2 * SLUB: A slab allocator that limits cache line use instead of queuing
3 * objects in per cpu and per node lists.
5 * The allocator synchronizes using per slab locks and only
6 * uses a centralized lock to manage a pool of partial slabs.
8 * (C) 2007 SGI, Christoph Lameter <clameter@sgi.com>
12 #include <linux/module.h>
13 #include <linux/bit_spinlock.h>
14 #include <linux/interrupt.h>
15 #include <linux/bitops.h>
16 #include <linux/slab.h>
17 #include <linux/seq_file.h>
18 #include <linux/cpu.h>
19 #include <linux/cpuset.h>
20 #include <linux/mempolicy.h>
21 #include <linux/ctype.h>
22 #include <linux/kallsyms.h>
29 * The slab_lock protects operations on the object of a particular
30 * slab and its metadata in the page struct. If the slab lock
31 * has been taken then no allocations nor frees can be performed
32 * on the objects in the slab nor can the slab be added or removed
33 * from the partial or full lists since this would mean modifying
34 * the page_struct of the slab.
36 * The list_lock protects the partial and full list on each node and
37 * the partial slab counter. If taken then no new slabs may be added or
38 * removed from the lists nor make the number of partial slabs be modified.
39 * (Note that the total number of slabs is an atomic value that may be
40 * modified without taking the list lock).
42 * The list_lock is a centralized lock and thus we avoid taking it as
43 * much as possible. As long as SLUB does not have to handle partial
44 * slabs, operations can continue without any centralized lock. F.e.
45 * allocating a long series of objects that fill up slabs does not require
48 * The lock order is sometimes inverted when we are trying to get a slab
49 * off a list. We take the list_lock and then look for a page on the list
50 * to use. While we do that objects in the slabs may be freed. We can
51 * only operate on the slab if we have also taken the slab_lock. So we use
52 * a slab_trylock() on the slab. If trylock was successful then no frees
53 * can occur anymore and we can use the slab for allocations etc. If the
54 * slab_trylock() does not succeed then frees are in progress in the slab and
55 * we must stay away from it for a while since we may cause a bouncing
56 * cacheline if we try to acquire the lock. So go onto the next slab.
57 * If all pages are busy then we may allocate a new slab instead of reusing
58 * a partial slab. A new slab has noone operating on it and thus there is
59 * no danger of cacheline contention.
61 * Interrupts are disabled during allocation and deallocation in order to
62 * make the slab allocator safe to use in the context of an irq. In addition
63 * interrupts are disabled to ensure that the processor does not change
64 * while handling per_cpu slabs, due to kernel preemption.
66 * SLUB assigns one slab for allocation to each processor.
67 * Allocations only occur from these slabs called cpu slabs.
69 * Slabs with free elements are kept on a partial list and during regular
70 * operations no list for full slabs is used. If an object in a full slab is
71 * freed then the slab will show up again on the partial lists.
72 * We track full slabs for debugging purposes though because otherwise we
73 * cannot scan all objects.
75 * Slabs are freed when they become empty. Teardown and setup is
76 * minimal so we rely on the page allocators per cpu caches for
77 * fast frees and allocs.
79 * Overloading of page flags that are otherwise used for LRU management.
81 * PageActive The slab is frozen and exempt from list processing.
82 * This means that the slab is dedicated to a purpose
83 * such as satisfying allocations for a specific
84 * processor. Objects may be freed in the slab while
85 * it is frozen but slab_free will then skip the usual
86 * list operations. It is up to the processor holding
87 * the slab to integrate the slab into the slab lists
88 * when the slab is no longer needed.
90 * One use of this flag is to mark slabs that are
91 * used for allocations. Then such a slab becomes a cpu
92 * slab. The cpu slab may be equipped with an additional
93 * lockless_freelist that allows lockless access to
94 * free objects in addition to the regular freelist
95 * that requires the slab lock.
97 * PageError Slab requires special handling due to debug
98 * options set. This moves slab handling out of
99 * the fast path and disables lockless freelists.
102 #define FROZEN (1 << PG_active)
104 #ifdef CONFIG_SLUB_DEBUG
105 #define SLABDEBUG (1 << PG_error)
110 static inline int SlabFrozen(struct page
*page
)
112 return page
->flags
& FROZEN
;
115 static inline void SetSlabFrozen(struct page
*page
)
117 page
->flags
|= FROZEN
;
120 static inline void ClearSlabFrozen(struct page
*page
)
122 page
->flags
&= ~FROZEN
;
125 static inline int SlabDebug(struct page
*page
)
127 return page
->flags
& SLABDEBUG
;
130 static inline void SetSlabDebug(struct page
*page
)
132 page
->flags
|= SLABDEBUG
;
135 static inline void ClearSlabDebug(struct page
*page
)
137 page
->flags
&= ~SLABDEBUG
;
141 * Issues still to be resolved:
143 * - The per cpu array is updated for each new slab and and is a remote
144 * cacheline for most nodes. This could become a bouncing cacheline given
145 * enough frequent updates. There are 16 pointers in a cacheline, so at
146 * max 16 cpus could compete for the cacheline which may be okay.
148 * - Support PAGE_ALLOC_DEBUG. Should be easy to do.
150 * - Variable sizing of the per node arrays
153 /* Enable to test recovery from slab corruption on boot */
154 #undef SLUB_RESILIENCY_TEST
159 * Small page size. Make sure that we do not fragment memory
161 #define DEFAULT_MAX_ORDER 1
162 #define DEFAULT_MIN_OBJECTS 4
167 * Large page machines are customarily able to handle larger
170 #define DEFAULT_MAX_ORDER 2
171 #define DEFAULT_MIN_OBJECTS 8
176 * Mininum number of partial slabs. These will be left on the partial
177 * lists even if they are empty. kmem_cache_shrink may reclaim them.
179 #define MIN_PARTIAL 2
182 * Maximum number of desirable partial slabs.
183 * The existence of more partial slabs makes kmem_cache_shrink
184 * sort the partial list by the number of objects in the.
186 #define MAX_PARTIAL 10
188 #define DEBUG_DEFAULT_FLAGS (SLAB_DEBUG_FREE | SLAB_RED_ZONE | \
189 SLAB_POISON | SLAB_STORE_USER)
192 * Set of flags that will prevent slab merging
194 #define SLUB_NEVER_MERGE (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \
195 SLAB_TRACE | SLAB_DESTROY_BY_RCU)
197 #define SLUB_MERGE_SAME (SLAB_DEBUG_FREE | SLAB_RECLAIM_ACCOUNT | \
200 #ifndef ARCH_KMALLOC_MINALIGN
201 #define ARCH_KMALLOC_MINALIGN __alignof__(unsigned long long)
204 #ifndef ARCH_SLAB_MINALIGN
205 #define ARCH_SLAB_MINALIGN __alignof__(unsigned long long)
208 /* Internal SLUB flags */
209 #define __OBJECT_POISON 0x80000000 /* Poison object */
211 /* Not all arches define cache_line_size */
212 #ifndef cache_line_size
213 #define cache_line_size() L1_CACHE_BYTES
216 static int kmem_size
= sizeof(struct kmem_cache
);
219 static struct notifier_block slab_notifier
;
223 DOWN
, /* No slab functionality available */
224 PARTIAL
, /* kmem_cache_open() works but kmalloc does not */
225 UP
, /* Everything works but does not show up in sysfs */
229 /* A list of all slab caches on the system */
230 static DECLARE_RWSEM(slub_lock
);
231 LIST_HEAD(slab_caches
);
234 * Tracking user of a slab.
237 void *addr
; /* Called from address */
238 int cpu
; /* Was running on cpu */
239 int pid
; /* Pid context */
240 unsigned long when
; /* When did the operation occur */
243 enum track_item
{ TRACK_ALLOC
, TRACK_FREE
};
245 #if defined(CONFIG_SYSFS) && defined(CONFIG_SLUB_DEBUG)
246 static int sysfs_slab_add(struct kmem_cache
*);
247 static int sysfs_slab_alias(struct kmem_cache
*, const char *);
248 static void sysfs_slab_remove(struct kmem_cache
*);
250 static int sysfs_slab_add(struct kmem_cache
*s
) { return 0; }
251 static int sysfs_slab_alias(struct kmem_cache
*s
, const char *p
) { return 0; }
252 static void sysfs_slab_remove(struct kmem_cache
*s
) {}
255 /********************************************************************
256 * Core slab cache functions
257 *******************************************************************/
259 int slab_is_available(void)
261 return slab_state
>= UP
;
264 static inline struct kmem_cache_node
*get_node(struct kmem_cache
*s
, int node
)
267 return s
->node
[node
];
269 return &s
->local_node
;
273 static inline int check_valid_pointer(struct kmem_cache
*s
,
274 struct page
*page
, const void *object
)
281 base
= page_address(page
);
282 if (object
< base
|| object
>= base
+ s
->objects
* s
->size
||
283 (object
- base
) % s
->size
) {
291 * Slow version of get and set free pointer.
293 * This version requires touching the cache lines of kmem_cache which
294 * we avoid to do in the fast alloc free paths. There we obtain the offset
295 * from the page struct.
297 static inline void *get_freepointer(struct kmem_cache
*s
, void *object
)
299 return *(void **)(object
+ s
->offset
);
302 static inline void set_freepointer(struct kmem_cache
*s
, void *object
, void *fp
)
304 *(void **)(object
+ s
->offset
) = fp
;
307 /* Loop over all objects in a slab */
308 #define for_each_object(__p, __s, __addr) \
309 for (__p = (__addr); __p < (__addr) + (__s)->objects * (__s)->size;\
313 #define for_each_free_object(__p, __s, __free) \
314 for (__p = (__free); __p; __p = get_freepointer((__s), __p))
316 /* Determine object index from a given position */
317 static inline int slab_index(void *p
, struct kmem_cache
*s
, void *addr
)
319 return (p
- addr
) / s
->size
;
322 #ifdef CONFIG_SLUB_DEBUG
326 static int slub_debug
;
328 static char *slub_debug_slabs
;
333 static void print_section(char *text
, u8
*addr
, unsigned int length
)
341 for (i
= 0; i
< length
; i
++) {
343 printk(KERN_ERR
"%10s 0x%p: ", text
, addr
+ i
);
346 printk(" %02x", addr
[i
]);
348 ascii
[offset
] = isgraph(addr
[i
]) ? addr
[i
] : '.';
350 printk(" %s\n",ascii
);
361 printk(" %s\n", ascii
);
365 static struct track
*get_track(struct kmem_cache
*s
, void *object
,
366 enum track_item alloc
)
371 p
= object
+ s
->offset
+ sizeof(void *);
373 p
= object
+ s
->inuse
;
378 static void set_track(struct kmem_cache
*s
, void *object
,
379 enum track_item alloc
, void *addr
)
384 p
= object
+ s
->offset
+ sizeof(void *);
386 p
= object
+ s
->inuse
;
391 p
->cpu
= smp_processor_id();
392 p
->pid
= current
? current
->pid
: -1;
395 memset(p
, 0, sizeof(struct track
));
398 static void init_tracking(struct kmem_cache
*s
, void *object
)
400 if (s
->flags
& SLAB_STORE_USER
) {
401 set_track(s
, object
, TRACK_FREE
, NULL
);
402 set_track(s
, object
, TRACK_ALLOC
, NULL
);
406 static void print_track(const char *s
, struct track
*t
)
411 printk(KERN_ERR
"%s: ", s
);
412 __print_symbol("%s", (unsigned long)t
->addr
);
413 printk(" jiffies_ago=%lu cpu=%u pid=%d\n", jiffies
- t
->when
, t
->cpu
, t
->pid
);
416 static void print_trailer(struct kmem_cache
*s
, u8
*p
)
418 unsigned int off
; /* Offset of last byte */
420 if (s
->flags
& SLAB_RED_ZONE
)
421 print_section("Redzone", p
+ s
->objsize
,
422 s
->inuse
- s
->objsize
);
424 printk(KERN_ERR
"FreePointer 0x%p -> 0x%p\n",
426 get_freepointer(s
, p
));
429 off
= s
->offset
+ sizeof(void *);
433 if (s
->flags
& SLAB_STORE_USER
) {
434 print_track("Last alloc", get_track(s
, p
, TRACK_ALLOC
));
435 print_track("Last free ", get_track(s
, p
, TRACK_FREE
));
436 off
+= 2 * sizeof(struct track
);
440 /* Beginning of the filler is the free pointer */
441 print_section("Filler", p
+ off
, s
->size
- off
);
444 static void object_err(struct kmem_cache
*s
, struct page
*page
,
445 u8
*object
, char *reason
)
447 u8
*addr
= page_address(page
);
449 printk(KERN_ERR
"*** SLUB %s: %s@0x%p slab 0x%p\n",
450 s
->name
, reason
, object
, page
);
451 printk(KERN_ERR
" offset=%tu flags=0x%04lx inuse=%u freelist=0x%p\n",
452 object
- addr
, page
->flags
, page
->inuse
, page
->freelist
);
453 if (object
> addr
+ 16)
454 print_section("Bytes b4", object
- 16, 16);
455 print_section("Object", object
, min(s
->objsize
, 128));
456 print_trailer(s
, object
);
460 static void slab_err(struct kmem_cache
*s
, struct page
*page
, char *reason
, ...)
