linux-uek5-mm.patch

From 8f982699aac0a0054e73bd3cfb9b9b235d576e90 Mon Sep 17 00:00:00 2001
From: Dongli Zhang <dongli.zhang0129@gmail.com>
Date: Thu, 12 Mar 2020 13:25:12 -0700
Subject: [PATCH 1/1] linux uek5 mm

v4.14.35-1902.9.2

Signed-off-by: Dongli Zhang <dongli.zhang0129@gmail.com>
---
 mm/slub.c | 251 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 251 insertions(+)

diff --git a/mm/slub.c b/mm/slub.c
index 2bd5eb4c31bb..b2aa023df56b 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -116,6 +116,17 @@
  * 			the fast path and disables lockless freelists.
  */
 
+/*
+ * called by:
+ *   - mm/slub.c|130| <<fixup_red_left>> if (kmem_cache_debug(s) && s->flags & SLAB_RED_ZONE)
+ *   - mm/slub.c|139| <<kmem_cache_has_cpu_partial>> return !kmem_cache_debug(s);
+ *   - mm/slub.c|2099| <<deactivate_slab>> if (kmem_cache_debug(s) && !lock) {
+ *   - mm/slub.c|2596| <<___slab_alloc>> if (likely(!kmem_cache_debug(s) && pfmemalloc_match(page, gfpflags)))
+ *   - mm/slub.c|2600| <<___slab_alloc>> if (kmem_cache_debug(s) &&
+ *   - mm/slub.c|2809| <<__slab_free>> if (kmem_cache_debug(s) &&
+ *   - mm/slub.c|2884| <<__slab_free>> if (kmem_cache_debug(s))
+ *   - mm/slub.c|3842| <<__check_heap_object>> if (kmem_cache_debug(s) && s->flags & SLAB_RED_ZONE) {
+ */
 static inline int kmem_cache_debug(struct kmem_cache *s)
 {
 #ifdef CONFIG_SLUB_DEBUG
@@ -515,6 +526,16 @@ static inline void metadata_access_disable(void)
  */
 
 /* Verify that a pointer has an address that is valid within a slab page */
+/*
+ * called by:
+ *   - mm/slub.c|1002| <<check_object>> if (!check_valid_pointer(s, page, get_freepointer(s, p))) {
+ *   - mm/slub.c|1077| <<on_freelist>> if (!check_valid_pointer(s, page, fp)) {
+ *   - mm/slub.c|1219| <<alloc_consistency_checks>> if (!check_valid_pointer(s, page, object)) {
+ *   - mm/slub.c|1275| <<free_consistency_checks>> if (!check_valid_pointer(s, page, object)) {
+ *
+ * 查看object的地址是否在page的slab的范围内
+ * 如果在返回1, 否则返回0
+ */
 static inline int check_valid_pointer(struct kmem_cache *s,
 				struct page *page, void *object)
 {
@@ -633,6 +654,14 @@ static void print_page_info(struct page *page)
 
