projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[PATCH] update vm_total_pages at memory hotadd
[linux-2.6-block.git] / mm / slab.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/mm/slab.c
3 * Written by Mark Hemment, 1996/97.
4 * (markhe@nextd.demon.co.uk)
5 *
6 * kmem_cache_destroy() + some cleanup - 1999 Andrea Arcangeli
7 *
8 * Major cleanup, different bufctl logic, per-cpu arrays
9 * (c) 2000 Manfred Spraul
10 *
11 * Cleanup, make the head arrays unconditional, preparation for NUMA
12 * (c) 2002 Manfred Spraul
13 *
14 * An implementation of the Slab Allocator as described in outline in;
15 * UNIX Internals: The New Frontiers by Uresh Vahalia
16 * Pub: Prentice Hall ISBN 0-13-101908-2
17 * or with a little more detail in;
18 * The Slab Allocator: An Object-Caching Kernel Memory Allocator
19 * Jeff Bonwick (Sun Microsystems).
20 * Presented at: USENIX Summer 1994 Technical Conference
21 *
22 * The memory is organized in caches, one cache for each object type.
23 * (e.g. inode_cache, dentry_cache, buffer_head, vm_area_struct)
24 * Each cache consists out of many slabs (they are small (usually one
25 * page long) and always contiguous), and each slab contains multiple
26 * initialized objects.
27 *
28 * This means, that your constructor is used only for newly allocated
29 * slabs and you must pass objects with the same intializations to
30 * kmem_cache_free.
31 *
32 * Each cache can only support one memory type (GFP_DMA, GFP_HIGHMEM,
33 * normal). If you need a special memory type, then must create a new
34 * cache for that memory type.
35 *
36 * In order to reduce fragmentation, the slabs are sorted in 3 groups:
37 * full slabs with 0 free objects
38 * partial slabs
39 * empty slabs with no allocated objects
40 *
41 * If partial slabs exist, then new allocations come from these slabs,
42 * otherwise from empty slabs or new slabs are allocated.
43 *
44 * kmem_cache_destroy() CAN CRASH if you try to allocate from the cache
45 * during kmem_cache_destroy(). The caller must prevent concurrent allocs.
46 *
47 * Each cache has a short per-cpu head array, most allocs
48 * and frees go into that array, and if that array overflows, then 1/2
49 * of the entries in the array are given back into the global cache.
50 * The head array is strictly LIFO and should improve the cache hit rates.
51 * On SMP, it additionally reduces the spinlock operations.
52 *
a737b3e2 53 * The c_cpuarray may not be read with enabled local interrupts -
1da177e4
LT		 54 * it's changed with a smp_call_function().
55 *
56 * SMP synchronization:
57 * constructors and destructors are called without any locking.
343e0d7a 58 * Several members in struct kmem_cache and struct slab never change, they
1da177e4
LT		 59 * are accessed without any locking.
60 * The per-cpu arrays are never accessed from the wrong cpu, no locking,
61 * and local interrupts are disabled so slab code is preempt-safe.
62 * The non-constant members are protected with a per-cache irq spinlock.
63 *
64 * Many thanks to Mark Hemment, who wrote another per-cpu slab patch
65 * in 2000 - many ideas in the current implementation are derived from
66 * his patch.
67 *
68 * Further notes from the original documentation:
69 *
70 * 11 April '97. Started multi-threading - markhe
fc0abb14 71 * The global cache-chain is protected by the mutex 'cache_chain_mutex'.
1da177e4
LT		 72 * The sem is only needed when accessing/extending the cache-chain, which
73 * can never happen inside an interrupt (kmem_cache_create(),
74 * kmem_cache_shrink() and kmem_cache_reap()).
75 *
76 * At present, each engine can be growing a cache. This should be blocked.
77 *
e498be7d
CL		 78 * 15 March 2005. NUMA slab allocator.
79 * Shai Fultheim <shai@scalex86.org>.
80 * Shobhit Dayal <shobhit@calsoftinc.com>
81 * Alok N Kataria <alokk@calsoftinc.com>
82 * Christoph Lameter <christoph@lameter.com>
83 *
84 * Modified the slab allocator to be node aware on NUMA systems.
85 * Each node has its own list of partial, free and full slabs.
86 * All object allocations for a node occur from node specific slab lists.