465 va_start(args
, reason
);
466 vsnprintf(buf
, sizeof(buf
), reason
, args
);
468 printk(KERN_ERR
"*** SLUB %s: %s in slab @0x%p\n", s
->name
, buf
,
473 static void init_object(struct kmem_cache
*s
, void *object
, int active
)
477 if (s
->flags
& __OBJECT_POISON
) {
478 memset(p
, POISON_FREE
, s
->objsize
- 1);
479 p
[s
->objsize
-1] = POISON_END
;
482 if (s
->flags
& SLAB_RED_ZONE
)
483 memset(p
+ s
->objsize
,
484 active
? SLUB_RED_ACTIVE
: SLUB_RED_INACTIVE
,
485 s
->inuse
- s
->objsize
);
488 static int check_bytes(u8
*start
, unsigned int value
, unsigned int bytes
)
491 if (*start
!= (u8
)value
)
503 * Bytes of the object to be managed.
504 * If the freepointer may overlay the object then the free
505 * pointer is the first word of the object.
507 * Poisoning uses 0x6b (POISON_FREE) and the last byte is
510 * object + s->objsize
511 * Padding to reach word boundary. This is also used for Redzoning.
512 * Padding is extended by another word if Redzoning is enabled and
515 * We fill with 0xbb (RED_INACTIVE) for inactive objects and with
516 * 0xcc (RED_ACTIVE) for objects in use.
519 * Meta data starts here.
521 * A. Free pointer (if we cannot overwrite object on free)
522 * B. Tracking data for SLAB_STORE_USER
523 * C. Padding to reach required alignment boundary or at mininum
524 * one word if debuggin is on to be able to detect writes
525 * before the word boundary.
527 * Padding is done using 0x5a (POISON_INUSE)
530 * Nothing is used beyond s->size.
532 * If slabcaches are merged then the objsize and inuse boundaries are mostly
533 * ignored. And therefore no slab options that rely on these boundaries
534 * may be used with merged slabcaches.
537 static void restore_bytes(struct kmem_cache
*s
, char *message
, u8 data
,
538 void *from
, void *to
)
540 printk(KERN_ERR
"@@@ SLUB %s: Restoring %s (0x%x) from 0x%p-0x%p\n",
541 s
->name
, message
, data
, from
, to
- 1);
542 memset(from
, data
, to
- from
);
545 static int check_pad_bytes(struct kmem_cache
*s
, struct page
*page
, u8
*p
)
547 unsigned long off
= s
->inuse
; /* The end of info */
550 /* Freepointer is placed after the object. */
551 off
+= sizeof(void *);
553 if (s
->flags
& SLAB_STORE_USER
)
554 /* We also have user information there */
555 off
+= 2 * sizeof(struct track
);
560 if (check_bytes(p
+ off
, POISON_INUSE
, s
->size
- off
))
563 object_err(s
, page
, p
, "Object padding check fails");
568 restore_bytes(s
, "object padding", POISON_INUSE
, p
+ off
, p
+ s
->size
);
572 static int slab_pad_check(struct kmem_cache
*s
, struct page
*page
)
575 int length
, remainder
;
577 if (!(s
->flags
& SLAB_POISON
))
580 p
= page_address(page
);
581 length
= s
->objects
* s
->size
;
582 remainder
= (PAGE_SIZE
<< s
->order
) - length
;
586 if (!check_bytes(p
+ length
, POISON_INUSE
, remainder
)) {
587 slab_err(s
, page
, "Padding check failed");
588 restore_bytes(s
, "slab padding", POISON_INUSE
, p
+ length
,
589 p
+ length
+ remainder
);
595 static int check_object(struct kmem_cache
*s
, struct page
*page
,
596 void *object
, int active
)
599 u8
*endobject
= object
+ s
->objsize
;
601 if (s
->flags
& SLAB_RED_ZONE
) {
603 active
? SLUB_RED_ACTIVE
: SLUB_RED_INACTIVE
;
605 if (!check_bytes(endobject
, red
, s
->inuse
- s
->objsize
)) {
606 object_err(s
, page
, object
,
607 active
? "Redzone Active" : "Redzone Inactive");
608 restore_bytes(s
, "redzone", red
,
609 endobject
, object
+ s
->inuse
);
613 if ((s
->flags
& SLAB_POISON
) && s
->objsize
< s
->inuse
&&
614 !check_bytes(endobject
, POISON_INUSE
,
615 s
->inuse
- s
->objsize
)) {
616 object_err(s
, page
, p
, "Alignment padding check fails");
618 * Fix it so that there will not be another report.
620 * Hmmm... We may be corrupting an object that now expects
621 * to be longer than allowed.
623 restore_bytes(s
, "alignment padding", POISON_INUSE
,
624 endobject
, object
+ s
->inuse
);
628 if (s
->flags
& SLAB_POISON
) {
629 if (!active
&& (s
->flags
& __OBJECT_POISON
) &&
630 (!check_bytes(p
, POISON_FREE
, s
->objsize
- 1) ||
631 p
[s
->objsize
- 1] != POISON_END
)) {
633 object_err(s
, page
, p
, "Poison check failed");
634 restore_bytes(s
, "Poison", POISON_FREE
,
635 p
, p
+ s
->objsize
-1);
636 restore_bytes(s
, "Poison", POISON_END
,
637 p
+ s
->objsize
- 1, p
+ s
->objsize
);
641 * check_pad_bytes cleans up on its own.
643 check_pad_bytes(s
, page
, p
);
646 if (!s
->offset
&& active
)
648 * Object and freepointer overlap. Cannot check
649 * freepointer while object is allocated.
653 /* Check free pointer validity */
654 if (!check_valid_pointer(s
, page
, get_freepointer(s
, p
))) {
655 object_err(s
, page
, p
, "Freepointer corrupt");
657 * No choice but to zap it and thus loose the remainder
658 * of the free objects in this slab. May cause
659 * another error because the object count is now wrong.
661 set_freepointer(s
, p
, NULL
);
667 static int check_slab(struct kmem_cache
*s
, struct page
*page
)
669 VM_BUG_ON(!irqs_disabled());
671 if (!PageSlab(page
)) {
672 slab_err(s
, page
, "Not a valid slab page flags=%lx "
673 "mapping=0x%p count=%d", page
->flags
, page
->mapping
,
677 if (page
->offset
* sizeof(void *) != s
->offset
) {
678 slab_err(s
, page
, "Corrupted offset %lu flags=0x%lx "
679 "mapping=0x%p count=%d",
680 (unsigned long)(page
->offset
* sizeof(void *)),
686 if (page
->inuse
> s
->objects
) {
687 slab_err(s
, page
, "inuse %u > max %u @0x%p flags=%lx "
688 "mapping=0x%p count=%d",
689 s
->name
, page
->inuse
, s
->objects
, page
->flags
,
690 page
->mapping
, page_count(page
));
693 /* Slab_pad_check fixes things up after itself */
694 slab_pad_check(s
, page
);
699 * Determine if a certain object on a page is on the freelist. Must hold the
700 * slab lock to guarantee that the chains are in a consistent state.
702 static int on_freelist(struct kmem_cache
*s
, struct page
*page
, void *search
)
705 void *fp
= page
->freelist
;
708 while (fp
&& nr
<= s
->objects
) {
711 if (!check_valid_pointer(s
, page
, fp
)) {
713 object_err(s
, page
, object
,
714 "Freechain corrupt");
715 set_freepointer(s
, object
, NULL
);
718 slab_err(s
, page
, "Freepointer 0x%p corrupt",
720 page
->freelist
= NULL
;
721 page
->inuse
= s
->objects
;
722 printk(KERN_ERR
"@@@ SLUB %s: Freelist "
723 "cleared. Slab 0x%p\n",
730 fp
= get_freepointer(s
, object
);
734 if (page
->inuse
!= s
->objects
- nr
) {
735 slab_err(s
, page
, "Wrong object count. Counter is %d but "
736 "counted were %d", s
, page
, page
->inuse
,
738 page
->inuse
= s
->objects
- nr
;
739 printk(KERN_ERR
"@@@ SLUB %s: Object count adjusted. "
740 "Slab @0x%p\n", s
->name
, page
);
742 return search
== NULL
;
746 * Tracking of fully allocated slabs for debugging purposes.
748 static void add_full(struct kmem_cache_node
*n
, struct page
*page
)
750 spin_lock(&n
->list_lock
);
751 list_add(&page
->lru
, &n
->full
);
752 spin_unlock(&n
->list_lock
);
755 static void remove_full(struct kmem_cache
*s
, struct page
*page
)
757 struct kmem_cache_node
*n
;
759 if (!(s
->flags
& SLAB_STORE_USER
))
762 n
= get_node(s
, page_to_nid(page
));
764 spin_lock(&n
->list_lock
);
765 list_del(&page
->lru
);
766 spin_unlock(&n
->list_lock
);
769 static int alloc_object_checks(struct kmem_cache
*s
, struct page
*page
,
772 if (!check_slab(s
, page
))
775 if (object
&& !on_freelist(s
, page
, object
)) {
776 slab_err(s
, page
, "Object 0x%p already allocated", object
);
780 if (!check_valid_pointer(s
, page
, object
)) {
781 object_err(s
, page
, object
, "Freelist Pointer check fails");
788 if (!check_object(s
, page
, object
, 0))
793 if (PageSlab(page
)) {
795 * If this is a slab page then lets do the best we can
796 * to avoid issues in the future. Marking all objects
797 * as used avoids touching the remaining objects.
799 printk(KERN_ERR
"@@@ SLUB: %s slab 0x%p. Marking all objects used.\n",
801 page
->inuse
= s
->objects
;
802 page
->freelist
= NULL
;
803 /* Fix up fields that may be corrupted */
804 page
->offset
= s
->offset
/ sizeof(void *);
809 static int free_object_checks(struct kmem_cache
*s
, struct page
*page
,
812 if (!check_slab(s
, page
))
815 if (!check_valid_pointer(s
, page
, object
)) {
816 slab_err(s
, page
, "Invalid object pointer 0x%p", object
);
820 if (on_freelist(s
, page
, object
)) {
821 slab_err(s
, page
, "Object 0x%p already free", object
);
825 if (!check_object(s
, page
, object
, 1))
828 if (unlikely(s
!= page
->slab
)) {
830 slab_err(s
, page
, "Attempt to free object(0x%p) "
831 "outside of slab", object
);
835 "SLUB <none>: no slab for object 0x%p.\n",
840 slab_err(s
, page
, "object at 0x%p belongs "
841 "to slab %s", object
, page
->slab
->name
);
846 printk(KERN_ERR
"@@@ SLUB: %s slab 0x%p object at 0x%p not freed.\n",
847 s
->name
, page
, object
);
851 static void trace(struct kmem_cache
*s
, struct page
*page
, void *object
, int alloc
)
853 if (s
->flags
& SLAB_TRACE
) {
854 printk(KERN_INFO
"TRACE %s %s 0x%p inuse=%d fp=0x%p\n",
856 alloc
? "alloc" : "free",
861 print_section("Object", (void *)object
, s
->objsize
);
867 static int __init
setup_slub_debug(char *str
)
869 if (!str
|| *str
!= '=')
870 slub_debug
= DEBUG_DEFAULT_FLAGS
;
873 if (*str
== 0 || *str
== ',')
874 slub_debug
= DEBUG_DEFAULT_FLAGS
;
876 for( ;*str
&& *str
!= ','; str
++)
878 case 'f' : case 'F' :
879 slub_debug
|= SLAB_DEBUG_FREE
;
881 case 'z' : case 'Z' :
882 slub_debug
|= SLAB_RED_ZONE
;
884 case 'p' : case 'P' :
885 slub_debug
|= SLAB_POISON
;
887 case 'u' : case 'U' :
888 slub_debug
|= SLAB_STORE_USER
;
890 case 't' : case 'T' :
891 slub_debug
|= SLAB_TRACE
;
894 printk(KERN_ERR
"slub_debug option '%c' "
895 "unknown. skipped\n",*str
);
900 slub_debug_slabs
= str
+ 1;
904 __setup("slub_debug", setup_slub_debug
);
906 static void kmem_cache_open_debug_check(struct kmem_cache
*s
)
909 * The page->offset field is only 16 bit wide. This is an offset
910 * in units of words from the beginning of an object. If the slab
911 * size is bigger then we cannot move the free pointer behind the
914 * On 32 bit platforms the limit is 256k. On 64bit platforms
917 * Debugging or ctor may create a need to move the free
918 * pointer. Fail if this happens.
