17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 57c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 67c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 77c478bd9Sstevel@tonic-gate * with the License. 87c478bd9Sstevel@tonic-gate * 97c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 107c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 117c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 127c478bd9Sstevel@tonic-gate * and limitations under the License. 137c478bd9Sstevel@tonic-gate * 147c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 157c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 167c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 177c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 187c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 197c478bd9Sstevel@tonic-gate * 207c478bd9Sstevel@tonic-gate * CDDL HEADER END 217c478bd9Sstevel@tonic-gate */ 227c478bd9Sstevel@tonic-gate /* 2301f19855Scth * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 247c478bd9Sstevel@tonic-gate * Use is subject to license terms. 257c478bd9Sstevel@tonic-gate */ 267c478bd9Sstevel@tonic-gate 277c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate #include <mdb/mdb_param.h> 307c478bd9Sstevel@tonic-gate #include <mdb/mdb_modapi.h> 317c478bd9Sstevel@tonic-gate 327c478bd9Sstevel@tonic-gate #include <sys/fs/ufs_inode.h> 337c478bd9Sstevel@tonic-gate #include <sys/kmem_impl.h> 347c478bd9Sstevel@tonic-gate #include <sys/vmem_impl.h> 357c478bd9Sstevel@tonic-gate #include <sys/modctl.h> 367c478bd9Sstevel@tonic-gate #include <sys/kobj.h> 377c478bd9Sstevel@tonic-gate #include <sys/kobj_impl.h> 387c478bd9Sstevel@tonic-gate #include <vm/seg_vn.h> 397c478bd9Sstevel@tonic-gate #include <vm/as.h> 407c478bd9Sstevel@tonic-gate #include <vm/seg_map.h> 417c478bd9Sstevel@tonic-gate #include <mdb/mdb_ctf.h> 427c478bd9Sstevel@tonic-gate 437c478bd9Sstevel@tonic-gate #include "kmem.h" 447c478bd9Sstevel@tonic-gate #include "leaky_impl.h" 457c478bd9Sstevel@tonic-gate 467c478bd9Sstevel@tonic-gate /* 477c478bd9Sstevel@tonic-gate * This file defines the genunix target for leaky.c. There are three types 487c478bd9Sstevel@tonic-gate * of buffers in the kernel's heap: TYPE_VMEM, for kmem_oversize allocations, 497c478bd9Sstevel@tonic-gate * TYPE_KMEM, for kmem_cache_alloc() allocations bufctl_audit_ts, and 507c478bd9Sstevel@tonic-gate * TYPE_CACHE, for kmem_cache_alloc() allocation without bufctl_audit_ts. 517c478bd9Sstevel@tonic-gate * 527c478bd9Sstevel@tonic-gate * See "leaky_impl.h" for the target interface definition. 537c478bd9Sstevel@tonic-gate */ 547c478bd9Sstevel@tonic-gate 557c478bd9Sstevel@tonic-gate #define TYPE_VMEM 0 /* lkb_data is the vmem_seg's size */ 567c478bd9Sstevel@tonic-gate #define TYPE_CACHE 1 /* lkb_cid is the bufctl's cache */ 577c478bd9Sstevel@tonic-gate #define TYPE_KMEM 2 /* lkb_cid is the bufctl's cache */ 587c478bd9Sstevel@tonic-gate 597c478bd9Sstevel@tonic-gate #define LKM_CTL_BUFCTL 0 /* normal allocation, PTR is bufctl */ 607c478bd9Sstevel@tonic-gate #define LKM_CTL_VMSEG 1 /* oversize allocation, PTR is vmem_seg_t */ 617c478bd9Sstevel@tonic-gate #define LKM_CTL_CACHE 2 /* normal alloc, non-debug, PTR is cache */ 627c478bd9Sstevel@tonic-gate #define LKM_CTL_MASK 3L 637c478bd9Sstevel@tonic-gate 647c478bd9Sstevel@tonic-gate #define LKM_CTL(ptr, type) (LKM_CTLPTR(ptr) | (type)) 657c478bd9Sstevel@tonic-gate #define LKM_CTLPTR(ctl) ((uintptr_t)(ctl) & ~(LKM_CTL_MASK)) 667c478bd9Sstevel@tonic-gate #define LKM_CTLTYPE(ctl) ((uintptr_t)(ctl) & (LKM_CTL_MASK)) 677c478bd9Sstevel@tonic-gate 687c478bd9Sstevel@tonic-gate static int kmem_lite_count = 0; /* cache of the kernel's version */ 697c478bd9Sstevel@tonic-gate 707c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 717c478bd9Sstevel@tonic-gate static int 727c478bd9Sstevel@tonic-gate leaky_mtab(uintptr_t addr, const kmem_bufctl_audit_t *bcp, leak_mtab_t **lmp) 737c478bd9Sstevel@tonic-gate { 747c478bd9Sstevel@tonic-gate leak_mtab_t *lm = (*lmp)++; 757c478bd9Sstevel@tonic-gate 767c478bd9Sstevel@tonic-gate lm->lkm_base = (uintptr_t)bcp->bc_addr; 777c478bd9Sstevel@tonic-gate lm->lkm_bufctl = LKM_CTL(addr, LKM_CTL_BUFCTL); 787c478bd9Sstevel@tonic-gate 797c478bd9Sstevel@tonic-gate return (WALK_NEXT); 807c478bd9Sstevel@tonic-gate } 817c478bd9Sstevel@tonic-gate 827c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 837c478bd9Sstevel@tonic-gate static int 847c478bd9Sstevel@tonic-gate leaky_mtab_addr(uintptr_t addr, void *ignored, leak_mtab_t **lmp) 857c478bd9Sstevel@tonic-gate { 867c478bd9Sstevel@tonic-gate leak_mtab_t *lm = (*lmp)++; 877c478bd9Sstevel@tonic-gate 887c478bd9Sstevel@tonic-gate lm->lkm_base = addr; 897c478bd9Sstevel@tonic-gate 907c478bd9Sstevel@tonic-gate return (WALK_NEXT); 917c478bd9Sstevel@tonic-gate } 927c478bd9Sstevel@tonic-gate 937c478bd9Sstevel@tonic-gate static int 947c478bd9Sstevel@tonic-gate leaky_seg(uintptr_t addr, const vmem_seg_t *seg, leak_mtab_t **lmp) 957c478bd9Sstevel@tonic-gate { 967c478bd9Sstevel@tonic-gate leak_mtab_t *lm = (*lmp)++; 977c478bd9Sstevel@tonic-gate 987c478bd9Sstevel@tonic-gate lm->lkm_base = seg->vs_start; 997c478bd9Sstevel@tonic-gate lm->lkm_limit = seg->vs_end; 1007c478bd9Sstevel@tonic-gate lm->lkm_bufctl = LKM_CTL(addr, LKM_CTL_VMSEG); 1017c478bd9Sstevel@tonic-gate 1027c478bd9Sstevel@tonic-gate return (WALK_NEXT); 1037c478bd9Sstevel@tonic-gate } 1047c478bd9Sstevel@tonic-gate 1057c478bd9Sstevel@tonic-gate static int 1067c478bd9Sstevel@tonic-gate leaky_vmem_interested(const vmem_t *vmem) 1077c478bd9Sstevel@tonic-gate { 1087c478bd9Sstevel@tonic-gate if (strcmp(vmem->vm_name, "kmem_oversize") != 0 && 1097c478bd9Sstevel@tonic-gate strcmp(vmem->vm_name, "static_alloc") != 0) 1107c478bd9Sstevel@tonic-gate return (0); 1117c478bd9Sstevel@tonic-gate return (1); 1127c478bd9Sstevel@tonic-gate } 1137c478bd9Sstevel@tonic-gate 1147c478bd9Sstevel@tonic-gate static int 1157c478bd9Sstevel@tonic-gate