1da177e4
LT		 87 */
88
89#include <linux/config.h>
90#include <linux/slab.h>
91#include <linux/mm.h>
92#include <linux/swap.h>
93#include <linux/cache.h>
94#include <linux/interrupt.h>
95#include <linux/init.h>
96#include <linux/compiler.h>
101a5001 97#include <linux/cpuset.h>
1da177e4
LT		 98#include <linux/seq_file.h>
99#include <linux/notifier.h>
100#include <linux/kallsyms.h>
101#include <linux/cpu.h>
102#include <linux/sysctl.h>
103#include <linux/module.h>
104#include <linux/rcupdate.h>
543537bd 105#include <linux/string.h>
e498be7d 106#include <linux/nodemask.h>
dc85da15 107#include <linux/mempolicy.h>
fc0abb14 108#include <linux/mutex.h>
1da177e4
LT		 109
110#include <asm/uaccess.h>
111#include <asm/cacheflush.h>
112#include <asm/tlbflush.h>
113#include <asm/page.h>
114
115/*
116 * DEBUG - 1 for kmem_cache_create() to honour; SLAB_DEBUG_INITIAL,
117 * SLAB_RED_ZONE & SLAB_POISON.
118 * 0 for faster, smaller code (especially in the critical paths).
119 *
120 * STATS - 1 to collect stats for /proc/slabinfo.
121 * 0 for faster, smaller code (especially in the critical paths).
122 *
123 * FORCED_DEBUG - 1 enables SLAB_RED_ZONE and SLAB_POISON (if possible)
124 */
125
126#ifdef CONFIG_DEBUG_SLAB
127#define DEBUG 1
128#define STATS 1
129#define FORCED_DEBUG 1
130#else
131#define DEBUG 0
132#define STATS 0
133#define FORCED_DEBUG 0
134#endif
135
1da177e4
LT		 136/* Shouldn't this be in a header file somewhere? */
137#define BYTES_PER_WORD sizeof(void *)
138
139#ifndef cache_line_size
140#define cache_line_size() L1_CACHE_BYTES
141#endif
142
143#ifndef ARCH_KMALLOC_MINALIGN
144/*
145 * Enforce a minimum alignment for the kmalloc caches.
146 * Usually, the kmalloc caches are cache_line_size() aligned, except when
147 * DEBUG and FORCED_DEBUG are enabled, then they are BYTES_PER_WORD aligned.
148 * Some archs want to perform DMA into kmalloc caches and need a guaranteed
149 * alignment larger than BYTES_PER_WORD. ARCH_KMALLOC_MINALIGN allows that.
150 * Note that this flag disables some debug features.
151 */
152#define ARCH_KMALLOC_MINALIGN 0
153#endif
154
155#ifndef ARCH_SLAB_MINALIGN
156/*
157 * Enforce a minimum alignment for all caches.
158 * Intended for archs that get misalignment faults even for BYTES_PER_WORD
159 * aligned buffers. Includes ARCH_KMALLOC_MINALIGN.
160 * If possible: Do not enable this flag for CONFIG_DEBUG_SLAB, it disables
161 * some debug features.
162 */
163#define ARCH_SLAB_MINALIGN 0
164#endif
165
166#ifndef ARCH_KMALLOC_FLAGS
167#define ARCH_KMALLOC_FLAGS SLAB_HWCACHE_ALIGN
168#endif
169
170/* Legal flag mask for kmem_cache_create(). */
171#if DEBUG
172# define CREATE_MASK (SLAB_DEBUG_INITIAL | SLAB_RED_ZONE | \
173 SLAB_POISON | SLAB_HWCACHE_ALIGN | \
ac2b898c 174 SLAB_CACHE_DMA | \
1da177e4
LT		 175 SLAB_MUST_HWCACHE_ALIGN | SLAB_STORE_USER | \
176 SLAB_RECLAIM_ACCOUNT | SLAB_PANIC | \
101a5001 177 SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD)
1da177e4 178#else
ac2b898c 179# define CREATE_MASK (SLAB_HWCACHE_ALIGN | \
1da177e4
LT		 180 SLAB_CACHE_DMA | SLAB_MUST_HWCACHE_ALIGN | \
181 SLAB_RECLAIM_ACCOUNT | SLAB_PANIC | \
101a5001 182 SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD)
1da177e4
LT		 183#endif
184
185/*
186 * kmem_bufctl_t:
187 *
188 * Bufctl's are used for linking objs within a slab
189 * linked offsets.
190 *
191 * This implementation relies on "struct page" for locating the cache &
192 * slab an object belongs to.