920 if (s
->size
>= 65535 * sizeof(void *)) {
921 BUG_ON(s
->flags
& (SLAB_RED_ZONE
| SLAB_POISON
|
922 SLAB_STORE_USER
| SLAB_DESTROY_BY_RCU
));
927 * Enable debugging if selected on the kernel commandline.
929 if (slub_debug
&& (!slub_debug_slabs
||
930 strncmp(slub_debug_slabs
, s
->name
,
931 strlen(slub_debug_slabs
)) == 0))
932 s
->flags
|= slub_debug
;
936 static inline int alloc_object_checks(struct kmem_cache
*s
,
937 struct page
*page
, void *object
) { return 0; }
939 static inline int free_object_checks(struct kmem_cache
*s
,
940 struct page
*page
, void *object
) { return 0; }
942 static inline void add_full(struct kmem_cache_node
*n
, struct page
*page
) {}
943 static inline void remove_full(struct kmem_cache
*s
, struct page
*page
) {}
944 static inline void trace(struct kmem_cache
*s
, struct page
*page
,
945 void *object
, int alloc
) {}
946 static inline void init_object(struct kmem_cache
*s
,
947 void *object
, int active
) {}
948 static inline void init_tracking(struct kmem_cache
*s
, void *object
) {}
949 static inline int slab_pad_check(struct kmem_cache
*s
, struct page
*page
)
951 static inline int check_object(struct kmem_cache
*s
, struct page
*page
,
952 void *object
, int active
) { return 1; }
953 static inline void set_track(struct kmem_cache
*s
, void *object
,
954 enum track_item alloc
, void *addr
) {}
955 static inline void kmem_cache_open_debug_check(struct kmem_cache
*s
) {}
959 * Slab allocation and freeing
961 static struct page
*allocate_slab(struct kmem_cache
*s
, gfp_t flags
, int node
)
964 int pages
= 1 << s
->order
;
969 if (s
->flags
& SLAB_CACHE_DMA
)
973 page
= alloc_pages(flags
, s
->order
);
975 page
= alloc_pages_node(node
, flags
, s
->order
);
980 mod_zone_page_state(page_zone(page
),
981 (s
->flags
& SLAB_RECLAIM_ACCOUNT
) ?
982 NR_SLAB_RECLAIMABLE
: NR_SLAB_UNRECLAIMABLE
,
988 static void setup_object(struct kmem_cache
*s
, struct page
*page
,
991 if (SlabDebug(page
)) {
992 init_object(s
, object
, 0);
993 init_tracking(s
, object
);
996 if (unlikely(s
->ctor
))
997 s
->ctor(object
, s
, SLAB_CTOR_CONSTRUCTOR
);
1000 static struct page
*new_slab(struct kmem_cache
*s
, gfp_t flags
, int node
)
1003 struct kmem_cache_node
*n
;
1009 BUG_ON(flags
& ~(GFP_DMA
| GFP_LEVEL_MASK
));
1011 if (flags
& __GFP_WAIT
)
1014 page
= allocate_slab(s
, flags
& GFP_LEVEL_MASK
, node
);
1018 n
= get_node(s
, page_to_nid(page
));
1020 atomic_long_inc(&n
->nr_slabs
);
1021 page
->offset
= s
->offset
/ sizeof(void *);
1023 page
->flags
|= 1 << PG_slab
;
1024 if (s
->flags
& (SLAB_DEBUG_FREE
| SLAB_RED_ZONE
| SLAB_POISON
|
1025 SLAB_STORE_USER
| SLAB_TRACE
))
1028 start
= page_address(page
);
1029 end
= start
+ s
->objects
* s
->size
;
1031 if (unlikely(s
->flags
& SLAB_POISON
))
1032 memset(start
, POISON_INUSE
, PAGE_SIZE
<< s
->order
);
1035 for_each_object(p
, s
, start
) {
1036 setup_object(s
, page
, last
);
1037 set_freepointer(s
, last
, p
);
1040 setup_object(s
, page
, last
);
1041 set_freepointer(s
, last
, NULL
);
1043 page
->freelist
= start
;
1044 page
->lockless_freelist
= NULL
;
1047 if (flags
& __GFP_WAIT
)
1048 local_irq_disable();
1052 static void __free_slab(struct kmem_cache
*s
, struct page
*page
)
1054 int pages
= 1 << s
->order
;
1056 if (unlikely(SlabDebug(page
))) {
1059 slab_pad_check(s
, page
);
1060 for_each_object(p
, s
, page_address(page
))
1061 check_object(s
, page
, p
, 0);
1064 mod_zone_page_state(page_zone(page
),
1065 (s
->flags
& SLAB_RECLAIM_ACCOUNT
) ?
1066 NR_SLAB_RECLAIMABLE
: NR_SLAB_UNRECLAIMABLE
,
1069 page
->mapping
= NULL
;
1070 __free_pages(page
, s
->order
);
1073 static void rcu_free_slab(struct rcu_head
*h
)
1077 page
= container_of((struct list_head
*)h
, struct page
, lru
);
1078 __free_slab(page
->slab
, page
);
1081 static void free_slab(struct kmem_cache
*s
, struct page
*page
)
1083 if (unlikely(s
->flags
& SLAB_DESTROY_BY_RCU
)) {
1085 * RCU free overloads the RCU head over the LRU
1087 struct rcu_head
*head
= (void *)&page
->lru
;
1089 call_rcu(head
, rcu_free_slab
);
1091 __free_slab(s
, page
);
1094 static void discard_slab(struct kmem_cache
*s
, struct page
*page
)
1096 struct kmem_cache_node
*n
= get_node(s
, page_to_nid(page
));
1098 atomic_long_dec(&n
->nr_slabs
);
1099 reset_page_mapcount(page
);
1100 ClearSlabDebug(page
);
1101 __ClearPageSlab(page
);
1106 * Per slab locking using the pagelock
1108 static __always_inline
void slab_lock(struct page
*page
)
1110 bit_spin_lock(PG_locked
, &page
->flags
);
1113 static __always_inline
void slab_unlock(struct page
*page
)
1115 bit_spin_unlock(PG_locked
, &page
->flags
);
1118 static __always_inline
int slab_trylock(struct page
*page
)
1122 rc
= bit_spin_trylock(PG_locked
, &page
->flags
);
1127 * Management of partially allocated slabs
1129 static void add_partial_tail(struct kmem_cache_node
*n
, struct page
*page
)
1131 spin_lock(&n
->list_lock
);
1133 list_add_tail(&page
->lru
, &n
->partial
);
1134 spin_unlock(&n
->list_lock
);
1137 static void add_partial(struct kmem_cache_node
*n
, struct page
*page
)
1139 spin_lock(&n
->list_lock
);
1141 list_add(&page
->lru
, &n
->partial
);
1142 spin_unlock(&n
->list_lock
);
1145 static void remove_partial(struct kmem_cache
*s
,
1148 struct kmem_cache_node
*n
= get_node(s
, page_to_nid(page
));
1150 spin_lock(&n
->list_lock
);
1151 list_del(&page
->lru
);
1153 spin_unlock(&n
->list_lock
);
1157 * Lock slab and remove from the partial list.
1159 * Must hold list_lock.
1161 static inline int lock_and_freeze_slab(struct kmem_cache_node
*n
, struct page
*page
)
1163 if (slab_trylock(page
)) {
1164 list_del(&page
->lru
);
1166 SetSlabFrozen(page
);
1173 * Try to allocate a partial slab from a specific node.
1175 static struct page
*get_partial_node(struct kmem_cache_node
*n
)
1180 * Racy check. If we mistakenly see no partial slabs then we
1181 * just allocate an empty slab. If we mistakenly try to get a
1182 * partial slab and there is none available then get_partials()
1185 if (!n
|| !n
->nr_partial
)
1188 spin_lock(&n
->list_lock
);
1189 list_for_each_entry(page
, &n
->partial
, lru
)
1190 if (lock_and_freeze_slab(n
, page
))
1194 spin_unlock(&n
->list_lock
);
1199 * Get a page from somewhere. Search in increasing NUMA distances.
1201 static struct page
*get_any_partial(struct kmem_cache
*s
, gfp_t flags
)
1204 struct zonelist
*zonelist
;
1209 * The defrag ratio allows a configuration of the tradeoffs between
1210 * inter node defragmentation and node local allocations. A lower
1211 * defrag_ratio increases the tendency to do local allocations
1212 * instead of attempting to obtain partial slabs from other nodes.
1214 * If the defrag_ratio is set to 0 then kmalloc() always
1215 * returns node local objects. If the ratio is higher then kmalloc()
1216 * may return off node objects because partial slabs are obtained
1217 * from other nodes and filled up.
1219 * If /sys/slab/xx/defrag_ratio is set to 100 (which makes
1220 * defrag_ratio = 1000) then every (well almost) allocation will
1221 * first attempt to defrag slab caches on other nodes. This means
1222 * scanning over all nodes to look for partial slabs which may be
1223 * expensive if we do it every time we are trying to find a slab
1224 * with available objects.
1226 if (!s
->defrag_ratio
|| get_cycles() % 1024 > s
->defrag_ratio
)
1229 zonelist
= &NODE_DATA(slab_node(current
->mempolicy
))
1230 ->node_zonelists
[gfp_zone(flags
)];
1231 for (z
= zonelist
->zones
; *z
; z
++) {
1232 struct kmem_cache_node
*n
;
1234 n
= get_node(s
, zone_to_nid(*z
));
1236 if (n
&& cpuset_zone_allowed_hardwall(*z
, flags
) &&
1237 n
->nr_partial
> MIN_PARTIAL
) {
1238 page
= get_partial_node(n
);
1248 * Get a partial page, lock it and return it.
1250 static struct page
*get_partial(struct kmem_cache
*s
, gfp_t flags
, int node
)
1253 int searchnode
= (node
== -1) ? numa_node_id() : node
;
1255 page
= get_partial_node(get_node(s
, searchnode
));
1256 if (page
|| (flags
& __GFP_THISNODE
))
1259 return get_any_partial(s
, flags
);
1263 * Move a page back to the lists.
1265 * Must be called with the slab lock held.
1267 * On exit the slab lock will have been dropped.
1269 static void unfreeze_slab(struct kmem_cache
*s
, struct page
*page
)
1271 struct kmem_cache_node
*n
= get_node(s
, page_to_nid(page
));
1273 ClearSlabFrozen(page
);
1277 add_partial(n
, page
);
1278 else if (SlabDebug(page
) && (s
->flags
& SLAB_STORE_USER
))
1283 if (n
->nr_partial
< MIN_PARTIAL
) {
1285 * Adding an empty slab to the partial slabs in order
1286 * to avoid page allocator overhead. This slab needs
1287 * to come after the other slabs with objects in
1288 * order to fill them up. That way the size of the
1289 * partial list stays small. kmem_cache_shrink can
1290 * reclaim empty slabs from the partial list.
1292 add_partial_tail(n
, page
);
1296 discard_slab(s
, page
);
1302 * Remove the cpu slab
1304 static void deactivate_slab(struct kmem_cache
*s
, struct page
*page
, int cpu
)
1307 * Merge cpu freelist into freelist. Typically we get here
1308 * because both freelists are empty. So this is unlikely
1311 while (unlikely(page
->lockless_freelist
)) {
1314 /* Retrieve object from cpu_freelist */
1315 object
= page
->lockless_freelist
;
1316 page
->lockless_freelist
= page
->lockless_freelist
[page
->offset
];
1318 /* And put onto the regular freelist */
1319 object
[page
->offset
] = page
->freelist
;
1320 page
->freelist
= object
;
1323 s
->cpu_slab
[cpu
] = NULL
;
1324 unfreeze_slab(s
, page
);
1327 static void flush_slab(struct kmem_cache
*s
, struct page
*page
, int cpu
)
1330 deactivate_slab(s
, page
, cpu
);
1335 * Called from IPI handler with interrupts disabled.
