diff options
Diffstat (limited to 'lib/stackdepot.c')
| -rw-r--r-- | lib/stackdepot.c | 523 | 
1 files changed, 340 insertions, 183 deletions
| diff --git a/lib/stackdepot.c b/lib/stackdepot.c index a0be5d05c7f0..4a7055a63d9f 100644 --- a/lib/stackdepot.c +++ b/lib/stackdepot.c @@ -14,6 +14,7 @@  #define pr_fmt(fmt) "stackdepot: " fmt +#include <linux/debugfs.h>  #include <linux/gfp.h>  #include <linux/jhash.h>  #include <linux/kernel.h> @@ -21,8 +22,10 @@  #include <linux/list.h>  #include <linux/mm.h>  #include <linux/mutex.h> -#include <linux/percpu.h> +#include <linux/poison.h>  #include <linux/printk.h> +#include <linux/rculist.h> +#include <linux/rcupdate.h>  #include <linux/refcount.h>  #include <linux/slab.h>  #include <linux/spinlock.h> @@ -41,17 +44,7 @@  #define DEPOT_OFFSET_BITS (DEPOT_POOL_ORDER + PAGE_SHIFT - DEPOT_STACK_ALIGN)  #define DEPOT_POOL_INDEX_BITS (DEPOT_HANDLE_BITS - DEPOT_OFFSET_BITS - \  			       STACK_DEPOT_EXTRA_BITS) -#if IS_ENABLED(CONFIG_KMSAN) && CONFIG_STACKDEPOT_MAX_FRAMES >= 32 -/* - * KMSAN is frequently used in fuzzing scenarios and thus saves a lot of stack - * traces. As KMSAN does not support evicting stack traces from the stack - * depot, the stack depot capacity might be reached quickly with large stack - * records. Adjust the maximum number of stack depot pools for this case. - */ -#define DEPOT_POOLS_CAP (8192 * (CONFIG_STACKDEPOT_MAX_FRAMES / 16)) -#else  #define DEPOT_POOLS_CAP 8192 -#endif  #define DEPOT_MAX_POOLS \  	(((1LL << (DEPOT_POOL_INDEX_BITS)) < DEPOT_POOLS_CAP) ? \  	 (1LL << (DEPOT_POOL_INDEX_BITS)) : DEPOT_POOLS_CAP) @@ -67,17 +60,30 @@ union handle_parts {  };  struct stack_record { -	struct list_head list;		/* Links in hash table or freelist */ +	struct list_head hash_list;	/* Links in the hash table */  	u32 hash;			/* Hash in hash table */  	u32 size;			/* Number of stored frames */ -	union handle_parts handle; +	union handle_parts handle;	/* Constant after initialization */  	refcount_t count; -	unsigned long entries[CONFIG_STACKDEPOT_MAX_FRAMES];	/* Frames */ +	union { +		unsigned long entries[CONFIG_STACKDEPOT_MAX_FRAMES];	/* Frames */ +		struct { +			/* +			 * An important invariant of the implementation is to +			 * only place a stack record onto the freelist iff its +			 * refcount is zero. Because stack records with a zero +			 * refcount are never considered as valid, it is safe to +			 * union @entries and freelist management state below. +			 * Conversely, as soon as an entry is off the freelist +			 * and its refcount becomes non-zero, the below must not +			 * be accessed until being placed back on the freelist. +			 */ +			struct list_head free_list;	/* Links in the freelist */ +			unsigned long rcu_state;	/* RCU cookie */ +		}; +	};  }; -#define DEPOT_STACK_RECORD_SIZE \ -	ALIGN(sizeof(struct stack_record), 1 << DEPOT_STACK_ALIGN) -  static bool stack_depot_disabled;  static bool __stack_depot_early_init_requested __initdata = IS_ENABLED(CONFIG_STACKDEPOT_ALWAYS_INIT);  static bool __stack_depot_early_init_passed __initdata; @@ -103,17 +109,33 @@ static void *stack_pools[DEPOT_MAX_POOLS];  static void *new_pool;  /* Number of pools in stack_pools. */  static int pools_num; +/* Offset to the unused space in the currently used pool. */ +static size_t pool_offset = DEPOT_POOL_SIZE;  /* Freelist of stack records within stack_pools. */  static