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|720| <<object_err>> slab_bug(s, "%s", reason);
+ *   - mm/slub.c|733| <<slab_err>> slab_bug(s, "%s", buf);
+ *   - mm/slub.c|778| <<check_bytes_and_report>> slab_bug(s, "%s overwritten", what);
+ *
+ * 就是打印error
+ */
 static void slab_bug(struct kmem_cache *s, char *fmt, ...)
 {
 	struct va_format vaf;
@@ -649,6 +678,17 @@ static void slab_bug(struct kmem_cache *s, char *fmt, ...)
 	va_end(args);
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|763| <<restore_bytes>> slab_fix(s, "Restoring 0x%p-0x%p=0x%x\n", from, to - 1, data);
+ *   - mm/slub.c|1017| <<on_freelist>> slab_fix(s, "Freelist cleared");
+ *   - mm/slub.c|1035| <<on_freelist>> slab_fix(s, "Number of objects adjusted.");
+ *   - mm/slub.c|1041| <<on_freelist>> slab_fix(s, "Object count adjusted.");
+ *   - mm/slub.c|1178| <<alloc_debug_processing>> slab_fix(s, "Marking all objects used");
+ *   - mm/slub.c|1274| <<free_debug_processing>> slab_fix(s, "Object at 0x%p not freed", object);
+ *
+ * 就是打印一行error
+ */
 static void slab_fix(struct kmem_cache *s, char *fmt, ...)
 {
 	struct va_format vaf;
@@ -661,6 +701,11 @@ static void slab_fix(struct kmem_cache *s, char *fmt, ...)
 	va_end(args);
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|758| <<object_err>> print_trailer(s, page, object);
+ *   - mm/slub.c|848| <<check_bytes_and_report>> print_trailer(s, page, object);
+ */
 static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p)
 {
 	unsigned int off;	/* Offset of last byte */
@@ -703,6 +748,14 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p)
 	dump_stack();
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|943| <<check_object>> object_err(s, page, p, "Freepointer corrupt");
+ *   - mm/slub.c|1010| <<on_freelist>> object_err(s, page, object,
+ *   - mm/slub.c|1141| <<alloc_consistency_checks>> object_err(s, page, object, "Freelist Pointer check fails");
+ *   - mm/slub.c|1198| <<free_consistency_checks>> object_err(s, page, object, "Object already free");
+ *   - mm/slub.c|1214| <<free_consistency_checks>> object_err(s, page, object,
+ */
 void object_err(struct kmem_cache *s, struct page *page,
 			u8 *object, char *reason)
 {
@@ -710,6 +763,20 @@ void object_err(struct kmem_cache *s, struct page *page,
 	print_trailer(s, page, object);
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|884| <<slab_pad_check>> slab_err(s, page, "Padding overwritten. 0x%p-0x%p", fault, end - 1);
+ *   - mm/slub.c|968| <<check_slab>> slab_err(s, page, "Not a valid slab page");
+ *   - mm/slub.c|974| <<check_slab>> slab_err(s, page, "objects %u > max %u",
+ *   - mm/slub.c|979| <<check_slab>> slab_err(s, page, "inuse %u > max %u",
+ *   - mm/slub.c|1014| <<on_freelist>> slab_err(s, page, "Freepointer corrupt");
+ *   - mm/slub.c|1032| <<on_freelist>> slab_err(s, page, "Wrong number of objects. Found %d but should be %d",
+ *   - mm/slub.c|1038| <<on_freelist>> slab_err(s, page, "Wrong object count. Counter is %d but counted were %d",
+ *   - mm/slub.c|1193| <<free_consistency_checks>> slab_err(s, page, "Invalid object pointer 0x%p", object);
+ *   - mm/slub.c|1207| <<free_consistency_checks>> slab_err(s, page, "Attempt to free object(0x%p) outside of slab",
+ *   - mm/slub.c|1268| <<free_debug_processing>> slab_err(s, page, "Bulk freelist count(%d) invalid(%d)\n",
+ *   - mm/slub.c|3704| <<list_slab_objects>> slab_err(s, page, text, s->name);
+ */
 static __printf(3, 4) void slab_err(struct kmem_cache *s, struct page *page,
 			const char *fmt, ...)
 {
@@ -740,6 +807,11 @@ static void init_object(struct kmem_cache *s, void *object, u8 val)
 		memset(p + s->object_size, val, s->inuse - s->object_size);
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|789| <<check_bytes_and_report>> restore_bytes(s, what, value, fault, end);
+ *   - mm/slub.c|887| <<slab_pad_check>> restore_bytes(s, "slab padding", POISON_INUSE, end - remainder, end);
+ */
 static void restore_bytes(struct kmem_cache *s, char *message, u8 data,
 						void *from, void *to)
 {
@@ -747,6 +819,17 @@ static void restore_bytes(struct kmem_cache *s, char *message, u8 data,
 	memset(from, data, to - from);
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|848| <<check_pad_bytes>> return check_bytes_and_report(s, page, p, "Object padding",
+ *   - mm/slub.c|906| <<check_object>> if (!check_bytes_and_report(s, page, object, "Redzone",
+ *   - mm/slub.c|910| <<check_object>> if (!check_bytes_and_report(s, page, object, "Redzone",
+ *   - mm/slub.c|915| <<check_object>> check_bytes_and_report(s, page, p, "Alignment padding",
+ *   - mm/slub.c|923| <<check_object>> (!check_bytes_and_report(s, page, p, "Poison", p,
+ *   - mm/slub.c|925| <<check_object>> !check_bytes_and_report(s, page, p, "Poison",
+ *
+ * 检查之后会恢复数据---> FIX FIX FIX !!!
+ */
 static int check_bytes_and_report(struct kmem_cache *s, struct page *page,
 			u8 *object, char *what,
 			u8 *start, unsigned int value, unsigned int bytes)
@@ -811,6 +894,13 @@ static int check_bytes_and_report(struct kmem_cache *s, struct page *page,
  * may be used with merged slabcaches.
  */
 