leaky_vmem(uintptr_t addr, const vmem_t *vmem, leak_mtab_t **lmp) 1167c478bd9Sstevel@tonic-gate { 1177c478bd9Sstevel@tonic-gate if (!leaky_vmem_interested(vmem)) 1187c478bd9Sstevel@tonic-gate return (WALK_NEXT); 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate if (mdb_pwalk("vmem_alloc", (mdb_walk_cb_t)leaky_seg, lmp, addr) == -1) 1217c478bd9Sstevel@tonic-gate mdb_warn("can't walk vmem_alloc for kmem_oversize (%p)", addr); 1227c478bd9Sstevel@tonic-gate 1237c478bd9Sstevel@tonic-gate return (WALK_NEXT); 1247c478bd9Sstevel@tonic-gate } 1257c478bd9Sstevel@tonic-gate 1267c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 1277c478bd9Sstevel@tonic-gate static int 1287c478bd9Sstevel@tonic-gate leaky_estimate_vmem(uintptr_t addr, const vmem_t *vmem, size_t *est) 1297c478bd9Sstevel@tonic-gate { 1307c478bd9Sstevel@tonic-gate if (!leaky_vmem_interested(vmem)) 1317c478bd9Sstevel@tonic-gate return (WALK_NEXT); 1327c478bd9Sstevel@tonic-gate 1337c478bd9Sstevel@tonic-gate *est += (int)(vmem->vm_kstat.vk_alloc.value.ui64 - 1347c478bd9Sstevel@tonic-gate vmem->vm_kstat.vk_free.value.ui64); 1357c478bd9Sstevel@tonic-gate 1367c478bd9Sstevel@tonic-gate return (WALK_NEXT); 1377c478bd9Sstevel@tonic-gate } 1387c478bd9Sstevel@tonic-gate 1397c478bd9Sstevel@tonic-gate static int 1407c478bd9Sstevel@tonic-gate leaky_interested(const kmem_cache_t *c) 1417c478bd9Sstevel@tonic-gate { 1427c478bd9Sstevel@tonic-gate vmem_t vmem; 1437c478bd9Sstevel@tonic-gate 1447c478bd9Sstevel@tonic-gate /* 1457c478bd9Sstevel@tonic-gate * ignore HAT-related caches that happen to derive from kmem_default 1467c478bd9Sstevel@tonic-gate */ 1477c478bd9Sstevel@tonic-gate if (strcmp(c->cache_name, "sfmmu1_cache") == 0 || 1487c478bd9Sstevel@tonic-gate strcmp(c->cache_name, "sf_hment_cache") == 0 || 1497c478bd9Sstevel@tonic-gate strcmp(c->cache_name, "pa_hment_cache") == 0) 1507c478bd9Sstevel@tonic-gate return (0); 1517c478bd9Sstevel@tonic-gate 1527c478bd9Sstevel@tonic-gate if (mdb_vread(&vmem, sizeof (vmem), (uintptr_t)c->cache_arena) == -1) { 1537c478bd9Sstevel@tonic-gate mdb_warn("cannot read arena %p for cache '%s'", 1547c478bd9Sstevel@tonic-gate (uintptr_t)c->cache_arena, c->cache_name); 1557c478bd9Sstevel@tonic-gate return (0); 1567c478bd9Sstevel@tonic-gate } 1577c478bd9Sstevel@tonic-gate 1587c478bd9Sstevel@tonic-gate /* 1597c478bd9Sstevel@tonic-gate * If this cache isn't allocating from the kmem_default, 1607c478bd9Sstevel@tonic-gate * kmem_firewall, or static vmem arenas, we're not interested. 1617c478bd9Sstevel@tonic-gate */ 1627c478bd9Sstevel@tonic-gate if (strcmp(vmem.vm_name, "kmem_default") != 0 && 1637c478bd9Sstevel@tonic-gate strcmp(vmem.vm_name, "kmem_firewall") != 0 && 1647c478bd9Sstevel@tonic-gate strcmp(vmem.vm_name, "static") != 0) 1657c478bd9Sstevel@tonic-gate return (0); 1667c478bd9Sstevel@tonic-gate 1677c478bd9Sstevel@tonic-gate return (1); 1687c478bd9Sstevel@tonic-gate } 1697c478bd9Sstevel@tonic-gate 1707c478bd9Sstevel@tonic-gate static int 1717c478bd9Sstevel@tonic-gate leaky_estimate(uintptr_t addr, const kmem_cache_t *c, size_t *est) 1727c478bd9Sstevel@tonic-gate { 1737c478bd9Sstevel@tonic-gate if (!leaky_interested(c)) 1747c478bd9Sstevel@tonic-gate return (WALK_NEXT); 1757c478bd9Sstevel@tonic-gate 1767c478bd9Sstevel@tonic-gate *est += kmem_estimate_allocated(addr, c); 1777c478bd9Sstevel@tonic-gate 1787c478bd9Sstevel@tonic-gate return (WALK_NEXT); 1797c478bd9Sstevel@tonic-gate } 1807c478bd9Sstevel@tonic-gate 1817c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 1827c478bd9Sstevel@tonic-gate static int 1837c478bd9Sstevel@tonic-gate leaky_cache(uintptr_t addr, const kmem_cache_t *c, leak_mtab_t **lmp) 1847c478bd9Sstevel@tonic-gate { 1857c478bd9Sstevel@tonic-gate leak_mtab_t *lm = *lmp; 1867c478bd9Sstevel@tonic-gate mdb_walk_cb_t cb; 1877c478bd9Sstevel@tonic-gate const char *walk; 1887c478bd9Sstevel@tonic-gate int audit = (c->cache_flags & KMF_AUDIT); 1897c478bd9Sstevel@tonic-gate 1907c478bd9Sstevel@tonic-gate if (!leaky_interested(c)) 1917c478bd9Sstevel@tonic-gate return (WALK_NEXT); 1927c478bd9Sstevel@tonic-gate 1937c478bd9Sstevel@tonic-gate if (audit) { 1947c478bd9Sstevel@tonic-gate walk = "bufctl"; 1957c478bd9Sstevel@tonic-gate cb = (mdb_walk_cb_t)leaky_mtab; 1967c478bd9Sstevel@tonic-gate } else { 1977c478bd9Sstevel@tonic-gate walk = "kmem"; 1987c478bd9Sstevel@tonic-gate cb = (mdb_walk_cb_t)leaky_mtab_addr; 1997c478bd9Sstevel@tonic-gate } 2007c478bd9Sstevel@tonic-gate if (mdb_pwalk(walk, cb, lmp, addr) == -1) { 2017c478bd9Sstevel@tonic-gate mdb_warn("can't walk kmem for cache %p (%s)", addr, 2027c478bd9Sstevel@tonic-gate c->cache_name); 2037c478bd9Sstevel@tonic-gate return (WALK_DONE); 2047c478bd9Sstevel@tonic-gate } 2057c478bd9Sstevel@tonic-gate 2067c478bd9Sstevel@tonic-gate for (; lm < *lmp; lm++) { 2077c478bd9Sstevel@tonic-gate lm->lkm_limit = lm->lkm_base + c->cache_bufsize; 2087c478bd9Sstevel@tonic-gate if (!audit) 2097c478bd9Sstevel@tonic-gate lm->lkm_bufctl = LKM_CTL(addr, LKM_CTL_CACHE); 2107c478bd9Sstevel@tonic-gate } 2117c478bd9Sstevel@tonic-gate 2127c478bd9Sstevel@tonic-gate return (WALK_NEXT); 2137c478bd9Sstevel@tonic-gate } 2147c478bd9Sstevel@tonic-gate 2157c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 2167c478bd9Sstevel@tonic-gate static int 2177c478bd9Sstevel@tonic-gate leaky_scan_buffer(uintptr_t addr, const void *ignored, const kmem_cache_t *c) 2187c478bd9Sstevel@tonic-gate { 2197c478bd9Sstevel@tonic-gate leaky_grep(addr, c->cache_bufsize); 2207c478bd9Sstevel@tonic-gate 2217c478bd9Sstevel@tonic-gate /* 2227c478bd9Sstevel@tonic-gate * free, constructed KMF_LITE buffers keep their first uint64_t in 2237c478bd9Sstevel@tonic-gate * their buftag's redzone. 