LIST_HEAD(free_stacks); -/* - * Stack depot tries to keep an extra pool allocated even before it runs out - * of space in the currently used pool. This flag marks whether this extra pool - * needs to be allocated. It has the value 0 when either an extra pool is not - * yet allocated or if the limit on the number of pools is reached. - */ -static bool new_pool_required = true; -/* Lock that protects the variables above. */ -static DEFINE_RWLOCK(pool_rwlock); +/* The lock must be held when performing pool or freelist modifications. */ +static DEFINE_RAW_SPINLOCK(pool_lock); + +/* Statistics counters for debugfs. */ +enum depot_counter_id { +	DEPOT_COUNTER_REFD_ALLOCS, +	DEPOT_COUNTER_REFD_FREES, +	DEPOT_COUNTER_REFD_INUSE, +	DEPOT_COUNTER_FREELIST_SIZE, +	DEPOT_COUNTER_PERSIST_COUNT, +	DEPOT_COUNTER_PERSIST_BYTES, +	DEPOT_COUNTER_COUNT, +}; +static long counters[DEPOT_COUNTER_COUNT]; +static const char *const counter_names[] = { +	[DEPOT_COUNTER_REFD_ALLOCS]	= "refcounted_allocations", +	[DEPOT_COUNTER_REFD_FREES]	= "refcounted_frees", +	[DEPOT_COUNTER_REFD_INUSE]	= "refcounted_in_use", +	[DEPOT_COUNTER_FREELIST_SIZE]	= "freelist_size", +	[DEPOT_COUNTER_PERSIST_COUNT]	= "persistent_count", +	[DEPOT_COUNTER_PERSIST_BYTES]	= "persistent_bytes", +}; +static_assert(ARRAY_SIZE(counter_names) == DEPOT_COUNTER_COUNT);  static int __init disable_stack_depot(char *str)  { @@ -258,174 +280,273 @@ out_unlock:  }  EXPORT_SYMBOL_GPL(stack_depot_init); -/* Initializes a stack depol pool. */ -static void depot_init_pool(void *pool) +/* + * Initializes new stack pool, and updates the list of pools. + */ +static bool depot_init_pool(void **prealloc)  { -	int offset; +	lockdep_assert_held(&pool_lock); -	lockdep_assert_held_write(&pool_rwlock); +	if (unlikely(pools_num >= DEPOT_MAX_POOLS)) { +		/* Bail out if we reached the pool limit. */ +		WARN_ON_ONCE(pools_num > DEPOT_MAX_POOLS); /* should never happen */ +		WARN_ON_ONCE(!new_pool); /* to avoid unnecessary pre-allocation */ +		WARN_ONCE(1, "Stack depot reached limit capacity"); +		return false; +	} -	WARN_ON(!list_empty(&free_stacks)); +	if (!new_pool && *prealloc) { +		/* We have preallocated memory, use it. */ +		WRITE_ONCE(new_pool, *prealloc); +		*prealloc = NULL; +	} -	/* Initialize handles and link stack records into the freelist. */ -	for (offset = 0; offset <= DEPOT_POOL_SIZE - DEPOT_STACK_RECORD_SIZE; -	     offset += DEPOT_STACK_RECORD_SIZE) { -		struct stack_record *stack = pool + offset; +	if (!new_pool) +		return false; /* new_pool and *prealloc are NULL */ -		stack->handle.pool_index = pools_num; -		stack->handle.offset = offset >> DEPOT_STACK_ALIGN; -		stack->handle.extra = 0; +	/* Save reference to the pool to be used by depot_fetch_stack(). */ +	stack_pools[pools_num] = new_pool; -		list_add(&stack->list, &free_stacks); -	} +	/* +	 * Stack depot tries to keep an extra pool allocated even before it runs +	 * out of space in the currently used pool. +	 * +	 * To indicate that a new preallocation is needed new_pool is reset to +	 * NULL; do not reset to NULL if we have reached the maximum number of +	 * pools. +	 */ +	if (pools_num < DEPOT_MAX_POOLS) +		WRITE_ONCE(new_pool, NULL); +	else +		WRITE_ONCE(new_pool, STACK_DEPOT_POISON); -	/* Save reference to the pool to be used by depot_fetch_stack(). */ -	stack_pools[pools_num] = pool; -	pools_num++; +	/* Pairs with concurrent READ_ONCE() in depot_fetch_stack(). */ +	WRITE_ONCE(pools_num, pools_num + 1); +	ASSERT_EXCLUSIVE_WRITER(pools_num); + +	pool_offset = 0; + +	return true;  }  /* Keeps the preallocated memory to be used for a new stack depot pool. */  static void depot_keep_new_pool(void **prealloc)  { -	lockdep_assert_held_write(&pool_rwlock); +	lockdep_assert_held(&pool_lock);  	/*  	 * If a new pool is already saved or the maximum number of  	 * pools is reached, do not use the preallocated memory.  	 */ -	if (!new_pool_required) +	if (new_pool)  		return; -	/* -	 * Use the preallocated memory for the new pool -	 * as long as we do not exceed the maximum number of pools. -	 */ -	if (pools_num < DEPOT_MAX_POOLS) { -		new_pool = *prealloc; -		*prealloc = NULL; +	WRITE_ONCE(new_pool, *prealloc); +	*prealloc = NULL; +} + +/* + * Try to initialize a new stack record from the current pool, a cached pool, or + * the current pre-allocation. + */ +static struct stack_record *depot_pop_free_pool(void **prealloc, size_t size) +{ +	struct stack_record *stack; +	void *current_pool; +	u32 pool_index; + +	lockdep_assert_held(&pool_lock); + +	if (pool_offset + size > DEPOT_POOL_SIZE) { +		if (!depot_init_pool(prealloc)) +			return NULL;  	} -	/* -	 * At this point, either a new pool is kept or the maximum -	 * number of pools is reached. In either case, take note that -	 * keeping another pool is not required. -	 */ -	new_pool_required = false; +	if (WARN_ON_ONCE(pools_num < 1)) +		return NULL; +	pool_index = pools_num - 1; +	current_pool = stack_pools[pool_index]; +	if (WARN_ON_ONCE(!current_pool)) +		return NULL; + +	stack = current_pool + pool_offset; + +	/* Pre-initialize handle once. */ +	stack->handle.pool_index = pool_index; +	stack->handle.offset = pool_offset >> DEPOT_STACK_ALIGN; +	stack->handle.extra = 0; +	INIT_LIST_HEAD(&stack->hash_list); + +	pool_offset += size; + +	return stack;  } -/* Updates references to the current and the next stack depot pools. */ -static bool depot_update_pools(void **prealloc) +/* Try to find next free usable entry from the freelist. */ +static struct stack_record *depot_pop_free(void)  { -	lockdep_assert_held_write(&pool_rwlock); +	struct stack_record *stack; -	/* Check if we still have objects in the freelist. */ -	if (!list_empty(&free_stacks)) -		goto out_keep_prealloc; +	lockdep_assert_held(&pool_lock); -	/* Check if we have a new pool saved and use it. */ -	if (new_pool) { -		depot_init_pool(new_pool); -		new_pool = NULL; +	if (list_empty(&free_stacks)) +		return NULL; -		/* Take note that we might need a new new_pool. */ -		if (pools_num < DEPOT_MAX_POOLS) -			new_pool_required = true; +	/* +	 * We maintain the invariant that the elements in front are least +	 * recently used, and are therefore more likely to be associated with an +	 * RCU grace period in the past. Consequently it is sufficient to only +	 * check the first entry. +	 */ +	stack = list_first_entry(&free_stacks, struct stack_record, free_list); +	if (!poll_state_synchronize_rcu(stack->rcu_state)) +		return NULL; -		/* Try keeping the preallocated memory for new_pool. */ -		goto out_keep_prealloc; -	} +	list_del(&stack->free_list); +	counters[DEPOT_COUNTER_FREELIST_SIZE]--; -	/* Bail out if we reached the pool limit. */ -	if (unlikely(pools_num >= DEPOT_MAX_POOLS)) { -		WARN_ONCE(1, "Stack depot reached limit capacity"); -		return false; -	} +	return