+/*
+ * called by:
+ *   - mm/slub.c|931| <<check_object>> check_pad_bytes(s, page, p);
+ *
+ * 这里是检查object最后(包括debug info)到最后之间的数据是否是POISON_INUSE
+ * 如果不是,恢复修改这些padding!!! ----> FIX FIX FIX!!!!
+ */
 static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p)
 {
 	unsigned long off = s->inuse;	/* The end of info */
@@ -828,11 +918,19 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p)
 	if (size_from_object(s) == off)
 		return 1;
 
+	/* 检查之后会恢复数据---> FIX FIX FIX !!! */
 	return check_bytes_and_report(s, page, p, "Object padding",
 			p + off, POISON_INUSE, size_from_object(s) - off);
 }
 
 /* Check the pad bytes at the end of a slab page */
+/*
+ * called by:
+ *   - mm/slub.c|965| <<check_slab>> slab_pad_check(s, page);
+ *   - mm/slub.c|1690| <<__free_slab>> slab_pad_check(s, page);
+ *
+ * 检测page所属的那一组page们的结尾部分是不是都是POISON_INUSE,不是的话修改过来
+ */
 static int slab_pad_check(struct kmem_cache *s, struct page *page)
 {
 	u8 *start;
@@ -862,10 +960,23 @@ static int slab_pad_check(struct kmem_cache *s, struct page *page)
 	slab_err(s, page, "Padding overwritten. 0x%p-0x%p", fault, end - 1);
 	print_section(KERN_ERR, "Padding ", end - remainder, remainder);
 
+	/*
+	 * called by:
+	 *   - mm/slub.c|789| <<check_bytes_and_report>> restore_bytes(s, what, value, fault, end);
+	 *   - mm/slub.c|887| <<slab_pad_check>> restore_bytes(s, "slab padding", POISON_INUSE, end - remainder, end);
+	 */
 	restore_bytes(s, "slab padding", POISON_INUSE, end - remainder, end);
 	return 0;
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|1121| <<alloc_consistency_checks>> if (!check_object(s, page, object, SLUB_RED_INACTIVE))
+ *   - mm/slub.c|1174| <<free_consistency_checks>> if (!check_object(s, page, object, SLUB_RED_ACTIVE))
+ *   - mm/slub.c|1693| <<__free_slab>> check_object(s, page, p, SLUB_RED_INACTIVE);
+ *   - mm/slub.c|4405| <<validate_slab>> if (!check_object(s, page, p, SLUB_RED_INACTIVE))
+ *   - mm/slub.c|4411| <<validate_slab>> if (!check_object(s, page, p, SLUB_RED_ACTIVE))
+ */
 static int check_object(struct kmem_cache *s, struct page *page,
 					void *object, u8 val)
 {
@@ -873,15 +984,18 @@ static int check_object(struct kmem_cache *s, struct page *page,
 	u8 *endobject = object + s->object_size;
 
 	if (s->flags & SLAB_RED_ZONE) {
+		/* 检查之后会恢复数据---> FIX FIX FIX !!! */
 		if (!check_bytes_and_report(s, page, object, "Redzone",
 			object - s->red_left_pad, val, s->red_left_pad))
 			return 0;
 
+		/* 检查之后会恢复数据---> FIX FIX FIX !!! */
 		if (!check_bytes_and_report(s, page, object, "Redzone",
 			endobject, val, s->inuse - s->object_size))
 			return 0;
 	} else {
 		if ((s->flags & SLAB_POISON) && s->object_size < s->inuse) {
+			/* 检查之后会恢复数据---> FIX FIX FIX !!! */
 			check_bytes_and_report(s, page, p, "Alignment padding",
 				endobject, POISON_INUSE,
 				s->inuse - s->object_size);
@@ -889,6 +1003,7 @@ static int check_object(struct kmem_cache *s, struct page *page,
 	}
 
 	if (s->flags & SLAB_POISON) {
+		/* 检查之后会恢复数据---> FIX FIX FIX !!! */
 		if (val != SLUB_RED_ACTIVE && (s->flags & __OBJECT_POISON) &&
 			(!check_bytes_and_report(s, page, p, "Poison", p,
 					POISON_FREE, s->object_size - 1) ||
@@ -898,6 +1013,10 @@ static int check_object(struct kmem_cache *s, struct page *page,
 		/*
 		 * check_pad_bytes cleans up on its own.
 		 */
+		/*
+		 * 这里是检查object最后(包括debug info)到最后之间的数据是否是POISON_INUSE
+		 * 如果不是,恢复修改这些padding!!! ----> FIX FIX FIX!!!!
+		 */
 		check_pad_bytes(s, page, p);
 	}
 
