17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
57c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only
67c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance
77c478bd9Sstevel@tonic-gate * with the License.
87c478bd9Sstevel@tonic-gate *
97c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
107c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
117c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
127c478bd9Sstevel@tonic-gate * and limitations under the License.
137c478bd9Sstevel@tonic-gate *
147c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
157c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
167c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
177c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
187c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
197c478bd9Sstevel@tonic-gate *
207c478bd9Sstevel@tonic-gate * CDDL HEADER END
217c478bd9Sstevel@tonic-gate */
227c478bd9Sstevel@tonic-gate /*
2301f19855Scth * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
247c478bd9Sstevel@tonic-gate * Use is subject to license terms.
257c478bd9Sstevel@tonic-gate */
267c478bd9Sstevel@tonic-gate
277c478bd9Sstevel@tonic-gate #include <mdb/mdb_param.h>
287c478bd9Sstevel@tonic-gate #include <mdb/mdb_modapi.h>
297c478bd9Sstevel@tonic-gate
307c478bd9Sstevel@tonic-gate #include <sys/fs/ufs_inode.h>
317c478bd9Sstevel@tonic-gate #include <sys/kmem_impl.h>
327c478bd9Sstevel@tonic-gate #include <sys/vmem_impl.h>
337c478bd9Sstevel@tonic-gate #include <sys/modctl.h>
347c478bd9Sstevel@tonic-gate #include <sys/kobj.h>
357c478bd9Sstevel@tonic-gate #include <sys/kobj_impl.h>
367c478bd9Sstevel@tonic-gate #include <vm/seg_vn.h>
377c478bd9Sstevel@tonic-gate #include <vm/as.h>
387c478bd9Sstevel@tonic-gate #include <vm/seg_map.h>
397c478bd9Sstevel@tonic-gate #include <mdb/mdb_ctf.h>
407c478bd9Sstevel@tonic-gate
417c478bd9Sstevel@tonic-gate #include "kmem.h"
427c478bd9Sstevel@tonic-gate #include "leaky_impl.h"
437c478bd9Sstevel@tonic-gate
447c478bd9Sstevel@tonic-gate /*
457c478bd9Sstevel@tonic-gate * This file defines the genunix target for leaky.c. There are three types
467c478bd9Sstevel@tonic-gate * of buffers in the kernel's heap: TYPE_VMEM, for kmem_oversize allocations,
477c478bd9Sstevel@tonic-gate * TYPE_KMEM, for kmem_cache_alloc() allocations bufctl_audit_ts, and
487c478bd9Sstevel@tonic-gate * TYPE_CACHE, for kmem_cache_alloc() allocation without bufctl_audit_ts.
497c478bd9Sstevel@tonic-gate *
507c478bd9Sstevel@tonic-gate * See "leaky_impl.h" for the target interface definition.
517c478bd9Sstevel@tonic-gate */
527c478bd9Sstevel@tonic-gate
537c478bd9Sstevel@tonic-gate #define TYPE_VMEM 0 /* lkb_data is the vmem_seg's size */
547c478bd9Sstevel@tonic-gate #define TYPE_CACHE 1 /* lkb_cid is the bufctl's cache */
557c478bd9Sstevel@tonic-gate #define TYPE_KMEM 2 /* lkb_cid is the bufctl's cache */
567c478bd9Sstevel@tonic-gate
577c478bd9Sstevel@tonic-gate #define LKM_CTL_BUFCTL 0 /* normal allocation, PTR is bufctl */
587c478bd9Sstevel@tonic-gate #define LKM_CTL_VMSEG 1 /* oversize allocation, PTR is vmem_seg_t */
597c478bd9Sstevel@tonic-gate #define LKM_CTL_CACHE 2 /* normal alloc, non-debug, PTR is cache */
607c478bd9Sstevel@tonic-gate #define LKM_CTL_MASK 3L
617c478bd9Sstevel@tonic-gate
627c478bd9Sstevel@tonic-gate #define LKM_CTL(ptr, type) (LKM_CTLPTR(ptr) | (type))
637c478bd9Sstevel@tonic-gate #define LKM_CTLPTR(ctl) ((uintptr_t)(ctl) & ~(LKM_CTL_MASK))
647c478bd9Sstevel@tonic-gate #define LKM_CTLTYPE(ctl) ((uintptr_t)(ctl) & (LKM_CTL_MASK))
657c478bd9Sstevel@tonic-gate
667c478bd9Sstevel@tonic-gate static int kmem_lite_count = 0; /* cache of the kernel's version */
677c478bd9Sstevel@tonic-gate
687c478bd9Sstevel@tonic-gate /*ARGSUSED*/
697c478bd9Sstevel@tonic-gate static int
leaky_mtab(uintptr_t addr,const kmem_bufctl_audit_t * bcp,leak_mtab_t ** lmp)707c478bd9Sstevel@tonic-gate leaky_mtab(uintptr_t addr, const kmem_bufctl_audit_t *bcp, leak_mtab_t **lmp)
717c478bd9Sstevel@tonic-gate {
727c478bd9Sstevel@tonic-gate leak_mtab_t *lm = (*lmp)++;
737c478bd9Sstevel@tonic-gate
747c478bd9Sstevel@tonic-gate lm->lkm_base = (uintptr_t)bcp->bc_addr;
757c478bd9Sstevel@tonic-gate lm->lkm_bufctl = LKM_CTL(addr, LKM_CTL_BUFCTL);
767c478bd9Sstevel@tonic-gate
777c478bd9Sstevel@tonic-gate return (WALK_NEXT);
787c478bd9Sstevel@tonic-gate }
797c478bd9Sstevel@tonic-gate
807c478bd9Sstevel@tonic-gate /*ARGSUSED*/
817c478bd9Sstevel@tonic-gate static int
leaky_mtab_addr(uintptr_t addr,void * ignored,leak_mtab_t ** lmp)827c478bd9Sstevel@tonic-gate leaky_mtab_addr(uintptr_t addr, void *ignored, leak_mtab_t **lmp)
837c478bd9Sstevel@tonic-gate {
847c478bd9Sstevel@tonic-gate leak_mtab_t *lm = (*lmp)++;
857c478bd9Sstevel@tonic-gate
867c478bd9Sstevel@tonic-gate lm->lkm_base = addr;
877c478bd9Sstevel@tonic-gate
887c478bd9Sstevel@tonic-gate return (WALK_NEXT);
897c478bd9Sstevel@tonic-gate }
907c478bd9Sstevel@tonic-gate
917c478bd9Sstevel@tonic-gate static int
leaky_seg(uintptr_t addr,const vmem_seg_t * seg,leak_mtab_t ** lmp)927c478bd9Sstevel@tonic-gate leaky_seg(uintptr_t addr, const vmem_seg_t *seg, leak_mtab_t **lmp)
937c478bd9Sstevel@tonic-gate {
947c478bd9Sstevel@tonic-gate leak_mtab_t *lm = (*lmp)++;
957c478bd9Sstevel@tonic-gate
967c478bd9Sstevel@tonic-gate lm->lkm_base = seg->vs_start;
977c478bd9Sstevel@tonic-gate lm->lkm_limit = seg->vs_end;
987c478bd9Sstevel@tonic-gate lm->lkm_bufctl = LKM_CTL(addr, LKM_CTL_VMSEG);
997c478bd9Sstevel@tonic-gate
1007c478bd9Sstevel@tonic-gate return (WALK_NEXT);
1017c478bd9Sstevel@tonic-gate }
1027c478bd9Sstevel@tonic-gate
1037c478bd9Sstevel@tonic-gate static int
leaky_vmem_interested(const vmem_t * vmem)1047c478bd9Sstevel@tonic-gate leaky_vmem_interested(const vmem_t *vmem)
1057c478bd9Sstevel@tonic-gate {
1067c478bd9Sstevel@tonic-gate if (strcmp(vmem->vm_name, "kmem_oversize") != 0 &&
1077c478bd9Sstevel@tonic-gate strcmp(vmem->vm_name, "static_alloc") != 0)
1087c478bd9Sstevel@tonic-gate return (0);
1097c478bd9Sstevel@tonic-gate return (1);
1107c478bd9Sstevel@tonic-gate }
1117c478bd9Sstevel@tonic-gate
