slab debug and kmalloc

2024-06-03 15:58
文章标签 debug slab kmalloc

本文主要是介绍slab debug and kmalloc,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

跟踪kmalloc分到的memory为什么没有redzone and usercaller

[    0.000000:0] kmem_cache_create: size-64 set redzone and calluser

[    0.000000:0] kmem_cache_create: size-64 set poison
[    0.000000:0] kmem_cache_create: size-64 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-64 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: AC name size-64, cachep ee000080
[    0.000000:0] kmem_cache_create: size-96 set redzone and calluser
[    0.000000:0] kmem_cache_create: size-96 set poison
[    0.000000:0] kmem_cache_create: size-96 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-96 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: L3 name size-96, cachep ee000120
[    0.000000:0] kmem_cache_create: size-32 set redzone and calluser
[    0.000000:0] kmem_cache_create: size-32 set poison
[    0.000000:0] kmem_cache_create: size-32 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-32 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-32, size 32
[    0.000000:0] kmem_cache_init: kmalloc name size-64, size 64
[    0.000000:0] kmem_cache_init: kmalloc name size-96, size 96
[    0.000000:0] kmem_cache_create: size-128 set redzone and calluser
[    0.000000:0] kmem_cache_create: size-128 set poison
[    0.000000:0] kmem_cache_create: size-128 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-128 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-128, size 128
[    0.000000:0] kmem_cache_create: size-192 set redzone and calluser
[    0.000000:0] kmem_cache_create: size-192 set poison
[    0.000000:0] kmem_cache_create: size-192 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-192 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-192, size 192
[    0.000000:0] kmem_cache_create: size-256 set redzone and calluser
[    0.000000:0] kmem_cache_create: size-256 set poison
[    0.000000:0] kmem_cache_create: size-256 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-256 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-256, size 256
[    0.000000:0] kmem_cache_create: size-512 set redzone and calluser
[    0.000000:0] kmem_cache_create: size-512 set poison
[    0.000000:0] kmem_cache_create: size-512 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-512 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-512, size 512
[    0.000000:0] kmem_cache_create: size-1024 set redzone and calluser
[    0.000000:0] kmem_cache_create: size-1024 set poison
[    0.000000:0] kmem_cache_create: size-1024 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-1024 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-1024, size 1024
[    0.000000:0] kmem_cache_create: size-2048 set redzone and calluser
[    0.000000:0] kmem_cache_create: size-2048 set poison
[    0.000000:0] kmem_cache_create: size-2048 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-2048 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-2048, size 2048
[    0.000000:0] kmem_cache_create: size-4096 set poison
[    0.000000:0] kmem_cache_create: size-4096 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-4096 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-4096, size 4096
[    0.000000:0] kmem_cache_create: size-8192 set poison
[    0.000000:0] kmem_cache_create: size-8192 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-8192 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-8192, size 8192
[    0.000000:0] kmem_cache_create: size-16384 set poison
[    0.000000:0] kmem_cache_create: size-16384 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-16384 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-16384, size 16384
[    0.000000:0] kmem_cache_create: size-32768 set poison
[    0.000000:0] kmem_cache_create: size-32768 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-32768 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-32768, size 32768
[    0.000000:0] kmem_cache_create: size-65536 set poison
[    0.000000:0] kmem_cache_create: size-65536 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-65536 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-65536, size 65536
[    0.000000:0] kmem_cache_create: size-131072 set poison
[    0.000000:0] kmem_cache_create: size-131072 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-131072 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-131072, size 131072
[    0.000000:0] kmem_cache_create: size-262144 set poison
[    0.000000:0] kmem_cache_create: size-262144 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-262144 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-262144, size 262144
[    0.000000:0] kmem_cache_create: size-524288 set poison
[    0.000000:0] kmem_cache_create: size-524288 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-524288 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-524288, size 524288
[    0.000000:0] kmem_cache_create: size-1048576 set poison
[    0.000000:0] kmem_cache_create: size-1048576 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-1048576 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-1048576, size 1048576
[    0.000000:0] kmem_cache_create: size-2097152 set poison
[    0.000000:0] kmem_cache_create: size-2097152 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-2097152 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-2097152, size 2097152
[    0.000000:0] kmem_cache_create: size-4194304 set poison
[    0.000000:0] kmem_cache_create: size-4194304 ralign 32, align 32
[    0.000000:0] kmem_cache_create: size-4194304 disable redzone and usercaller
[    0.000000:0] kmem_cache_init: kmalloc name size-4194304, size 4194304

问题出在输入参数align:ARCH_KMALLOC_MINALIGN[32】

kmem_cache_create:
从打印log看问题出在,也就是输入参数align:ARCH_KMALLOC_MINALIGN[32]
    if (ralign < align) {
        ralign = align;
    }
    /* disable debug if necessary 当前32 >8 所以关掉*/
    if (ralign > __alignof__(unsigned long long)){
        flags &= ~(SLAB_RED_ZONE | SLAB_STORE_USER);
        pr_err("kmem_cache_create: %s disable redzone and usercaller\n", name);
    }

怎样可以让它有啊?