@@ -909,6 +1028,7 @@ static int check_object(struct kmem_cache *s, struct page *page,
 		return 1;
 
 	/* Check free pointer validity */
+	/* 检查之后会恢复数据---> FIX FIX FIX !!! */
 	if (!check_valid_pointer(s, page, get_freepointer(s, p))) {
 		object_err(s, page, p, "Freepointer corrupt");
 		/*
@@ -922,29 +1042,44 @@ static int check_object(struct kmem_cache *s, struct page *page,
 	return 1;
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|1107| <<alloc_consistency_checks>> if (!check_slab(s, page))
+ *   - mm/slub.c|1199| <<free_debug_processing>> if (!check_slab(s, page))
+ *   - mm/slub.c|4377| <<validate_slab>> if (!check_slab(s, page) ||
+ *
+ * 检查page是否是一个slab page, return 0
+ * 检查page中object的数目是否正确, return 0
+ * 检查page中object的数目是否正确, return 0
+ * 检测page所属的那一组page们的结尾部分是不是都是POISON_INUSE,不是的话修改过, return 1
+ */
 static int check_slab(struct kmem_cache *s, struct page *page)
 {
 	int maxobj;
 
 	VM_BUG_ON(!irqs_disabled());
 
+	/* 检查page是否是一个slab page */
 	if (!PageSlab(page)) {
 		slab_err(s, page, "Not a valid slab page");
 		return 0;
 	}
 
+	/* 检查page中object的数目是否正确 */
 	maxobj = order_objects(compound_order(page), s->size, s->reserved);
 	if (page->objects > maxobj) {
 		slab_err(s, page, "objects %u > max %u",
 			page->objects, maxobj);
 		return 0;
 	}
+	/* 检查page中object的数目是否正确 */
 	if (page->inuse > page->objects) {
 		slab_err(s, page, "inuse %u > max %u",
 			page->inuse, page->objects);
 		return 0;
 	}
 	/* Slab_pad_check fixes things up after itself */
+	/* 检测page所属的那一组page们的结尾部分是不是都是POISON_INUSE,不是的话修改过来 */
 	slab_pad_check(s, page);
 	return 1;
 }
@@ -953,6 +1088,16 @@ static int check_slab(struct kmem_cache *s, struct page *page)
  * Determine if a certain object on a page is on the freelist. Must hold the
  * slab lock to guarantee that the chains are in a consistent state.
  */
+/*
+ * called by:
+ *   - mm/slub.c|1188| <<free_consistency_checks>> if (on_freelist(s, page, object)) {
+ *   - mm/slub.c|4415| <<validate_slab>> !on_freelist(s, page, NULL))
+ *
+ * 1. 首先遍历page中所有的object, 如果发现要释放的, 则返回1报错
+ * 2. 遍历的过程中如果发现有freelist有问题, 把list直接截断,
+ *    或者把page->freelist直接设置成NULL ---> FIX FIX FIX !!!
+ * 3. 检查这组page的object的数目对不对, 不对修改过来 ---> FIX FIX FIX!
+ */
 static int on_freelist(struct kmem_cache *s, struct page *page, void *search)
 {
 	int nr = 0;
@@ -962,15 +1107,24 @@ static int on_freelist(struct kmem_cache *s, struct page *page, void *search)
 
 	fp = page->freelist;
 	while (fp && nr <= page->objects) {
+		/* 检查是不是double free */
 		if (fp == search)
 			return 1;
+		/*
+		 * 查看object的地址是否在page的slab的范围内
+		 * 如果在返回1, 否则返回0
+		 */
 		if (!check_valid_pointer(s, page, fp)) {
 			if (object) {
 				object_err(s, page, object,
 					"Freechain corrupt");
+				/* 让上一个object的freelist指向NULL */
 				set_freepointer(s, object, NULL);
 			} else {
 				slab_err(s, page, "Freepointer corrupt");
+				/*
+				 * page->freelist有问题, 把这个page踢出去
+				 */
 				page->freelist = NULL;
 				page->inuse = page->objects;
 				slab_fix(s, "Freelist cleared");
@@ -978,11 +1132,17 @@ static int on_freelist(struct kmem_cache *s, struct page *page, void *search)
 			}
 			break;
 		}
+		/*
+		 * object一开始是NULL, 用来记录上一个object
+		 */
 		object = fp;
 		fp = get_freepointer(s, object);
 		nr++;
 	}
 