1127c478bd9Sstevel@tonic-gate static int
leaky_vmem(uintptr_t addr,const vmem_t * vmem,leak_mtab_t ** lmp)1137c478bd9Sstevel@tonic-gate leaky_vmem(uintptr_t addr, const vmem_t *vmem, leak_mtab_t **lmp)
1147c478bd9Sstevel@tonic-gate {
1157c478bd9Sstevel@tonic-gate if (!leaky_vmem_interested(vmem))
1167c478bd9Sstevel@tonic-gate return (WALK_NEXT);
1177c478bd9Sstevel@tonic-gate
1187c478bd9Sstevel@tonic-gate if (mdb_pwalk("vmem_alloc", (mdb_walk_cb_t)leaky_seg, lmp, addr) == -1)
1197c478bd9Sstevel@tonic-gate mdb_warn("can't walk vmem_alloc for kmem_oversize (%p)", addr);
1207c478bd9Sstevel@tonic-gate
1217c478bd9Sstevel@tonic-gate return (WALK_NEXT);
1227c478bd9Sstevel@tonic-gate }
1237c478bd9Sstevel@tonic-gate
1247c478bd9Sstevel@tonic-gate /*ARGSUSED*/
1257c478bd9Sstevel@tonic-gate static int
leaky_estimate_vmem(uintptr_t addr,const vmem_t * vmem,size_t * est)1267c478bd9Sstevel@tonic-gate leaky_estimate_vmem(uintptr_t addr, const vmem_t *vmem, size_t *est)
1277c478bd9Sstevel@tonic-gate {
1287c478bd9Sstevel@tonic-gate if (!leaky_vmem_interested(vmem))
1297c478bd9Sstevel@tonic-gate return (WALK_NEXT);
1307c478bd9Sstevel@tonic-gate
1317c478bd9Sstevel@tonic-gate *est += (int)(vmem->vm_kstat.vk_alloc.value.ui64 -
1327c478bd9Sstevel@tonic-gate vmem->vm_kstat.vk_free.value.ui64);
1337c478bd9Sstevel@tonic-gate
1347c478bd9Sstevel@tonic-gate return (WALK_NEXT);
1357c478bd9Sstevel@tonic-gate }
1367c478bd9Sstevel@tonic-gate
1377c478bd9Sstevel@tonic-gate static int
leaky_interested(const kmem_cache_t * c)1387c478bd9Sstevel@tonic-gate leaky_interested(const kmem_cache_t *c)
1397c478bd9Sstevel@tonic-gate {
1407c478bd9Sstevel@tonic-gate vmem_t vmem;
1417c478bd9Sstevel@tonic-gate
1427c478bd9Sstevel@tonic-gate /*
1437c478bd9Sstevel@tonic-gate * ignore HAT-related caches that happen to derive from kmem_default
1447c478bd9Sstevel@tonic-gate */
1457c478bd9Sstevel@tonic-gate if (strcmp(c->cache_name, "sfmmu1_cache") == 0 ||
1467c478bd9Sstevel@tonic-gate strcmp(c->cache_name, "sf_hment_cache") == 0 ||
1477c478bd9Sstevel@tonic-gate strcmp(c->cache_name, "pa_hment_cache") == 0)
1487c478bd9Sstevel@tonic-gate return (0);
1497c478bd9Sstevel@tonic-gate
1507c478bd9Sstevel@tonic-gate if (mdb_vread(&vmem, sizeof (vmem), (uintptr_t)c->cache_arena) == -1) {
1517c478bd9Sstevel@tonic-gate mdb_warn("cannot read arena %p for cache '%s'",
1527c478bd9Sstevel@tonic-gate (uintptr_t)c->cache_arena, c->cache_name);
1537c478bd9Sstevel@tonic-gate return (0);
1547c478bd9Sstevel@tonic-gate }
1557c478bd9Sstevel@tonic-gate
1567c478bd9Sstevel@tonic-gate /*
1577c478bd9Sstevel@tonic-gate * If this cache isn't allocating from the kmem_default,
1587c478bd9Sstevel@tonic-gate * kmem_firewall, or static vmem arenas, we're not interested.
1597c478bd9Sstevel@tonic-gate */
1607c478bd9Sstevel@tonic-gate if (strcmp(vmem.vm_name, "kmem_default") != 0 &&
1617c478bd9Sstevel@tonic-gate strcmp(vmem.vm_name, "kmem_firewall") != 0 &&
1627c478bd9Sstevel@tonic-gate strcmp(vmem.vm_name, "static") != 0)
1637c478bd9Sstevel@tonic-gate return (0);
1647c478bd9Sstevel@tonic-gate
1657c478bd9Sstevel@tonic-gate return (1);
1667c478bd9Sstevel@tonic-gate }
1677c478bd9Sstevel@tonic-gate
1687c478bd9Sstevel@tonic-gate static int
leaky_estimate(uintptr_t addr,const kmem_cache_t * c,size_t * est)1697c478bd9Sstevel@tonic-gate leaky_estimate(uintptr_t addr, const kmem_cache_t *c, size_t *est)
1707c478bd9Sstevel@tonic-gate {
1717c478bd9Sstevel@tonic-gate if (!leaky_interested(c))
1727c478bd9Sstevel@tonic-gate return (WALK_NEXT);
1737c478bd9Sstevel@tonic-gate
1747c478bd9Sstevel@tonic-gate *est += kmem_estimate_allocated(addr, c);
1757c478bd9Sstevel@tonic-gate
1767c478bd9Sstevel@tonic-gate return (WALK_NEXT);
1777c478bd9Sstevel@tonic-gate }
1787c478bd9Sstevel@tonic-gate
1797c478bd9Sstevel@tonic-gate /*ARGSUSED*/
1807c478bd9Sstevel@tonic-gate static int
leaky_cache(uintptr_t addr,const kmem_cache_t * c,leak_mtab_t ** lmp)1817c478bd9Sstevel@tonic-gate leaky_cache(uintptr_t addr, const kmem_cache_t *c, leak_mtab_t **lmp)
1827c478bd9Sstevel@tonic-gate {
1837c478bd9Sstevel@tonic-gate leak_mtab_t *lm = *lmp;
1847c478bd9Sstevel@tonic-gate mdb_walk_cb_t cb;
1857c478bd9Sstevel@tonic-gate const char *walk;
1867c478bd9Sstevel@tonic-gate int audit = (c->cache_flags & KMF_AUDIT);
1877c478bd9Sstevel@tonic-gate
1887c478bd9Sstevel@tonic-gate if (!leaky_interested(c))
1897c478bd9Sstevel@tonic-gate return (WALK_NEXT);
1907c478bd9Sstevel@tonic-gate
1917c478bd9Sstevel@tonic-gate if (audit) {
1927c478bd9Sstevel@tonic-gate walk = "bufctl";
1937c478bd9Sstevel@tonic-gate cb = (mdb_walk_cb_t)leaky_mtab;
1947c478bd9Sstevel@tonic-gate } else {
1957c478bd9Sstevel@tonic-gate walk = "kmem";
1967c478bd9Sstevel@tonic-gate cb = (mdb_walk_cb_t)leaky_mtab_addr;
1977c478bd9Sstevel@tonic-gate }
1987c478bd9Sstevel@tonic-gate if (mdb_pwalk(walk, cb, lmp, addr) == -1) {
1997c478bd9Sstevel@tonic-gate mdb_warn("can't walk kmem for cache %p (%s)", addr,
2007c478bd9Sstevel@tonic-gate c->cache_name);
2017c478bd9Sstevel@tonic-gate return (WALK_DONE);
2027c478bd9Sstevel@tonic-gate }
2037c478bd9Sstevel@tonic-gate
2047c478bd9Sstevel@tonic-gate for (; lm < *lmp; lm++) {
2057c478bd9Sstevel@tonic-gate lm->lkm_limit = lm->lkm_base + c->cache_bufsize;
2067c478bd9Sstevel@tonic-gate if (!audit)
2077c478bd9Sstevel@tonic-gate lm->lkm_bufctl = LKM_CTL(addr, LKM_CTL_CACHE);
2087c478bd9Sstevel@tonic-gate }
2097c478bd9Sstevel@tonic-gate
2107c478bd9Sstevel@tonic-gate return (WALK_NEXT);
2117c478bd9Sstevel@tonic-gate }
2127c478bd9Sstevel@tonic-gate
2137c478bd9Sstevel@tonic-gate /*ARGSUSED*/
2147c478bd9Sstevel@tonic-gate static int
leaky_scan_buffer(uintptr_t addr,const void * ignored,const kmem_cache_t * c)2157c478bd9Sstevel@tonic-gate leaky_scan_buffer(uintptr_t addr, const void *ignored, const kmem_cache_t *c)
2167c478bd9Sstevel@tonic-gate {
2177c478bd9Sstevel@tonic-gate leaky_grep(addr, c->cache_bufsize);
2187c478bd9Sstevel@tonic-gate
2197c478bd9Sstevel@tonic-gate /*
2207c478bd9Sstevel@tonic-gate * free, constructed KMF_LITE buffers keep their first uint64_t in
2217c478bd9Sstevel@tonic-gate * their buftag's redzone.