跟踪宏定义ARCH_KMALLOC_MINALIGN:如下:

/*
 *  arch/arm/include/asm/cache.h
 */
#ifndef __ASMARM_CACHE_H
#define __ASMARM_CACHE_H

#define L1_CACHE_SHIFT        CONFIG_ARM_L1_CACHE_SHIFT
#define L1_CACHE_BYTES        (1 << L1_CACHE_SHIFT)

/*
 * Memory returned by kmalloc() may be used for DMA, so we must make
 * sure that all such allocations are cache aligned. Otherwise,
 * unrelated code may cause parts of the buffer to be read into the
 * cache before the transfer is done, causing old data to be seen by
 * the CPU.
 */
#define ARCH_DMA_MINALIGN    L1_CACHE_BYTES

include/generated/autocong.h
#define CONFIG_ARM 1
#define CONFIG_ARM_L1_CACHE_SHIFT 5

include/linux/slab.h
/*
 * Some archs want to perform DMA into kmalloc caches and need a guaranteed
 * alignment larger than the alignment of a 64-bit integer.
 * Setting ARCH_KMALLOC_MINALIGN in arch headers allows that.
 */
#ifdef ARCH_DMA_MINALIGN
#define ARCH_KMALLOC_MINALIGN ARCH_DMA_MINALIGN
#else
#define ARCH_KMALLOC_MINALIGN __alignof__(unsigned long long)

#endif


所以,如果kmalloc分配出现red zone 等信息的话,只有不定义ARCH_DMA_MINALIGN即可。

使用redzone and usercaller分析问题

当前问题是struct dwc_otg_hcd_urb_t释放了之后还使用memory导致问题,查找哪里释放的?
现在的crash dump的kmalloc内存就包含了redzone and usercaller
从中我们就可有看到操作内存的函数

当前出问题的是
crash> struct dwc_otg_hcd_urb_t -o
typedef struct dwc_otg_hcd_urb {
   [0] void *priv;
   [4] struct dwc_otg_qtd *qtd;
   [8] void *buf;
  [12] dwc_dma_t dma;
  [16] void *setup_packet;
  [20] dwc_dma_t setup_dma;
  [24] uint32_t length;
  [28] uint32_t actual_length;
  [32] uint32_t status;
  [36] uint32_t error_count;
  [40] uint32_t packet_count;
  [44] uint32_t flags;
  [48] uint16_t interval;
  [50] struct dwc_otg_hcd_pipe_info pipe_info;
  [56] struct dwc_otg_hcd_iso_packet_desc iso_descs[];
} dwc_otg_hcd_urb_t;
SIZE: 56
应该使用size-64的kmalloc cache:
且已知的地址是:r2 : e63fdf48
考虑到redzone,其在kmem中看到的地址应该是e63fdf40;
crash> kmem -S size-64 | grep e63fdf
   e63fdf40  (cpu 0 cache)
  [e63fdf98]

下面看是那个函数释放了这块内存:
crash> rd e63fdf40 0x64
e63fdf40:  9d74e35b 09f91102 6b6b6b6b 6b6b6b6b   [.t.....kkkkkkkk
e63fdf50:  6b6b6b6b 6b6b6b6b 6b6b6b6b 6b6b6b6b   kkkkkkkkkkkkkkkk
e63fdf60:  6b6b6b6b 6b6b6b6b 6b6b6b6b 6b6b6b6b   kkkkkkkkkkkkkkkk
e63fdf70:  6b6b6b6b 6b6b6b6b 6b6b6b6b 6b6b6b6b   kkkkkkkkkkkkkkkk
e63fdf80:  6b6b6b6b a56b6b6b 9d74e35b 09f91102   kkkkkkk.[.t.....
e63fdf90:  00000000 c0311708

crash> dis -r c0311708
0xc03116f4 <__DWC_FREE>:        mov     r12, sp
0xc03116f8 <__DWC_FREE+4>:      push    {r11, r12, lr, pc}
0xc03116fc <__DWC_FREE+8>:      sub     r11, r12, #4
0xc0311700 <__DWC_FREE+12>:     mov     r0, r1
0xc0311704 <__DWC_FREE+16>:     bl      0xc00ad90c <kfree>
0xc0311708 <__DWC_FREE+20>:     ldm     sp, {r11, sp, pc}
这里看是是函数:__DWC_FREE。
这就是我们想看到的。