1337 static void __flush_cpu_slab(struct kmem_cache
*s
, int cpu
)
1339 struct page
*page
= s
->cpu_slab
[cpu
];
1342 flush_slab(s
, page
, cpu
);
1345 static void flush_cpu_slab(void *d
)
1347 struct kmem_cache
*s
= d
;
1348 int cpu
= smp_processor_id();
1350 __flush_cpu_slab(s
, cpu
);
1353 static void flush_all(struct kmem_cache
*s
)
1356 on_each_cpu(flush_cpu_slab
, s
, 1, 1);
1358 unsigned long flags
;
1360 local_irq_save(flags
);
1362 local_irq_restore(flags
);
1367 * Slow path. The lockless freelist is empty or we need to perform
1370 * Interrupts are disabled.
1372 * Processing is still very fast if new objects have been freed to the
1373 * regular freelist. In that case we simply take over the regular freelist
1374 * as the lockless freelist and zap the regular freelist.
1376 * If that is not working then we fall back to the partial lists. We take the
1377 * first element of the freelist as the object to allocate now and move the
1378 * rest of the freelist to the lockless freelist.
1380 * And if we were unable to get a new slab from the partial slab lists then
1381 * we need to allocate a new slab. This is slowest path since we may sleep.
1383 static void *__slab_alloc(struct kmem_cache
*s
,
1384 gfp_t gfpflags
, int node
, void *addr
, struct page
*page
)
1387 int cpu
= smp_processor_id();
1393 if (unlikely(node
!= -1 && page_to_nid(page
) != node
))
1396 object
= page
->freelist
;
1397 if (unlikely(!object
))
1399 if (unlikely(SlabDebug(page
)))
1402 object
= page
->freelist
;
1403 page
->lockless_freelist
= object
[page
->offset
];
1404 page
->inuse
= s
->objects
;
1405 page
->freelist
= NULL
;
1410 deactivate_slab(s
, page
, cpu
);
1413 page
= get_partial(s
, gfpflags
, node
);
1415 s
->cpu_slab
[cpu
] = page
;
1419 page
= new_slab(s
, gfpflags
, node
);
1421 cpu
= smp_processor_id();
1422 if (s
->cpu_slab
[cpu
]) {
1424 * Someone else populated the cpu_slab while we
1425 * enabled interrupts, or we have gotten scheduled
1426 * on another cpu. The page may not be on the
1427 * requested node even if __GFP_THISNODE was
1428 * specified. So we need to recheck.
1431 page_to_nid(s
->cpu_slab
[cpu
]) == node
) {
1433 * Current cpuslab is acceptable and we
1434 * want the current one since its cache hot
1436 discard_slab(s
, page
);
1437 page
= s
->cpu_slab
[cpu
];
1441 /* New slab does not fit our expectations */
1442 flush_slab(s
, s
->cpu_slab
[cpu
], cpu
);
1445 SetSlabFrozen(page
);
1446 s
->cpu_slab
[cpu
] = page
;
1451 object
= page
->freelist
;
1452 if (!alloc_object_checks(s
, page
, object
))
1454 if (s
->flags
& SLAB_STORE_USER
)
1455 set_track(s
, object
, TRACK_ALLOC
, addr
);
1456 trace(s
, page
, object
, 1);
1457 init_object(s
, object
, 1);
1460 page
->freelist
= object
[page
->offset
];
1466 * Inlined fastpath so that allocation functions (kmalloc, kmem_cache_alloc)
1467 * have the fastpath folded into their functions. So no function call
1468 * overhead for requests that can be satisfied on the fastpath.
1470 * The fastpath works by first checking if the lockless freelist can be used.
1471 * If not then __slab_alloc is called for slow processing.
1473 * Otherwise we can simply pick the next object from the lockless free list.
1475 static void __always_inline
*slab_alloc(struct kmem_cache
*s
,
1476 gfp_t gfpflags
, int node
, void *addr
)
1480 unsigned long flags
;
1482 local_irq_save(flags
);
1483 page
= s
->cpu_slab
[smp_processor_id()];
1484 if (unlikely(!page
|| !page
->lockless_freelist
||
1485 (node
!= -1 && page_to_nid(page
) != node
)))
1487 object
= __slab_alloc(s
, gfpflags
, node
, addr
, page
);
1490 object
= page
->lockless_freelist
;
1491 page
->lockless_freelist
= object
[page
->offset
];
1493 local_irq_restore(flags
);
1497 void *kmem_cache_alloc(struct kmem_cache
*s
, gfp_t gfpflags
)
1499 return slab_alloc(s
, gfpflags
, -1, __builtin_return_address(0));
1501 EXPORT_SYMBOL(kmem_cache_alloc
);
1504 void *kmem_cache_alloc_node(struct kmem_cache
*s
, gfp_t gfpflags
, int node
)
1506 return slab_alloc(s
, gfpflags
, node
, __builtin_return_address(0));
1508 EXPORT_SYMBOL(kmem_cache_alloc_node
);
1512 * Slow patch handling. This may still be called frequently since objects
1513 * have a longer lifetime than the cpu slabs in most processing loads.
1515 * So we still attempt to reduce cache line usage. Just take the slab
1516 * lock and free the item. If there is no additional partial page
1517 * handling required then we can return immediately.
1519 static void __slab_free(struct kmem_cache
*s
, struct page
*page
,
1520 void *x
, void *addr
)
1523 void **object
= (void *)x
;
1527 if (unlikely(SlabDebug(page
)))
1530 prior
= object
[page
->offset
] = page
->freelist
;
1531 page
->freelist
= object
;
1534 if (unlikely(SlabFrozen(page
)))
1537 if (unlikely(!page
->inuse
))
1541 * Objects left in the slab. If it
1542 * was not on the partial list before
1545 if (unlikely(!prior
))
1546 add_partial(get_node(s
, page_to_nid(page
)), page
);
1555 * Slab still on the partial list.
1557 remove_partial(s
, page
);
1560 discard_slab(s
, page
);
1564 if (!free_object_checks(s
, page
, x
))
1566 if (!SlabFrozen(page
) && !page
->freelist
)
1567 remove_full(s
, page
);
1568 if (s
->flags
& SLAB_STORE_USER
)
1569 set_track(s
, x
, TRACK_FREE
, addr
);
1570 trace(s
, page
, object
, 0);
1571 init_object(s
, object
, 0);
1576 * Fastpath with forced inlining to produce a kfree and kmem_cache_free that
1577 * can perform fastpath freeing without additional function calls.
1579 * The fastpath is only possible if we are freeing to the current cpu slab
1580 * of this processor. This typically the case if we have just allocated
1583 * If fastpath is not possible then fall back to __slab_free where we deal
1584 * with all sorts of special processing.
1586 static void __always_inline
slab_free(struct kmem_cache
*s
,
1587 struct page
*page
, void *x
, void *addr
)
1589 void **object
= (void *)x
;
1590 unsigned long flags
;
1592 local_irq_save(flags
);
1593 if (likely(page
== s
->cpu_slab
[smp_processor_id()] &&
1594 !SlabDebug(page
))) {
1595 object
[page
->offset
] = page
->lockless_freelist
;
1596 page
->lockless_freelist
= object
;
1598 __slab_free(s
, page
, x
, addr
);
1600 local_irq_restore(flags
);
1603 void kmem_cache_free(struct kmem_cache
*s
, void *x
)
1607 page
= virt_to_head_page(x
);
1609 slab_free(s
, page
, x
, __builtin_return_address(0));
1611 EXPORT_SYMBOL(kmem_cache_free
);
1613 /* Figure out on which slab object the object resides */
1614 static struct page
*get_object_page(const void *x
)
1616 struct page
*page
= virt_to_head_page(x
);
1618 if (!PageSlab(page
))
1625 * Object placement in a slab is made very easy because we always start at
1626 * offset 0. If we tune the size of the object to the alignment then we can
1627 * get the required alignment by putting one properly sized object after
1630 * Notice that the allocation order determines the sizes of the per cpu
1631 * caches. Each processor has always one slab available for allocations.
1632 * Increasing the allocation order reduces the number of times that slabs
1633 * must be moved on and off the partial lists and is therefore a factor in
1638 * Mininum / Maximum order of slab pages. This influences locking overhead
1639 * and slab fragmentation. A higher order reduces the number of partial slabs
1640 * and increases the number of allocations possible without having to
1641 * take the list_lock.
1643 static int slub_min_order
;
1644 static int slub_max_order
= DEFAULT_MAX_ORDER
;
1645 static int slub_min_objects
= DEFAULT_MIN_OBJECTS
;
1648 * Merge control. If this is set then no merging of slab caches will occur.
1649 * (Could be removed. This was introduced to pacify the merge skeptics.)
1651 static int slub_nomerge
;
1654 * Calculate the order of allocation given an slab object size.
1656 * The order of allocation has significant impact on performance and other
1657 * system components. Generally order 0 allocations should be preferred since
1658 * order 0 does not cause fragmentation in the page allocator. Larger objects
1659 * be problematic to put into order 0 slabs because there may be too much
1660 * unused space left. We go to a higher order if more than 1/8th of the slab
1663 * In order to reach satisfactory performance we must ensure that a minimum
1664 * number of objects is in one slab. Otherwise we may generate too much
1665 * activity on the partial lists which requires taking the list_lock. This is
1666 * less a concern for large slabs though which are rarely used.
1668 * slub_max_order specifies the order where we begin to stop considering the
1669 * number of objects in a slab as critical. If we reach slub_max_order then
1670 * we try to keep the page order as low as possible. So we accept more waste
1671 * of space in favor of a small page order.
1673 * Higher order allocations also allow the placement of more objects in a
1674 * slab and thereby reduce object handling overhead. If the user has
1675 * requested a higher mininum order then we start with that one instead of
1676 * the smallest order which will fit the object.
1678 static inline int slab_order(int size
, int min_objects
,
1679 int max_order
, int fract_leftover
)
1684 for (order
= max(slub_min_order
,
1685 fls(min_objects
* size
- 1) - PAGE_SHIFT
);
1686 order
<= max_order
; order
++) {
1688 unsigned long slab_size
= PAGE_SIZE
<< order
;
1690 if (slab_size
< min_objects
* size
)
1693 rem
= slab_size
% size
;
1695 if (rem
<= slab_size
/ fract_leftover
)
1703 static inline int calculate_order(int size
)
1710 * Attempt to find best configuration for a slab. This
1711 * works by first attempting to generate a layout with
1712 * the best configuration and backing off gradually.
1714 * First we reduce the acceptable waste in a slab. Then
1715 * we reduce the minimum objects required in a slab.
1717 min_objects
= slub_min_objects
;
1718 while (min_objects
> 1) {
1720 while (fraction
>= 4) {
1721 order
= slab_order(size
, min_objects
,
1722 slub_max_order
, fraction
);
1723 if (order
<= slub_max_order
)
1731 * We were unable to place multiple objects in a slab. Now
1732 * lets see if we can place a single object there.
1734 order
= slab_order(size
, 1, slub_max_order
, 1);
1735 if (order
<= slub_max_order
)
1739 * Doh this slab cannot be placed using slub_max_order.
1741 order
= slab_order(size
, 1, MAX_ORDER
, 1);
1742 if (order
<= MAX_ORDER
)
1748 * Figure out what the alignment of the objects will be.
1750 static unsigned long calculate_alignment(unsigned long flags
,
1751 unsigned long align
, unsigned long size
)
1754 * If the user wants hardware cache aligned objects then
1755 * follow that suggestion if the object is sufficiently
1758 * The hardware cache alignment cannot override the
1759 * specified alignment though. If that is greater
1762 if ((flags
& SLAB_HWCACHE_ALIGN
) &&
1763 size
> cache_line_size() / 2)
1764 return max_t(unsigned long, align
, cache_line_size());
1766 if (align
< ARCH_SLAB_MINALIGN
)
1767 return ARCH_SLAB_MINALIGN
;
1769 return ALIGN(align
, sizeof(void *));
1772 static void init_kmem_cache_node(struct kmem_cache_node
*n
)
1775 atomic_long_set(&n
->nr_slabs
, 0);
1776 spin_lock_init(&n
->list_lock
);
1777 INIT_LIST_HEAD(&n
->partial
);
1778 INIT_LIST_HEAD(&n
->full
);
1783 * No kmalloc_node yet so do it by hand. We know that this is the first
1784 * slab on the node for this slabcache. There are no concurrent accesses
1787 * Note that this function only works on the kmalloc_node_cache
1788 * when allocating for the kmalloc_node_cache.
