I've noticed that there is no interfaces exposed by CMA which would let me
fuzz what's going on in there.
This small patch set exposes some information out to userspace, plus adds
the ability to trigger allocation and freeing from userspace.
Changes from v4:
- Inform user if he has attempted to free a partial block when the page
order != 0.
Changes from v3:
- Minor build fix, sent incorrect patch for v3
Changes from v2:
- Keep allocated memory lists per-cma
- Don't allow partial free with non-zero order_per_bit
- Use 0 alignment
Changes from v1:
- Make allocation and free hooks per-cma.
- Remove additional debug prints.
Sasha Levin (3):
mm: cma: debugfs interface
mm: cma: allocation trigger
mm: cma: release trigger
mm/Kconfig | 6 ++
mm/Makefile | 1 +
mm/cma.c | 25 ++++-----
mm/cma.h | 24 ++++++++
mm/cma_debug.c | 170 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 211 insertions(+), 15 deletions(-)
create mode 100644 mm/cma.h
create mode 100644 mm/cma_debug.c
--
1.7.10.4
Implement a simple debugfs interface to expose information about CMA areas
in the system.
Useful for testing/sanity checks for CMA since it was impossible to previously
retrieve this information in userspace.
Signed-off-by: Sasha Levin <[email protected]>
---
mm/Kconfig | 6 ++++++
mm/Makefile | 1 +
mm/cma.c | 19 ++++--------------
mm/cma.h | 20 +++++++++++++++++++
mm/cma_debug.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 92 insertions(+), 15 deletions(-)
create mode 100644 mm/cma.h
create mode 100644 mm/cma_debug.c
diff --git a/mm/Kconfig b/mm/Kconfig
index a03131b..390214d 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -517,6 +517,12 @@ config CMA_DEBUG
processing calls such as dma_alloc_from_contiguous().
This option does not affect warning and error messages.
+config CMA_DEBUGFS
+ bool "CMA debugfs interface"
+ depends on CMA && DEBUG_FS
+ help
+ Turns on the DebugFS interface for CMA.
+
config CMA_AREAS
int "Maximum count of the CMA areas"
depends on CMA
diff --git a/mm/Makefile b/mm/Makefile
index 3c1caa2..51052ba 100644
--- a/mm/Makefile
+++ b/mm/Makefile
@@ -76,3 +76,4 @@ obj-$(CONFIG_GENERIC_EARLY_IOREMAP) += early_ioremap.o
obj-$(CONFIG_CMA) += cma.o
obj-$(CONFIG_MEMORY_BALLOON) += balloon_compaction.o
obj-$(CONFIG_PAGE_EXTENSION) += page_ext.o
+obj-$(CONFIG_CMA_DEBUGFS) += cma_debug.o
diff --git a/mm/cma.c b/mm/cma.c
index 75016fd..e093b53 100644
--- a/mm/cma.c
+++ b/mm/cma.c
@@ -35,16 +35,10 @@
#include <linux/highmem.h>
#include <linux/io.h>
-struct cma {
- unsigned long base_pfn;
- unsigned long count;
- unsigned long *bitmap;
- unsigned int order_per_bit; /* Order of pages represented by one bit */
- struct mutex lock;
-};
-
-static struct cma cma_areas[MAX_CMA_AREAS];