2247c478bd9Sstevel@tonic-gate */ 2257c478bd9Sstevel@tonic-gate if (c->cache_flags & KMF_LITE) { 2267c478bd9Sstevel@tonic-gate /* LINTED alignment */ 2277c478bd9Sstevel@tonic-gate kmem_buftag_t *btp = KMEM_BUFTAG(c, addr); 2287c478bd9Sstevel@tonic-gate leaky_grep((uintptr_t)&btp->bt_redzone, 2297c478bd9Sstevel@tonic-gate sizeof (btp->bt_redzone)); 2307c478bd9Sstevel@tonic-gate } 2317c478bd9Sstevel@tonic-gate 2327c478bd9Sstevel@tonic-gate return (WALK_NEXT); 2337c478bd9Sstevel@tonic-gate } 2347c478bd9Sstevel@tonic-gate 2357c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 2367c478bd9Sstevel@tonic-gate static int 2377c478bd9Sstevel@tonic-gate leaky_scan_cache(uintptr_t addr, const kmem_cache_t *c, void *ignored) 2387c478bd9Sstevel@tonic-gate { 2397c478bd9Sstevel@tonic-gate if (!leaky_interested(c)) 2407c478bd9Sstevel@tonic-gate return (WALK_NEXT); 2417c478bd9Sstevel@tonic-gate 2427c478bd9Sstevel@tonic-gate /* 2437c478bd9Sstevel@tonic-gate * Scan all of the free, constructed buffers, since they may have 2447c478bd9Sstevel@tonic-gate * pointers to allocated objects. 2457c478bd9Sstevel@tonic-gate */ 2467c478bd9Sstevel@tonic-gate if (mdb_pwalk("freemem_constructed", 2477c478bd9Sstevel@tonic-gate (mdb_walk_cb_t)leaky_scan_buffer, (void *)c, addr) == -1) { 2487c478bd9Sstevel@tonic-gate mdb_warn("can't walk freemem_constructed for cache %p (%s)", 2497c478bd9Sstevel@tonic-gate addr, c->cache_name); 2507c478bd9Sstevel@tonic-gate return (WALK_DONE); 2517c478bd9Sstevel@tonic-gate } 2527c478bd9Sstevel@tonic-gate 2537c478bd9Sstevel@tonic-gate return (WALK_NEXT); 2547c478bd9Sstevel@tonic-gate } 2557c478bd9Sstevel@tonic-gate 2567c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 2577c478bd9Sstevel@tonic-gate static int 2587c478bd9Sstevel@tonic-gate leaky_modctl(uintptr_t addr, const struct modctl *m, int *ignored) 2597c478bd9Sstevel@tonic-gate { 2607c478bd9Sstevel@tonic-gate struct module mod; 2617c478bd9Sstevel@tonic-gate char name[MODMAXNAMELEN]; 2627c478bd9Sstevel@tonic-gate 2637c478bd9Sstevel@tonic-gate if (m->mod_mp == NULL) 2647c478bd9Sstevel@tonic-gate return (WALK_NEXT); 2657c478bd9Sstevel@tonic-gate 2667c478bd9Sstevel@tonic-gate if (mdb_vread(&mod, sizeof (mod), (uintptr_t)m->mod_mp) == -1) { 2677c478bd9Sstevel@tonic-gate mdb_warn("couldn't read modctl %p's module", addr); 2687c478bd9Sstevel@tonic-gate return (WALK_NEXT); 2697c478bd9Sstevel@tonic-gate } 2707c478bd9Sstevel@tonic-gate 2717c478bd9Sstevel@tonic-gate if (mdb_readstr(name, sizeof (name), (uintptr_t)m->mod_modname) == -1) 2727c478bd9Sstevel@tonic-gate (void) mdb_snprintf(name, sizeof (name), "0x%p", addr); 2737c478bd9Sstevel@tonic-gate 2747c478bd9Sstevel@tonic-gate leaky_grep((uintptr_t)m->mod_mp, sizeof (struct module)); 2757c478bd9Sstevel@tonic-gate leaky_grep((uintptr_t)mod.data, mod.data_size); 2767c478bd9Sstevel@tonic-gate leaky_grep((uintptr_t)mod.bss, mod.bss_size); 2777c478bd9Sstevel@tonic-gate 2787c478bd9Sstevel@tonic-gate return (WALK_NEXT); 2797c478bd9Sstevel@tonic-gate } 2807c478bd9Sstevel@tonic-gate 2817c478bd9Sstevel@tonic-gate static int 2827c478bd9Sstevel@tonic-gate leaky_thread(uintptr_t addr, const kthread_t *t, unsigned long *pagesize) 2837c478bd9Sstevel@tonic-gate { 2847c478bd9Sstevel@tonic-gate uintptr_t size, base = (uintptr_t)t->t_stkbase; 2857c478bd9Sstevel@tonic-gate uintptr_t stk = (uintptr_t)t->t_stk; 2867c478bd9Sstevel@tonic-gate 2877c478bd9Sstevel@tonic-gate /* 2887c478bd9Sstevel@tonic-gate * If this thread isn't in memory, we can't look at its stack. This 2897c478bd9Sstevel@tonic-gate * may result in false positives, so we print a warning. 2907c478bd9Sstevel@tonic-gate */ 2917c478bd9Sstevel@tonic-gate if (!(t->t_schedflag & TS_LOAD)) { 2927c478bd9Sstevel@tonic-gate mdb_printf("findleaks: thread %p's stack swapped out; " 2937c478bd9Sstevel@tonic-gate "false positives possible\n", addr); 2947c478bd9Sstevel@tonic-gate return (WALK_NEXT); 2957c478bd9Sstevel@tonic-gate } 2967c478bd9Sstevel@tonic-gate 2977c478bd9Sstevel@tonic-gate if (t->t_state != TS_FREE) 2987c478bd9Sstevel@tonic-gate leaky_grep(base, stk - base); 2997c478bd9Sstevel@tonic-gate 3007c478bd9Sstevel@tonic-gate /* 3017c478bd9Sstevel@tonic-gate * There is always gunk hanging out between t_stk and the page 3027c478bd9Sstevel@tonic-gate * boundary. If this thread structure wasn't kmem allocated, 3037c478bd9Sstevel@tonic-gate * this will include the thread structure itself. If the thread 3047c478bd9Sstevel@tonic-gate * _is_ kmem allocated, we'll be able to get to it via allthreads. 3057c478bd9Sstevel@tonic-gate */ 3067c478bd9Sstevel@tonic-gate size = *pagesize - (stk & (*pagesize - 1)); 3077c478bd9Sstevel@tonic-gate 3087c478bd9Sstevel@tonic-gate leaky_grep(stk, size); 3097c478bd9Sstevel@tonic-gate 3107c478bd9Sstevel@tonic-gate return (WALK_NEXT); 3117c478bd9Sstevel@tonic-gate } 3127c478bd9Sstevel@tonic-gate 3137c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 3147c478bd9Sstevel@tonic-gate static int 3157c478bd9Sstevel@tonic-gate leaky_kstat(uintptr_t addr, vmem_seg_t *seg, void *ignored) 3167c478bd9Sstevel@tonic-gate { 3177c478bd9Sstevel@tonic-gate leaky_grep(seg->vs_start, seg->vs_end - seg->vs_start); 3187c478bd9Sstevel@tonic-gate 3197c478bd9Sstevel@tonic-gate return (WALK_NEXT); 3207c478bd9Sstevel@tonic-gate } 3217c478bd9Sstevel@tonic-gate 3227c478bd9Sstevel@tonic-gate static void 3237c478bd9Sstevel@tonic-gate leaky_kludge(void) 3247c478bd9Sstevel@tonic-gate { 3257c478bd9Sstevel@tonic-gate GElf_Sym sym; 3267c478bd9Sstevel@tonic-gate mdb_ctf_id_t id, rid; 3277c478bd9Sstevel@tonic-gate 3287c478bd9Sstevel@tonic-gate int max_mem_nodes; 3297c478bd9Sstevel@tonic-gate uintptr_t *counters; 3307c478bd9Sstevel@tonic-gate size_t ncounters; 3317c478bd9Sstevel@tonic-gate ssize_t hwpm_size; 3327c478bd9Sstevel@tonic-gate int idx; 3337c478bd9Sstevel@tonic-gate 3347c478bd9Sstevel@tonic-gate /* 3357c478bd9Sstevel@tonic-gate * Because of DR, the page counters (which live in the kmem64 segment) 3367c478bd9Sstevel@tonic-gate * can point into kmem_alloc()ed memory. The "page_counters" array 3377c478bd9Sstevel@tonic-gate * is multi-dimensional, and each entry points to an array of 3387c478bd9Sstevel@tonic-gate * "hw_page_map_t"s which is "max_mem_nodes" in length. 