stack; +} -	/* Check if we have preallocated memory and use it. */ -	if (*prealloc) { -		depot_init_pool(*prealloc); -		*prealloc = NULL; -		return true; -	} +static inline size_t depot_stack_record_size(struct stack_record *s, unsigned int nr_entries) +{ +	const size_t used = flex_array_size(s, entries, nr_entries); +	const size_t unused = sizeof(s->entries) - used; -	return false; +	WARN_ON_ONCE(sizeof(s->entries) < used); -out_keep_prealloc: -	/* Keep the preallocated memory for a new pool if required. */ -	if (*prealloc) -		depot_keep_new_pool(prealloc); -	return true; +	return ALIGN(sizeof(struct stack_record) - unused, 1 << DEPOT_STACK_ALIGN);  }  /* Allocates a new stack in a stack depot pool. */  static struct stack_record * -depot_alloc_stack(unsigned long *entries, int size, u32 hash, void **prealloc) +depot_alloc_stack(unsigned long *entries, unsigned int nr_entries, u32 hash, depot_flags_t flags, void **prealloc)  { -	struct stack_record *stack; +	struct stack_record *stack = NULL; +	size_t record_size; -	lockdep_assert_held_write(&pool_rwlock); +	lockdep_assert_held(&pool_lock); -	/* Update current and new pools if required and possible. */ -	if (!depot_update_pools(prealloc)) +	/* This should already be checked by public API entry points. */ +	if (WARN_ON_ONCE(!nr_entries))  		return NULL; -	/* Check if we have a stack record to save the stack trace. */ -	if (list_empty(&free_stacks)) -		return NULL; +	/* Limit number of saved frames to CONFIG_STACKDEPOT_MAX_FRAMES. */ +	if (nr_entries > CONFIG_STACKDEPOT_MAX_FRAMES) +		nr_entries = CONFIG_STACKDEPOT_MAX_FRAMES; -	/* Get and unlink the first entry from the freelist. */ -	stack = list_first_entry(&free_stacks, struct stack_record, list); -	list_del(&stack->list); +	if (flags & STACK_DEPOT_FLAG_GET) { +		/* +		 * Evictable entries have to allocate the max. size so they may +		 * safely be re-used by differently sized allocations. +		 */ +		record_size = depot_stack_record_size(stack, CONFIG_STACKDEPOT_MAX_FRAMES); +		stack = depot_pop_free(); +	} else { +		record_size = depot_stack_record_size(stack, nr_entries); +	} -	/* Limit number of saved frames to CONFIG_STACKDEPOT_MAX_FRAMES. */ -	if (size > CONFIG_STACKDEPOT_MAX_FRAMES) -		size = CONFIG_STACKDEPOT_MAX_FRAMES; +	if (!stack) { +		stack = depot_pop_free_pool(prealloc, record_size); +		if (!stack) +			return NULL; +	}  	/* Save the stack trace. */  	stack->hash = hash; -	stack->size = size; -	/* stack->handle is already filled in by depot_init_pool(). */ -	refcount_set(&stack->count, 1); -	memcpy(stack->entries, entries, flex_array_size(stack, entries, size)); +	stack->size = nr_entries; +	/* stack->handle is already filled in by depot_pop_free_pool(). */ +	memcpy(stack->entries, entries, flex_array_size(stack, entries, nr_entries)); + +	if (flags & STACK_DEPOT_FLAG_GET) { +		refcount_set(&stack->count, 1); +		counters[DEPOT_COUNTER_REFD_ALLOCS]++; +		counters[DEPOT_COUNTER_REFD_INUSE]++; +	} else { +		/* Warn on attempts to switch to refcounting this entry. */ +		refcount_set(&stack->count, REFCOUNT_SATURATED); +		counters[DEPOT_COUNTER_PERSIST_COUNT]++; +		counters[DEPOT_COUNTER_PERSIST_BYTES] += record_size; +	}  	/*  	 * Let KMSAN know the stored stack record is initialized. This shall  	 * prevent false positive reports if instrumented code accesses it.  	 */ -	kmsan_unpoison_memory(stack, DEPOT_STACK_RECORD_SIZE); +	kmsan_unpoison_memory(stack, record_size);  	return stack;  }  static struct stack_record *depot_fetch_stack(depot_stack_handle_t handle)  { +	const int pools_num_cached = READ_ONCE(pools_num);  	union handle_parts parts = { .handle = handle };  	void *pool;  	size_t offset = parts.offset << DEPOT_STACK_ALIGN;  	struct stack_record *stack; -	lockdep_assert_held(&pool_rwlock); +	lockdep_assert_not_held(&pool_lock); -	if (parts.pool_index > pools_num) { +	if (parts.pool_index > pools_num_cached) {  		WARN(1, "pool index %d out of bounds (%d) for stack id %08x\n", -		     parts.pool_index, pools_num, handle); +		     parts.pool_index, pools_num_cached, handle);  		return NULL;  	}  	pool = stack_pools[parts.pool_index]; -	if (!pool) +	if (WARN_ON(!pool))  		return NULL;  	stack = pool + offset; +	if (WARN_ON(!refcount_read(&stack->count))) +		return NULL; +  	return stack;  }  /* Links stack into the freelist. */  static void depot_free_stack(struct stack_record *stack)  { -	lockdep_assert_held_write(&pool_rwlock); +	unsigned long flags; + +	lockdep_assert_not_held(&pool_lock); + +	raw_spin_lock_irqsave(&pool_lock, flags); +	printk_deferred_enter(); + +	/* +	 * Remove the entry from the hash list. Concurrent list traversal may +	 * still observe the entry, but since the refcount is zero, this entry +	 * will no longer be considered as valid. +	 */ +	list_del_rcu(&stack->hash_list); -	list_add(&stack->list, &free_stacks); +	/* +	 * Due to being used from constrained contexts such as the allocators, +	 * NMI, or even RCU itself, stack depot cannot rely on primitives that +	 * would sleep (such as synchronize_rcu()) or recursively call into +	 * stack depot again (such as call_rcu()). +	 * +	 * Instead, get an RCU cookie, so that we can ensure this entry isn't +	 * moved onto another list until the next grace period, and concurrent +	 * RCU list traversal remains safe. +	 */ +	stack->rcu_state = get_state_synchronize_rcu(); + +	/* +	 * Add the entry to the freelist tail, so that older entries are +	 * considered first - their RCU cookie is more likely to no longer be +	 * associated with the current grace period. +	 */ +	list_add_tail(&stack->free_list, &free_stacks); + +	counters[DEPOT_COUNTER_FREELIST_SIZE]++; +	counters[DEPOT_COUNTER_REFD_FREES]++; +	counters[DEPOT_COUNTER_REFD_INUSE]--; + +	printk_deferred_exit(); +	raw_spin_unlock_irqrestore(&pool_lock, flags);  }  /* Calculates the hash for a stack. */ @@ -453,22 +574,52 @@ int stackdepot_memcmp(const unsigned long *u1, const unsigned long *u2,  /* Finds a stack in a bucket of the hash table. */  static inline struct stack_record *find_stack(struct list_head *bucket, -					     unsigned long *entries, int size, -					     u32 hash) +					      unsigned long *entries, int size, +					      u32 hash, depot_flags_t flags)  { -	struct list_head *pos; -	struct stack_record *found; +	struct stack_record *stack, *ret = NULL; -	lockdep_assert_held(&pool_rwlock); +	/* +	 * Stack depot may be used from instrumentation that instruments RCU or +	 * tracing itself; use variant that does not call into RCU and cannot be +	 * traced. +	 * +	 * Note: Such use cases must take care when using refcounting to evict +	 * unused entries, because the stack record free-then-reuse code paths +	 * do call into RCU. +	 */ +	rcu_read_lock_sched_notrace(); + +	list_for_each_entry_rcu(stack, bucket, hash_list) { +		