+	/*
+	 * 下面检查这组page的object的数目对不对, 不对修改过来
+	 */
 	max_objects = order_objects(compound_order(page), s->size, s->reserved);
 	if (max_objects > MAX_OBJS_PER_PAGE)
 		max_objects = MAX_OBJS_PER_PAGE;
@@ -1089,14 +1249,31 @@ static void setup_object_debug(struct kmem_cache *s, struct page *page,
 	init_tracking(s, object);
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|1213| <<alloc_debug_processing>> if (!alloc_consistency_checks(s, page, object, addr))
+ *
+ * 我们总是希望alloc_consistency_checks()返回1
+ */
 static inline int alloc_consistency_checks(struct kmem_cache *s,
 					struct page *page,
 					void *object, unsigned long addr)
 {
+	/*
+	 * 检查page是否是一个slab page, return 0
+	 * 检查page中object的数目是否正确, return 0
+	 * 检查page中object的数目是否正确, return 0
+	 * 检测page所属的那一组page们的结尾部分是不是都是POISON_INUSE,不是的话修改过, return 1
+	 */
 	if (!check_slab(s, page))
 		return 0;
 
+	/*
+	 * 查看object的地址是否在page的slab的范围内
+	 * 如果在返回1, 否则返回0
+	 */
 	if (!check_valid_pointer(s, page, object)) {
+		/* object_err不会修复, 就是打印 */
 		object_err(s, page, object, "Freelist Pointer check fails");
 		return 0;
 	}
@@ -1107,6 +1284,13 @@ static inline int alloc_consistency_checks(struct kmem_cache *s,
 	return 1;
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|2612| <<___slab_alloc>> !alloc_debug_processing(s, page, freelist, addr))
+ *
+ * page是所输入的slab page
+ * object才是真正的地址
+ */
 static noinline int alloc_debug_processing(struct kmem_cache *s,
 					struct page *page,
 					void *object, unsigned long addr)
@@ -1124,6 +1308,7 @@ static noinline int alloc_debug_processing(struct kmem_cache *s,
 	return 1;
 
 bad:
+	/* FIX OR PANIC 的地方 */
 	if (PageSlab(page)) {
 		/*
 		 * If this is a slab page then lets do the best we can
@@ -1137,14 +1322,32 @@ static noinline int alloc_debug_processing(struct kmem_cache *s,
 	return 0;
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|1240| <<free_debug_processing>> if (!free_consistency_checks(s, page, object, addr))
+ */
 static inline int free_consistency_checks(struct kmem_cache *s,
 		struct page *page, void *object, unsigned long addr)
 {
+	/*
+	 * 查看object的地址是否在page的slab的范围内
+	 * 如果在返回1, 否则返回0
+	 */
 	if (!check_valid_pointer(s, page, object)) {
 		slab_err(s, page, "Invalid object pointer 0x%p", object);
 		return 0;
 	}
 
+	/*
+	 * called by:
+	 *   - mm/slub.c|1188| <<free_consistency_checks>> if (on_freelist(s, page, object)) {
+	 *   - mm/slub.c|4415| <<validate_slab>> !on_freelist(s, page, NULL))
+	 *
+	 * 1. 首先遍历page中所有的object, 如果发现要释放的, 则返回1报错
+	 * 2. 遍历的过程中如果发现有freelist有问题, 把list直接截断,
+	 *    或者把page->freelist直接设置成NULL ---> FIX FIX FIX !!!
+	 * 3. 检查这组page的object的数目对不对, 不对修改过来 ---> FIX FIX FIX!
+	 */
 	if (on_freelist(s, page, object)) {
 		object_err(s, page, object, "Object already free");
 		return 0;
@@ -1170,6 +1373,10 @@ static inline int free_consistency_checks(struct kmem_cache *s,
 }
 