193 * This allows the bufctl structure to be small (one int), but limits
194 * the number of objects a slab (not a cache) can contain when off-slab
195 * bufctls are used. The limit is the size of the largest general cache
196 * that does not use off-slab slabs.
197 * For 32bit archs with 4 kB pages, is this 56.
198 * This is not serious, as it is only for large objects, when it is unwise
199 * to have too many per slab.
200 * Note: This limit can be raised by introducing a general cache whose size
201 * is less than 512 (PAGE_SIZE<<3), but greater than 256.
202 */
203
fa5b08d5 204typedef unsigned int kmem_bufctl_t;
1da177e4
LT		 205#define BUFCTL_END (((kmem_bufctl_t)(~0U))-0)
206#define BUFCTL_FREE (((kmem_bufctl_t)(~0U))-1)
871751e2
AV		 207#define BUFCTL_ACTIVE (((kmem_bufctl_t)(~0U))-2)
208#define SLAB_LIMIT (((kmem_bufctl_t)(~0U))-3)
1da177e4 209
1da177e4
LT		 210/*
211 * struct slab
212 *
213 * Manages the objs in a slab. Placed either at the beginning of mem allocated
214 * for a slab, or allocated from an general cache.
215 * Slabs are chained into three list: fully used, partial, fully free slabs.
216 */
217struct slab {
b28a02de
PE		 218 struct list_head list;
219 unsigned long colouroff;
220 void *s_mem; /* including colour offset */
221 unsigned int inuse; /* num of objs active in slab */
222 kmem_bufctl_t free;
223 unsigned short nodeid;
1da177e4
LT		 224};
225
226/*
227 * struct slab_rcu
228 *
229 * slab_destroy on a SLAB_DESTROY_BY_RCU cache uses this structure to
230 * arrange for kmem_freepages to be called via RCU. This is useful if
231 * we need to approach a kernel structure obliquely, from its address
232 * obtained without the usual locking. We can lock the structure to
233 * stabilize it and check it's still at the given address, only if we
234 * can be sure that the memory has not been meanwhile reused for some
235 * other kind of object (which our subsystem's lock might corrupt).
236 *
237 * rcu_read_lock before reading the address, then rcu_read_unlock after
238 * taking the spinlock within the structure expected at that address.
239 *
240 * We assume struct slab_rcu can overlay struct slab when destroying.
241 */
242struct slab_rcu {
b28a02de 243 struct rcu_head head;
343e0d7a 244 struct kmem_cache *cachep;
b28a02de 245 void *addr;
1da177e4
LT		 246};
247
248/*
249 * struct array_cache
250 *
1da177e4
LT		 251 * Purpose:
252 * - LIFO ordering, to hand out cache-warm objects from _alloc
253 * - reduce the number of linked list operations
254 * - reduce spinlock operations
255 *
256 * The limit is stored in the per-cpu structure to reduce the data cache
257 * footprint.
258 *
259 */
260struct array_cache {
261 unsigned int avail;
262 unsigned int limit;
263 unsigned int batchcount;
264 unsigned int touched;
e498be7d 265 spinlock_t lock;
a737b3e2
AM		 266 void *entry[0]; /*
267 * Must have this definition in here for the proper
268 * alignment of array_cache. Also simplifies accessing
269 * the entries.
270 * [0] is for gcc 2.95. It should really be [].
271 */
1da177e4
LT		 272};
273
a737b3e2
AM		 274/*
275 * bootstrap: The caches do not work without cpuarrays anymore, but the
276 * cpuarrays are allocated from the generic caches...
1da177e4
LT		 277 */
278#define BOOT_CPUCACHE_ENTRIES 1
279struct arraycache_init {
280 struct array_cache cache;
b28a02de 281 void *entries[BOOT_CPUCACHE_ENTRIES];
1da177e4
LT		 282};
283
284/*
e498be7d 285 * The slab lists for all objects.
1da177e4
LT		 286 */
287struct kmem_list3 {
b28a02de
PE		 288 struct list_head slabs_partial; /* partial list first, better asm code */
289 struct list_head slabs_full;
290 struct list_head slabs_free;
291 unsigned long free_objects;
b28a02de 292 unsigned int free_limit;
2e1217cf 293 unsigned int colour_next; /* Per-node cache coloring */
b28a02de
PE		 294 spinlock_t list_lock;
295 struct array_cache *shared; /* shared per node */
296 struct array_cache **alien; /* on other nodes */
35386e3b
CL		 297 unsigned long next_reap; /* updated without locking */
298 int free_touched; /* updated without locking */
1da177e4
LT		 299};
300
e498be7d
CL		 301/*
302 * Need this for bootstrapping a per node allocator.