2227c478bd9Sstevel@tonic-gate */
2237c478bd9Sstevel@tonic-gate if (c->cache_flags & KMF_LITE) {
2247c478bd9Sstevel@tonic-gate /* LINTED alignment */
2257c478bd9Sstevel@tonic-gate kmem_buftag_t *btp = KMEM_BUFTAG(c, addr);
2267c478bd9Sstevel@tonic-gate leaky_grep((uintptr_t)&btp->bt_redzone,
2277c478bd9Sstevel@tonic-gate sizeof (btp->bt_redzone));
2287c478bd9Sstevel@tonic-gate }
2297c478bd9Sstevel@tonic-gate
2307c478bd9Sstevel@tonic-gate return (WALK_NEXT);
2317c478bd9Sstevel@tonic-gate }
2327c478bd9Sstevel@tonic-gate
2337c478bd9Sstevel@tonic-gate /*ARGSUSED*/
2347c478bd9Sstevel@tonic-gate static int
leaky_scan_cache(uintptr_t addr,const kmem_cache_t * c,void * ignored)2357c478bd9Sstevel@tonic-gate leaky_scan_cache(uintptr_t addr, const kmem_cache_t *c, void *ignored)
2367c478bd9Sstevel@tonic-gate {
2377c478bd9Sstevel@tonic-gate if (!leaky_interested(c))
2387c478bd9Sstevel@tonic-gate return (WALK_NEXT);
2397c478bd9Sstevel@tonic-gate
2407c478bd9Sstevel@tonic-gate /*
2417c478bd9Sstevel@tonic-gate * Scan all of the free, constructed buffers, since they may have
2427c478bd9Sstevel@tonic-gate * pointers to allocated objects.
2437c478bd9Sstevel@tonic-gate */
2447c478bd9Sstevel@tonic-gate if (mdb_pwalk("freemem_constructed",
2457c478bd9Sstevel@tonic-gate (mdb_walk_cb_t)leaky_scan_buffer, (void *)c, addr) == -1) {
2467c478bd9Sstevel@tonic-gate mdb_warn("can't walk freemem_constructed for cache %p (%s)",
2477c478bd9Sstevel@tonic-gate addr, c->cache_name);
2487c478bd9Sstevel@tonic-gate return (WALK_DONE);
2497c478bd9Sstevel@tonic-gate }
2507c478bd9Sstevel@tonic-gate
2517c478bd9Sstevel@tonic-gate return (WALK_NEXT);
2527c478bd9Sstevel@tonic-gate }
2537c478bd9Sstevel@tonic-gate
2547c478bd9Sstevel@tonic-gate /*ARGSUSED*/
2557c478bd9Sstevel@tonic-gate static int
leaky_modctl(uintptr_t addr,const struct modctl * m,int * ignored)2567c478bd9Sstevel@tonic-gate leaky_modctl(uintptr_t addr, const struct modctl *m, int *ignored)
2577c478bd9Sstevel@tonic-gate {
2587c478bd9Sstevel@tonic-gate struct module mod;
2597c478bd9Sstevel@tonic-gate char name[MODMAXNAMELEN];
2607c478bd9Sstevel@tonic-gate
2617c478bd9Sstevel@tonic-gate if (m->mod_mp == NULL)
2627c478bd9Sstevel@tonic-gate return (WALK_NEXT);
2637c478bd9Sstevel@tonic-gate
2647c478bd9Sstevel@tonic-gate if (mdb_vread(&mod, sizeof (mod), (uintptr_t)m->mod_mp) == -1) {
2657c478bd9Sstevel@tonic-gate mdb_warn("couldn't read modctl %p's module", addr);
2667c478bd9Sstevel@tonic-gate return (WALK_NEXT);
2677c478bd9Sstevel@tonic-gate }
2687c478bd9Sstevel@tonic-gate
2697c478bd9Sstevel@tonic-gate if (mdb_readstr(name, sizeof (name), (uintptr_t)m->mod_modname) == -1)
2707c478bd9Sstevel@tonic-gate (void) mdb_snprintf(name, sizeof (name), "0x%p", addr);
2717c478bd9Sstevel@tonic-gate
2727c478bd9Sstevel@tonic-gate leaky_grep((uintptr_t)m->mod_mp, sizeof (struct module));
2737c478bd9Sstevel@tonic-gate leaky_grep((uintptr_t)mod.data, mod.data_size);
2747c478bd9Sstevel@tonic-gate leaky_grep((uintptr_t)mod.bss, mod.bss_size);
2757c478bd9Sstevel@tonic-gate
2767c478bd9Sstevel@tonic-gate return (WALK_NEXT);
2777c478bd9Sstevel@tonic-gate }
2787c478bd9Sstevel@tonic-gate
2797c478bd9Sstevel@tonic-gate static int
leaky_thread(uintptr_t addr,const kthread_t * t,unsigned long * pagesize)2807c478bd9Sstevel@tonic-gate leaky_thread(uintptr_t addr, const kthread_t *t, unsigned long *pagesize)
2817c478bd9Sstevel@tonic-gate {
2827c478bd9Sstevel@tonic-gate uintptr_t size, base = (uintptr_t)t->t_stkbase;
2837c478bd9Sstevel@tonic-gate uintptr_t stk = (uintptr_t)t->t_stk;
2847c478bd9Sstevel@tonic-gate
2857c478bd9Sstevel@tonic-gate /*
2867c478bd9Sstevel@tonic-gate * If this thread isn't in memory, we can't look at its stack. This
2877c478bd9Sstevel@tonic-gate * may result in false positives, so we print a warning.
2887c478bd9Sstevel@tonic-gate */
2897c478bd9Sstevel@tonic-gate if (!(t->t_schedflag & TS_LOAD)) {
2907c478bd9Sstevel@tonic-gate mdb_printf("findleaks: thread %p's stack swapped out; "
2917c478bd9Sstevel@tonic-gate "false positives possible\n", addr);
2927c478bd9Sstevel@tonic-gate return (WALK_NEXT);
2937c478bd9Sstevel@tonic-gate }
2947c478bd9Sstevel@tonic-gate
2957c478bd9Sstevel@tonic-gate if (t->t_state != TS_FREE)
2967c478bd9Sstevel@tonic-gate leaky_grep(base, stk - base);
2977c478bd9Sstevel@tonic-gate
2987c478bd9Sstevel@tonic-gate /*
2997c478bd9Sstevel@tonic-gate * There is always gunk hanging out between t_stk and the page
3007c478bd9Sstevel@tonic-gate * boundary. If this thread structure wasn't kmem allocated,
3017c478bd9Sstevel@tonic-gate * this will include the thread structure itself. If the thread
3027c478bd9Sstevel@tonic-gate * _is_ kmem allocated, we'll be able to get to it via allthreads.
3037c478bd9Sstevel@tonic-gate */
3047c478bd9Sstevel@tonic-gate size = *pagesize - (stk & (*pagesize - 1));
3057c478bd9Sstevel@tonic-gate
3067c478bd9Sstevel@tonic-gate leaky_grep(stk, size);
3077c478bd9Sstevel@tonic-gate
3087c478bd9Sstevel@tonic-gate return (WALK_NEXT);
3097c478bd9Sstevel@tonic-gate }
3107c478bd9Sstevel@tonic-gate
3117c478bd9Sstevel@tonic-gate /*ARGSUSED*/
3127c478bd9Sstevel@tonic-gate static int
leaky_kstat(uintptr_t addr,vmem_seg_t * seg,void * ignored)3137c478bd9Sstevel@tonic-gate leaky_kstat(uintptr_t addr, vmem_seg_t *seg, void *ignored)
3147c478bd9Sstevel@tonic-gate {
3157c478bd9Sstevel@tonic-gate leaky_grep(seg->vs_start, seg->vs_end - seg->vs_start);
3167c478bd9Sstevel@tonic-gate
3177c478bd9Sstevel@tonic-gate return (WALK_NEXT);
3187c478bd9Sstevel@tonic-gate }
3197c478bd9Sstevel@tonic-gate
3207c478bd9Sstevel@tonic-gate static void
leaky_kludge(void)3217c478bd9Sstevel@tonic-gate leaky_kludge(void)
3227c478bd9Sstevel@tonic-gate {
3237c478bd9Sstevel@tonic-gate GElf_Sym sym;
3247c478bd9Sstevel@tonic-gate mdb_ctf_id_t id, rid;
3257c478bd9Sstevel@tonic-gate
3267c478bd9Sstevel@tonic-gate int max_mem_nodes;
3277c478bd9Sstevel@tonic-gate uintptr_t *counters;
3287c478bd9Sstevel@tonic-gate size_t ncounters;
3297c478bd9Sstevel@tonic-gate ssize_t hwpm_size;
3307c478bd9Sstevel@tonic-gate int idx;
3317c478bd9Sstevel@tonic-gate
3327c478bd9Sstevel@tonic-gate /*
3337c478bd9Sstevel@tonic-gate * Because of DR, the page counters (which live in the kmem64 segment)
3347c478bd9Sstevel@tonic-gate * can point into kmem_alloc()ed memory. The "page_counters" array
3357c478bd9Sstevel@tonic-gate * is multi-dimensional, and each entry points to an array of
3367c478bd9Sstevel@tonic-gate * "hw_page_map_t"s which is "max_mem_nodes" in length.
3377c478bd9Sstevel@tonic-gate *
3387c478bd9Sstevel@tonic-gate * To keep this from having too much grotty knowledge of internals,
3397c478bd9Sstevel@tonic-gate * we use CTF data to get the size of the structure. For simplicity,
3407c478bd9Sstevel@tonic-gate * we treat the page_counters array as a flat array of pointers, and
3417c478bd9Sstevel@tonic-gate * use its size to determine how much to scan. Unused entries will
3427c478bd9Sstevel@tonic-gate * be NULL.