3397c478bd9Sstevel@tonic-gate * 3407c478bd9Sstevel@tonic-gate * To keep this from having too much grotty knowledge of internals, 3417c478bd9Sstevel@tonic-gate * we use CTF data to get the size of the structure. For simplicity, 3427c478bd9Sstevel@tonic-gate * we treat the page_counters array as a flat array of pointers, and 3437c478bd9Sstevel@tonic-gate * use its size to determine how much to scan. Unused entries will 3447c478bd9Sstevel@tonic-gate * be NULL. 3457c478bd9Sstevel@tonic-gate */ 3467c478bd9Sstevel@tonic-gate if (mdb_lookup_by_name("page_counters", &sym) == -1) { 3477c478bd9Sstevel@tonic-gate mdb_warn("unable to lookup page_counters"); 3487c478bd9Sstevel@tonic-gate return; 3497c478bd9Sstevel@tonic-gate } 3507c478bd9Sstevel@tonic-gate 3517c478bd9Sstevel@tonic-gate if (mdb_readvar(&max_mem_nodes, "max_mem_nodes") == -1) { 3527c478bd9Sstevel@tonic-gate mdb_warn("unable to read max_mem_nodes"); 3537c478bd9Sstevel@tonic-gate return; 3547c478bd9Sstevel@tonic-gate } 3557c478bd9Sstevel@tonic-gate 3567c478bd9Sstevel@tonic-gate if (mdb_ctf_lookup_by_name("unix`hw_page_map_t", &id) == -1 || 3577c478bd9Sstevel@tonic-gate mdb_ctf_type_resolve(id, &rid) == -1 || 3587c478bd9Sstevel@tonic-gate (hwpm_size = mdb_ctf_type_size(rid)) < 0) { 3597c478bd9Sstevel@tonic-gate mdb_warn("unable to lookup unix`hw_page_map_t"); 3607c478bd9Sstevel@tonic-gate return; 3617c478bd9Sstevel@tonic-gate } 3627c478bd9Sstevel@tonic-gate 3637c478bd9Sstevel@tonic-gate counters = mdb_alloc(sym.st_size, UM_SLEEP | UM_GC); 3647c478bd9Sstevel@tonic-gate 3657c478bd9Sstevel@tonic-gate if (mdb_vread(counters, sym.st_size, (uintptr_t)sym.st_value) == -1) { 3667c478bd9Sstevel@tonic-gate mdb_warn("unable to read page_counters"); 3677c478bd9Sstevel@tonic-gate return; 3687c478bd9Sstevel@tonic-gate } 3697c478bd9Sstevel@tonic-gate 3707c478bd9Sstevel@tonic-gate ncounters = sym.st_size / sizeof (counters); 3717c478bd9Sstevel@tonic-gate 3727c478bd9Sstevel@tonic-gate for (idx = 0; idx < ncounters; idx++) { 3737c478bd9Sstevel@tonic-gate uintptr_t addr = counters[idx]; 3747c478bd9Sstevel@tonic-gate if (addr != 0) 3757c478bd9Sstevel@tonic-gate leaky_grep(addr, hwpm_size * max_mem_nodes); 3767c478bd9Sstevel@tonic-gate } 3777c478bd9Sstevel@tonic-gate } 3787c478bd9Sstevel@tonic-gate 3797c478bd9Sstevel@tonic-gate int 3807c478bd9Sstevel@tonic-gate leaky_subr_estimate(size_t *estp) 3817c478bd9Sstevel@tonic-gate { 3827c478bd9Sstevel@tonic-gate uintptr_t panicstr; 3837c478bd9Sstevel@tonic-gate int state; 3847c478bd9Sstevel@tonic-gate 3857c478bd9Sstevel@tonic-gate if ((state = mdb_get_state()) == MDB_STATE_RUNNING) { 3867c478bd9Sstevel@tonic-gate mdb_warn("findleaks: can only be run on a system " 3877c478bd9Sstevel@tonic-gate "dump or under kmdb; see dumpadm(1M)\n"); 3887c478bd9Sstevel@tonic-gate return (DCMD_ERR); 3897c478bd9Sstevel@tonic-gate } 3907c478bd9Sstevel@tonic-gate 3917c478bd9Sstevel@tonic-gate if (mdb_readvar(&panicstr, "panicstr") == -1) { 3927c478bd9Sstevel@tonic-gate mdb_warn("can't read variable 'panicstr'"); 3937c478bd9Sstevel@tonic-gate return (DCMD_ERR); 3947c478bd9Sstevel@tonic-gate } 3957c478bd9Sstevel@tonic-gate 3967c478bd9Sstevel@tonic-gate if (state != MDB_STATE_STOPPED && panicstr == NULL) { 3977c478bd9Sstevel@tonic-gate mdb_warn("findleaks: cannot be run on a live dump.\n"); 3987c478bd9Sstevel@tonic-gate return (DCMD_ERR); 3997c478bd9Sstevel@tonic-gate } 4007c478bd9Sstevel@tonic-gate 4017c478bd9Sstevel@tonic-gate if (mdb_walk("kmem_cache", (mdb_walk_cb_t)leaky_estimate, estp) == -1) { 4027c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'kmem_cache'"); 4037c478bd9Sstevel@tonic-gate return (DCMD_ERR); 4047c478bd9Sstevel@tonic-gate } 4057c478bd9Sstevel@tonic-gate 4067c478bd9Sstevel@tonic-gate if (*estp == 0) { 4077c478bd9Sstevel@tonic-gate mdb_warn("findleaks: no buffers found\n"); 4087c478bd9Sstevel@tonic-gate return (DCMD_ERR); 4097c478bd9Sstevel@tonic-gate } 4107c478bd9Sstevel@tonic-gate 4117c478bd9Sstevel@tonic-gate if (mdb_walk("vmem", (mdb_walk_cb_t)leaky_estimate_vmem, estp) == -1) { 4127c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'vmem'"); 4137c478bd9Sstevel@tonic-gate return (DCMD_ERR); 4147c478bd9Sstevel@tonic-gate } 4157c478bd9Sstevel@tonic-gate 4167c478bd9Sstevel@tonic-gate return (DCMD_OK); 4177c478bd9Sstevel@tonic-gate } 4187c478bd9Sstevel@tonic-gate 4197c478bd9Sstevel@tonic-gate int 4207c478bd9Sstevel@tonic-gate leaky_subr_fill(leak_mtab_t **lmpp) 4217c478bd9Sstevel@tonic-gate { 4227c478bd9Sstevel@tonic-gate if (mdb_walk("vmem", (mdb_walk_cb_t)leaky_vmem, lmpp) == -1) { 4237c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'vmem'"); 4247c478bd9Sstevel@tonic-gate return (DCMD_ERR); 4257c478bd9Sstevel@tonic-gate } 4267c478bd9Sstevel@tonic-gate 4277c478bd9Sstevel@tonic-gate if (mdb_walk("kmem_cache", (mdb_walk_cb_t)leaky_cache, lmpp) == -1) { 4287c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'kmem_cache'"); 4297c478bd9Sstevel@tonic-gate return (DCMD_ERR); 4307c478bd9Sstevel@tonic-gate } 4317c478bd9Sstevel@tonic-gate 4327c478bd9Sstevel@tonic-gate if (mdb_readvar(&kmem_lite_count, "kmem_lite_count") == -1) { 4337c478bd9Sstevel@tonic-gate mdb_warn("couldn't read 'kmem_lite_count'"); 4347c478bd9Sstevel@tonic-gate kmem_lite_count = 0; 4357c478bd9Sstevel@tonic-gate } else if (kmem_lite_count > 16) { 4367c478bd9Sstevel@tonic-gate mdb_warn("kmem_lite_count nonsensical, ignored\n"); 4377c478bd9Sstevel@tonic-gate kmem_lite_count = 0; 4387c478bd9Sstevel@tonic-gate } 4397c478bd9Sstevel@tonic-gate 4407c478bd9Sstevel@tonic-gate return (DCMD_OK); 4417c478bd9Sstevel@tonic-gate } 4427c478bd9Sstevel@tonic-gate 4437c478bd9Sstevel@tonic-gate int 4447c478bd9Sstevel@tonic-gate leaky_subr_run(void) 4457c478bd9Sstevel@tonic-gate { 446*cbdcbd05SJonathan Adams unsigned long ps = PAGESIZE; 4477c478bd9Sstevel@tonic-gate uintptr_t kstat_arena; 44801f19855Scth uintptr_t dmods; 4497c478bd9Sstevel@tonic-gate 4507c478bd9Sstevel@tonic-gate leaky_kludge(); 4517c478bd9Sstevel@tonic-gate 4527c478bd9Sstevel@tonic-gate if (mdb_walk("kmem_cache", (mdb_walk_cb_t)leaky_scan_cache, 4537c478bd9Sstevel@tonic-gate NULL) == -1) { 4547c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'kmem_cache'"); 4557c478bd9Sstevel@tonic-gate return (DCMD_ERR); 4567c478bd9Sstevel@tonic-gate } 4577c478bd9Sstevel@tonic-gate 4587c478bd9Sstevel@tonic-gate if (mdb_walk("modctl", (mdb_walk_cb_t)leaky_modctl, NULL) == -1) { 4597c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'modctl'"); 4607c478bd9Sstevel@tonic-gate return (DCMD_ERR); 4617c478bd9Sstevel@tonic-gate } 4627c478bd9Sstevel@tonic-gate 46301f19855Scth /* 46401f19855Scth * If kmdb is loaded, we need to walk it's module list, since kmdb 46501f19855Scth * modctl structures can reference kmem allocations. 