if (stack->hash != hash || stack->size != size) +			continue; + +		/* +		 * This may race with depot_free_stack() accessing the freelist +		 * management state unioned with @entries. The refcount is zero +		 * in that case and the below refcount_inc_not_zero() will fail. +		 */ +		if (data_race(stackdepot_memcmp(entries, stack->entries, size))) +			continue; + +		/* +		 * Try to increment refcount. If this succeeds, the stack record +		 * is valid and has not yet been freed. +		 * +		 * If STACK_DEPOT_FLAG_GET is not used, it is undefined behavior +		 * to then call stack_depot_put() later, and we can assume that +		 * a stack record is never placed back on the freelist. +		 */ +		if ((flags & STACK_DEPOT_FLAG_GET) && !refcount_inc_not_zero(&stack->count)) +			continue; -	list_for_each(pos, bucket) { -		found = list_entry(pos, struct stack_record, list); -		if (found->hash == hash && -		    found->size == size && -		    !stackdepot_memcmp(entries, found->entries, size)) -			return found; +		ret = stack; +		break;  	} -	return NULL; + +	rcu_read_unlock_sched_notrace(); + +	return ret;  }  depot_stack_handle_t stack_depot_save_flags(unsigned long *entries, @@ -482,7 +633,6 @@ depot_stack_handle_t stack_depot_save_flags(unsigned long *entries,  	struct page *page = NULL;  	void *prealloc = NULL;  	bool can_alloc = depot_flags & STACK_DEPOT_FLAG_CAN_ALLOC; -	bool need_alloc = false;  	unsigned long flags;  	u32 hash; @@ -505,31 +655,16 @@ depot_stack_handle_t stack_depot_save_flags(unsigned long *entries,  	hash = hash_stack(entries, nr_entries);  	bucket = &stack_table[hash & stack_hash_mask]; -	read_lock_irqsave(&pool_rwlock, flags); -	printk_deferred_enter(); - -	/* Fast path: look the stack trace up without full locking. */ -	found = find_stack(bucket, entries, nr_entries, hash); -	if (found) { -		if (depot_flags & STACK_DEPOT_FLAG_GET) -			refcount_inc(&found->count); -		printk_deferred_exit(); -		read_unlock_irqrestore(&pool_rwlock, flags); +	/* Fast path: look the stack trace up without locking. */ +	found = find_stack(bucket, entries, nr_entries, hash, depot_flags); +	if (found)  		goto exit; -	} - -	/* Take note if another stack pool needs to be allocated. */ -	if (new_pool_required) -		need_alloc = true; - -	printk_deferred_exit(); -	read_unlock_irqrestore(&pool_rwlock, flags);  	/*  	 * Allocate memory for a new pool if required now:  	 * we won't be able to do that under the lock.  	 */ -	if (unlikely(can_alloc && need_alloc)) { +	if (unlikely(can_alloc && !READ_ONCE(new_pool))) {  		/*  		 * Zero out zone modifiers, as we don't have specific zone  		 * requirements. Keep the flags related to allocation in atomic @@ -543,31 +678,36 @@ depot_stack_handle_t stack_depot_save_flags(unsigned long *entries,  			prealloc = page_address(page);  	} -	write_lock_irqsave(&pool_rwlock, flags); +	raw_spin_lock_irqsave(&pool_lock, flags);  	printk_deferred_enter(); -	found = find_stack(bucket, entries, nr_entries, hash); +	/* Try to find again, to avoid concurrently inserting duplicates. */ +	found = find_stack(bucket, entries, nr_entries, hash, depot_flags);  	if (!found) {  		struct stack_record *new = -			depot_alloc_stack(entries, nr_entries, hash, &prealloc); +			depot_alloc_stack(entries, nr_entries, hash, depot_flags, &prealloc);  		if (new) { -			list_add(&new->list, bucket); +			/* +			 * This