-static unsigned cma_area_count;
+#include "cma.h"
+
+struct cma cma_areas[MAX_CMA_AREAS];
+unsigned cma_area_count;
static DEFINE_MUTEX(cma_mutex);
phys_addr_t cma_get_base(struct cma *cma)
@@ -75,11 +69,6 @@ static unsigned long cma_bitmap_aligned_offset(struct cma *cma, int align_order)
(cma->base_pfn >> cma->order_per_bit);
}
-static unsigned long cma_bitmap_maxno(struct cma *cma)
-{
- return cma->count >> cma->order_per_bit;
-}
-
static unsigned long cma_bitmap_pages_to_bits(struct cma *cma,
unsigned long pages)
{
diff --git a/mm/cma.h b/mm/cma.h
new file mode 100644
index 0000000..4141887
--- /dev/null
+++ b/mm/cma.h
@@ -0,0 +1,20 @@
+#ifndef __MM_CMA_H__
+#define __MM_CMA_H__
+
+struct cma {
+ unsigned long base_pfn;
+ unsigned long count;
+ unsigned long *bitmap;
+ unsigned int order_per_bit; /* Order of pages represented by one bit */
+ struct mutex lock;
+};
+
+extern struct cma cma_areas[MAX_CMA_AREAS];
+extern unsigned cma_area_count;
+
+static unsigned long cma_bitmap_maxno(struct cma *cma)
+{
+ return cma->count >> cma->order_per_bit;
+}
+
+#endif
diff --git a/mm/cma_debug.c b/mm/cma_debug.c
new file mode 100644
index 0000000..3a25413
--- /dev/null
+++ b/mm/cma_debug.c
@@ -0,0 +1,61 @@
+/*
+ * CMA DebugFS Interface
+ *
+ * Copyright (c) 2015 Sasha Levin <[email protected]>
+ */
+
+
+#include <linux/debugfs.h>
+#include <linux/cma.h>
+
+#include "cma.h"
+
+static struct dentry *cma_debugfs_root;
+
+static int cma_debugfs_get(void *data, u64 *val)
+{
+ unsigned long *p = data;
+
+ *val = *p;
+
+ return 0;
+}
+
+DEFINE_SIMPLE_ATTRIBUTE(cma_debugfs_fops, cma_debugfs_get, NULL, "%llu\n");
+
+static void cma_debugfs_add_one(struct cma *cma, int idx)
+{
+ struct dentry *tmp;
+ char name[16];
+ int u32s;
+
+ sprintf(name, "cma-%d", idx);
+
+ tmp = debugfs_create_dir(name, cma_debugfs_root);
+
+ debugfs_create_file("base_pfn", S_IRUGO, tmp,
+ &cma->base_pfn, &cma_debugfs_fops);
+ debugfs_create_file("count", S_IRUGO, tmp,
+ &cma->count, &cma_debugfs_fops);
+ debugfs_create_file("order_per_bit", S_IRUGO, tmp,
+ &cma->order_per_bit, &cma_debugfs_fops);
+
+ u32s = DIV_ROUND_UP(cma_bitmap_maxno(cma), BITS_PER_BYTE * sizeof(u32));
+ debugfs_create_u32_array("bitmap", S_IRUGO, tmp, (u32*)cma->bitmap, u32s);
+}
+
+static int __init cma_debugfs_init(void)
+{
+ int i;
+
+ cma_debugfs_root = debugfs_create_dir("cma", NULL);
+ if (!cma_debugfs_root)
+ return -ENOMEM;
+
+ for (i = 0; i < cma_area_count; i++)
+ cma_debugfs_add_one(&cma_areas[i], i);
+
+ return 0;
+}
+late_initcall(cma_debugfs_init);
+
--
1.7.10.4
Provides a userspace interface to trigger a CMA allocation.
Usage:
echo [pages] > alloc
This would provide testing/fuzzing access to the CMA allocation paths.
