;
141 		}
142 
143 		if (!dentry_first) {
144 			pr_warn("aops:%ps ino:%lx\n", a_ops, ino);
145 			goto out_mapping;
146 		}
147 
148 		dentry_ptr = container_of(dentry_first, struct dentry, d_u.d_alias);
149 		if (get_kernel_nofault(dentry, dentry_ptr)) {
150 			pr_warn("aops:%ps ino:%lx with invalid dentry %px\n",
151 					a_ops, ino, dentry_ptr);
152 		} else {
153 			/*
154 			 * if dentry is corrupted, the %pd handler may still
155 			 * crash, but it's unlikely that we reach here with a
156 			 * corrupted struct page
157 			 */
158 			pr_warn("aops:%ps ino:%lx dentry name:\"%pd\"\n",
159 					a_ops, ino, &dentry);
160 		}
161 	}
162 out_mapping:
163 	BUILD_BUG_ON(ARRAY_SIZE(pageflag_names) != __NR_PAGEFLAGS + 1);
164 
165 	pr_warn("%sflags: %#lx(%pGp)%s\n", type, head->flags, &head->flags,
166 		page_cma ? " CMA" : "");
167 	print_hex_dump(KERN_WARNING, "raw: ", DUMP_PREFIX_NONE, 32,
168 			sizeof(unsigned long), page,
169 			sizeof(struct page), false);
170 	if (head != page)
171 		print_hex_dump(KERN_WARNING, "head: ", DUMP_PREFIX_NONE, 32,
172 			sizeof(unsigned long), head,
173 			sizeof(struct page), false);
174 }
175 
dump_page(struct page * page,const char * reason)176 void dump_page(struct page *page, const char *reason)
177 {
178 	if (PagePoisoned(page))
179 		pr_warn("page:%p is uninitialized and poisoned", page);
180 	else
181 		__dump_page(page);
182 	if (reason)
183 		pr_warn("page dumped because: %s\n", reason);
184 	dump_page_owner(page);
185 }
186 EXPORT_SYMBOL(dump_page);
187 
188 #ifdef CONFIG_DEBUG_VM
189 
dump_vma(const struct vm_area_struct * vma)190 void dump_vma(const struct vm_area_struct *vma)
191 {
192 	pr_emerg("vma %px start %px end %px\n"
193 		"next %px prev %px mm %px\n"
194 		"prot %lx anon_vma %px vm_ops %px\n"
195 		"pgoff %lx file %px private_data %px\n"
196 		"flags: %#lx(%pGv)\n",
197 		vma, (void *)vma->vm_start, (void *)vma->vm_end, vma->vm_next,
198 		vma->vm_prev, vma->vm_mm,
199 		(unsigned long)pgprot_val(vma->vm_page_prot),
200 		vma->anon_vma, vma->vm_ops, vma->vm_pgoff,
201 		vma->vm_file, vma->vm_private_data,
202 		vma->vm_flags, &vma->vm_flags);
203 }
204 EXPORT_SYMBOL(dump_vma);
205 
dump_mm(const struct mm_struct * mm)206 void dump_mm(const struct mm_struct *mm)
207 {
208 	pr_emerg("mm %px mmap %px seqnum %llu task_size %lu\n"
209 #ifdef CONFIG_MMU
210 		"get_unmapped_area %px\n"
211 #endif
212 		"mmap_base %lu mmap_legacy_base %lu highest_vm_end %lu\n"
213 		"pgd %px mm_users %d mm_count %d pgtables_bytes %lu map_count %d\n"
214 		"hiwater_rss %lx hiwater_vm %lx total_vm %lx locked_vm %lx\n"
215 		"pinned_vm %llx data_vm %lx exec_vm %lx stack_vm %lx\n"
216 		"start_code %lx end_code %lx start_data %lx end_data %lx\n"
217 		"start_brk %lx brk %lx start_stack %lx\n"
218 		"arg_start %lx arg_end %lx env_start %lx env_end %lx\n"
