kmemleak是内核提供的一种检测内存泄漏工具,它会启动一个内核线程扫描内存,并打印发现新的未引用对象数量。kmemleak有误报的可能性,但它给开发者提供了一个观察内存的路径和视角。
1. 使用
环境: Androd11平台,kernel4.19
1.1 打开config
要使用kmemleak功能,请在defconfig打开如下面的配置,最好使用menuconfig自己配置下
CONFIG_DEBUG_KMEMLEAK=y
CONFIG_DEBUG_KMEMLEAK_TEST=m由于我打开了CONFIG_DEBUG_KMEMLEAK_TEST=m,编译kernel时会自动编一个测试驱动,位置位于output/linux/mm/kmemleak-test.ko.
如果defconfig中打开了CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y,kmemleak会默认关闭,需要在内核启动的commandline中添加kmemleak=on,或者在defconfig中直接不要加这个config.
1.2 用法
1、挂载debugfs文件系统(如果未挂载)
mount -t debugfs nodev /sys/kernel/debug/2、开启内核自动检测线程
echo scan > /sys/kernel/debug/kmemleak3、查看打印信息
cat /sys/kernel/debug/kmemleak4、清除内核检测报告,新的内存泄露报告将重新写入/sys/kernel/debug/kmemleak
echo clear > /sys/kernel/debug/kmemleak内存扫描参数可以进行修改通过向/sys/kernel/debug/kmemleak 文件写入。 参数使用如下:
off 禁用kmemleak(不可逆)
stack=on 启用任务堆栈扫描(default)
stack=off 禁用任务堆栈扫描
scan=on 启动自动记忆扫描线程(default)
scan=off 停止自动记忆扫描线程
scan=<secs> 设置n秒内自动记忆扫描,默认600s
scan 开启内核扫描
clear 清除内存泄露报告
dump=<addr> 转存信息对象在<addr>通过“kmemleak = OFF”,也可以在启动时禁用Kmemleak在内核命令行。在初始化kmemleak之前,内存的分配或释放这些动作被存储在一个前期日志缓冲区。这个缓冲区的大小通过配CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE设置。
1.3 测试驱动
源码路径:linux_kernel/mm/kmemleak-test.c,源码如下
#define pr_fmt(fmt) "kmemleak: " fmt
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/slab.h>
#include <linux/vmalloc.h>
#include <linux/list.h>
#include <linux/percpu.h>
#include <linux/fdtable.h>
#include <linux/kmemleak.h>
struct test_node {
long header[25];
struct list_head list;
long footer[25];
};
static LIST_HEAD(test_list);
static DEFINE_PER_CPU(void *, kmemleak_test_pointer);
/*
* Some very simple testing. This function needs to be extended for
* proper testing.
*/
static int __init kmemleak_test_init(void)
{
struct test_node *elem;
int i;
pr_info("Kmemleak testing\n");
/* make some orphan objects */
pr_info("kmalloc(32) = %p\n", kmalloc(32, GFP_KERNEL));
pr_info("kmalloc(32) = %p\n", kmalloc(32, GFP_KERNEL));
pr_info("kmalloc(1024) = %p\n", kmalloc(1024, GFP_KERNEL));
pr_info("kmalloc(1024) = %p\n", kmalloc(1024, GFP_KERNEL));
pr_info("kmalloc(2048) = %p\n", kmalloc(2048, GFP_KERNEL));
pr_info("kmalloc(2048) = %p\n", kmalloc(2048, GFP_KERNEL));
pr_info("kmalloc(4096) = %p\n", kmalloc(4096, GFP_KERNEL));
pr_info("kmalloc(4096) = %p\n", kmalloc(4096, GFP_KERNEL));
#ifndef CONFIG_MODULES
pr_info("kmem_cache_alloc(files_cachep) = %p\n",
kmem_cache_alloc(files_cachep, GFP_KERNEL));
pr_info("kmem_cache_alloc(files_cachep) = %p\n",
kmem_cache_alloc(files_cachep, GFP_KERNEL));
#endif
pr_info("vmalloc(64) = %p\n", vmalloc(64));
pr_info("vmalloc(64) = %p\n", vmalloc(64));
pr_info("vmalloc(64) = %p\n", vmalloc(64));
pr_info("vmalloc(64) = %p\n", vmalloc(64));
pr_info("vmalloc(64) = %p\n", vmalloc(64));
/*
* Add elements to a list. They should only appear as orphan
* after the module is removed.