Signed-off-by: Sasha Levin <[email protected]>
---
mm/cma.c | 6 ++++++
mm/cma.h | 4 ++++
mm/cma_debug.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
3 files changed, 64 insertions(+), 2 deletions(-)
diff --git a/mm/cma.c b/mm/cma.c
index e093b53..9e3d44a 100644
--- a/mm/cma.c
+++ b/mm/cma.c
@@ -121,6 +121,12 @@ static int __init cma_activate_area(struct cma *cma)
} while (--i);
mutex_init(&cma->lock);
+
+#ifdef CONFIG_CMA_DEBUGFS
+ INIT_HLIST_HEAD(&cma->mem_head);
+ spin_lock_init(&cma->mem_head_lock);
+#endif
+
return 0;
err:
diff --git a/mm/cma.h b/mm/cma.h
index 4141887..1132d73 100644
--- a/mm/cma.h
+++ b/mm/cma.h
@@ -7,6 +7,10 @@ struct cma {
unsigned long *bitmap;
unsigned int order_per_bit; /* Order of pages represented by one bit */
struct mutex lock;
+#ifdef CONFIG_CMA_DEBUGFS
+ struct hlist_head mem_head;
+ spinlock_t mem_head_lock;
+#endif
};
extern struct cma cma_areas[MAX_CMA_AREAS];
diff --git a/mm/cma_debug.c b/mm/cma_debug.c
index 3a25413..5bd6863 100644
--- a/mm/cma_debug.c
+++ b/mm/cma_debug.c
@@ -7,9 +7,18 @@
#include <linux/debugfs.h>
#include <linux/cma.h>
+#include <linux/list.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
#include "cma.h"
+struct cma_mem {
+ struct hlist_node node;
+ struct page *p;
+ unsigned long n;
+};
+
static struct dentry *cma_debugfs_root;
static int cma_debugfs_get(void *data, u64 *val)
@@ -23,8 +32,48 @@ static int cma_debugfs_get(void *data, u64 *val)
DEFINE_SIMPLE_ATTRIBUTE(cma_debugfs_fops, cma_debugfs_get, NULL, "%llu\n");
-static void cma_debugfs_add_one(struct cma *cma, int idx)
+static void cma_add_to_cma_mem_list(struct cma *cma, struct cma_mem *mem)
+{
+ spin_lock(&cma->mem_head_lock);
+ hlist_add_head(&mem->node, &cma->mem_head);
+ spin_unlock(&cma->mem_head_lock);
+}
+
+static int cma_alloc_mem(struct cma *cma, int count)
+{
+ struct cma_mem *mem;
+ struct page *p;
+
+ mem = kzalloc(sizeof(*mem), GFP_KERNEL);
+ if (!mem)
+ return -ENOMEM;
+
+ p = cma_alloc(cma, count, CONFIG_CMA_ALIGNMENT);
+ if (!p) {
+ kfree(mem);
+ return -ENOMEM;
+ }
+
+ mem->p = p;
+ mem->n = count;
+
+ cma_add_to_cma_mem_list(cma, mem);
+
+ return 0;
+}
+
+static int cma_alloc_write(void *data, u64 val)
{
+ int pages = val;
+ struct cma *cma = data;
+
+ return cma_alloc_mem(cma, pages);
+}
+
+DEFINE_SIMPLE_ATTRIBUTE(cma_alloc_fops, NULL, cma_alloc_write, "%llu\n");
+
+static void cma_debugfs_add_one(struct cma *cma, int idx)
+{
struct dentry *tmp;
char name[16];
int u32s;
@@ -33,12 +82,15 @@ static void cma_debugfs_add_one(struct cma *cma, int idx)
tmp = debugfs_create_dir(name, cma_debugfs_root);
+ debugfs_create_file("alloc", S_IWUSR, cma_debugfs_root, cma,
+ &cma_alloc_fops);
+
debugfs_create_file("base_pfn", S_IRUGO, tmp,
&cma->base_pfn, &cma_debugfs_fops);
debugfs_create_file("count", S_IRUGO, tmp,
&cma->count, &cma_debugfs_fops);
debugfs_create_file("order_per_bit", S_IRUGO, tmp,
- &cma->order_per_bit, &cma_debugfs_fops);
+ &cma->order_per_bit, &cma_debugfs_fops);
u32s = DIV_ROUND_UP(cma_bitmap_maxno(cma), BITS_PER_BYTE * sizeof(u32));
debugfs_create_u32_array("bitmap", S_IRUGO, tmp, (u32*)cma->bitmap, u32s);
--
1.7.10.4
Provides a userspace interface to trigger a CMA release.
Usage:
echo [pages] > free
This would provide testing/fuzzing access to the CMA release paths.