 /* Supports checking bulk free of a constructed freelist */
+/*
+ * called by:
+ *   - mm/slub.c|2821| <<__slab_free>> !free_debug_processing(s, page, head, tail, cnt, addr))
+ */
 static noinline int free_debug_processing(
 	struct kmem_cache *s, struct page *page,
 	void *head, void *tail, int bulk_cnt,
@@ -1185,6 +1392,12 @@ static noinline int free_debug_processing(
 	slab_lock(page);
 
 	if (s->flags & SLAB_CONSISTENCY_CHECKS) {
+		/*
+		 * 检查page是否是一个slab page, return 0
+		 * 检查page中object的数目是否正确, return 0
+		 * 检查page中object的数目是否正确, return 0
+		 * 检测page所属的那一组page们的结尾部分是不是都是POISON_INUSE,不是的话修改过, return 1
+		 */
 		if (!check_slab(s, page))
 			goto out;
 	}
@@ -1193,6 +1406,9 @@ static noinline int free_debug_processing(
 	cnt++;
 
 	if (s->flags & SLAB_CONSISTENCY_CHECKS) {
+		/*
+		 * 这是唯一调用的地方
+		 */
 		if (!free_consistency_checks(s, page, object, addr))
 			goto out;
 	}
@@ -1208,6 +1424,7 @@ static noinline int free_debug_processing(
 		object = get_freepointer(s, object);
 		goto next_object;
 	}
+	/* 只有过了这里ret才变成1 */
 	ret = 1;
 
 out:
@@ -2421,6 +2638,10 @@ slab_out_of_memory(struct kmem_cache *s, gfp_t gfpflags, int nid)
 #endif
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|2699| <<___slab_alloc>> freelist = new_slab_objects(s, gfpflags, node, &c);
+ */
 static inline void *new_slab_objects(struct kmem_cache *s, gfp_t flags,
 			int node, struct kmem_cache_cpu **pc)
 {
@@ -2961,6 +3182,13 @@ static __always_inline void do_slab_free(struct kmem_cache *s,
 
 }
 
+/*
+ * 如果是kmem_cache_free()来的:
+ * page = virt_to_head_page(x)
+ * head = x
+ * tail = NULL
+ * cnt = 1
+ */
 static __always_inline void slab_free(struct kmem_cache *s, struct page *page,
 				      void *head, void *tail, int cnt,
 				      unsigned long addr)
@@ -4357,6 +4585,10 @@ static int count_total(struct page *page)
 #endif
 
 #ifdef CONFIG_SLUB_DEBUG
+/*
+ * called by:
+ *   - mm/slub.c|4402| <<validate_slab_slab>> validate_slab(s, page, map);
+ */
 static int validate_slab(struct kmem_cache *s, struct page *page,
 						unsigned long *map)
 {
@@ -4384,6 +4616,11 @@ static int validate_slab(struct kmem_cache *s, struct page *page,
 	return 1;
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|4416| <<validate_slab_node>> validate_slab_slab(s, page, map);
+ *   - mm/slub.c|4427| <<validate_slab_node>> validate_slab_slab(s, page, map);
+ */
 static void validate_slab_slab(struct kmem_cache *s, struct page *page,
 						unsigned long *map)
 {
@@ -4392,6 +4629,10 @@ static void validate_slab_slab(struct kmem_cache *s, struct page *page,
 	slab_unlock(page);
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|4452| <<validate_slab_cache>> count += validate_slab_node(s, n, map);
+ */
 static int validate_slab_node(struct kmem_cache *s,
 		struct kmem_cache_node *n, unsigned long *map)
 {
@@ -4425,6 +4666,16 @@ static int validate_slab_node(struct kmem_cache *s,
 	return count;
 }
 
+/*
+ * called by:
+ *   - mm/slub.c|4699| <<resiliency_test>> validate_slab_cache(kmalloc_caches[4]);
+ *   - mm/slub.c|4708| <<resiliency_test>> validate_slab_cache(kmalloc_caches[5]);
+ *   - mm/slub.c|4715| <<resiliency_test>> validate_slab_cache(kmalloc_caches[6]);
+ *   - mm/slub.c|4722| <<resiliency_test>> validate_slab_cache(kmalloc_caches[7]);
+ *   - mm/slub.c|4728| <<resiliency_test>> validate_slab_cache(kmalloc_caches[8]);
+ *   - mm/slub.c|4734| <<resiliency_test>> validate_slab_cache(kmalloc_caches[9]);
+ *   - mm/slub.c|5238| <<validate_store>> ret = validate_slab_cache(s);
+ */
 static long validate_slab_cache(struct kmem_cache *s)
 {
 	int node;
-- 
2.17.1