1790 static struct kmem_cache_node
* __init
early_kmem_cache_node_alloc(gfp_t gfpflags
,
1794 struct kmem_cache_node
*n
;
1796 BUG_ON(kmalloc_caches
->size
< sizeof(struct kmem_cache_node
));
1798 page
= new_slab(kmalloc_caches
, gfpflags
| GFP_THISNODE
, node
);
1799 /* new_slab() disables interupts */
1805 page
->freelist
= get_freepointer(kmalloc_caches
, n
);
1807 kmalloc_caches
->node
[node
] = n
;
1808 init_object(kmalloc_caches
, n
, 1);
1809 init_kmem_cache_node(n
);
1810 atomic_long_inc(&n
->nr_slabs
);
1811 add_partial(n
, page
);
1815 static void free_kmem_cache_nodes(struct kmem_cache
*s
)
1819 for_each_online_node(node
) {
1820 struct kmem_cache_node
*n
= s
->node
[node
];
1821 if (n
&& n
!= &s
->local_node
)
1822 kmem_cache_free(kmalloc_caches
, n
);
1823 s
->node
[node
] = NULL
;
1827 static int init_kmem_cache_nodes(struct kmem_cache
*s
, gfp_t gfpflags
)
1832 if (slab_state
>= UP
)
1833 local_node
= page_to_nid(virt_to_page(s
));
1837 for_each_online_node(node
) {
1838 struct kmem_cache_node
*n
;
1840 if (local_node
== node
)
1843 if (slab_state
== DOWN
) {
1844 n
= early_kmem_cache_node_alloc(gfpflags
,
1848 n
= kmem_cache_alloc_node(kmalloc_caches
,
1852 free_kmem_cache_nodes(s
);
1858 init_kmem_cache_node(n
);
1863 static void free_kmem_cache_nodes(struct kmem_cache
*s
)
1867 static int init_kmem_cache_nodes(struct kmem_cache
*s
, gfp_t gfpflags
)
1869 init_kmem_cache_node(&s
->local_node
);
1875 * calculate_sizes() determines the order and the distribution of data within
1878 static int calculate_sizes(struct kmem_cache
*s
)
1880 unsigned long flags
= s
->flags
;
1881 unsigned long size
= s
->objsize
;
1882 unsigned long align
= s
->align
;
1885 * Determine if we can poison the object itself. If the user of
1886 * the slab may touch the object after free or before allocation
1887 * then we should never poison the object itself.
1889 if ((flags
& SLAB_POISON
) && !(flags
& SLAB_DESTROY_BY_RCU
) &&
1891 s
->flags
|= __OBJECT_POISON
;
1893 s
->flags
&= ~__OBJECT_POISON
;
1896 * Round up object size to the next word boundary. We can only
1897 * place the free pointer at word boundaries and this determines
1898 * the possible location of the free pointer.
1900 size
= ALIGN(size
, sizeof(void *));
1902 #ifdef CONFIG_SLUB_DEBUG
1904 * If we are Redzoning then check if there is some space between the
1905 * end of the object and the free pointer. If not then add an
1906 * additional word to have some bytes to store Redzone information.
1908 if ((flags
& SLAB_RED_ZONE
) && size
== s
->objsize
)
1909 size
+= sizeof(void *);
1913 * With that we have determined the number of bytes in actual use
1914 * by the object. This is the potential offset to the free pointer.
1918 #ifdef CONFIG_SLUB_DEBUG
1919 if (((flags
& (SLAB_DESTROY_BY_RCU
| SLAB_POISON
)) ||
1922 * Relocate free pointer after the object if it is not
1923 * permitted to overwrite the first word of the object on
1926 * This is the case if we do RCU, have a constructor or
1927 * destructor or are poisoning the objects.
1930 size
+= sizeof(void *);
1933 if (flags
& SLAB_STORE_USER
)
1935 * Need to store information about allocs and frees after
1938 size
+= 2 * sizeof(struct track
);
1940 if (flags
& SLAB_RED_ZONE
)
1942 * Add some empty padding so that we can catch
1943 * overwrites from earlier objects rather than let
1944 * tracking information or the free pointer be
1945 * corrupted if an user writes before the start
1948 size
+= sizeof(void *);
1952 * Determine the alignment based on various parameters that the
1953 * user specified and the dynamic determination of cache line size
1956 align
= calculate_alignment(flags
, align
, s
->objsize
);
1959 * SLUB stores one object immediately after another beginning from
1960 * offset 0. In order to align the objects we have to simply size
1961 * each object to conform to the alignment.
1963 size
= ALIGN(size
, align
);
1966 s
->order
= calculate_order(size
);
1971 * Determine the number of objects per slab
1973 s
->objects
= (PAGE_SIZE
<< s
->order
) / size
;
1976 * Verify that the number of objects is within permitted limits.
1977 * The page->inuse field is only 16 bit wide! So we cannot have
1978 * more than 64k objects per slab.
1980 if (!s
->objects
|| s
->objects
> 65535)
1986 static int kmem_cache_open(struct kmem_cache
*s
, gfp_t gfpflags
,
1987 const char *name
, size_t size
,
1988 size_t align
, unsigned long flags
,
1989 void (*ctor
)(void *, struct kmem_cache
*, unsigned long))
1991 memset(s
, 0, kmem_size
);
1997 kmem_cache_open_debug_check(s
);
1999 if (!calculate_sizes(s
))
2004 s
->defrag_ratio
= 100;
2007 if (init_kmem_cache_nodes(s
, gfpflags
& ~SLUB_DMA
))
2010 if (flags
& SLAB_PANIC
)
2011 panic("Cannot create slab %s size=%lu realsize=%u "
2012 "order=%u offset=%u flags=%lx\n",
2013 s
->name
, (unsigned long)size
, s
->size
, s
->order
,
2017 EXPORT_SYMBOL(kmem_cache_open
);
2020 * Check if a given pointer is valid
2022 int kmem_ptr_validate(struct kmem_cache
*s
, const void *object
)
2026 page
= get_object_page(object
);
2028 if (!page
|| s
!= page
->slab
)
2029 /* No slab or wrong slab */
2032 if (!check_valid_pointer(s
, page
, object
))
2036 * We could also check if the object is on the slabs freelist.
2037 * But this would be too expensive and it seems that the main
2038 * purpose of kmem_ptr_valid is to check if the object belongs
2039 * to a certain slab.
2043 EXPORT_SYMBOL(kmem_ptr_validate
);
2046 * Determine the size of a slab object
2048 unsigned int kmem_cache_size(struct kmem_cache
*s
)
2052 EXPORT_SYMBOL(kmem_cache_size
);
2054 const char *kmem_cache_name(struct kmem_cache
*s
)
2058 EXPORT_SYMBOL(kmem_cache_name
);
2061 * Attempt to free all slabs on a node. Return the number of slabs we
2062 * were unable to free.
2064 static int free_list(struct kmem_cache
*s
, struct kmem_cache_node
*n
,
2065 struct list_head
*list
)
2067 int slabs_inuse
= 0;
2068 unsigned long flags
;
2069 struct page
*page
, *h
;
2071 spin_lock_irqsave(&n
->list_lock
, flags
);
2072 list_for_each_entry_safe(page
, h
, list
, lru
)
2074 list_del(&page
->lru
);
2075 discard_slab(s
, page
);
2078 spin_unlock_irqrestore(&n
->list_lock
, flags
);
2083 * Release all resources used by a slab cache.
2085 static int kmem_cache_close(struct kmem_cache
*s
)
2091 /* Attempt to free all objects */
2092 for_each_online_node(node
) {
2093 struct kmem_cache_node
*n
= get_node(s
, node
);
2095 n
->nr_partial
-= free_list(s
, n
, &n
->partial
);
2096 if (atomic_long_read(&n
->nr_slabs
))
2099 free_kmem_cache_nodes(s
);
2104 * Close a cache and release the kmem_cache structure
2105 * (must be used for caches created using kmem_cache_create)
2107 void kmem_cache_destroy(struct kmem_cache
*s
)
2109 down_write(&slub_lock
);
2113 if (kmem_cache_close(s
))
2115 sysfs_slab_remove(s
);
2118 up_write(&slub_lock
);
2120 EXPORT_SYMBOL(kmem_cache_destroy
);
2122 /********************************************************************
2124 *******************************************************************/
2126 struct kmem_cache kmalloc_caches
[KMALLOC_SHIFT_HIGH
+ 1] __cacheline_aligned
;
2127 EXPORT_SYMBOL(kmalloc_caches
);
2129 #ifdef CONFIG_ZONE_DMA
2130 static struct kmem_cache
*kmalloc_caches_dma
[KMALLOC_SHIFT_HIGH
+ 1];
2133 static int __init
setup_slub_min_order(char *str
)
2135 get_option (&str
, &slub_min_order
);
2140 __setup("slub_min_order=", setup_slub_min_order
);
2142 static int __init
setup_slub_max_order(char *str
)
2144 get_option (&str
, &slub_max_order
);
2149 __setup("slub_max_order=", setup_slub_max_order
);
2151 static int __init
setup_slub_min_objects(char *str
)
2153 get_option (&str
, &slub_min_objects
);
2158 __setup("slub_min_objects=", setup_slub_min_objects
);
2160 static int __init
setup_slub_nomerge(char *str
)
2166 __setup("slub_nomerge", setup_slub_nomerge
);
2168 static struct kmem_cache
*create_kmalloc_cache(struct kmem_cache
*s
,
2169 const char *name
, int size
, gfp_t gfp_flags
)
2171 unsigned int flags
= 0;
2173 if (gfp_flags
& SLUB_DMA
)
2174 flags
= SLAB_CACHE_DMA
;
2176 down_write(&slub_lock
);
2177 if (!kmem_cache_open(s
, gfp_flags
, name
, size
, ARCH_KMALLOC_MINALIGN
,
2181 list_add(&s
->list
, &slab_caches
);
2182 up_write(&slub_lock
);
2183 if (sysfs_slab_add(s
))
2188 panic("Creation of kmalloc slab %s size=%d failed.\n", name
, size
);
2191 static struct kmem_cache
*get_slab(size_t size
, gfp_t flags
)
2193 int index
= kmalloc_index(size
);
2198 /* Allocation too large? */
2201 #ifdef CONFIG_ZONE_DMA
2202 if ((flags
& SLUB_DMA
)) {
2203 struct kmem_cache
*s
;
2204 struct kmem_cache
*x
;
2208 s
= kmalloc_caches_dma
[index
];
2212 /* Dynamically create dma cache */
2213 x
= kmalloc(kmem_size
, flags
& ~SLUB_DMA
);
2215 panic("Unable to allocate memory for dma cache\n");
2217 if (index
<= KMALLOC_SHIFT_HIGH
)
2218 realsize
= 1 << index
;
2226 text
= kasprintf(flags
& ~SLUB_DMA
, "kmalloc_dma-%d",
2227 (unsigned int)realsize
);
2228 s
= create_kmalloc_cache(x
, text
, realsize
, flags
);
2229 kmalloc_caches_dma
[index
] = s
;
2233 return &kmalloc_caches
[index
];
2236 void *__kmalloc(size_t size
, gfp_t flags
)
2238 struct kmem_cache
*s
= get_slab(size
, flags
);
2241 return slab_alloc(s
, flags
, -1, __builtin_return_address(0));
2244 EXPORT_SYMBOL(__kmalloc
);
2247 void *__kmalloc_node(size_t size
, gfp_t flags
, int node
)
2249 struct kmem_cache
*s
= get_slab(size
, flags
);
2252 return slab_alloc(s
, flags
, node
, __builtin_return_address(0));
2255 EXPORT_SYMBOL(__kmalloc_node
);
2258 size_t ksize(const void *object
)
2260 struct page
*page
= get_object_page(object
);
2261 struct kmem_cache
*s
;
2268 * Debugging requires use of the padding between object
2269 * and whatever may come after it.