Signed-off-by: Sasha Levin <[email protected]>
---
mm/cma_debug.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 57 insertions(+)
diff --git a/mm/cma_debug.c b/mm/cma_debug.c
index 5bd6863..6f0b976 100644
--- a/mm/cma_debug.c
+++ b/mm/cma_debug.c
@@ -39,6 +39,60 @@ static void cma_add_to_cma_mem_list(struct cma *cma, struct cma_mem *mem)
spin_unlock(&cma->mem_head_lock);
}
+static struct cma_mem *cma_get_entry_from_list(struct cma *cma)
+{
+ struct cma_mem *mem = NULL;
+
+ spin_lock(&cma->mem_head_lock);
+ if (!hlist_empty(&cma->mem_head)) {
+ mem = hlist_entry(cma->mem_head.first, struct cma_mem, node);
+ hlist_del_init(&mem->node);
+ }
+ spin_unlock(&cma->mem_head_lock);
+
+ return mem;
+}
+
+static int cma_free_mem(struct cma *cma, int count)
+{
+ struct cma_mem *mem = NULL;
+
+ while (count) {
+ mem = cma_get_entry_from_list(cma);
+ if (mem == NULL)
+ return 0;
+
+ if (mem->n <= count) {
+ cma_release(cma, mem->p, mem->n);
+ count -= mem->n;
+ kfree(mem);
+ } else if (cma->order_per_bit == 0) {
+ cma_release(cma, mem->p, count);
+ mem->p += count;
+ mem->n -= count;
+ count = 0;
+ cma_add_to_cma_mem_list(cma, mem);
+ } else {
+ pr_debug("cma: cannot release partial block when order_per_bit != 0\n");
+ cma_add_to_cma_mem_list(cma, mem);
+ break;
+ }
+ }
+
+ return 0;
+
+}
+
+static int cma_free_write(void *data, u64 val)
+{
+ int pages = val;
+ struct cma *cma = data;
+
+ return cma_free_mem(cma, pages);
+}
+
+DEFINE_SIMPLE_ATTRIBUTE(cma_free_fops, NULL, cma_free_write, "%llu\n");
+
static int cma_alloc_mem(struct cma *cma, int count)
{
struct cma_mem *mem;
@@ -85,6 +139,9 @@ static void cma_debugfs_add_one(struct cma *cma, int idx)
debugfs_create_file("alloc", S_IWUSR, cma_debugfs_root, cma,
&cma_alloc_fops);
+ debugfs_create_file("free", S_IWUSR, cma_debugfs_root, cma,
+ &cma_free_fops);
+
debugfs_create_file("base_pfn", S_IRUGO, tmp,
&cma->base_pfn, &cma_debugfs_fops);
debugfs_create_file("count", S_IRUGO, tmp,
--
1.7.10.4
On Thu, Feb 12, 2015 at 05:26:46PM -0500, Sasha Levin wrote:
> Implement a simple debugfs interface to expose information about CMA areas
> in the system.
>
> Useful for testing/sanity checks for CMA since it was impossible to previously
> retrieve this information in userspace.
>
> Signed-off-by: Sasha Levin <[email protected]>
Acked-by: Joonsoo Kim <[email protected]>
Thanks.
On Thu, Feb 12, 2015 at 05:26:47PM -0500, Sasha Levin wrote:
> Provides a userspace interface to trigger a CMA allocation.
>
> Usage:
>
> echo [pages] > alloc
>
> This would provide testing/fuzzing access to the CMA allocation paths.