303 */
304#define NUM_INIT_LISTS (2 * MAX_NUMNODES + 1)
305struct kmem_list3 __initdata initkmem_list3[NUM_INIT_LISTS];
306#define CACHE_CACHE 0
307#define SIZE_AC 1
308#define SIZE_L3 (1 + MAX_NUMNODES)
309
310/*
a737b3e2
AM		 311 * This function must be completely optimized away if a constant is passed to
312 * it. Mostly the same as what is in linux/slab.h except it returns an index.
e498be7d 313 */
7243cc05 314static __always_inline int index_of(const size_t size)
e498be7d 315{
5ec8a847
SR		 316 extern void __bad_size(void);
317
e498be7d
CL		 318 if (__builtin_constant_p(size)) {
319 int i = 0;
320
321#define CACHE(x) \
322 if (size <=x) \
323 return i; \
324 else \
325 i++;
326#include "linux/kmalloc_sizes.h"
327#undef CACHE
5ec8a847 328 __bad_size();
7243cc05 329 } else
5ec8a847 330 __bad_size();
e498be7d
CL		 331 return 0;
332}
333
e0a42726
IM		 334static int slab_early_init = 1;
335
e498be7d
CL		 336#define INDEX_AC index_of(sizeof(struct arraycache_init))
337#define INDEX_L3 index_of(sizeof(struct kmem_list3))
1da177e4 338
5295a74c 339static void kmem_list3_init(struct kmem_list3 *parent)
e498be7d
CL		 340{
341 INIT_LIST_HEAD(&parent->slabs_full);
342 INIT_LIST_HEAD(&parent->slabs_partial);
343 INIT_LIST_HEAD(&parent->slabs_free);
344 parent->shared = NULL;
345 parent->alien = NULL;
2e1217cf 346 parent->colour_next = 0;
e498be7d
CL		 347 spin_lock_init(&parent->list_lock);
348 parent->free_objects = 0;
349 parent->free_touched = 0;
350}
351
a737b3e2
AM		 352#define MAKE_LIST(cachep, listp, slab, nodeid) \
353 do { \
354 INIT_LIST_HEAD(listp); \
355 list_splice(&(cachep->nodelists[nodeid]->slab), listp); \
e498be7d
CL		 356 } while (0)
357
a737b3e2
AM		 358#define MAKE_ALL_LISTS(cachep, ptr, nodeid) \
359 do { \
e498be7d
CL		 360 MAKE_LIST((cachep), (&(ptr)->slabs_full), slabs_full, nodeid); \
361 MAKE_LIST((cachep), (&(ptr)->slabs_partial), slabs_partial, nodeid); \
362 MAKE_LIST((cachep), (&(ptr)->slabs_free), slabs_free, nodeid); \
363 } while (0)
1da177e4
LT		 364
365/*
343e0d7a 366 * struct kmem_cache
1da177e4
LT		 367 *
368 * manages a cache.
369 */
b28a02de 370
2109a2d1 371struct kmem_cache {
1da177e4 372/* 1) per-cpu data, touched during every alloc/free */
b28a02de 373 struct array_cache *array[NR_CPUS];
b5d8ca7c 374/* 2) Cache tunables. Protected by cache_chain_mutex */
b28a02de
PE		 375 unsigned int batchcount;
376 unsigned int limit;
377 unsigned int shared;
b5d8ca7c 378
3dafccf2 379 unsigned int buffer_size;
b5d8ca7c 380/* 3) touched by every alloc & free from the backend */
b28a02de 381 struct kmem_list3 *nodelists[MAX_NUMNODES];
b5d8ca7c 382
a737b3e2
AM		 383 unsigned int flags; /* constant flags */
384 unsigned int num; /* # of objs per slab */
1da177e4 385
b5d8ca7c 386/* 4) cache_grow/shrink */
1da177e4 387 /* order of pgs per slab (2^n) */
b28a02de 388 unsigned int gfporder;
1da177e4
LT		 389
390 /* force GFP flags, e.g. GFP_DMA */
b28a02de 391 gfp_t gfpflags;
1da177e4 392
a737b3e2 393 size_t colour; /* cache colouring range */
b28a02de 394 unsigned int colour_off; /* colour offset */
343e0d7a 395 struct kmem_cache *slabp_cache;
b28a02de 396 unsigned int slab_size;
a737b3e2 397 unsigned int dflags; /* dynamic flags */
1da177e4
LT		 398
399 /* constructor func */