219 		"binfmt %px flags %lx core_state %px\n"
220 #ifdef CONFIG_AIO
221 		"ioctx_table %px\n"
222 #endif
223 #ifdef CONFIG_MEMCG
224 		"owner %px "
225 #endif
226 		"exe_file %px\n"
227 #ifdef CONFIG_MMU_NOTIFIER
228 		"notifier_subscriptions %px\n"
229 #endif
230 #ifdef CONFIG_NUMA_BALANCING
231 		"numa_next_scan %lu numa_scan_offset %lu numa_scan_seq %d\n"
232 #endif
233 		"tlb_flush_pending %d\n"
234 		"def_flags: %#lx(%pGv)\n",
235 
236 		mm, mm->mmap, (long long) mm->vmacache_seqnum, mm->task_size,
237 #ifdef CONFIG_MMU
238 		mm->get_unmapped_area,
239 #endif
240 		mm->mmap_base, mm->mmap_legacy_base, mm->highest_vm_end,
241 		mm->pgd, atomic_read(&mm->mm_users),
242 		atomic_read(&mm->mm_count),
243 		mm_pgtables_bytes(mm),
244 		mm->map_count,
245 		mm->hiwater_rss, mm->hiwater_vm, mm->total_vm, mm->locked_vm,
246 		(u64)atomic64_read(&mm->pinned_vm),
247 		mm->data_vm, mm->exec_vm, mm->stack_vm,
248 		mm->start_code, mm->end_code, mm->start_data, mm->end_data,
249 		mm->start_brk, mm->brk, mm->start_stack,
250 		mm->arg_start, mm->arg_end, mm->env_start, mm->env_end,
251 		mm->binfmt, mm->flags, mm->core_state,
252 #ifdef CONFIG_AIO
253 		mm->ioctx_table,
254 #endif
255 #ifdef CONFIG_MEMCG
256 		mm->owner,
257 #endif
258 		mm->exe_file,
259 #ifdef CONFIG_MMU_NOTIFIER
260 		mm->notifier_subscriptions,
261 #endif
262 #ifdef CONFIG_NUMA_BALANCING
263 		mm->numa_next_scan, mm->numa_scan_offset, mm->numa_scan_seq,
264 #endif
265 		atomic_read(&mm->tlb_flush_pending),
266 		mm->def_flags, &mm->def_flags
267 	);
268 }
269 
270 static bool page_init_poisoning __read_mostly = true;
271 
setup_vm_debug(char * str)272 static int __init setup_vm_debug(char *str)
273 {
274 	bool __page_init_poisoning = true;
275 
276 	/*
277 	 * Calling vm_debug with no arguments is equivalent to requesting
278 	 * to enable all debugging options we can control.
279 	 */
280 	if (*str++ != '=' || !*str)
281 		goto out;
282 
283 	__page_init_poisoning = false;
284 	if (*str == '-')
285 		goto out;
286 
287 	while (*str) {
288 		switch (tolower(*str)) {
289 		case'p':
290 			__page_init_poisoning = true;
291 			break;
292 		default:
293 			pr_err("vm_debug option '%c' unknown. skipped\n",
294 			       *str);
295 		}
296 
297 		str++;
298 	}
299 out:
300 	if (page_init_poisoning && !__page_init_poisoning)
301 		pr_warn("Page struct poisoning disabled by kernel command line option 'vm_debug'\n");
302 
303 	page_init_poisoning = __page_init_poisoning;
304 
305 	return 1;
306 }
307 __setup("vm_debug", setup_vm_debug);
308 
page_init_poison(struct page * page,size_t size)309 void page_init_poison(struct page *page, size_t size)
310 {
311 	if (page_init_poisoning)
312 		memset(page, PAGE_POISON_PATTERN, size);
313 }
314 EXPORT_SYMBOL_GPL(page_init_poison);
315 #endif		/* CONFIG_DEBUG_VM */
316