>
> Signed-off-by: Sasha Levin <[email protected]>
> ---
> mm/cma.c | 6 ++++++
> mm/cma.h | 4 ++++
> mm/cma_debug.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
> 3 files changed, 64 insertions(+), 2 deletions(-)
>
> diff --git a/mm/cma.c b/mm/cma.c
> index e093b53..9e3d44a 100644
> --- a/mm/cma.c
> +++ b/mm/cma.c
> @@ -121,6 +121,12 @@ static int __init cma_activate_area(struct cma *cma)
> } while (--i);
>
> mutex_init(&cma->lock);
> +
> +#ifdef CONFIG_CMA_DEBUGFS
> + INIT_HLIST_HEAD(&cma->mem_head);
> + spin_lock_init(&cma->mem_head_lock);
> +#endif
> +
> return 0;
>
> err:
> diff --git a/mm/cma.h b/mm/cma.h
> index 4141887..1132d73 100644
> --- a/mm/cma.h
> +++ b/mm/cma.h
> @@ -7,6 +7,10 @@ struct cma {
> unsigned long *bitmap;
> unsigned int order_per_bit; /* Order of pages represented by one bit */
> struct mutex lock;
> +#ifdef CONFIG_CMA_DEBUGFS
> + struct hlist_head mem_head;
> + spinlock_t mem_head_lock;
> +#endif
> };
>
> extern struct cma cma_areas[MAX_CMA_AREAS];
> diff --git a/mm/cma_debug.c b/mm/cma_debug.c
> index 3a25413..5bd6863 100644
> --- a/mm/cma_debug.c
> +++ b/mm/cma_debug.c
> @@ -7,9 +7,18 @@
>
> #include <linux/debugfs.h>
> #include <linux/cma.h>
> +#include <linux/list.h>
> +#include <linux/kernel.h>
> +#include <linux/slab.h>
>
> #include "cma.h"
>
> +struct cma_mem {
> + struct hlist_node node;
> + struct page *p;
> + unsigned long n;
> +};
> +
> static struct dentry *cma_debugfs_root;
>
> static int cma_debugfs_get(void *data, u64 *val)
> @@ -23,8 +32,48 @@ static int cma_debugfs_get(void *data, u64 *val)
>
> DEFINE_SIMPLE_ATTRIBUTE(cma_debugfs_fops, cma_debugfs_get, NULL, "%llu\n");
>
> -static void cma_debugfs_add_one(struct cma *cma, int idx)
> +static void cma_add_to_cma_mem_list(struct cma *cma, struct cma_mem *mem)
> +{
> + spin_lock(&cma->mem_head_lock);
> + hlist_add_head(&mem->node, &cma->mem_head);
> + spin_unlock(&cma->mem_head_lock);
> +}
> +
> +static int cma_alloc_mem(struct cma *cma, int count)
> +{
> + struct cma_mem *mem;
> + struct page *p;
> +
> + mem = kzalloc(sizeof(*mem), GFP_KERNEL);
> + if (!mem)
> + return -ENOMEM;
> +
> + p = cma_alloc(cma, count, CONFIG_CMA_ALIGNMENT);
Alignment is resurrected. Please change it to 0.
Other than that,
Acked-by: Joonsoo Kim <[email protected]>
Thanks.
On Thu, Feb 12, 2015 at 05:26:48PM -0500, Sasha Levin wrote:
> Provides a userspace interface to trigger a CMA release.
>
> Usage:
>
> echo [pages] > free
>
> This would provide testing/fuzzing access to the CMA release paths.
>
> Signed-off-by: Sasha Levin <[email protected]>
Acked-by: Joonsoo Kim <[email protected]>
On Thu, 12 Feb 2015 17:26:46 -0500 Sasha Levin <[email protected]> wrote:
> Implement a simple debugfs interface to expose information about CMA areas
> in the system.
I'm not seeing any description of the proposed interface in changelog,
code comments or documentation.
- What files and directories are created? Something like
/debug/cma/cma-NN, where NN represents... what?
- What are the debugfs file permissions?
- Example output along with any needed explanation?
Hi,
On 13/02/15 01:26, Sasha Levin wrote:
> Provides a userspace interface to trigger a CMA allocation.
>
> Usage:
>
> echo [pages] > alloc
>
> This would provide testing/fuzzing access to the CMA allocation paths.