*/
for (i = 0; i < 10; i++) {
elem = kzalloc(sizeof(*elem), GFP_KERNEL);
pr_info("kzalloc(sizeof(*elem)) = %p\n", elem);
if (!elem)
return -ENOMEM;
INIT_LIST_HEAD(&elem->list);
list_add_tail(&elem->list, &test_list);
}
for_each_possible_cpu(i) {
per_cpu(kmemleak_test_pointer, i) = kmalloc(129, GFP_KERNEL);
pr_info("kmalloc(129) = %p\n",
per_cpu(kmemleak_test_pointer, i));
}
return 0;
}
module_init(kmemleak_test_init);
static void __exit kmemleak_test_exit(void)
{
struct test_node *elem, *tmp;
/*
* Remove the list elements without actually freeing the
* memory.
*/
list_for_each_entry_safe(elem, tmp, &test_list, list)
list_del(&elem->list);
}
module_exit(kmemleak_test_exit);
MODULE_LICENSE("GPL");把kmemleak-test.ko文件使用adb push到开发板。然后insmod kmemleak-test.ko.
console:/ # insmod vendor/kmemleak-test.ko
[ 96.993658] kmemleak: Kmemleak testing
[ 96.997615] kmemleak: kmalloc(32) = 00000000fb9abb51
[ 97.002693] kmemleak: kmalloc(32) = 0000000060c6a314
[ 97.007707] kmemleak: kmalloc(1024) = 00000000a108eab7
[ 97.013374] kmemleak: kmalloc(1024) = 000000008f94c530
[ 97.018697] kmemleak: kmalloc(2048) = 0000000025816114
[ 97.023882] kmemleak: kmalloc(2048) = 000000001a77a24a
[ 97.029067] kmemleak: kmalloc(4096) = 0000000061daaec3
[ 97.034312] kmemleak: kmalloc(4096) = 00000000e69f8dcb
[ 97.040508] kmemleak: vmalloc(64) = 00000000d5de7efc
[ 97.045630] kmemleak: vmalloc(64) = 000000002309b4b8
[ 97.050895] kmemleak: vmalloc(64) = 000000004458636b
[ 97.056037] kmemleak: vmalloc(64) = 0000000064c25f36
[ 97.061093] kmemleak: vmalloc(64) = 0000000056e55d73
[ 97.066174] kmemleak: kzalloc(sizeof(*elem)) = 000000009bb51824
[ 97.072202] kmemleak: kzalloc(sizeof(*elem)) = 00000000634fd38b
[ 97.078183] kmemleak: kzalloc(sizeof(*elem)) = 000000007a6a715d
[ 97.084224] kmemleak: kzalloc(sizeof(*elem)) = 000000007fb332cd
[ 97.090341] kmemleak: kzalloc(sizeof(*elem)) = 00000000f7986bfe
[ 97.098116] kmemleak: kzalloc(sizeof(*elem)) = 00000000622dff56
[ 97.104194] kmemleak: kzalloc(sizeof(*elem)) = 000000004b156af7
[ 97.110229] kmemleak: kzalloc(sizeof(*elem)) = 0000000013f1b828
[ 97.116247] kmemleak: kzalloc(sizeof(*elem)) = 00000000ac8bf86c
[ 97.122222] kmemleak: kzalloc(sizeof(*elem)) = 0000000015240058
[ 97.128240] kmemleak: kmalloc(129) = 00000000e7017353
[ 97.133349] kmemleak: kmalloc(129) = 00000000ba7abd3d
[ 97.138489] kmemleak: kmalloc(129) = 00000000224c9bf1
[ 97.143645] kmemleak: kmalloc(129) = 000000005f1f0a94
使用下面的命令开启内核自动检测线程echo scan > /sys/kernel/debug/kmemleak