46601f19855Scth */ 46701f19855Scth if ((mdb_readvar(&dmods, "kdi_dmods") != -1) && (dmods != NULL)) 46801f19855Scth (void) mdb_pwalk("modctl", (mdb_walk_cb_t)leaky_modctl, 46901f19855Scth NULL, dmods); 47001f19855Scth 4717c478bd9Sstevel@tonic-gate if (mdb_walk("thread", (mdb_walk_cb_t)leaky_thread, &ps) == -1) { 4727c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'thread'"); 4737c478bd9Sstevel@tonic-gate return (DCMD_ERR); 4747c478bd9Sstevel@tonic-gate } 4757c478bd9Sstevel@tonic-gate 4767c478bd9Sstevel@tonic-gate if (mdb_walk("deathrow", (mdb_walk_cb_t)leaky_thread, &ps) == -1) { 4777c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'deathrow'"); 4787c478bd9Sstevel@tonic-gate return (DCMD_ERR); 4797c478bd9Sstevel@tonic-gate } 4807c478bd9Sstevel@tonic-gate 4817c478bd9Sstevel@tonic-gate if (mdb_readvar(&kstat_arena, "kstat_arena") == -1) { 4827c478bd9Sstevel@tonic-gate mdb_warn("couldn't read 'kstat_arena'"); 4837c478bd9Sstevel@tonic-gate return (DCMD_ERR); 4847c478bd9Sstevel@tonic-gate } 4857c478bd9Sstevel@tonic-gate 4867c478bd9Sstevel@tonic-gate if (mdb_pwalk("vmem_alloc", (mdb_walk_cb_t)leaky_kstat, 4877c478bd9Sstevel@tonic-gate NULL, kstat_arena) == -1) { 4887c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk kstat vmem arena"); 4897c478bd9Sstevel@tonic-gate return (DCMD_ERR); 4907c478bd9Sstevel@tonic-gate } 4917c478bd9Sstevel@tonic-gate 4927c478bd9Sstevel@tonic-gate return (DCMD_OK); 4937c478bd9Sstevel@tonic-gate } 4947c478bd9Sstevel@tonic-gate 4957c478bd9Sstevel@tonic-gate void 4967c478bd9Sstevel@tonic-gate leaky_subr_add_leak(leak_mtab_t *lmp) 4977c478bd9Sstevel@tonic-gate { 4987c478bd9Sstevel@tonic-gate uintptr_t addr = LKM_CTLPTR(lmp->lkm_bufctl); 4997c478bd9Sstevel@tonic-gate size_t depth; 5007c478bd9Sstevel@tonic-gate 5017c478bd9Sstevel@tonic-gate switch (LKM_CTLTYPE(lmp->lkm_bufctl)) { 5027c478bd9Sstevel@tonic-gate case LKM_CTL_VMSEG: { 5037c478bd9Sstevel@tonic-gate vmem_seg_t vs; 5047c478bd9Sstevel@tonic-gate 5057c478bd9Sstevel@tonic-gate if (mdb_vread(&vs, sizeof (vs), addr) == -1) { 5067c478bd9Sstevel@tonic-gate mdb_warn("couldn't read leaked vmem_seg at addr %p", 5077c478bd9Sstevel@tonic-gate addr); 5087c478bd9Sstevel@tonic-gate return; 5097c478bd9Sstevel@tonic-gate } 5107c478bd9Sstevel@tonic-gate depth = MIN(vs.vs_depth, VMEM_STACK_DEPTH); 5117c478bd9Sstevel@tonic-gate 5127c478bd9Sstevel@tonic-gate leaky_add_leak(TYPE_VMEM, addr, vs.vs_start, vs.vs_timestamp, 5137c478bd9Sstevel@tonic-gate vs.vs_stack, depth, 0, (vs.vs_end - vs.vs_start)); 5147c478bd9Sstevel@tonic-gate break; 5157c478bd9Sstevel@tonic-gate } 5167c478bd9Sstevel@tonic-gate case LKM_CTL_BUFCTL: { 5177c478bd9Sstevel@tonic-gate kmem_bufctl_audit_t bc; 5187c478bd9Sstevel@tonic-gate 5197c478bd9Sstevel@tonic-gate if (mdb_vread(&bc, sizeof (bc), addr) == -1) { 5207c478bd9Sstevel@tonic-gate mdb_warn("couldn't read leaked bufctl at addr %p", 5217c478bd9Sstevel@tonic-gate addr); 5227c478bd9Sstevel@tonic-gate return; 5237c478bd9Sstevel@tonic-gate } 5247c478bd9Sstevel@tonic-gate 5257c478bd9Sstevel@tonic-gate depth = MIN(bc.bc_depth, KMEM_STACK_DEPTH); 5267c478bd9Sstevel@tonic-gate 5277c478bd9Sstevel@tonic-gate /* 5287c478bd9Sstevel@tonic-gate * The top of the stack will be kmem_cache_alloc+offset. 5297c478bd9Sstevel@tonic-gate * Since the offset in kmem_cache_alloc() isn't interesting 5307c478bd9Sstevel@tonic-gate * we skip that frame for the purposes of uniquifying stacks. 5317c478bd9Sstevel@tonic-gate * 5327c478bd9Sstevel@tonic-gate * We also use the cache pointer as the leaks's cid, to 5337c478bd9Sstevel@tonic-gate * prevent the coalescing of leaks from different caches. 5347c478bd9Sstevel@tonic-gate */ 5357c478bd9Sstevel@tonic-gate if (depth > 0) 5367c478bd9Sstevel@tonic-gate depth--; 5377c478bd9Sstevel@tonic-gate leaky_add_leak(TYPE_KMEM, addr, (uintptr_t)bc.bc_addr, 5387c478bd9Sstevel@tonic-gate bc.bc_timestamp, bc.bc_stack + 1, depth, 5397c478bd9Sstevel@tonic-gate (uintptr_t)bc.bc_cache, 0); 5407c478bd9Sstevel@tonic-gate break; 5417c478bd9Sstevel@tonic-gate } 5427c478bd9Sstevel@tonic-gate case LKM_CTL_CACHE: { 5437c478bd9Sstevel@tonic-gate kmem_cache_t cache; 5447c478bd9Sstevel@tonic-gate kmem_buftag_lite_t bt; 5457c478bd9Sstevel@tonic-gate pc_t caller; 5467c478bd9Sstevel@tonic-gate int depth = 0; 5477c478bd9Sstevel@tonic-gate 5487c478bd9Sstevel@tonic-gate /* 5497c478bd9Sstevel@tonic-gate * For KMF_LITE caches, we can get the allocation PC 5507c478bd9Sstevel@tonic-gate * out of the buftag structure. 