3437c478bd9Sstevel@tonic-gate */
3447c478bd9Sstevel@tonic-gate if (mdb_lookup_by_name("page_counters", &sym) == -1) {
3457c478bd9Sstevel@tonic-gate mdb_warn("unable to lookup page_counters");
3467c478bd9Sstevel@tonic-gate return;
3477c478bd9Sstevel@tonic-gate }
3487c478bd9Sstevel@tonic-gate
3497c478bd9Sstevel@tonic-gate if (mdb_readvar(&max_mem_nodes, "max_mem_nodes") == -1) {
3507c478bd9Sstevel@tonic-gate mdb_warn("unable to read max_mem_nodes");
3517c478bd9Sstevel@tonic-gate return;
3527c478bd9Sstevel@tonic-gate }
3537c478bd9Sstevel@tonic-gate
3547c478bd9Sstevel@tonic-gate if (mdb_ctf_lookup_by_name("unix`hw_page_map_t", &id) == -1 ||
3557c478bd9Sstevel@tonic-gate mdb_ctf_type_resolve(id, &rid) == -1 ||
3567c478bd9Sstevel@tonic-gate (hwpm_size = mdb_ctf_type_size(rid)) < 0) {
3577c478bd9Sstevel@tonic-gate mdb_warn("unable to lookup unix`hw_page_map_t");
3587c478bd9Sstevel@tonic-gate return;
3597c478bd9Sstevel@tonic-gate }
3607c478bd9Sstevel@tonic-gate
3617c478bd9Sstevel@tonic-gate counters = mdb_alloc(sym.st_size, UM_SLEEP | UM_GC);
3627c478bd9Sstevel@tonic-gate
3637c478bd9Sstevel@tonic-gate if (mdb_vread(counters, sym.st_size, (uintptr_t)sym.st_value) == -1) {
3647c478bd9Sstevel@tonic-gate mdb_warn("unable to read page_counters");
3657c478bd9Sstevel@tonic-gate return;
3667c478bd9Sstevel@tonic-gate }
3677c478bd9Sstevel@tonic-gate
3687c478bd9Sstevel@tonic-gate ncounters = sym.st_size / sizeof (counters);
3697c478bd9Sstevel@tonic-gate
3707c478bd9Sstevel@tonic-gate for (idx = 0; idx < ncounters; idx++) {
3717c478bd9Sstevel@tonic-gate uintptr_t addr = counters[idx];
3727c478bd9Sstevel@tonic-gate if (addr != 0)
3737c478bd9Sstevel@tonic-gate leaky_grep(addr, hwpm_size * max_mem_nodes);
3747c478bd9Sstevel@tonic-gate }
3757c478bd9Sstevel@tonic-gate }
3767c478bd9Sstevel@tonic-gate
3777c478bd9Sstevel@tonic-gate int
leaky_subr_estimate(size_t * estp)3787c478bd9Sstevel@tonic-gate leaky_subr_estimate(size_t *estp)
3797c478bd9Sstevel@tonic-gate {
3807c478bd9Sstevel@tonic-gate uintptr_t panicstr;
3817c478bd9Sstevel@tonic-gate int state;
3827c478bd9Sstevel@tonic-gate
3837c478bd9Sstevel@tonic-gate if ((state = mdb_get_state()) == MDB_STATE_RUNNING) {
3847c478bd9Sstevel@tonic-gate mdb_warn("findleaks: can only be run on a system "
385*bbf21555SRichard Lowe "dump or under kmdb; see dumpadm(8)\n");
3867c478bd9Sstevel@tonic-gate return (DCMD_ERR);
3877c478bd9Sstevel@tonic-gate }
3887c478bd9Sstevel@tonic-gate
3897c478bd9Sstevel@tonic-gate if (mdb_readvar(&panicstr, "panicstr") == -1) {
3907c478bd9Sstevel@tonic-gate mdb_warn("can't read variable 'panicstr'");
3917c478bd9Sstevel@tonic-gate return (DCMD_ERR);
3927c478bd9Sstevel@tonic-gate }
3937c478bd9Sstevel@tonic-gate
394892ad162SToomas Soome if (state != MDB_STATE_STOPPED && panicstr == 0) {
3957c478bd9Sstevel@tonic-gate mdb_warn("findleaks: cannot be run on a live dump.\n");
3967c478bd9Sstevel@tonic-gate return (DCMD_ERR);
3977c478bd9Sstevel@tonic-gate }
3987c478bd9Sstevel@tonic-gate
3997c478bd9Sstevel@tonic-gate if (mdb_walk("kmem_cache", (mdb_walk_cb_t)leaky_estimate, estp) == -1) {
4007c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'kmem_cache'");
4017c478bd9Sstevel@tonic-gate return (DCMD_ERR);
4027c478bd9Sstevel@tonic-gate }
4037c478bd9Sstevel@tonic-gate
4047c478bd9Sstevel@tonic-gate if (*estp == 0) {
4057c478bd9Sstevel@tonic-gate mdb_warn("findleaks: no buffers found\n");
4067c478bd9Sstevel@tonic-gate return (DCMD_ERR);
4077c478bd9Sstevel@tonic-gate }
4087c478bd9Sstevel@tonic-gate
4097c478bd9Sstevel@tonic-gate if (mdb_walk("vmem", (mdb_walk_cb_t)leaky_estimate_vmem, estp) == -1) {
4107c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'vmem'");
4117c478bd9Sstevel@tonic-gate return (DCMD_ERR);
4127c478bd9Sstevel@tonic-gate }
4137c478bd9Sstevel@tonic-gate
4147c478bd9Sstevel@tonic-gate return (DCMD_OK);
4157c478bd9Sstevel@tonic-gate }
4167c478bd9Sstevel@tonic-gate
4177c478bd9Sstevel@tonic-gate int
leaky_subr_fill(leak_mtab_t ** lmpp)4187c478bd9Sstevel@tonic-gate leaky_subr_fill(leak_mtab_t **lmpp)
4197c478bd9Sstevel@tonic-gate {
4207c478bd9Sstevel@tonic-gate if (mdb_walk("vmem", (mdb_walk_cb_t)leaky_vmem, lmpp) == -1) {
4217c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'vmem'");
4227c478bd9Sstevel@tonic-gate return (DCMD_ERR);
4237c478bd9Sstevel@tonic-gate }
4247c478bd9Sstevel@tonic-gate
4257c478bd9Sstevel@tonic-gate if (mdb_walk("kmem_cache", (mdb_walk_cb_t)leaky_cache, lmpp) == -1) {
4267c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'kmem_cache'");
4277c478bd9Sstevel@tonic-gate return (DCMD_ERR);
4287c478bd9Sstevel@tonic-gate }
4297c478bd9Sstevel@tonic-gate
4307c478bd9Sstevel@tonic-gate if (mdb_readvar(&kmem_lite_count, "kmem_lite_count") == -1) {
4317c478bd9Sstevel@tonic-gate mdb_warn("couldn't read 'kmem_lite_count'");
4327c478bd9Sstevel@tonic-gate kmem_lite_count = 0;
4337c478bd9Sstevel@tonic-gate } else if (kmem_lite_count > 16) {
4347c478bd9Sstevel@tonic-gate mdb_warn("kmem_lite_count nonsensical, ignored\n");
4357c478bd9Sstevel@tonic-gate kmem_lite_count = 0;
4367c478bd9Sstevel@tonic-gate }
4377c478bd9Sstevel@tonic-gate
4387c478bd9Sstevel@tonic-gate return (DCMD_OK);
4397c478bd9Sstevel@tonic-gate }
4407c478bd9Sstevel@tonic-gate
4417c478bd9Sstevel@tonic-gate int
leaky_subr_run(void)4427c478bd9Sstevel@tonic-gate leaky_subr_run(void)
4437c478bd9Sstevel@tonic-gate {
444cbdcbd05SJonathan Adams unsigned long ps = PAGESIZE;
4457c478bd9Sstevel@tonic-gate uintptr_t kstat_arena;
44601f19855Scth uintptr_t dmods;
4477c478bd9Sstevel@tonic-gate
4487c478bd9Sstevel@tonic-gate leaky_kludge();
4497c478bd9Sstevel@tonic-gate
4507c478bd9Sstevel@tonic-gate if (mdb_walk("kmem_cache", (mdb_walk_cb_t)leaky_scan_cache,
4517c478bd9Sstevel@tonic-gate NULL) == -1) {
4527c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'kmem_cache'");
4537c478bd9Sstevel@tonic-gate return (DCMD_ERR);
4547c478bd9Sstevel@tonic-gate }
4557c478bd9Sstevel@tonic-gate
4567c478bd9Sstevel@tonic-gate if (mdb_walk("modctl", (mdb_walk_cb_t)leaky_modctl, NULL) == -1) {
4577c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'modctl'");
4587c478bd9Sstevel@tonic-gate return (DCMD_ERR);
4597c478bd9Sstevel@tonic-gate }
4607c478bd9Sstevel@tonic-gate
46101f19855Scth /*
46201f19855Scth * If kmdb is loaded, we need to walk it's module list, since kmdb
46301f19855Scth * modctl structures can reference kmem allocations.