2271 if (s
->flags
& (SLAB_RED_ZONE
| SLAB_POISON
))
2275 * If we have the need to store the freelist pointer
2276 * back there or track user information then we can
2277 * only use the space before that information.
2279 if (s
->flags
& (SLAB_DESTROY_BY_RCU
| SLAB_STORE_USER
))
2283 * Else we can use all the padding etc for the allocation
2287 EXPORT_SYMBOL(ksize
);
2289 void kfree(const void *x
)
2291 struct kmem_cache
*s
;
2297 page
= virt_to_head_page(x
);
2300 slab_free(s
, page
, (void *)x
, __builtin_return_address(0));
2302 EXPORT_SYMBOL(kfree
);
2305 * kmem_cache_shrink removes empty slabs from the partial lists and sorts
2306 * the remaining slabs by the number of items in use. The slabs with the
2307 * most items in use come first. New allocations will then fill those up
2308 * and thus they can be removed from the partial lists.
2310 * The slabs with the least items are placed last. This results in them
2311 * being allocated from last increasing the chance that the last objects
2312 * are freed in them.
2314 int kmem_cache_shrink(struct kmem_cache
*s
)
2318 struct kmem_cache_node
*n
;
2321 struct list_head
*slabs_by_inuse
=
2322 kmalloc(sizeof(struct list_head
) * s
->objects
, GFP_KERNEL
);
2323 unsigned long flags
;
2325 if (!slabs_by_inuse
)
2329 for_each_online_node(node
) {
2330 n
= get_node(s
, node
);
2335 for (i
= 0; i
< s
->objects
; i
++)
2336 INIT_LIST_HEAD(slabs_by_inuse
+ i
);
2338 spin_lock_irqsave(&n
->list_lock
, flags
);
2341 * Build lists indexed by the items in use in each slab.
2343 * Note that concurrent frees may occur while we hold the
2344 * list_lock. page->inuse here is the upper limit.
2346 list_for_each_entry_safe(page
, t
, &n
->partial
, lru
) {
2347 if (!page
->inuse
&& slab_trylock(page
)) {
2349 * Must hold slab lock here because slab_free
2350 * may have freed the last object and be
2351 * waiting to release the slab.
2353 list_del(&page
->lru
);
2356 discard_slab(s
, page
);
2358 if (n
->nr_partial
> MAX_PARTIAL
)
2359 list_move(&page
->lru
,
2360 slabs_by_inuse
+ page
->inuse
);
2364 if (n
->nr_partial
<= MAX_PARTIAL
)
2368 * Rebuild the partial list with the slabs filled up most
2369 * first and the least used slabs at the end.
2371 for (i
= s
->objects
- 1; i
>= 0; i
--)
2372 list_splice(slabs_by_inuse
+ i
, n
->partial
.prev
);
2375 spin_unlock_irqrestore(&n
->list_lock
, flags
);
2378 kfree(slabs_by_inuse
);
2381 EXPORT_SYMBOL(kmem_cache_shrink
);
2384 * krealloc - reallocate memory. The contents will remain unchanged.
2385 * @p: object to reallocate memory for.
2386 * @new_size: how many bytes of memory are required.
2387 * @flags: the type of memory to allocate.
2389 * The contents of the object pointed to are preserved up to the
2390 * lesser of the new and old sizes. If @p is %NULL, krealloc()
2391 * behaves exactly like kmalloc(). If @size is 0 and @p is not a
2392 * %NULL pointer, the object pointed to is freed.
2394 void *krealloc(const void *p
, size_t new_size
, gfp_t flags
)
2400 return kmalloc(new_size
, flags
);
2402 if (unlikely(!new_size
)) {
2411 ret
= kmalloc(new_size
, flags
);
2413 memcpy(ret
, p
, min(new_size
, ks
));
2418 EXPORT_SYMBOL(krealloc
);
2420 /********************************************************************
2421 * Basic setup of slabs
2422 *******************************************************************/
2424 void __init
kmem_cache_init(void)
2430 * Must first have the slab cache available for the allocations of the
2431 * struct kmem_cache_node's. There is special bootstrap code in
2432 * kmem_cache_open for slab_state == DOWN.
2434 create_kmalloc_cache(&kmalloc_caches
[0], "kmem_cache_node",
2435 sizeof(struct kmem_cache_node
), GFP_KERNEL
);
2438 /* Able to allocate the per node structures */
2439 slab_state
= PARTIAL
;
2441 /* Caches that are not of the two-to-the-power-of size */
2442 create_kmalloc_cache(&kmalloc_caches
[1],
2443 "kmalloc-96", 96, GFP_KERNEL
);
2444 create_kmalloc_cache(&kmalloc_caches
[2],
2445 "kmalloc-192", 192, GFP_KERNEL
);
2447 for (i
= KMALLOC_SHIFT_LOW
; i
<= KMALLOC_SHIFT_HIGH
; i
++)
2448 create_kmalloc_cache(&kmalloc_caches
[i
],
2449 "kmalloc", 1 << i
, GFP_KERNEL
);
2453 /* Provide the correct kmalloc names now that the caches are up */
2454 for (i
= KMALLOC_SHIFT_LOW
; i
<= KMALLOC_SHIFT_HIGH
; i
++)
2455 kmalloc_caches
[i
]. name
=
2456 kasprintf(GFP_KERNEL
, "kmalloc-%d", 1 << i
);
2459 register_cpu_notifier(&slab_notifier
);
2462 kmem_size
= offsetof(struct kmem_cache
, cpu_slab
) +
2463 nr_cpu_ids
* sizeof(struct page
*);
2465 printk(KERN_INFO
"SLUB: Genslabs=%d, HWalign=%d, Order=%d-%d, MinObjects=%d,"
2466 " Processors=%d, Nodes=%d\n",
2467 KMALLOC_SHIFT_HIGH
, cache_line_size(),
2468 slub_min_order
, slub_max_order
, slub_min_objects
,
2469 nr_cpu_ids
, nr_node_ids
);
2473 * Find a mergeable slab cache
2475 static int slab_unmergeable(struct kmem_cache
*s
)
2477 if (slub_nomerge
|| (s
->flags
& SLUB_NEVER_MERGE
))
2486 static struct kmem_cache
*find_mergeable(size_t size
,
2487 size_t align
, unsigned long flags
,
2488 void (*ctor
)(void *, struct kmem_cache
*, unsigned long))
2490 struct list_head
*h
;
2492 if (slub_nomerge
|| (flags
& SLUB_NEVER_MERGE
))
2498 size
= ALIGN(size
, sizeof(void *));
2499 align
= calculate_alignment(flags
, align
, size
);
2500 size
= ALIGN(size
, align
);
2502 list_for_each(h
, &slab_caches
) {
2503 struct kmem_cache
*s
=
2504 container_of(h
, struct kmem_cache
, list
);
2506 if (slab_unmergeable(s
))
2512 if (((flags
| slub_debug
) & SLUB_MERGE_SAME
) !=
2513 (s
->flags
& SLUB_MERGE_SAME
))
2516 * Check if alignment is compatible.
2517 * Courtesy of Adrian Drzewiecki
2519 if ((s
->size
& ~(align
-1)) != s
->size
)
2522 if (s
->size
- size
>= sizeof(void *))
2530 struct kmem_cache
*kmem_cache_create(const char *name
, size_t size
,
2531 size_t align
, unsigned long flags
,
2532 void (*ctor
)(void *, struct kmem_cache
*, unsigned long),
2533 void (*dtor
)(void *, struct kmem_cache
*, unsigned long))
2535 struct kmem_cache
*s
;
2538 down_write(&slub_lock
);
2539 s
= find_mergeable(size
, align
, flags
, ctor
);
2543 * Adjust the object sizes so that we clear
2544 * the complete object on kzalloc.
2546 s
->objsize
= max(s
->objsize
, (int)size
);
2547 s
->inuse
= max_t(int, s
->inuse
, ALIGN(size
, sizeof(void *)));
2548 if (sysfs_slab_alias(s
, name
))
2551 s
= kmalloc(kmem_size
, GFP_KERNEL
);
2552 if (s
&& kmem_cache_open(s
, GFP_KERNEL
, name
,
2553 size
, align
, flags
, ctor
)) {
2554 if (sysfs_slab_add(s
)) {
2558 list_add(&s
->list
, &slab_caches
);
2562 up_write(&slub_lock
);
2566 up_write(&slub_lock
);
2567 if (flags
& SLAB_PANIC
)
2568 panic("Cannot create slabcache %s\n", name
);
2573 EXPORT_SYMBOL(kmem_cache_create
);
2575 void *kmem_cache_zalloc(struct kmem_cache
*s
, gfp_t flags
)
2579 x
= slab_alloc(s
, flags
, -1, __builtin_return_address(0));
2581 memset(x
, 0, s
->objsize
);
2584 EXPORT_SYMBOL(kmem_cache_zalloc
);
2587 static void for_all_slabs(void (*func
)(struct kmem_cache
*, int), int cpu
)
2589 struct list_head
*h
;
2591 down_read(&slub_lock
);
2592 list_for_each(h
, &slab_caches
) {
2593 struct kmem_cache
*s
=
2594 container_of(h
, struct kmem_cache
, list
);
2598 up_read(&slub_lock
);
2602 * Use the cpu notifier to insure that the cpu slabs are flushed when
2605 static int __cpuinit
slab_cpuup_callback(struct notifier_block
*nfb
,
2606 unsigned long action
, void *hcpu
)
2608 long cpu
= (long)hcpu
;
2611 case CPU_UP_CANCELED
:
2612 case CPU_UP_CANCELED_FROZEN
:
2614 case CPU_DEAD_FROZEN
:
2615 for_all_slabs(__flush_cpu_slab
, cpu
);
2623 static struct notifier_block __cpuinitdata slab_notifier
=
2624 { &slab_cpuup_callback
, NULL
, 0 };
2628 void *__kmalloc_track_caller(size_t size
, gfp_t gfpflags
, void *caller
)
2630 struct kmem_cache
*s
= get_slab(size
, gfpflags
);
2635 return slab_alloc(s
, gfpflags
, -1, caller
);
2638 void *__kmalloc_node_track_caller(size_t size
, gfp_t gfpflags
,
2639 int node
, void *caller
)
2641 struct kmem_cache
*s
= get_slab(size
, gfpflags
);
2646 return slab_alloc(s
, gfpflags
, node
, caller
);
2649 #if defined(CONFIG_SYSFS) && defined(CONFIG_SLUB_DEBUG)
2650 static int validate_slab(struct kmem_cache
*s
, struct page
*page
)
2653 void *addr
= page_address(page
);
2654 DECLARE_BITMAP(map
, s
->objects
);
2656 if (!check_slab(s
, page
) ||
2657 !on_freelist(s
, page
, NULL
))
2660 /* Now we know that a valid freelist exists */
2661 bitmap_zero(map
, s
->objects
);
2663 for_each_free_object(p
, s
, page
->freelist
) {
2664 set_bit(slab_index(p
, s
, addr
), map
);
2665 if (!check_object(s
, page
, p
, 0))
2669 for_each_object(p
, s
, addr
)
2670 if (!test_bit(slab_index(p
, s
, addr
), map
))
2671 if (!check_object(s
, page
, p
, 1))
2676 static void validate_slab_slab(struct kmem_cache
*s
, struct page
*page
)
2678 if (slab_trylock(page
)) {
2679 validate_slab(s
, page
);
2682 printk(KERN_INFO
"SLUB %s: Skipped busy slab 0x%p\n",
2685 if (s
->flags
& DEBUG_DEFAULT_FLAGS
) {
2686 if (!SlabDebug(page
))
2687 printk(KERN_ERR
"SLUB %s: SlabDebug not set "
2688 "on slab 0x%p\n", s
->name
, page
);
2690 if (SlabDebug(page
))
2691 printk(KERN_ERR
"SLUB %s: SlabDebug set on "
2692 "slab 0x%p\n", s
->name
, page
);
2696 static int validate_slab_node(struct kmem_cache
*s
, struct kmem_cache_node
*n
)
2698 unsigned long count
= 0;