5517c478bd9Sstevel@tonic-gate */ 5527c478bd9Sstevel@tonic-gate if (mdb_vread(&cache, sizeof (cache), addr) != -1 && 5537c478bd9Sstevel@tonic-gate (cache.cache_flags & KMF_LITE) && 5547c478bd9Sstevel@tonic-gate kmem_lite_count > 0 && 5557c478bd9Sstevel@tonic-gate mdb_vread(&bt, sizeof (bt), 5567c478bd9Sstevel@tonic-gate /* LINTED alignment */ 5577c478bd9Sstevel@tonic-gate (uintptr_t)KMEM_BUFTAG(&cache, lmp->lkm_base)) != -1) { 5587c478bd9Sstevel@tonic-gate caller = bt.bt_history[0]; 5597c478bd9Sstevel@tonic-gate depth = 1; 5607c478bd9Sstevel@tonic-gate } 5617c478bd9Sstevel@tonic-gate leaky_add_leak(TYPE_CACHE, lmp->lkm_base, lmp->lkm_base, 0, 5627c478bd9Sstevel@tonic-gate &caller, depth, addr, addr); 5637c478bd9Sstevel@tonic-gate break; 5647c478bd9Sstevel@tonic-gate } 5657c478bd9Sstevel@tonic-gate default: 5667c478bd9Sstevel@tonic-gate mdb_warn("internal error: invalid leak_bufctl_t\n"); 5677c478bd9Sstevel@tonic-gate break; 5687c478bd9Sstevel@tonic-gate } 5697c478bd9Sstevel@tonic-gate } 5707c478bd9Sstevel@tonic-gate 5717c478bd9Sstevel@tonic-gate static void 5727c478bd9Sstevel@tonic-gate leaky_subr_caller(const pc_t *stack, uint_t depth, char *buf, uintptr_t *pcp) 5737c478bd9Sstevel@tonic-gate { 5747c478bd9Sstevel@tonic-gate int i; 5757c478bd9Sstevel@tonic-gate GElf_Sym sym; 5767c478bd9Sstevel@tonic-gate uintptr_t pc = 0; 5777c478bd9Sstevel@tonic-gate 5787c478bd9Sstevel@tonic-gate buf[0] = 0; 5797c478bd9Sstevel@tonic-gate 5807c478bd9Sstevel@tonic-gate for (i = 0; i < depth; i++) { 5817c478bd9Sstevel@tonic-gate pc = stack[i]; 5827c478bd9Sstevel@tonic-gate 5837c478bd9Sstevel@tonic-gate if (mdb_lookup_by_addr(pc, 5847c478bd9Sstevel@tonic-gate MDB_SYM_FUZZY, buf, MDB_SYM_NAMLEN, &sym) == -1) 5857c478bd9Sstevel@tonic-gate continue; 5867c478bd9Sstevel@tonic-gate if (strncmp(buf, "kmem_", 5) == 0) 5877c478bd9Sstevel@tonic-gate continue; 5887c478bd9Sstevel@tonic-gate if (strncmp(buf, "vmem_", 5) == 0) 5897c478bd9Sstevel@tonic-gate continue; 5907c478bd9Sstevel@tonic-gate *pcp = pc; 5917c478bd9Sstevel@tonic-gate 5927c478bd9Sstevel@tonic-gate return; 5937c478bd9Sstevel@tonic-gate } 5947c478bd9Sstevel@tonic-gate 5957c478bd9Sstevel@tonic-gate /* 5967c478bd9Sstevel@tonic-gate * We're only here if the entire call chain begins with "kmem_"; 5977c478bd9Sstevel@tonic-gate * this shouldn't happen, but we'll just use the last caller. 5987c478bd9Sstevel@tonic-gate */ 5997c478bd9Sstevel@tonic-gate *pcp = pc; 6007c478bd9Sstevel@tonic-gate } 6017c478bd9Sstevel@tonic-gate 6027c478bd9Sstevel@tonic-gate int 6037c478bd9Sstevel@tonic-gate leaky_subr_bufctl_cmp(const leak_bufctl_t *lhs, const leak_bufctl_t *rhs) 6047c478bd9Sstevel@tonic-gate { 6057c478bd9Sstevel@tonic-gate char lbuf[MDB_SYM_NAMLEN], rbuf[MDB_SYM_NAMLEN]; 6067c478bd9Sstevel@tonic-gate uintptr_t lcaller, rcaller; 6077c478bd9Sstevel@tonic-gate int rval; 6087c478bd9Sstevel@tonic-gate 6097c478bd9Sstevel@tonic-gate leaky_subr_caller(lhs->lkb_stack, lhs->lkb_depth, lbuf, &lcaller); 6107c478bd9Sstevel@tonic-gate leaky_subr_caller(rhs->lkb_stack, lhs->lkb_depth, rbuf, &rcaller); 6117c478bd9Sstevel@tonic-gate 6127c478bd9Sstevel@tonic-gate if (rval = strcmp(lbuf, rbuf)) 6137c478bd9Sstevel@tonic-gate return (rval); 6147c478bd9Sstevel@tonic-gate 6157c478bd9Sstevel@tonic-gate if (lcaller < rcaller) 6167c478bd9Sstevel@tonic-gate return (-1); 6177c478bd9Sstevel@tonic-gate 6187c478bd9Sstevel@tonic-gate if (lcaller > rcaller) 6197c478bd9Sstevel@tonic-gate return (1); 6207c478bd9Sstevel@tonic-gate 6217c478bd9Sstevel@tonic-gate if (lhs->lkb_data < rhs->lkb_data) 6227c478bd9Sstevel@tonic-gate return (-1); 6237c478bd9Sstevel@tonic-gate 6247c478bd9Sstevel@tonic-gate if (lhs->lkb_data > rhs->lkb_data) 6257c478bd9Sstevel@tonic-gate return (1); 6267c478bd9Sstevel@tonic-gate 6277c478bd9Sstevel@tonic-gate return (0); 6287c478bd9Sstevel@tonic-gate } 6297c478bd9Sstevel@tonic-gate 6307c478bd9Sstevel@tonic-gate /* 6317c478bd9Sstevel@tonic-gate * Global state variables used by the leaky_subr_dump_* routines. Note that 6327c478bd9Sstevel@tonic-gate * they are carefully cleared before use. 6337c478bd9Sstevel@tonic-gate */ 6347c478bd9Sstevel@tonic-gate static int lk_vmem_seen; 6357c478bd9Sstevel@tonic-gate static int lk_cache_seen; 6367c478bd9Sstevel@tonic-gate static int lk_kmem_seen; 6377c478bd9Sstevel@tonic-gate static size_t lk_ttl; 6387c478bd9Sstevel@tonic-gate static size_t lk_bytes; 6397c478bd9Sstevel@tonic-gate 6407c478bd9Sstevel@tonic-gate void 6417c478bd9Sstevel@tonic-gate leaky_subr_dump_start(int type) 6427c478bd9Sstevel@tonic-gate { 6437c478bd9Sstevel@tonic-gate switch (type) { 6447c478bd9Sstevel@tonic-gate case TYPE_VMEM: 6457c478bd9Sstevel@tonic-gate lk_vmem_seen = 0; 6467c478bd9Sstevel@tonic-gate break; 6477c478bd9Sstevel@tonic-gate case TYPE_CACHE: 6487c478bd9Sstevel@tonic-gate lk_cache_seen = 0; 6497c478bd9Sstevel@tonic-gate break; 6507c478bd9Sstevel@tonic-gate case TYPE_KMEM: 6517c478bd9Sstevel@tonic-gate lk_kmem_seen = 0; 6527c478bd9Sstevel@tonic-gate break; 6537c478bd9Sstevel@tonic-gate default: 6547c478bd9Sstevel@tonic-gate break; 6557c478bd9Sstevel@tonic-gate } 6567c478bd9Sstevel@tonic-gate 6577c478bd9Sstevel@tonic-gate lk_ttl = 0; 6587c478bd9Sstevel@tonic-gate lk_bytes = 0; 6597c478bd9Sstevel@tonic-gate } 6607c478bd9Sstevel@tonic-gate 6617c478bd9Sstevel@tonic-gate void 6627c478bd9Sstevel@tonic-gate leaky_subr_dump(const leak_bufctl_t *lkb, int verbose) 6637c478bd9Sstevel@tonic-gate { 6647c478bd9Sstevel@tonic-gate const leak_bufctl_t *cur; 6657c478bd9Sstevel@tonic-gate kmem_cache_t cache; 6667c478bd9Sstevel@tonic-gate size_t min, max, size; 6677c478bd9Sstevel@tonic-gate char sz[30]; 6687c478bd9Sstevel@tonic-gate char c[MDB_SYM_NAMLEN]; 6697c478bd9Sstevel@tonic-gate uintptr_t caller; 6707c478bd9Sstevel@tonic-gate 6717c478bd9Sstevel@tonic-gate if (verbose) { 6727c478bd9Sstevel@tonic-gate lk_ttl = 0; 6737c478bd9Sstevel@tonic-gate lk_bytes = 0; 6747c478bd9Sstevel@tonic-gate } 6757c478bd9Sstevel@tonic-gate 6767c478bd9Sstevel@tonic-gate switch (lkb->lkb_type) { 6777c478bd9Sstevel@tonic-gate case TYPE_VMEM: 6787c478bd9Sstevel@tonic-gate if (!verbose && !lk_vmem_seen) { 6797c478bd9Sstevel@tonic-gate lk_vmem_seen = 1; 6807c478bd9Sstevel@tonic-gate mdb_printf("%-16s %7s %?s %s\n", 6817c478bd9Sstevel@tonic-gate "BYTES", "LEAKED", "VMEM_SEG", "CALLER"); 6827c478bd9Sstevel@tonic-gate } 6837c478bd9Sstevel@tonic-gate 6847c478bd9Sstevel@tonic-gate min = max = lkb->lkb_data; 6857c478bd9Sstevel@tonic-gate 6867c478bd9Sstevel@tonic-gate for (cur = lkb; cur != NULL; cur = cur->lkb_next) { 6877c478bd9Sstevel@tonic-gate size = cur->lkb_data; 6887c478bd9Sstevel@tonic-gate 6897c478bd9Sstevel@tonic-gate if (size < min) 6907c478bd9Sstevel@tonic-gate min = size; 6917c478bd9Sstevel@tonic-gate if (size > max) 6927c478bd9Sstevel@tonic-gate max = size; 6937c478bd9Sstevel@tonic-gate 6947c478bd9Sstevel@tonic-gate lk_ttl++; 6957c478bd9Sstevel@tonic-gate lk_bytes += size; 6967c478bd9Sstevel@tonic-gate } 6977c478bd9Sstevel@tonic-gate 6987c478bd9Sstevel@tonic-gate if (min == max) 6997c478bd9Sstevel@tonic-gate (void) mdb_snprintf(sz, sizeof (sz), "%ld", min); 7007c478bd9Sstevel@tonic-gate else 7017c478bd9Sstevel@tonic-gate (void) mdb_snprintf(sz, sizeof (sz), "%ld-%ld", 7027c478bd9Sstevel@tonic-gate min, max); 7037c478bd9Sstevel@tonic-gate 7047c478bd9Sstevel@tonic-gate if (!verbose) { 7057c478bd9Sstevel@tonic-gate leaky_subr_caller(lkb->lkb_stack, lkb->lkb_depth, 7067c478bd9Sstevel@tonic-gate c, &caller); 7077c478bd9Sstevel@tonic-gate 7087c478bd9Sstevel@tonic-gate if (caller != 0) { 7097c478bd9Sstevel@tonic-gate (void) mdb_snprintf(c, sizeof (c), 7107c478bd9Sstevel@tonic-gate "%a", caller); 7117c478bd9Sstevel@tonic-gate } else { 7127c478bd9Sstevel@tonic-gate (void) mdb_snprintf(c, sizeof (c), 7137c478bd9Sstevel@tonic-gate "%s", "?"); 7147c478bd9Sstevel@tonic-gate } 7157c478bd9Sstevel@tonic-gate mdb_printf("%-16s %7d %?p %s\n", sz, lkb->lkb_dups + 1, 7167c478bd9Sstevel@tonic-gate lkb->lkb_addr, c); 7177c478bd9Sstevel@tonic-gate } else { 7187c478bd9Sstevel@tonic-gate mdb_arg_t v; 7197c478bd9Sstevel@tonic-gate 7207c478bd9Sstevel@tonic-gate if (lk_ttl == 1) 7217c478bd9Sstevel@tonic-gate mdb_printf("kmem_oversize leak: 1 vmem_seg, " 7227c478bd9Sstevel@tonic-gate "%ld bytes\n", lk_bytes); 7237c478bd9Sstevel@tonic-gate else 7247c478bd9Sstevel@tonic-gate mdb_printf("kmem_oversize leak: %d vmem_segs, " 7257c478bd9Sstevel@tonic-gate "%s bytes each, %ld bytes total\n", 7267c478bd9Sstevel@tonic-gate lk_ttl, sz, lk_bytes); 7277c478bd9Sstevel@tonic-gate 7287c478bd9Sstevel@tonic-gate v.a_type = MDB_TYPE_STRING; 7297c478bd9Sstevel@tonic-gate v.a_un.a_str = "-v"; 7307c478bd9Sstevel@tonic-gate 7317c478bd9Sstevel@tonic-gate if (mdb_call_dcmd("vmem_seg", lkb->lkb_addr, 7327c478bd9Sstevel@tonic-gate DCMD_ADDRSPEC, 1, &v) == -1) { 7337c478bd9Sstevel@tonic-gate mdb_warn("'%p::vmem_seg -v' failed", 7347c478bd9Sstevel@tonic-gate lkb->lkb_addr); 7357c478bd9Sstevel@tonic-gate } 7367c478bd9Sstevel@tonic-gate } 7377c478bd9Sstevel@tonic-gate return; 7387c478bd9Sstevel@tonic-gate 7397c478bd9Sstevel@tonic-gate case TYPE_CACHE: 7407c478bd9Sstevel@tonic-gate if (!verbose && !lk_cache_seen) { 7417c478bd9Sstevel@tonic-gate lk_cache_seen = 1; 7427c478bd9Sstevel@tonic-gate if (lk_vmem_seen) 7437c478bd9Sstevel@tonic-gate mdb_printf("\n"); 7447c478bd9Sstevel@tonic-gate mdb_printf("%-?s %7s %?s %s\n", 7457c478bd9Sstevel@tonic-gate "CACHE", "LEAKED", "BUFFER", "CALLER"); 7467c478bd9Sstevel@tonic-gate } 7477c478bd9Sstevel@tonic-gate 7487c478bd9Sstevel@tonic-gate if (mdb_vread(&cache, sizeof (cache), lkb->lkb_data) == -1) { 7497c478bd9Sstevel@tonic-gate /* 7507c478bd9Sstevel@tonic-gate * This _really_ shouldn't happen; we shouldn't 7517c478bd9Sstevel@tonic-gate * have been able to get this far if this 7527c478bd9Sstevel@tonic-gate * cache wasn't readable. 7537c478bd9Sstevel@tonic-gate */ 7547c478bd9Sstevel@tonic-gate mdb_warn("can't read cache %p for leaked " 7557c478bd9Sstevel@tonic-gate "buffer %p", lkb->lkb_data, lkb->lkb_addr); 7567c478bd9Sstevel@tonic-gate return; 7577c478bd9Sstevel@tonic-gate } 7587c478bd9Sstevel@tonic-gate 7597c478bd9Sstevel@tonic-gate lk_ttl += lkb->lkb_dups + 1; 7607c478bd9Sstevel@tonic-gate lk_bytes += (lkb->lkb_dups + 1) * cache.cache_bufsize; 7617c478bd9Sstevel@tonic-gate 7627c478bd9Sstevel@tonic-gate caller = (lkb->lkb_depth == 0) ? 0 : lkb->lkb_stack[0]; 7637c478bd9Sstevel@tonic-gate if (caller != 0) { 7647c478bd9Sstevel@tonic-gate (void) mdb_snprintf(c, sizeof (c), "%a", caller); 7657c478bd9Sstevel@tonic-gate } else { 7667c478bd9Sstevel@tonic-gate (void) mdb_snprintf(c, sizeof (c), 7677c478bd9Sstevel@tonic-gate "%s", (verbose) ? "" : "?"); 7687c478bd9Sstevel@tonic-gate } 7697c478bd9Sstevel@tonic-gate 7707c478bd9Sstevel@tonic-gate if (!verbose) { 7717c478bd9Sstevel@tonic-gate mdb_printf("%0?p %7d %0?p %s\n", lkb->lkb_cid, 7727c478bd9Sstevel@tonic-gate lkb->lkb_dups + 1, lkb->lkb_addr, c); 7737c478bd9Sstevel@tonic-gate } else { 7747c478bd9Sstevel@tonic-gate if (lk_ttl == 1) 7757c478bd9Sstevel@tonic-gate mdb_printf("%s leak: 1 buffer, %ld bytes,\n", 7767c478bd9Sstevel@tonic-gate cache.cache_name, lk_bytes); 7777c478bd9Sstevel@tonic-gate else 7787c478bd9Sstevel@tonic-gate mdb_printf("%s leak: %d buffers, " 7797c478bd9Sstevel@tonic-gate "%ld bytes each, %ld bytes total,\n", 7807c478bd9Sstevel@tonic-gate cache.cache_name, lk_ttl, 7817c478bd9Sstevel@tonic-gate cache.cache_bufsize, lk_bytes); 7827c478bd9Sstevel@tonic-gate 7837c478bd9Sstevel@tonic-gate mdb_printf(" sample addr %p%s%s\n", 7847c478bd9Sstevel@tonic-gate lkb->lkb_addr, (caller == 0) ? "" : ", caller ", c); 7857c478bd9Sstevel@tonic-gate } 7867c478bd9Sstevel@tonic-gate return; 7877c478bd9Sstevel@tonic-gate 7887c478bd9Sstevel@tonic-gate case TYPE_KMEM: 7897c478bd9Sstevel@tonic-gate if (!verbose && !lk_kmem_seen) { 7907c478bd9Sstevel@tonic-gate lk_kmem_seen = 1; 7917c478bd9Sstevel@tonic-gate if (lk_vmem_seen || lk_cache_seen) 7927c478bd9Sstevel@tonic-gate mdb_printf("\n"); 7937c478bd9Sstevel@tonic-gate mdb_printf("%-?s %7s %?s %s\n", 7947c478bd9Sstevel@tonic-gate "CACHE", "LEAKED", "BUFCTL", "CALLER"); 7957c478bd9Sstevel@tonic-gate } 7967c478bd9Sstevel@tonic-gate 7977c478bd9Sstevel@tonic-gate if (mdb_vread(&cache, sizeof (cache), lkb->lkb_cid) == -1) { 7987c478bd9Sstevel@tonic-gate /* 7997c478bd9Sstevel@tonic-gate * This _really_ shouldn't happen; we shouldn't 8007c478bd9Sstevel@tonic-gate * have been able to get this far if this 8017c478bd9Sstevel@tonic-gate * cache wasn't readable. 