46401f19855Scth */
465892ad162SToomas Soome if ((mdb_readvar(&dmods, "kdi_dmods") != -1) && (dmods != 0))
46601f19855Scth (void) mdb_pwalk("modctl", (mdb_walk_cb_t)leaky_modctl,
46701f19855Scth NULL, dmods);
46801f19855Scth
4697c478bd9Sstevel@tonic-gate if (mdb_walk("thread", (mdb_walk_cb_t)leaky_thread, &ps) == -1) {
4707c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'thread'");
4717c478bd9Sstevel@tonic-gate return (DCMD_ERR);
4727c478bd9Sstevel@tonic-gate }
4737c478bd9Sstevel@tonic-gate
4747c478bd9Sstevel@tonic-gate if (mdb_walk("deathrow", (mdb_walk_cb_t)leaky_thread, &ps) == -1) {
4757c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk 'deathrow'");
4767c478bd9Sstevel@tonic-gate return (DCMD_ERR);
4777c478bd9Sstevel@tonic-gate }
4787c478bd9Sstevel@tonic-gate
4797c478bd9Sstevel@tonic-gate if (mdb_readvar(&kstat_arena, "kstat_arena") == -1) {
4807c478bd9Sstevel@tonic-gate mdb_warn("couldn't read 'kstat_arena'");
4817c478bd9Sstevel@tonic-gate return (DCMD_ERR);
4827c478bd9Sstevel@tonic-gate }
4837c478bd9Sstevel@tonic-gate
4847c478bd9Sstevel@tonic-gate if (mdb_pwalk("vmem_alloc", (mdb_walk_cb_t)leaky_kstat,
4857c478bd9Sstevel@tonic-gate NULL, kstat_arena) == -1) {
4867c478bd9Sstevel@tonic-gate mdb_warn("couldn't walk kstat vmem arena");
4877c478bd9Sstevel@tonic-gate return (DCMD_ERR);
4887c478bd9Sstevel@tonic-gate }
4897c478bd9Sstevel@tonic-gate
4907c478bd9Sstevel@tonic-gate return (DCMD_OK);
4917c478bd9Sstevel@tonic-gate }
4927c478bd9Sstevel@tonic-gate
4937c478bd9Sstevel@tonic-gate void
leaky_subr_add_leak(leak_mtab_t * lmp)4947c478bd9Sstevel@tonic-gate leaky_subr_add_leak(leak_mtab_t *lmp)
4957c478bd9Sstevel@tonic-gate {
4967c478bd9Sstevel@tonic-gate uintptr_t addr = LKM_CTLPTR(lmp->lkm_bufctl);
4977c478bd9Sstevel@tonic-gate size_t depth;
4987c478bd9Sstevel@tonic-gate
4997c478bd9Sstevel@tonic-gate switch (LKM_CTLTYPE(lmp->lkm_bufctl)) {
5007c478bd9Sstevel@tonic-gate case LKM_CTL_VMSEG: {
5017c478bd9Sstevel@tonic-gate vmem_seg_t vs;
5027c478bd9Sstevel@tonic-gate
5037c478bd9Sstevel@tonic-gate if (mdb_vread(&vs, sizeof (vs), addr) == -1) {
5047c478bd9Sstevel@tonic-gate mdb_warn("couldn't read leaked vmem_seg at addr %p",
5057c478bd9Sstevel@tonic-gate addr);
5067c478bd9Sstevel@tonic-gate return;
5077c478bd9Sstevel@tonic-gate }
5087c478bd9Sstevel@tonic-gate depth = MIN(vs.vs_depth, VMEM_STACK_DEPTH);
5097c478bd9Sstevel@tonic-gate
5107c478bd9Sstevel@tonic-gate leaky_add_leak(TYPE_VMEM, addr, vs.vs_start, vs.vs_timestamp,
5117c478bd9Sstevel@tonic-gate vs.vs_stack, depth, 0, (vs.vs_end - vs.vs_start));
5127c478bd9Sstevel@tonic-gate break;
5137c478bd9Sstevel@tonic-gate }
5147c478bd9Sstevel@tonic-gate case LKM_CTL_BUFCTL: {
5157c478bd9Sstevel@tonic-gate kmem_bufctl_audit_t bc;
5167c478bd9Sstevel@tonic-gate
5177c478bd9Sstevel@tonic-gate if (mdb_vread(&bc, sizeof (bc), addr) == -1) {
5187c478bd9Sstevel@tonic-gate mdb_warn("couldn't read leaked bufctl at addr %p",
5197c478bd9Sstevel@tonic-gate addr);
5207c478bd9Sstevel@tonic-gate return;
5217c478bd9Sstevel@tonic-gate }
5227c478bd9Sstevel@tonic-gate
5237c478bd9Sstevel@tonic-gate depth = MIN(bc.bc_depth, KMEM_STACK_DEPTH);
5247c478bd9Sstevel@tonic-gate
5257c478bd9Sstevel@tonic-gate /*
5267c478bd9Sstevel@tonic-gate * The top of the stack will be kmem_cache_alloc+offset.
5277c478bd9Sstevel@tonic-gate * Since the offset in kmem_cache_alloc() isn't interesting
5287c478bd9Sstevel@tonic-gate * we skip that frame for the purposes of uniquifying stacks.
5297c478bd9Sstevel@tonic-gate *
5307c478bd9Sstevel@tonic-gate * We also use the cache pointer as the leaks's cid, to
5317c478bd9Sstevel@tonic-gate * prevent the coalescing of leaks from different caches.
5327c478bd9Sstevel@tonic-gate */
5337c478bd9Sstevel@tonic-gate if (depth > 0)
5347c478bd9Sstevel@tonic-gate depth--;
5357c478bd9Sstevel@tonic-gate leaky_add_leak(TYPE_KMEM, addr, (uintptr_t)bc.bc_addr,
5367c478bd9Sstevel@tonic-gate bc.bc_timestamp, bc.bc_stack + 1, depth,
5377c478bd9Sstevel@tonic-gate (uintptr_t)bc.bc_cache, 0);
5387c478bd9Sstevel@tonic-gate break;
5397c478bd9Sstevel@tonic-gate }
5407c478bd9Sstevel@tonic-gate case LKM_CTL_CACHE: {
5417c478bd9Sstevel@tonic-gate kmem_cache_t cache;
5427c478bd9Sstevel@tonic-gate kmem_buftag_lite_t bt;
5437c478bd9Sstevel@tonic-gate pc_t caller;
5447c478bd9Sstevel@tonic-gate int depth = 0;
5457c478bd9Sstevel@tonic-gate
5467c478bd9Sstevel@tonic-gate /*
5477c478bd9Sstevel@tonic-gate * For KMF_LITE caches, we can get the allocation PC
5487c478bd9Sstevel@tonic-gate * out of the buftag structure.
5497c478bd9Sstevel@tonic-gate */
5507c478bd9Sstevel@tonic-gate if (mdb_vread(&cache, sizeof (cache), addr) != -1 &&
5517c478bd9Sstevel@tonic-gate (cache.cache_flags & KMF_LITE) &&
5527c478bd9Sstevel@tonic-gate kmem_lite_count > 0 &&
5537c478bd9Sstevel@tonic-gate mdb_vread(&bt, sizeof (bt),
5547c478bd9Sstevel@tonic-gate /* LINTED alignment */
5557c478bd9Sstevel@tonic-gate (uintptr_t)KMEM_BUFTAG(&cache, lmp->lkm_base)) != -1) {
5567c478bd9Sstevel@tonic-gate caller = bt.bt_history[0];
5577c478bd9Sstevel@tonic-gate depth = 1;
5587c478bd9Sstevel@tonic-gate }
5597c478bd9Sstevel@tonic-gate leaky_add_leak(TYPE_CACHE, lmp->lkm_base, lmp->lkm_base, 0,
5607c478bd9Sstevel@tonic-gate &caller, depth, addr, addr);
5617c478bd9Sstevel@tonic-gate break;
5627c478bd9Sstevel@tonic-gate }
5637c478bd9Sstevel@tonic-gate default:
5647c478bd9Sstevel@tonic-gate mdb_warn("internal error: invalid leak_bufctl_t\n");
5657c478bd9Sstevel@tonic-gate break;
5667c478bd9Sstevel@tonic-gate }
5677c478bd9Sstevel@tonic-gate }
5687c478bd9Sstevel@tonic-gate
5697c478bd9Sstevel@tonic-gate static void
leaky_subr_caller(const pc_t * stack,uint_t depth,char * buf,uintptr_t * pcp)5707c478bd9Sstevel@tonic-gate leaky_subr_caller(const pc_t *stack, uint_t depth, char *buf, uintptr_t *pcp)
5717c478bd9Sstevel@tonic-gate {
5727c478bd9Sstevel@tonic-gate int i;
5737c478bd9Sstevel@tonic-gate GElf_Sym sym;
5747c478bd9Sstevel@tonic-gate uintptr_t pc = 0;
5757c478bd9Sstevel@tonic-gate
5767c478bd9Sstevel@tonic-gate buf[0] = 0;
5777c478bd9Sstevel@tonic-gate
5787c478bd9Sstevel@tonic-gate for (i = 0; i < depth; i++) {
5797c478bd9Sstevel@tonic-gate pc = stack[i];
5807c478bd9Sstevel@tonic-gate
5817c478bd9Sstevel@tonic-gate if (mdb_lookup_by_addr(pc,
5827c478bd9Sstevel@tonic-gate MDB_SYM_FUZZY, buf, MDB_SYM_NAMLEN, &sym) == -1)
5837c478bd9Sstevel@tonic-gate continue;
5847c478bd9Sstevel@tonic-gate if (strncmp(buf, "kmem_", 5) == 0)
5857c478bd9Sstevel@tonic-gate continue;
5867c478bd9Sstevel@tonic-gate if (strncmp(buf, "vmem_", 5) == 0)
5877c478bd9Sstevel@tonic-gate continue;
5887c478bd9Sstevel@tonic-gate *pcp = pc;
5897c478bd9Sstevel@tonic-gate
5907c478bd9Sstevel@tonic-gate return;
5917c478bd9Sstevel@tonic-gate }
5927c478bd9Sstevel@tonic-gate
5937c478bd9Sstevel@tonic-gate /*
5947c478bd9Sstevel@tonic-gate * We're only here if the entire call chain begins with "kmem_";
5957c478bd9Sstevel@tonic-gate * this shouldn't happen, but we'll just use the last caller.