2700 unsigned long flags
;
2702 spin_lock_irqsave(&n
->list_lock
, flags
);
2704 list_for_each_entry(page
, &n
->partial
, lru
) {
2705 validate_slab_slab(s
, page
);
2708 if (count
!= n
->nr_partial
)
2709 printk(KERN_ERR
"SLUB %s: %ld partial slabs counted but "
2710 "counter=%ld\n", s
->name
, count
, n
->nr_partial
);
2712 if (!(s
->flags
& SLAB_STORE_USER
))
2715 list_for_each_entry(page
, &n
->full
, lru
) {
2716 validate_slab_slab(s
, page
);
2719 if (count
!= atomic_long_read(&n
->nr_slabs
))
2720 printk(KERN_ERR
"SLUB: %s %ld slabs counted but "
2721 "counter=%ld\n", s
->name
, count
,
2722 atomic_long_read(&n
->nr_slabs
));
2725 spin_unlock_irqrestore(&n
->list_lock
, flags
);
2729 static unsigned long validate_slab_cache(struct kmem_cache
*s
)
2732 unsigned long count
= 0;
2735 for_each_online_node(node
) {
2736 struct kmem_cache_node
*n
= get_node(s
, node
);
2738 count
+= validate_slab_node(s
, n
);
2743 #ifdef SLUB_RESILIENCY_TEST
2744 static void resiliency_test(void)
2748 printk(KERN_ERR
"SLUB resiliency testing\n");
2749 printk(KERN_ERR
"-----------------------\n");
2750 printk(KERN_ERR
"A. Corruption after allocation\n");
2752 p
= kzalloc(16, GFP_KERNEL
);
2754 printk(KERN_ERR
"\n1. kmalloc-16: Clobber Redzone/next pointer"
2755 " 0x12->0x%p\n\n", p
+ 16);
2757 validate_slab_cache(kmalloc_caches
+ 4);
2759 /* Hmmm... The next two are dangerous */
2760 p
= kzalloc(32, GFP_KERNEL
);
2761 p
[32 + sizeof(void *)] = 0x34;
2762 printk(KERN_ERR
"\n2. kmalloc-32: Clobber next pointer/next slab"
2763 " 0x34 -> -0x%p\n", p
);
2764 printk(KERN_ERR
"If allocated object is overwritten then not detectable\n\n");
2766 validate_slab_cache(kmalloc_caches
+ 5);
2767 p
= kzalloc(64, GFP_KERNEL
);
2768 p
+= 64 + (get_cycles() & 0xff) * sizeof(void *);
2770 printk(KERN_ERR
"\n3. kmalloc-64: corrupting random byte 0x56->0x%p\n",
2772 printk(KERN_ERR
"If allocated object is overwritten then not detectable\n\n");
2773 validate_slab_cache(kmalloc_caches
+ 6);
2775 printk(KERN_ERR
"\nB. Corruption after free\n");
2776 p
= kzalloc(128, GFP_KERNEL
);
2779 printk(KERN_ERR
"1. kmalloc-128: Clobber first word 0x78->0x%p\n\n", p
);
2780 validate_slab_cache(kmalloc_caches
+ 7);
2782 p
= kzalloc(256, GFP_KERNEL
);
2785 printk(KERN_ERR
"\n2. kmalloc-256: Clobber 50th byte 0x9a->0x%p\n\n", p
);
2786 validate_slab_cache(kmalloc_caches
+ 8);
2788 p
= kzalloc(512, GFP_KERNEL
);
2791 printk(KERN_ERR
"\n3. kmalloc-512: Clobber redzone 0xab->0x%p\n\n", p
);
2792 validate_slab_cache(kmalloc_caches
+ 9);
2795 static void resiliency_test(void) {};
2799 * Generate lists of code addresses where slabcache objects are allocated
2804 unsigned long count
;
2817 unsigned long count
;
2818 struct location
*loc
;
2821 static void free_loc_track(struct loc_track
*t
)
2824 free_pages((unsigned long)t
->loc
,
2825 get_order(sizeof(struct location
) * t
->max
));
2828 static int alloc_loc_track(struct loc_track
*t
, unsigned long max
)
2834 max
= PAGE_SIZE
/ sizeof(struct location
);
2836 order
= get_order(sizeof(struct location
) * max
);
2838 l
= (void *)__get_free_pages(GFP_KERNEL
, order
);
2844 memcpy(l
, t
->loc
, sizeof(struct location
) * t
->count
);
2852 static int add_location(struct loc_track
*t
, struct kmem_cache
*s
,
2853 const struct track
*track
)
2855 long start
, end
, pos
;
2858 unsigned long age
= jiffies
- track
->when
;
2864 pos
= start
+ (end
- start
+ 1) / 2;
2867 * There is nothing at "end". If we end up there
2868 * we need to add something to before end.
2873 caddr
= t
->loc
[pos
].addr
;
2874 if (track
->addr
== caddr
) {
2880 if (age
< l
->min_time
)
2882 if (age
> l
->max_time
)
2885 if (track
->pid
< l
->min_pid
)
2886 l
->min_pid
= track
->pid
;
2887 if (track
->pid
> l
->max_pid
)
2888 l
->max_pid
= track
->pid
;
2890 cpu_set(track
->cpu
, l
->cpus
);
2892 node_set(page_to_nid(virt_to_page(track
)), l
->nodes
);
2896 if (track
->addr
< caddr
)
2903 * Not found. Insert new tracking element.
2905 if (t
->count
>= t
->max
&& !alloc_loc_track(t
, 2 * t
->max
))
2911 (t
->count
- pos
) * sizeof(struct location
));
2914 l
->addr
= track
->addr
;
2918 l
->min_pid
= track
->pid
;
2919 l
->max_pid
= track
->pid
;
2920 cpus_clear(l
->cpus
);
2921 cpu_set(track
->cpu
, l
->cpus
);
2922 nodes_clear(l
->nodes
);
2923 node_set(page_to_nid(virt_to_page(track
)), l
->nodes
);
2927 static void process_slab(struct loc_track
*t
, struct kmem_cache
*s
,
2928 struct page
*page
, enum track_item alloc
)
2930 void *addr
= page_address(page
);
2931 DECLARE_BITMAP(map
, s
->objects
);
2934 bitmap_zero(map
, s
->objects
);
2935 for_each_free_object(p
, s
, page
->freelist
)
2936 set_bit(slab_index(p
, s
, addr
), map
);
2938 for_each_object(p
, s
, addr
)
2939 if (!test_bit(slab_index(p
, s
, addr
), map
))
2940 add_location(t
, s
, get_track(s
, p
, alloc
));
2943 static int list_locations(struct kmem_cache
*s
, char *buf
,
2944 enum track_item alloc
)
2954 /* Push back cpu slabs */
2957 for_each_online_node(node
) {
2958 struct kmem_cache_node
*n
= get_node(s
, node
);
2959 unsigned long flags
;
2962 if (!atomic_read(&n
->nr_slabs
))
2965 spin_lock_irqsave(&n
->list_lock
, flags
);
2966 list_for_each_entry(page
, &n
->partial
, lru
)
2967 process_slab(&t
, s
, page
, alloc
);
2968 list_for_each_entry(page
, &n
->full
, lru
)
2969 process_slab(&t
, s
, page
, alloc
);
2970 spin_unlock_irqrestore(&n
->list_lock
, flags
);
2973 for (i
= 0; i
< t
.count
; i
++) {
2974 struct location
*l
= &t
.loc
[i
];
2976 if (n
> PAGE_SIZE
- 100)
2978 n
+= sprintf(buf
+ n
, "%7ld ", l
->count
);
2981 n
+= sprint_symbol(buf
+ n
, (unsigned long)l
->addr
);
2983 n
+= sprintf(buf
+ n
, "<not-available>");
2985 if (l
->sum_time
!= l
->min_time
) {
2986 unsigned long remainder
;
2988 n
+= sprintf(buf
+ n
, " age=%ld/%ld/%ld",
2990 div_long_long_rem(l
->sum_time
, l
->count
, &remainder
),
2993 n
+= sprintf(buf
+ n
, " age=%ld",
2996 if (l
->min_pid
!= l
->max_pid
)
2997 n
+= sprintf(buf
+ n
, " pid=%ld-%ld",
2998 l
->min_pid
, l
->max_pid
);
3000 n
+= sprintf(buf
+ n
, " pid=%ld",
3003 if (num_online_cpus() > 1 && !cpus_empty(l
->cpus
)) {
3004 n
+= sprintf(buf
+ n
, " cpus=");
3005 n
+= cpulist_scnprintf(buf
+ n
, PAGE_SIZE
- n
- 50,
3009 if (num_online_nodes() > 1 && !nodes_empty(l
->nodes
)) {
3010 n
+= sprintf(buf
+ n
, " nodes=");
3011 n
+= nodelist_scnprintf(buf
+ n
, PAGE_SIZE
- n
- 50,
3015 n
+= sprintf(buf
+ n
, "\n");
3020 n
+= sprintf(buf
, "No data\n");
3024 static unsigned long count_partial(struct kmem_cache_node
*n
)
3026 unsigned long flags
;
3027 unsigned long x
= 0;
3030 spin_lock_irqsave(&n
->list_lock
, flags
);
3031 list_for_each_entry(page
, &n
->partial
, lru
)
3033 spin_unlock_irqrestore(&n
->list_lock
, flags
);
3037 enum slab_stat_type
{
3044 #define SO_FULL (1 << SL_FULL)
3045 #define SO_PARTIAL (1 << SL_PARTIAL)
3046 #define SO_CPU (1 << SL_CPU)
3047 #define SO_OBJECTS (1 << SL_OBJECTS)
3049 static unsigned long slab_objects(struct kmem_cache
*s
,
3050 char *buf
, unsigned long flags
)
3052 unsigned long total
= 0;
3056 unsigned long *nodes
;
3057 unsigned long *per_cpu
;
3059 nodes
= kzalloc(2 * sizeof(unsigned long) * nr_node_ids
, GFP_KERNEL
);
3060 per_cpu
= nodes
+ nr_node_ids
;
3062 for_each_possible_cpu(cpu
) {
3063 struct page
*page
= s
->cpu_slab
[cpu
];
3067 node
= page_to_nid(page
);
3068 if (flags
& SO_CPU
) {
3071 if (flags
& SO_OBJECTS
)
3082 for_each_online_node(node
) {
3083 struct kmem_cache_node
*n
= get_node(s
, node
);
3085 if (flags
& SO_PARTIAL
) {
3086 if (flags
& SO_OBJECTS
)
3087 x
= count_partial(n
);
3094 if (flags
& SO_FULL
) {
3095 int full_slabs
= atomic_read(&n
->nr_slabs
)
3099 if (flags
& SO_OBJECTS
)
3100 x
= full_slabs
* s
->objects
;
3108 x
= sprintf(buf
, "%lu", total
);
3110 for_each_online_node(node
)
3112 x
+= sprintf(buf
+ x
, " N%d=%lu",
3116 return x
+ sprintf(buf
+ x
, "\n");
3119 static int any_slab_objects(struct kmem_cache
*s
)
3124 for_each_possible_cpu(cpu
)
3125 if (s
->cpu_slab
[cpu
])
3128 for_each_node(node
) {
3129 struct kmem_cache_node
*n
= get_node(s
, node
);
3131 if (n
->nr_partial
|| atomic_read(&n
->nr_slabs
))
3137 #define to_slab_attr(n) container_of(n, struct slab_attribute, attr)
3138 #define to_slab(n) container_of(n, struct kmem_cache, kobj);
3140 struct slab_attribute
{
3141 struct attribute attr
;
3142 ssize_t (*show
)(struct kmem_cache
*s
, char *buf
);
3143 ssize_t (*store
)(struct kmem_cache
*s
, const char *x
, size_t count
);
3146 #define SLAB_ATTR_RO(_name) \
3147 static struct slab_attribute _name##_attr = __ATTR_RO(_name)
3149 #define SLAB_ATTR(_name) \
3150 static struct slab_attribute _name##_attr = \
3151 __ATTR(_name, 0644, _name##_show, _name##_store)
3153 static ssize_t
slab_size_show(struct kmem_cache
*s
, char *buf
)
3155 return sprintf(buf
, "%d\n", s
->size
);
3157 SLAB_ATTR_RO(slab_size
);
3159 static ssize_t
align_show(struct kmem_cache
*s
, char *buf
)
3161 return sprintf(buf
, "%d\n", s
->align
);
3163 SLAB_ATTR_RO(align
);
3165 static ssize_t
object_size_show(struct kmem_cache
*s
, char *buf
)
3167 return sprintf(buf
, "%d\n", s
->objsize
);
3169 SLAB_ATTR_RO(object_size
);
3171 static ssize_t
objs_per_slab_show(struct kmem_cache
*s
, char *buf
)
3173 return sprintf(buf
, "%d\n", s
->objects
);
3175 SLAB_ATTR_RO(objs_per_slab
);
3177 static ssize_t
order_show(struct kmem_cache
*s