问题是下面的for循环中:if()进入了多次,就是说释放后又进去了:又要释放。
static void complete_non_isoc_xfer_ddma(dwc_otg_hcd_t * hcd,
                    dwc_hc_t * hc,
                    dwc_otg_hc_regs_t * hc_regs,
                    dwc_otg_halt_status_e halt_status)
{

    for (i = 0; i < qtd->n_desc; i++) {
        dma_desc = &qh->desc_list[n_desc];

        n_bytes = qh->n_bytes[n_desc];

        failed =
            update_non_isoc_urb_state_ddma(hcd, hc, qtd,
                           dma_desc,
                           halt_status, n_bytes,
                           &xfer_done);

        if (failed
            || (xfer_done
            && (urb->status != -DWC_E_IN_PROGRESS))) {

            hcd->fops->complete(hcd, urb->priv, urb,
                        urb->status);
            dwc_otg_hcd_qtd_remove_and_free(hcd, qtd, qh);

        }
    }


}

这篇关于slab debug and kmalloc的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!



http://www.chinasem.cn/article/1027445

相关文章

Nn criterions don’t compute the gradient w.r.t. targets error「pytorch」 (debug笔记)

Nn criterions don’t compute the gradient w.r.t. targets error「pytorch」 ##一、 缘由及解决方法 把这个pytorch-ddpg|github搬到jupyter notebook上运行时,出现错误Nn criterions don’t compute the gradient w.r.t. targets error。注:我用

idea 怎么调试debug

1、这里以一个web工程为例,点击图中按钮开始运行web工程。 2、设置断点 3、使用postman发送http请求 4、请求发送之后会自动跳到断点处,并且在断点之前会有数据结果显示 5、按F8 在 Debug 模式下,进入下一步,如果当前行断点是一个方法,则不进入当前方法体内,跳到下一条执行语句。 6、按F7在 Debug 模式下,进入下一步,如果当

02 Shell Script注释和debug

Shell Script注释和debug 一、ShellScript注释 ​ # 代表不解释不执行 ​ 语法:# # 创建myshell.sh文件[root@localhost ~]# vi myshell.sh # 写入内容#!/bin/bash# 打印hello world(正确)echo "hello world"echo "hello 2" # 注释2(正确)echo

Tomcat怎样用Debug模式启动

在加装了Tomcat插件的Eclipse中可以设置用Debug模式启动Tomcat,此时Tomcat以及Web应用中的日志都以最详细的级别输出。 但如果直接从命令行用“starup.sh”启动,则只有INFO和更高级别的日志被输出,其他的都过滤掉了。 怎样才能在命令行里以Debug模式启动Tomcat?         你可以用配置Tomcat支持

WebStorm用Debug模式调试Vue等前端项目

问题说明 开发前端时,一直很苦恼调试前端代码的麻烦。 简单的内容可以通过console.log()在控制台打印变量值,来验证预期结果。 涉及到稍复杂的逻辑,就需要在代码中侵入增加debugger,或者在浏览器中找到js文件,再手动添加断点。 非常的麻烦,而且浏览器中对变量的追踪功能也有限,同时我也一直好奇WebStorm中Debug启动方式的作用,今天研究了一下,果然WebStorm提供了更简

The `XXXUITests [Debug]` target overrides the `ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES` build......

出现的警告: [!] The `ColorInHeartUITests [Debug]` target overrides the `ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES` build setting defined in `Pods/Target Support Files/Pods-ColorInHeart-ColorInHeartUITests/Po

Debug跟Release区别

Debug和Release区别 Debug和Release区别  2011年10月17日   Debug和Release区别VC下Debug和Release区别   最近写代码过程中,发现 Debug 下运行正常,Release 下就会出现问题,百思不得其解,而Release 下又无法进行调试,于是只能采用printf方式逐步定位到问题所在处,才发现原来是给定的一个数组未初

Codewarrior中利用PE multilink下载程序debug时不能连接问题

现象:PC连接PE multilink然后连接单片机,mutilink上的与单片机的连接接口是正确的,但点击codewarrior中debug按钮,则会出现连接失败,如下图: 电脑端口也能识别 但就是不能连接。 解决方案:如下图点击[FAQ#29]然后进入, 按照这个界面给的解决方案去解决即可,重装一下驱动(此页面下面会给出相应的BDM驱动)

Android audio debug

dumpsys media.audio_flinger dumpsys media.audio_policy dumpsys audio

eclipse里maven debug-tomcat:run注意

eclipse里maven debug-tomcat:run注意: 源码调试需要插件:m2e.sourcelookup 在eclipse上 Help->install new software  https://bjmi.github.io/update-site/