>
> Signed-off-by: Sasha Levin <[email protected]>
> ---
> mm/cma.c | 6 ++++++
> mm/cma.h | 4 ++++
> mm/cma_debug.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
> 3 files changed, 64 insertions(+), 2 deletions(-)
>
> diff --git a/mm/cma_debug.c b/mm/cma_debug.c
> index 3a25413..5bd6863 100644
> --- a/mm/cma_debug.c
> +++ b/mm/cma_debug.c
> @@ -23,8 +32,48 @@ static int cma_debugfs_get(void *data, u64 *val)
>
> DEFINE_SIMPLE_ATTRIBUTE(cma_debugfs_fops, cma_debugfs_get, NULL, "%llu\n");
>
> -static void cma_debugfs_add_one(struct cma *cma, int idx)
> +static void cma_add_to_cma_mem_list(struct cma *cma, struct cma_mem *mem)
> +{
> + spin_lock(&cma->mem_head_lock);
> + hlist_add_head(&mem->node, &cma->mem_head);
> + spin_unlock(&cma->mem_head_lock);
> +}
> +
> +static int cma_alloc_mem(struct cma *cma, int count)
> +{
> + struct cma_mem *mem;
> + struct page *p;
> +
> + mem = kzalloc(sizeof(*mem), GFP_KERNEL);
> + if (!mem)
> + return -ENOMEM;
> +
> + p = cma_alloc(cma, count, CONFIG_CMA_ALIGNMENT);
If CONFIG_DMA_CMA (and therefore CONFIG_CMA_ALIGNMENT) isn't configured
then building fails.
> mm/cma_debug.c: In function ‘cma_alloc_mem’:
> mm/cma_debug.c:223:28: error: ‘CONFIG_CMA_ALIGNMENT’ undeclared (first use in this function)
> p = cma_alloc(cma, count, CONFIG_CMA_ALIGNMENT);
> ^
Also, could you please fix the whitespace errors in your patches?
Stefan, Andrew,
I ended up cherry-picking and older patch here by mistake. Joonsoo pointed
it out but I didn't have time to address it yet since I'm travelling and
they got pulled in to mmotm in the meanwhile.
I'll send out patches to add documentation and fix the issues raised here
early next week. Sorry for the delay and the noise.
Thanks,
Sasha
On 02/19/2015 12:38 PM, Stefan Strogin wrote:
> Hi,
>
> On 13/02/15 01:26, Sasha Levin wrote:
>> Provides a userspace interface to trigger a CMA allocation.
>>
>> Usage:
>>
>> echo [pages] > alloc
>>
>> This would provide testing/fuzzing access to the CMA allocation paths.
>>
>> Signed-off-by: Sasha Levin <[email protected]>
>> ---
>> mm/cma.c | 6 ++++++
>> mm/cma.h | 4 ++++
>> mm/cma_debug.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
>> 3 files changed, 64 insertions(+), 2 deletions(-)
>>
>> diff --git a/mm/cma_debug.c b/mm/cma_debug.c
>> index 3a25413..5bd6863 100644
>> --- a/mm/cma_debug.c
>> +++ b/mm/cma_debug.c
>> @@ -23,8 +32,48 @@ static int cma_debugfs_get(void *data, u64 *val)
>>
>> DEFINE_SIMPLE_ATTRIBUTE(cma_debugfs_fops, cma_debugfs_get, NULL, "%llu\n");
>>
>> -static void cma_debugfs_add_one(struct cma *cma, int idx)
>> +static void cma_add_to_cma_mem_list(struct cma *cma, struct cma_mem *mem)
>> +{
>> + spin_lock(&cma->mem_head_lock);
>> + hlist_add_head(&mem->node, &cma->mem_head);
>> + spin_unlock(&cma->mem_head_lock);
>> +}
>> +
>> +static int cma_alloc_mem(struct cma *cma, int count)
>> +{
>> + struct cma_mem *mem;
>> + struct page *p;
>> +
>> + mem = kzalloc(sizeof(*mem), GFP_KERNEL);
>> + if (!mem)
>> + return -ENOMEM;
>> +
>> + p = cma_alloc(cma, count, CONFIG_CMA_ALIGNMENT);
>
> If CONFIG_DMA_CMA (and therefore CONFIG_CMA_ALIGNMENT) isn't configured
> then building fails.
>> mm/cma_debug.c: In function ‘cma_alloc_mem’:
>> mm/cma_debug.c:223:28: error: ‘CONFIG_CMA_ALIGNMENT’ undeclared (first use in this function)
>> p = cma_alloc(cma, count, CONFIG_CMA_ALIGNMENT);
>> ^
>
> Also, could you please fix the whitespace errors in your patches?
>