, char *buf
)
3179 return sprintf(buf
, "%d\n", s
->order
);
3181 SLAB_ATTR_RO(order
);
3183 static ssize_t
ctor_show(struct kmem_cache
*s
, char *buf
)
3186 int n
= sprint_symbol(buf
, (unsigned long)s
->ctor
);
3188 return n
+ sprintf(buf
+ n
, "\n");
3194 static ssize_t
aliases_show(struct kmem_cache
*s
, char *buf
)
3196 return sprintf(buf
, "%d\n", s
->refcount
- 1);
3198 SLAB_ATTR_RO(aliases
);
3200 static ssize_t
slabs_show(struct kmem_cache
*s
, char *buf
)
3202 return slab_objects(s
, buf
, SO_FULL
|SO_PARTIAL
|SO_CPU
);
3204 SLAB_ATTR_RO(slabs
);
3206 static ssize_t
partial_show(struct kmem_cache
*s
, char *buf
)
3208 return slab_objects(s
, buf
, SO_PARTIAL
);
3210 SLAB_ATTR_RO(partial
);
3212 static ssize_t
cpu_slabs_show(struct kmem_cache
*s
, char *buf
)
3214 return slab_objects(s
, buf
, SO_CPU
);
3216 SLAB_ATTR_RO(cpu_slabs
);
3218 static ssize_t
objects_show(struct kmem_cache
*s
, char *buf
)
3220 return slab_objects(s
, buf
, SO_FULL
|SO_PARTIAL
|SO_CPU
|SO_OBJECTS
);
3222 SLAB_ATTR_RO(objects
);
3224 static ssize_t
sanity_checks_show(struct kmem_cache
*s
, char *buf
)
3226 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_DEBUG_FREE
));
3229 static ssize_t
sanity_checks_store(struct kmem_cache
*s
,
3230 const char *buf
, size_t length
)
3232 s
->flags
&= ~SLAB_DEBUG_FREE
;
3234 s
->flags
|= SLAB_DEBUG_FREE
;
3237 SLAB_ATTR(sanity_checks
);
3239 static ssize_t
trace_show(struct kmem_cache
*s
, char *buf
)
3241 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_TRACE
));
3244 static ssize_t
trace_store(struct kmem_cache
*s
, const char *buf
,
3247 s
->flags
&= ~SLAB_TRACE
;
3249 s
->flags
|= SLAB_TRACE
;
3254 static ssize_t
reclaim_account_show(struct kmem_cache
*s
, char *buf
)
3256 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_RECLAIM_ACCOUNT
));
3259 static ssize_t
reclaim_account_store(struct kmem_cache
*s
,
3260 const char *buf
, size_t length
)
3262 s
->flags
&= ~SLAB_RECLAIM_ACCOUNT
;
3264 s
->flags
|= SLAB_RECLAIM_ACCOUNT
;
3267 SLAB_ATTR(reclaim_account
);
3269 static ssize_t
hwcache_align_show(struct kmem_cache
*s
, char *buf
)
3271 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_HWCACHE_ALIGN
));
3273 SLAB_ATTR_RO(hwcache_align
);
3275 #ifdef CONFIG_ZONE_DMA
3276 static ssize_t
cache_dma_show(struct kmem_cache
*s
, char *buf
)
3278 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_CACHE_DMA
));
3280 SLAB_ATTR_RO(cache_dma
);
3283 static ssize_t
destroy_by_rcu_show(struct kmem_cache
*s
, char *buf
)
3285 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_DESTROY_BY_RCU
));
3287 SLAB_ATTR_RO(destroy_by_rcu
);
3289 static ssize_t
red_zone_show(struct kmem_cache
*s
, char *buf
)
3291 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_RED_ZONE
));
3294 static ssize_t
red_zone_store(struct kmem_cache
*s
,
3295 const char *buf
, size_t length
)
3297 if (any_slab_objects(s
))
3300 s
->flags
&= ~SLAB_RED_ZONE
;
3302 s
->flags
|= SLAB_RED_ZONE
;
3306 SLAB_ATTR(red_zone
);
3308 static ssize_t
poison_show(struct kmem_cache
*s
, char *buf
)
3310 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_POISON
));
3313 static ssize_t
poison_store(struct kmem_cache
*s
,
3314 const char *buf
, size_t length
)
3316 if (any_slab_objects(s
))
3319 s
->flags
&= ~SLAB_POISON
;
3321 s
->flags
|= SLAB_POISON
;
3327 static ssize_t
store_user_show(struct kmem_cache
*s
, char *buf
)
3329 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_STORE_USER
));
3332 static ssize_t
store_user_store(struct kmem_cache
*s
,
3333 const char *buf
, size_t length
)
3335 if (any_slab_objects(s
))
3338 s
->flags
&= ~SLAB_STORE_USER
;
3340 s
->flags
|= SLAB_STORE_USER
;
3344 SLAB_ATTR(store_user
);
3346 static ssize_t
validate_show(struct kmem_cache
*s
, char *buf
)
3351 static ssize_t
validate_store(struct kmem_cache
*s
,
3352 const char *buf
, size_t length
)
3355 validate_slab_cache(s
);
3360 SLAB_ATTR(validate
);
3362 static ssize_t
shrink_show(struct kmem_cache
*s
, char *buf
)
3367 static ssize_t
shrink_store(struct kmem_cache
*s
,
3368 const char *buf
, size_t length
)
3370 if (buf
[0] == '1') {
3371 int rc
= kmem_cache_shrink(s
);
3381 static ssize_t
alloc_calls_show(struct kmem_cache
*s
, char *buf
)
3383 if (!(s
->flags
& SLAB_STORE_USER
))
3385 return list_locations(s
, buf
, TRACK_ALLOC
);
3387 SLAB_ATTR_RO(alloc_calls
);
3389 static ssize_t
free_calls_show(struct kmem_cache
*s
, char *buf
)
3391 if (!(s
->flags
& SLAB_STORE_USER
))
3393 return list_locations(s
, buf
, TRACK_FREE
);
3395 SLAB_ATTR_RO(free_calls
);
3398 static ssize_t
defrag_ratio_show(struct kmem_cache
*s
, char *buf
)
3400 return sprintf(buf
, "%d\n", s
->defrag_ratio
/ 10);
3403 static ssize_t
defrag_ratio_store(struct kmem_cache
*s
,
3404 const char *buf
, size_t length
)
3406 int n
= simple_strtoul(buf
, NULL
, 10);
3409 s
->defrag_ratio
= n
* 10;
3412 SLAB_ATTR(defrag_ratio
);
3415 static struct attribute
* slab_attrs
[] = {
3416 &slab_size_attr
.attr
,
3417 &object_size_attr
.attr
,
3418 &objs_per_slab_attr
.attr
,
3423 &cpu_slabs_attr
.attr
,
3427 &sanity_checks_attr
.attr
,
3429 &hwcache_align_attr
.attr
,
3430 &reclaim_account_attr
.attr
,
3431 &destroy_by_rcu_attr
.attr
,
3432 &red_zone_attr
.attr
,
3434 &store_user_attr
.attr
,
3435 &validate_attr
.attr
,
3437 &alloc_calls_attr
.attr
,
3438 &free_calls_attr
.attr
,
3439 #ifdef CONFIG_ZONE_DMA
3440 &cache_dma_attr
.attr
,
3443 &defrag_ratio_attr
.attr
,
3448 static struct attribute_group slab_attr_group
= {
3449 .attrs
= slab_attrs
,
3452 static ssize_t
slab_attr_show(struct kobject
*kobj
,
3453 struct attribute
*attr
,
3456 struct slab_attribute
*attribute
;
3457 struct kmem_cache
*s
;
3460 attribute
= to_slab_attr(attr
);
3463 if (!attribute
->show
)
3466 err
= attribute
->show(s
, buf
);
3471 static ssize_t
slab_attr_store(struct kobject
*kobj
,
3472 struct attribute
*attr
,
3473 const char *buf
, size_t len
)
3475 struct slab_attribute
*attribute
;
3476 struct kmem_cache
*s
;
3479 attribute
= to_slab_attr(attr
);
3482 if (!attribute
->store
)
3485 err
= attribute
->store(s
, buf
, len
);
3490 static struct sysfs_ops slab_sysfs_ops
= {
3491 .show
= slab_attr_show
,
3492 .store
= slab_attr_store
,
3495 static struct kobj_type slab_ktype
= {
3496 .sysfs_ops
= &slab_sysfs_ops
,
3499 static int uevent_filter(struct kset
*kset
, struct kobject
*kobj
)
3501 struct kobj_type
*ktype
= get_ktype(kobj
);
3503 if (ktype
== &slab_ktype
)
3508 static struct kset_uevent_ops slab_uevent_ops
= {
3509 .filter
= uevent_filter
,
3512 decl_subsys(slab
, &slab_ktype
, &slab_uevent_ops
);
3514 #define ID_STR_LENGTH 64
3516 /* Create a unique string id for a slab cache:
3518 * :[flags-]size:[memory address of kmemcache]
3520 static char *create_unique_id(struct kmem_cache
*s
)
3522 char *name
= kmalloc(ID_STR_LENGTH
, GFP_KERNEL
);
3529 * First flags affecting slabcache operations. We will only
3530 * get here for aliasable slabs so we do not need to support
3531 * too many flags. The flags here must cover all flags that
3532 * are matched during merging to guarantee that the id is
3535 if (s
->flags
& SLAB_CACHE_DMA
)
3537 if (s
->flags
& SLAB_RECLAIM_ACCOUNT
)
3539 if (s
->flags
& SLAB_DEBUG_FREE
)
3543 p
+= sprintf(p
, "%07d", s
->size
);
3544 BUG_ON(p
> name
+ ID_STR_LENGTH
- 1);
3548 static int sysfs_slab_add(struct kmem_cache
*s
)
3554 if (slab_state
< SYSFS
)
3555 /* Defer until later */
3558 unmergeable
= slab_unmergeable(s
);
3561 * Slabcache can never be merged so we can use the name proper.
3562 * This is typically the case for debug situations. In that
3563 * case we can catch duplicate names easily.
3565 sysfs_remove_link(&slab_subsys
.kobj
, s
->name
);
3569 * Create a unique name for the slab as a target
3572 name
= create_unique_id(s
);
3575 kobj_set_kset_s(s
, slab_subsys
);
3576 kobject_set_name(&s
->kobj
, name
);
3577 kobject_init(&s
->kobj
);
3578 err
= kobject_add(&s
->kobj
);
3582 err
= sysfs_create_group(&s
->kobj
, &slab_attr_group
);
3585 kobject_uevent(&s
->kobj
, KOBJ_ADD
);
3587 /* Setup first alias */
3588 sysfs_slab_alias(s
, s
->name
);
3594 static void sysfs_slab_remove(struct kmem_cache
*s
)
3596 kobject_uevent(&s
->kobj
, KOBJ_REMOVE
);
3597 kobject_del(&s
->kobj
);
3601 * Need to buffer aliases during bootup until sysfs becomes
3602 * available lest we loose that information.
3604 struct saved_alias
{
3605 struct kmem_cache
*s
;
3607 struct saved_alias
*next
;
3610 struct saved_alias
*alias_list
;
3612 static int sysfs_slab_alias(struct kmem_cache
*s
, const char *name
)
3614 struct saved_alias
*al
;
3616 if (slab_state
== SYSFS
) {
3618 * If we have a leftover link then remove it.
3620 sysfs_remove_link(&slab_subsys
.kobj
, name
);
3621 return sysfs_create_link(&slab_subsys
.kobj
,
3625 al
= kmalloc(sizeof(struct saved_alias
), GFP_KERNEL
);
3631 al
->next
= alias_list
;
3636 static int __init
slab_sysfs_init(void)
3638 struct list_head
*h
;
3641 err
= subsystem_register(&slab_subsys
);
3643 printk(KERN_ERR
"Cannot register slab subsystem.\n");
3649 list_for_each(h
, &slab_caches
) {
3650 struct kmem_cache
*s
=
3651 container_of(h
, struct kmem_cache
, list
);
3653 err
= sysfs_slab_add(s
);
3657 while (alias_list
) {
3658 struct saved_alias
*al
= alias_list
;
3660 alias_list
= alias_list
->next
;
3661 err
= sysfs_slab_alias(al
->s
, al
->name
);
3670 __initcall(slab_sysfs_init
);