5967c478bd9Sstevel@tonic-gate */
5977c478bd9Sstevel@tonic-gate *pcp = pc;
5987c478bd9Sstevel@tonic-gate }
5997c478bd9Sstevel@tonic-gate
6007c478bd9Sstevel@tonic-gate int
leaky_subr_bufctl_cmp(const leak_bufctl_t * lhs,const leak_bufctl_t * rhs)6017c478bd9Sstevel@tonic-gate leaky_subr_bufctl_cmp(const leak_bufctl_t *lhs, const leak_bufctl_t *rhs)
6027c478bd9Sstevel@tonic-gate {
6037c478bd9Sstevel@tonic-gate char lbuf[MDB_SYM_NAMLEN], rbuf[MDB_SYM_NAMLEN];
6047c478bd9Sstevel@tonic-gate uintptr_t lcaller, rcaller;
6057c478bd9Sstevel@tonic-gate int rval;
6067c478bd9Sstevel@tonic-gate
6077c478bd9Sstevel@tonic-gate leaky_subr_caller(lhs->lkb_stack, lhs->lkb_depth, lbuf, &lcaller);
6087c478bd9Sstevel@tonic-gate leaky_subr_caller(rhs->lkb_stack, lhs->lkb_depth, rbuf, &rcaller);
6097c478bd9Sstevel@tonic-gate
6107c478bd9Sstevel@tonic-gate if (rval = strcmp(lbuf, rbuf))
6117c478bd9Sstevel@tonic-gate return (rval);
6127c478bd9Sstevel@tonic-gate
6137c478bd9Sstevel@tonic-gate if (lcaller < rcaller)
6147c478bd9Sstevel@tonic-gate return (-1);
6157c478bd9Sstevel@tonic-gate
6167c478bd9Sstevel@tonic-gate if (lcaller > rcaller)
6177c478bd9Sstevel@tonic-gate return (1);
6187c478bd9Sstevel@tonic-gate
6197c478bd9Sstevel@tonic-gate if (lhs->lkb_data < rhs->lkb_data)
6207c478bd9Sstevel@tonic-gate return (-1);
6217c478bd9Sstevel@tonic-gate
6227c478bd9Sstevel@tonic-gate if (lhs->lkb_data > rhs->lkb_data)
6237c478bd9Sstevel@tonic-gate return (1);
6247c478bd9Sstevel@tonic-gate
6257c478bd9Sstevel@tonic-gate return (0);
6267c478bd9Sstevel@tonic-gate }
6277c478bd9Sstevel@tonic-gate
6287c478bd9Sstevel@tonic-gate /*
6297c478bd9Sstevel@tonic-gate * Global state variables used by the leaky_subr_dump_* routines. Note that
6307c478bd9Sstevel@tonic-gate * they are carefully cleared before use.
6317c478bd9Sstevel@tonic-gate */
6327c478bd9Sstevel@tonic-gate static int lk_vmem_seen;
6337c478bd9Sstevel@tonic-gate static int lk_cache_seen;
6347c478bd9Sstevel@tonic-gate static int lk_kmem_seen;
6357c478bd9Sstevel@tonic-gate static size_t lk_ttl;
6367c478bd9Sstevel@tonic-gate static size_t lk_bytes;
6377c478bd9Sstevel@tonic-gate
6387c478bd9Sstevel@tonic-gate void
leaky_subr_dump_start(int type)6397c478bd9Sstevel@tonic-gate leaky_subr_dump_start(int type)
6407c478bd9Sstevel@tonic-gate {
6417c478bd9Sstevel@tonic-gate switch (type) {
6427c478bd9Sstevel@tonic-gate case TYPE_VMEM:
6437c478bd9Sstevel@tonic-gate lk_vmem_seen = 0;
6447c478bd9Sstevel@tonic-gate break;
6457c478bd9Sstevel@tonic-gate case TYPE_CACHE:
6467c478bd9Sstevel@tonic-gate lk_cache_seen = 0;
6477c478bd9Sstevel@tonic-gate break;
6487c478bd9Sstevel@tonic-gate case TYPE_KMEM:
6497c478bd9Sstevel@tonic-gate lk_kmem_seen = 0;
6507c478bd9Sstevel@tonic-gate break;
6517c478bd9Sstevel@tonic-gate default:
6527c478bd9Sstevel@tonic-gate break;
6537c478bd9Sstevel@tonic-gate }
6547c478bd9Sstevel@tonic-gate
6557c478bd9Sstevel@tonic-gate lk_ttl = 0;
6567c478bd9Sstevel@tonic-gate lk_bytes = 0;
6577c478bd9Sstevel@tonic-gate }
6587c478bd9Sstevel@tonic-gate
6597c478bd9Sstevel@tonic-gate void
leaky_subr_dump(const leak_bufctl_t * lkb,int verbose)6607c478bd9Sstevel@tonic-gate leaky_subr_dump(const leak_bufctl_t *lkb, int verbose)
6617c478bd9Sstevel@tonic-gate {
6627c478bd9Sstevel@tonic-gate const leak_bufctl_t *cur;
6637c478bd9Sstevel@tonic-gate kmem_cache_t cache;
6647c478bd9Sstevel@tonic-gate size_t min, max, size;
6657c478bd9Sstevel@tonic-gate char sz[30];
6667c478bd9Sstevel@tonic-gate char c[MDB_SYM_NAMLEN];
6677c478bd9Sstevel@tonic-gate uintptr_t caller;
6687c478bd9Sstevel@tonic-gate
6697c478bd9Sstevel@tonic-gate if (verbose) {
6707c478bd9Sstevel@tonic-gate lk_ttl = 0;
6717c478bd9Sstevel@tonic-gate lk_bytes = 0;
6727c478bd9Sstevel@tonic-gate }
6737c478bd9Sstevel@tonic-gate
6747c478bd9Sstevel@tonic-gate switch (lkb->lkb_type) {
6757c478bd9Sstevel@tonic-gate case TYPE_VMEM:
6767c478bd9Sstevel@tonic-gate if (!verbose && !lk_vmem_seen) {
6777c478bd9Sstevel@tonic-gate lk_vmem_seen = 1;
6787c478bd9Sstevel@tonic-gate mdb_printf("%-16s %7s %?s %s\n",
6797c478bd9Sstevel@tonic-gate "BYTES", "LEAKED", "VMEM_SEG", "CALLER");
6807c478bd9Sstevel@tonic-gate }
6817c478bd9Sstevel@tonic-gate
6827c478bd9Sstevel@tonic-gate min = max = lkb->lkb_data;
6837c478bd9Sstevel@tonic-gate
6847c478bd9Sstevel@tonic-gate for (cur = lkb; cur != NULL; cur = cur->lkb_next) {
6857c478bd9Sstevel@tonic-gate size = cur->lkb_data;
6867c478bd9Sstevel@tonic-gate
6877c478bd9Sstevel@tonic-gate if (size < min)
6887c478bd9Sstevel@tonic-gate min = size;
6897c478bd9Sstevel@tonic-gate if (size > max)
6907c478bd9Sstevel@tonic-gate max = size;
6917c478bd9Sstevel@tonic-gate
6927c478bd9Sstevel@tonic-gate lk_ttl++;
6937c478bd9Sstevel@tonic-gate lk_bytes += size;
6947c478bd9Sstevel@tonic-gate }
6957c478bd9Sstevel@tonic-gate
6967c478bd9Sstevel@tonic-gate if (min == max)
6977c478bd9Sstevel@tonic-gate (void) mdb_snprintf(sz, sizeof (sz), "%ld", min);
6987c478bd9Sstevel@tonic-gate else
6997c478bd9Sstevel@tonic-gate (void) mdb_snprintf(sz, sizeof (sz), "%ld-%ld",
7007c478bd9Sstevel@tonic-gate min, max);
7017c478bd9Sstevel@tonic-gate
7027c478bd9Sstevel@tonic-gate if (!verbose) {