然后使用cat /sys/kernel/debug/kmemleak命令查看打印信息,
console:/ # cat /sys/kernel/debug/kmemleak
console:/ # echo scan > /sys/kernel/debug/kmemleak
[ 6948.177431] kmemleak: 3 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
console:/ # cat /sys/kernel/debug/kmemleak
unreferenced object 0xffffff800a075000 (size 4096):
comm "insmod", pid 4232, jiffies 4296623932 (age 26.728s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000000c27f362>] __vmalloc_node_range+0x1a0/0x2c0
[<0000000082d1c28c>] vmalloc+0x8c/0xb0
[<00000000807cda68>] 0xffffff8000e491b0
[<00000000a9781cee>] do_one_initcall+0x5c/0x260
[<00000000abdd5e1f>] do_init_module+0x64/0x1ec
[<00000000a4fb186d>] load_module+0x1c7c/0x1ec0
[<00000000f06272a6>] __se_sys_finit_module+0xa0/0x100
[<00000000a2a2d4e6>] __arm64_sys_finit_module+0x24/0x30
[<0000000067f72428>] el0_svc_common.constprop.0+0x7c/0x198
[<000000002ad15fe6>] el0_svc_compat_handler+0x2c/0x38
[<00000000bc639d92>] el0_svc_compat+0x8/0x34
[<000000001101d87c>] 0xffffffffffffffff
unreferenced object 0xffffff800a07d000 (size 4096):
comm "insmod", pid 4232, jiffies 4296623934 (age 26.720s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000000c27f362>] __vmalloc_node_range+0x1a0/0x2c0
[<0000000082d1c28c>] vmalloc+0x8c/0xb0
[<00000000a06073c9>] 0xffffff8000e491c4
[<00000000a9781cee>] do_one_initcall+0x5c/0x260
[<00000000abdd5e1f>] do_init_module+0x64/0x1ec
[<00000000a4fb186d>] load_module+0x1c7c/0x1ec0
[<00000000f06272a6>] __se_sys_finit_module+0xa0/0x100
[<00000000a2a2d4e6>] __arm64_sys_finit_module+0x24/0x30
[<0000000067f72428>] el0_svc_common.constprop.0+0x7c/0x198
[<000000002ad15fe6>] el0_svc_compat_handler+0x2c/0x38
[<00000000bc639d92>] el0_svc_compat+0x8/0x34
[<000000001101d87c>] 0xffffffffffffffff
unreferenced object 0xffffff800a085000 (size 4096):
comm "insmod", pid 4232, jiffies 4296623936 (age 26.712s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000000c27f362>] __vmalloc_node_range+0x1a0/0x2c0
[<0000000082d1c28c>] vmalloc+0x8c/0xb0
[<000000008094e7a4>] 0xffffff8000e491d8
[<00000000a9781cee>] do_one_initcall+0x5c/0x260
[<00000000abdd5e1f>] do_init_module+0x64/0x1ec
[<00000000a4fb186d>] load_module+0x1c7c/0x1ec0
[<00000000f06272a6>] __se_sys_finit_module+0xa0/0x100
[<00000000a2a2d4e6>] __arm64_sys_finit_module+0x24/0x30
[<0000000067f72428>] el0_svc_common.constprop.0+0x7c/0x198
[<000000002ad15fe6>] el0_svc_compat_handler+0x2c/0x38
[<00000000bc639d92>] el0_svc_compat+0x8/0x34
[<000000001101d87c>] 0xffffffffffffffff
评论 (0)