releases the stack record into the bucket and +			 * makes it visible to readers in find_stack(). +			 */ +			list_add_rcu(&new->hash_list, bucket);  			found = new;  		} -	} else { -		if (depot_flags & STACK_DEPOT_FLAG_GET) -			refcount_inc(&found->count); +	} + +	if (prealloc) {  		/* -		 * Stack depot already contains this stack trace, but let's -		 * keep the preallocated memory for future. +		 * Either stack depot already contains this stack trace, or +		 * depot_alloc_stack() did not consume the preallocated memory. +		 * Try to keep the preallocated memory for future.  		 */ -		if (prealloc) -			depot_keep_new_pool(&prealloc); +		depot_keep_new_pool(&prealloc);  	}  	printk_deferred_exit(); -	write_unlock_irqrestore(&pool_rwlock, flags); +	raw_spin_unlock_irqrestore(&pool_lock, flags);  exit:  	if (prealloc) {  		/* Stack depot didn't use this memory, free it. */ @@ -592,7 +732,6 @@ unsigned int stack_depot_fetch(depot_stack_handle_t handle,  			       unsigned long **entries)  {  	struct stack_record *stack; -	unsigned long flags;  	*entries = NULL;  	/* @@ -604,13 +743,13 @@ unsigned int stack_depot_fetch(depot_stack_handle_t handle,  	if (!handle || stack_depot_disabled)  		return 0; -	read_lock_irqsave(&pool_rwlock, flags); -	printk_deferred_enter(); -  	stack = depot_fetch_stack(handle); - -	printk_deferred_exit(); -	read_unlock_irqrestore(&pool_rwlock, flags); +	/* +	 * Should never be NULL, otherwise this is a use-after-put (or just a +	 * corrupt handle). +	 */ +	if (WARN(!stack, "corrupt handle or use after stack_depot_put()")) +		return 0;  	*entries = stack->entries;  	return stack->size; @@ -620,29 +759,20 @@ EXPORT_SYMBOL_GPL(stack_depot_fetch);  void stack_depot_put(depot_stack_handle_t handle)  {  	struct stack_record *stack; -	unsigned long flags;  	if (!handle || stack_depot_disabled)  		return; -	write_lock_irqsave(&pool_rwlock, flags); -	printk_deferred_enter(); -  	stack = depot_fetch_stack(handle); -	if (WARN_ON(!stack)) -		goto out; - -	if (refcount_dec_and_test(&stack->count)) { -		/* Unlink stack from the hash table. */ -		list_del(&stack->list); +	/* +	 * Should always be able to find the stack record, otherwise this is an +	 * unbalanced put attempt (or corrupt handle). +	 */ +	if (WARN(!stack, "corrupt handle or unbalanced stack_depot_put()")) +		return; -		/* Free stack. */ +	if (refcount_dec_and_test(&stack->count))  		depot_free_stack(stack); -	} - -out: -	printk_deferred_exit(); -	write_unlock_irqrestore(&pool_rwlock, flags);  }  EXPORT_SYMBOL_GPL(stack_depot_put); @@ -690,3 +820,30 @@ unsigned int stack_depot_get_extra_bits(depot_stack_handle_t handle)  	return parts.extra;  }  EXPORT_SYMBOL(stack_depot_get_extra_bits); + +static int stats_show(struct seq_file *seq, void *v) +{ +	/* +	 * data race ok: These are just statistics counters, and approximate +	 * statistics are ok for debugging. +	 */ +	seq_printf(seq, "pools: %d\n", data_race(pools_num)); +	for (int i = 0; i < DEPOT_COUNTER_COUNT; i++) +		seq_printf(seq, "%s: %ld\n", counter_names[i], data_race(counters[i])); + +	return 0; +} +DEFINE_SHOW_ATTRIBUTE(stats); + +static int depot_debugfs_init(void) +{ +	struct dentry *dir; + +	if (stack_depot_disabled) +		return 0; + +	dir = debugfs_create_dir("stackdepot", NULL); +	debugfs_create_file("stats", 0444, dir, NULL, &stats_fops); +	return 0; +} +late_initcall(depot_debugfs_init); | 