8027c478bd9Sstevel@tonic-gate */ 8037c478bd9Sstevel@tonic-gate mdb_warn("can't read cache %p for leaked " 8047c478bd9Sstevel@tonic-gate "bufctl %p", lkb->lkb_cid, lkb->lkb_addr); 8057c478bd9Sstevel@tonic-gate return; 8067c478bd9Sstevel@tonic-gate } 8077c478bd9Sstevel@tonic-gate 8087c478bd9Sstevel@tonic-gate lk_ttl += lkb->lkb_dups + 1; 8097c478bd9Sstevel@tonic-gate lk_bytes += (lkb->lkb_dups + 1) * cache.cache_bufsize; 8107c478bd9Sstevel@tonic-gate 8117c478bd9Sstevel@tonic-gate if (!verbose) { 8127c478bd9Sstevel@tonic-gate leaky_subr_caller(lkb->lkb_stack, lkb->lkb_depth, 8137c478bd9Sstevel@tonic-gate c, &caller); 8147c478bd9Sstevel@tonic-gate 8157c478bd9Sstevel@tonic-gate if (caller != 0) { 8167c478bd9Sstevel@tonic-gate (void) mdb_snprintf(c, sizeof (c), 8177c478bd9Sstevel@tonic-gate "%a", caller); 8187c478bd9Sstevel@tonic-gate } else { 8197c478bd9Sstevel@tonic-gate (void) mdb_snprintf(c, sizeof (c), 8207c478bd9Sstevel@tonic-gate "%s", "?"); 8217c478bd9Sstevel@tonic-gate } 8227c478bd9Sstevel@tonic-gate mdb_printf("%0?p %7d %0?p %s\n", lkb->lkb_cid, 8237c478bd9Sstevel@tonic-gate lkb->lkb_dups + 1, lkb->lkb_addr, c); 8247c478bd9Sstevel@tonic-gate } else { 8257c478bd9Sstevel@tonic-gate mdb_arg_t v; 8267c478bd9Sstevel@tonic-gate 8277c478bd9Sstevel@tonic-gate if (lk_ttl == 1) 8287c478bd9Sstevel@tonic-gate mdb_printf("%s leak: 1 buffer, %ld bytes\n", 8297c478bd9Sstevel@tonic-gate cache.cache_name, lk_bytes); 8307c478bd9Sstevel@tonic-gate else 8317c478bd9Sstevel@tonic-gate mdb_printf("%s leak: %d buffers, " 8327c478bd9Sstevel@tonic-gate "%ld bytes each, %ld bytes total\n", 8337c478bd9Sstevel@tonic-gate cache.cache_name, lk_ttl, 8347c478bd9Sstevel@tonic-gate cache.cache_bufsize, lk_bytes); 8357c478bd9Sstevel@tonic-gate 8367c478bd9Sstevel@tonic-gate v.a_type = MDB_TYPE_STRING; 8377c478bd9Sstevel@tonic-gate v.a_un.a_str = "-v"; 8387c478bd9Sstevel@tonic-gate 8397c478bd9Sstevel@tonic-gate if (mdb_call_dcmd("bufctl", lkb->lkb_addr, 8407c478bd9Sstevel@tonic-gate DCMD_ADDRSPEC, 1, &v) == -1) { 8417c478bd9Sstevel@tonic-gate mdb_warn("'%p::bufctl -v' failed", 8427c478bd9Sstevel@tonic-gate lkb->lkb_addr); 8437c478bd9Sstevel@tonic-gate } 8447c478bd9Sstevel@tonic-gate } 8457c478bd9Sstevel@tonic-gate return; 8467c478bd9Sstevel@tonic-gate 8477c478bd9Sstevel@tonic-gate default: 8487c478bd9Sstevel@tonic-gate return; 8497c478bd9Sstevel@tonic-gate } 8507c478bd9Sstevel@tonic-gate } 8517c478bd9Sstevel@tonic-gate 8527c478bd9Sstevel@tonic-gate void 8537c478bd9Sstevel@tonic-gate leaky_subr_dump_end(int type) 8547c478bd9Sstevel@tonic-gate { 8557c478bd9Sstevel@tonic-gate int i; 8567c478bd9Sstevel@tonic-gate int width; 8577c478bd9Sstevel@tonic-gate const char *leaks; 8587c478bd9Sstevel@tonic-gate 8597c478bd9Sstevel@tonic-gate switch (type) { 8607c478bd9Sstevel@tonic-gate case TYPE_VMEM: 8617c478bd9Sstevel@tonic-gate if (!lk_vmem_seen) 8627c478bd9Sstevel@tonic-gate return; 8637c478bd9Sstevel@tonic-gate 8647c478bd9Sstevel@tonic-gate width = 16; 8657c478bd9Sstevel@tonic-gate leaks = "kmem_oversize leak"; 8667c478bd9Sstevel@tonic-gate break; 8677c478bd9Sstevel@tonic-gate 8687c478bd9Sstevel@tonic-gate case TYPE_CACHE: 8697c478bd9Sstevel@tonic-gate if (!lk_cache_seen) 8707c478bd9Sstevel@tonic-gate return; 8717c478bd9Sstevel@tonic-gate 8727c478bd9Sstevel@tonic-gate width = sizeof (uintptr_t) * 2; 8737c478bd9Sstevel@tonic-gate leaks = "buffer"; 8747c478bd9Sstevel@tonic-gate break; 8757c478bd9Sstevel@tonic-gate 8767c478bd9Sstevel@tonic-gate case TYPE_KMEM: 8777c478bd9Sstevel@tonic-gate if (!lk_kmem_seen) 8787c478bd9Sstevel@tonic-gate return; 8797c478bd9Sstevel@tonic-gate 8807c478bd9Sstevel@tonic-gate width = sizeof (uintptr_t) * 2; 8817c478bd9Sstevel@tonic-gate leaks = "buffer"; 8827c478bd9Sstevel@tonic-gate break; 8837c478bd9Sstevel@tonic-gate 8847c478bd9Sstevel@tonic-gate default: 8857c478bd9Sstevel@tonic-gate return; 8867c478bd9Sstevel@tonic-gate } 8877c478bd9Sstevel@tonic-gate 8887c478bd9Sstevel@tonic-gate for (i = 0; i < 72; i++) 8897c478bd9Sstevel@tonic-gate mdb_printf("-"); 8907c478bd9Sstevel@tonic-gate mdb_printf("\n%*s %7ld %s%s, %ld byte%s\n", 8917c478bd9Sstevel@tonic-gate width, "Total", lk_ttl, leaks, (lk_ttl == 1) ? "" : "s", 8927c478bd9Sstevel@tonic-gate lk_bytes, (lk_bytes == 1) ? "" : "s"); 8937c478bd9Sstevel@tonic-gate } 8947c478bd9Sstevel@tonic-gate 8957c478bd9Sstevel@tonic-gate int 8967c478bd9Sstevel@tonic-gate leaky_subr_invoke_callback(const leak_bufctl_t *lkb, mdb_walk_cb_t cb, 8977c478bd9Sstevel@tonic-gate void *cbdata) 8987c478bd9Sstevel@tonic-gate { 8997c478bd9Sstevel@tonic-gate kmem_bufctl_audit_t bc; 9007c478bd9Sstevel@tonic-gate vmem_seg_t vs; 9017c478bd9Sstevel@tonic-gate 9027c478bd9Sstevel@tonic-gate switch (lkb->lkb_type) { 9037c478bd9Sstevel@tonic-gate case TYPE_VMEM: 9047c478bd9Sstevel@tonic-gate if (mdb_vread(&vs, sizeof (vs), lkb->lkb_addr) == -1) { 9057c478bd9Sstevel@tonic-gate mdb_warn("unable to read vmem_seg at %p", 9067c478bd9Sstevel@tonic-gate lkb->lkb_addr); 9077c478bd9Sstevel@tonic-gate return (WALK_NEXT); 9087c478bd9Sstevel@tonic-gate } 9097c478bd9Sstevel@tonic-gate return (cb(lkb->lkb_addr, &vs, cbdata)); 9107c478bd9Sstevel@tonic-gate 9117c478bd9Sstevel@tonic-gate case TYPE_CACHE: 9127c478bd9Sstevel@tonic-gate return (cb(lkb->lkb_addr, NULL, cbdata)); 9137c478bd9Sstevel@tonic-gate 9147c478bd9Sstevel@tonic-gate case TYPE_KMEM: 9157c478bd9Sstevel@tonic-gate if (mdb_vread(&bc, sizeof (bc), lkb->lkb_addr) == -1) { 9167c478bd9Sstevel@tonic-gate mdb_warn("unable to read bufctl at %p", 9177c478bd9Sstevel@tonic-gate lkb->lkb_addr); 9187c478bd9Sstevel@tonic-gate return (WALK_NEXT); 9197c478bd9Sstevel@tonic-gate } 9207c478bd9Sstevel@tonic-gate return (cb(lkb->lkb_addr, &bc, cbdata)); 9217c478bd9Sstevel@tonic-gate default: 9227c478bd9Sstevel@tonic-gate return (WALK_NEXT); 9237c478bd9Sstevel@tonic-gate } 9247c478bd9Sstevel@tonic-gate } 925