7037c478bd9Sstevel@tonic-gate leaky_subr_caller(lkb->lkb_stack, lkb->lkb_depth,
7047c478bd9Sstevel@tonic-gate c, &caller);
7057c478bd9Sstevel@tonic-gate
7067c478bd9Sstevel@tonic-gate if (caller != 0) {
7077c478bd9Sstevel@tonic-gate (void) mdb_snprintf(c, sizeof (c),
7087c478bd9Sstevel@tonic-gate "%a", caller);
7097c478bd9Sstevel@tonic-gate } else {
7107c478bd9Sstevel@tonic-gate (void) mdb_snprintf(c, sizeof (c),
7117c478bd9Sstevel@tonic-gate "%s", "?");
7127c478bd9Sstevel@tonic-gate }
7137c478bd9Sstevel@tonic-gate mdb_printf("%-16s %7d %?p %s\n", sz, lkb->lkb_dups + 1,
7147c478bd9Sstevel@tonic-gate lkb->lkb_addr, c);
7157c478bd9Sstevel@tonic-gate } else {
7167c478bd9Sstevel@tonic-gate mdb_arg_t v;
7177c478bd9Sstevel@tonic-gate
7187c478bd9Sstevel@tonic-gate if (lk_ttl == 1)
7197c478bd9Sstevel@tonic-gate mdb_printf("kmem_oversize leak: 1 vmem_seg, "
7207c478bd9Sstevel@tonic-gate "%ld bytes\n", lk_bytes);
7217c478bd9Sstevel@tonic-gate else
7227c478bd9Sstevel@tonic-gate mdb_printf("kmem_oversize leak: %d vmem_segs, "
7237c478bd9Sstevel@tonic-gate "%s bytes each, %ld bytes total\n",
7247c478bd9Sstevel@tonic-gate lk_ttl, sz, lk_bytes);
7257c478bd9Sstevel@tonic-gate
7267c478bd9Sstevel@tonic-gate v.a_type = MDB_TYPE_STRING;
7277c478bd9Sstevel@tonic-gate v.a_un.a_str = "-v";
7287c478bd9Sstevel@tonic-gate
7297c478bd9Sstevel@tonic-gate if (mdb_call_dcmd("vmem_seg", lkb->lkb_addr,
7307c478bd9Sstevel@tonic-gate DCMD_ADDRSPEC, 1, &v) == -1) {
7317c478bd9Sstevel@tonic-gate mdb_warn("'%p::vmem_seg -v' failed",
7327c478bd9Sstevel@tonic-gate lkb->lkb_addr);
7337c478bd9Sstevel@tonic-gate }
7347c478bd9Sstevel@tonic-gate }
7357c478bd9Sstevel@tonic-gate return;
7367c478bd9Sstevel@tonic-gate
7377c478bd9Sstevel@tonic-gate case TYPE_CACHE:
7387c478bd9Sstevel@tonic-gate if (!verbose && !lk_cache_seen) {
7397c478bd9Sstevel@tonic-gate lk_cache_seen = 1;
7407c478bd9Sstevel@tonic-gate if (lk_vmem_seen)
7417c478bd9Sstevel@tonic-gate mdb_printf("\n");
7427c478bd9Sstevel@tonic-gate mdb_printf("%-?s %7s %?s %s\n",
7437c478bd9Sstevel@tonic-gate "CACHE", "LEAKED", "BUFFER", "CALLER");
7447c478bd9Sstevel@tonic-gate }
7457c478bd9Sstevel@tonic-gate
7467c478bd9Sstevel@tonic-gate if (mdb_vread(&cache, sizeof (cache), lkb->lkb_data) == -1) {
7477c478bd9Sstevel@tonic-gate /*
7487c478bd9Sstevel@tonic-gate * This _really_ shouldn't happen; we shouldn't
7497c478bd9Sstevel@tonic-gate * have been able to get this far if this
7507c478bd9Sstevel@tonic-gate * cache wasn't readable.
7517c478bd9Sstevel@tonic-gate */
7527c478bd9Sstevel@tonic-gate mdb_warn("can't read cache %p for leaked "
7537c478bd9Sstevel@tonic-gate "buffer %p", lkb->lkb_data, lkb->lkb_addr);
7547c478bd9Sstevel@tonic-gate return;
7557c478bd9Sstevel@tonic-gate }
7567c478bd9Sstevel@tonic-gate
7577c478bd9Sstevel@tonic-gate lk_ttl += lkb->lkb_dups + 1;
7587c478bd9Sstevel@tonic-gate lk_bytes += (lkb->lkb_dups + 1) * cache.cache_bufsize;
7597c478bd9Sstevel@tonic-gate
7607c478bd9Sstevel@tonic-gate caller = (lkb->lkb_depth == 0) ? 0 : lkb->lkb_stack[0];
7617c478bd9Sstevel@tonic-gate if (caller != 0) {
7627c478bd9Sstevel@tonic-gate (void) mdb_snprintf(c, sizeof (c), "%a", caller);
7637c478bd9Sstevel@tonic-gate } else {
7647c478bd9Sstevel@tonic-gate (void) mdb_snprintf(c, sizeof (c),
7657c478bd9Sstevel@tonic-gate "%s", (verbose) ? "" : "?");
7667c478bd9Sstevel@tonic-gate }
7677c478bd9Sstevel@tonic-gate
7687c478bd9Sstevel@tonic-gate if (!verbose) {
7697c478bd9Sstevel@tonic-gate mdb_printf("%0?p %7d %0?p %s\n", lkb->lkb_cid,
7707c478bd9Sstevel@tonic-gate lkb->lkb_dups + 1, lkb->lkb_addr, c);
7717c478bd9Sstevel@tonic-gate } else {
7727c478bd9Sstevel@tonic-gate if (lk_ttl == 1)
7737c478bd9Sstevel@tonic-gate mdb_printf("%s leak: 1 buffer, %ld bytes,\n",
7747c478bd9Sstevel@tonic-gate cache.cache_name, lk_bytes);
7757c478bd9Sstevel@tonic-gate else
7767c478bd9Sstevel@tonic-gate mdb_printf("%s leak: %d buffers, "
7777c478bd9Sstevel@tonic-gate "%ld bytes each, %ld bytes total,\n",
7787c478bd9Sstevel@tonic-gate cache.cache_name, lk_ttl,
7797c478bd9Sstevel@tonic-gate cache.cache_bufsize, lk_bytes);
7807c478bd9Sstevel@tonic-gate
7817c478bd9Sstevel@tonic-gate mdb_printf(" sample addr %p%s%s\n",
7827c478bd9Sstevel@tonic-gate lkb->lkb_addr, (caller == 0) ? "" : ", caller ", c);
7837c478bd9Sstevel@tonic-gate }
7847c478bd9Sstevel@tonic-gate return;
7857c478bd9Sstevel@tonic-gate
7867c478bd9Sstevel@tonic-gate case TYPE_KMEM:
7877c478bd9Sstevel@tonic-gate if (!verbose && !lk_kmem_seen) {
7887c478bd9Sstevel@tonic-gate lk_kmem_seen = 1;
7897c478bd9Sstevel@tonic-gate if (lk_vmem_seen || lk_cache_seen)
7907c478bd9Sstevel@tonic-gate mdb_printf("\n");
7917c478bd9Sstevel@tonic-gate mdb_printf("%-?s %7s %?s %s\n",
7927c478bd9Sstevel@tonic-gate "CACHE", "LEAKED", "BUFCTL", "CALLER");
7937c478bd9Sstevel@tonic-gate }
7947c478bd9Sstevel@tonic-gate
7957c478bd9Sstevel@tonic-gate if (mdb_vread(&cache, sizeof (cache), lkb->lkb_cid) == -1) {
7967c478bd9Sstevel@tonic-gate /*
7977c478bd9Sstevel@tonic-gate * This _really_ shouldn't happen; we shouldn't
7987c478bd9Sstevel@tonic-gate * have been able to get this far if this
7997c478bd9Sstevel@tonic-gate * cache wasn't readable.
8007c478bd9Sstevel@tonic-gate */
8017c478bd9Sstevel@tonic-gate mdb_warn("can't read cache %p for leaked "
8027c478bd9Sstevel@tonic-gate "bufctl %p", lkb->lkb_cid, lkb->lkb_addr);
8037c478bd9Sstevel@tonic-gate return;
8047c478bd9Sstevel@tonic-gate }
8057c478bd9Sstevel@tonic-gate
8067c478bd9Sstevel@tonic-gate lk_ttl += lkb->lkb_dups + 1;
8077c478bd9Sstevel@tonic-gate lk_bytes += (lkb->lkb_dups + 1) * cache.cache_bufsize;
8087c478bd9Sstevel@tonic-gate
8097c478bd9Sstevel@tonic-gate if (!verbose) {
8107c478bd9Sstevel@tonic-gate leaky_subr_caller(lkb->lkb_stack, lkb->lkb_depth,
8117c478bd9Sstevel@tonic-gate c, &caller);
8127c478bd9Sstevel@tonic-gate
8137c478bd9Sstevel@tonic-gate if (caller != 0) {
8147c478bd9Sstevel@tonic-gate (void) mdb_snprintf(c, sizeof (c),
8157c478bd9Sstevel@tonic-gate "%a", caller);
8167c478bd9Sstevel@tonic-gate } else {
8177c478bd9Sstevel@tonic-gate (void) mdb_snprintf(c, sizeof (c),
8187c478bd9Sstevel@tonic-gate "%s", "?");
8197c478bd9Sstevel@tonic-gate }
8207c478bd9Sstevel@tonic-gate mdb_printf("%0?p %7d %0?p %s\n", lkb->lkb_cid,
8217c478bd9Sstevel@tonic-gate lkb->lkb_dups + 1, lkb->lkb_addr, c);
8227c478bd9Sstevel@tonic-gate } else {
8237c478bd9Sstevel@tonic-gate mdb_arg_t v;
8247c478bd9Sstevel@tonic-gate
8257c478bd9Sstevel@tonic-gate if (lk_ttl == 1)
8267c478bd9Sstevel@tonic-gate mdb_printf("%s leak: 1 buffer, %ld bytes\n",
8277c478bd9Sstevel@tonic-gate cache.cache_name, lk_bytes);
8287c478bd9Sstevel@tonic-gate else
8297c478bd9Sstevel@tonic-gate mdb_printf("%s leak: %d buffers, "
8307c478bd9Sstevel@tonic-gate "%ld bytes each, %ld bytes total\n",
8317c478bd9Sstevel@tonic-gate cache.cache_name, lk_ttl,
8327c478bd9Sstevel@tonic-gate cache.cache_bufsize, lk_bytes);
8337c478bd9Sstevel@tonic-gate
8347c478bd9Sstevel@tonic-gate v.a_type = MDB_TYPE_STRING;
8357c478bd9Sstevel@tonic-gate v.a_un.a_str = "-v";
8367c478bd9Sstevel@tonic-gate
8377c478bd9Sstevel@tonic-gate if (mdb_call_dcmd("bufctl", lkb->lkb_addr,
8387c478bd9Sstevel@tonic-gate DCMD_ADDRSPEC, 1, &v) == -1) {
8397c478bd9Sstevel@tonic-gate mdb_warn("'%p::bufctl -v' failed",
8407c478bd9Sstevel@tonic-gate lkb->lkb_addr);
8417c478bd9Sstevel@tonic-gate }
8427c478bd9Sstevel@tonic-gate }
8437c478bd9Sstevel@tonic-gate return;
8447c478bd9Sstevel@tonic-gate
8457c478bd9Sstevel@tonic-gate default:
8467c478bd9Sstevel@tonic-gate return;
8477c478bd9Sstevel@tonic-gate }
8487c478bd9Sstevel@tonic-gate }
8497c478bd9Sstevel@tonic-gate
8507c478bd9Sstevel@tonic-gate void
leaky_subr_dump_end(int type)8517c478bd9Sstevel@tonic-gate leaky_subr_dump_end(int type)
8527c478bd9Sstevel@tonic-gate {
8537c478bd9Sstevel@tonic-gate int i;
8547c478bd9Sstevel@tonic-gate int width;
8557c478bd9Sstevel@tonic-gate const char *leaks;
8567c478bd9Sstevel@tonic-gate
8577c478bd9Sstevel@tonic-gate switch (type) {
8587c478bd9Sstevel@tonic-gate case TYPE_VMEM:
8597c478bd9Sstevel@tonic-gate if (!lk_vmem_seen)
8607c478bd9Sstevel@tonic-gate return;
8617c478bd9Sstevel@tonic-gate
8627c478bd9Sstevel@tonic-gate width = 16;
8637c478bd9Sstevel@tonic-gate leaks = "kmem_oversize leak";
8647c478bd9Sstevel@tonic-gate break;
8657c478bd9Sstevel@tonic-gate
8667c478bd9Sstevel@tonic-gate case TYPE_CACHE:
8677c478bd9Sstevel@tonic-gate if (!lk_cache_seen)
8687c478bd9Sstevel@tonic-gate return;
8697c478bd9Sstevel@tonic-gate
8707c478bd9Sstevel@tonic-gate width = sizeof (uintptr_t) * 2;
8717c478bd9Sstevel@tonic-gate leaks = "buffer";
8727c478bd9Sstevel@tonic-gate break;
8737c478bd9Sstevel@tonic-gate
8747c478bd9Sstevel@tonic-gate case TYPE_KMEM:
8757c478bd9Sstevel@tonic-gate if (!lk_kmem_seen)
8767c478bd9Sstevel@tonic-gate return;
8777c478bd9Sstevel@tonic-gate
8787c478bd9Sstevel@tonic-gate width = sizeof (uintptr_t) * 2;
8797c478bd9Sstevel@tonic-gate leaks = "buffer";
8807c478bd9Sstevel@tonic-gate break;
8817c478bd9Sstevel@tonic-gate
8827c478bd9Sstevel@tonic-gate default:
8837c478bd9Sstevel@tonic-gate return;
8847c478bd9Sstevel@tonic-gate }
8857c478bd9Sstevel@tonic-gate
8867c478bd9Sstevel@tonic-gate for (i = 0; i < 72; i++)
8877c478bd9Sstevel@tonic-gate mdb_printf("-");
8887c478bd9Sstevel@tonic-gate mdb_printf("\n%*s %7ld %s%s, %ld byte%s\n",
8897c478bd9Sstevel@tonic-gate width, "Total", lk_ttl, leaks, (lk_ttl == 1) ? "" : "s",
8907c478bd9Sstevel@tonic-gate lk_bytes, (lk_bytes == 1) ? "" : "s");
8917c478bd9Sstevel@tonic-gate }
8927c478bd9Sstevel@tonic-gate
8937c478bd9Sstevel@tonic-gate int
leaky_subr_invoke_callback(const leak_bufctl_t * lkb,mdb_walk_cb_t cb,void * cbdata)8947c478bd9Sstevel@tonic-gate leaky_subr_invoke_callback(const leak_bufctl_t *lkb, mdb_walk_cb_t cb,
8957c478bd9Sstevel@tonic-gate void *cbdata)
8967c478bd9Sstevel@tonic-gate {
8977c478bd9Sstevel@tonic-gate kmem_bufctl_audit_t bc;
8987c478bd9Sstevel@tonic-gate vmem_seg_t vs;
8997c478bd9Sstevel@tonic-gate
9007c478bd9Sstevel@tonic-gate switch (lkb->lkb_type) {
9017c478bd9Sstevel@tonic-gate case TYPE_VMEM:
9027c478bd9Sstevel@tonic-gate if (mdb_vread(&vs, sizeof (vs), lkb->lkb_addr) == -1) {
9037c478bd9Sstevel@tonic-gate mdb_warn("unable to read vmem_seg at %p",
9047c478bd9Sstevel@tonic-gate lkb->lkb_addr);
9057c478bd9Sstevel@tonic-gate return (WALK_NEXT);
9067c478bd9Sstevel@tonic-gate }
9077c478bd9Sstevel@tonic-gate return (cb(lkb->lkb_addr, &vs, cbdata));
9087c478bd9Sstevel@tonic-gate
9097c478bd9Sstevel@tonic-gate case TYPE_CACHE:
9107c478bd9Sstevel@tonic-gate return (cb(lkb->lkb_addr, NULL, cbdata));
9117c478bd9Sstevel@tonic-gate
9127c478bd9Sstevel@tonic-gate case TYPE_KMEM:
9137c478bd9Sstevel@tonic-gate if (mdb_vread(&bc, sizeof (bc), lkb->lkb_addr) == -1) {
9147c478bd9Sstevel@tonic-gate mdb_warn("unable to read bufctl at %p",
9157c478bd9Sstevel@tonic-gate lkb->lkb_addr);
9167c478bd9Sstevel@tonic-gate return (WALK_NEXT);
9177c478bd9Sstevel@tonic-gate }
9187c478bd9Sstevel@tonic-gate return (cb(lkb->lkb_addr, &bc, cbdata));
9197c478bd9Sstevel@tonic-gate default:
9207c478bd9Sstevel@tonic-gate return (WALK_NEXT);
9217c478bd9Sstevel@tonic-gate }
9227c478bd9Sstevel@tonic-gate }
923