343e0d7a 400 void (*ctor) (void *, struct kmem_cache *, unsigned long);
1da177e4
LT		 401
402 /* de-constructor func */
343e0d7a 403 void (*dtor) (void *, struct kmem_cache *, unsigned long);
1da177e4 404
b5d8ca7c 405/* 5) cache creation/removal */
b28a02de
PE		 406 const char *name;
407 struct list_head next;
1da177e4 408
b5d8ca7c 409/* 6) statistics */
1da177e4 410#if STATS
b28a02de
PE		 411 unsigned long num_active;
412 unsigned long num_allocations;
413 unsigned long high_mark;
414 unsigned long grown;
415 unsigned long reaped;
416 unsigned long errors;
417 unsigned long max_freeable;
418 unsigned long node_allocs;
419 unsigned long node_frees;
fb7faf33 420 unsigned long node_overflow;
b28a02de
PE		 421 atomic_t allochit;
422 atomic_t allocmiss;
423 atomic_t freehit;
424 atomic_t freemiss;
1da177e4
LT		 425#endif
426#if DEBUG
3dafccf2
MS		 427 /*
428 * If debugging is enabled, then the allocator can add additional
429 * fields and/or padding to every object. buffer_size contains the total
430 * object size including these internal fields, the following two
431 * variables contain the offset to the user object and its size.
432 */
433 int obj_offset;
434 int obj_size;
1da177e4
LT		 435#endif
436};
437
438#define CFLGS_OFF_SLAB (0x80000000UL)
439#define OFF_SLAB(x) ((x)->flags & CFLGS_OFF_SLAB)
440
441#define BATCHREFILL_LIMIT 16
a737b3e2
AM		 442/*
443 * Optimization question: fewer reaps means less probability for unnessary
444 * cpucache drain/refill cycles.
1da177e4 445 *
dc6f3f27 446 * OTOH the cpuarrays can contain lots of objects,
1da177e4
LT		 447 * which could lock up otherwise freeable slabs.
448 */
449#define REAPTIMEOUT_CPUC (2*HZ)
450#define REAPTIMEOUT_LIST3 (4*HZ)
451
452#if STATS
453#define STATS_INC_ACTIVE(x) ((x)->num_active++)
454#define STATS_DEC_ACTIVE(x) ((x)->num_active--)
455#define STATS_INC_ALLOCED(x) ((x)->num_allocations++)
456#define STATS_INC_GROWN(x) ((x)->grown++)
457#define STATS_INC_REAPED(x) ((x)->reaped++)
a737b3e2
AM		 458#define STATS_SET_HIGH(x) \
459 do { \
460 if ((x)->num_active > (x)->high_mark) \
461 (x)->high_mark = (x)->num_active; \
462 } while (0)
1da177e4
LT		 463#define STATS_INC_ERR(x) ((x)->errors++)
464#define STATS_INC_NODEALLOCS(x) ((x)->node_allocs++)
e498be7d 465#define STATS_INC_NODEFREES(x) ((x)->node_frees++)
fb7faf33 466#define STATS_INC_ACOVERFLOW(x) ((x)->node_overflow++)
a737b3e2
AM		 467#define STATS_SET_FREEABLE(x, i) \
468 do { \
469 if ((x)->max_freeable < i) \
470 (x)->max_freeable = i; \
471 } while (0)
1da177e4
LT		 472#define STATS_INC_ALLOCHIT(x) atomic_inc(&(x)->allochit)
473#define STATS_INC_ALLOCMISS(x) atomic_inc(&(x)->allocmiss)
474#define STATS_INC_FREEHIT(x) atomic_inc(&(x)->freehit)
475#define STATS_INC_FREEMISS(x) atomic_inc(&(x)->freemiss)
476#else
477#define STATS_INC_ACTIVE(x) do { } while (0)
478#define STATS_DEC_ACTIVE(x) do { } while (0)
479#define STATS_INC_ALLOCED(x) do { } while (0)
480#define STATS_INC_GROWN(x) do { } while (0)
481#define STATS_INC_REAPED(x) do { } while (0)
482#define STATS_SET_HIGH(x) do { } while (0)
483#define STATS_INC_ERR(x) do { } while (0)
484#define STATS_INC_NODEALLOCS(x) do { } while (0)
e498be7d 485#define STATS_INC_NODEFREES(x) do { } while (0)
fb7faf33 486#define STATS_INC_ACOVERFLOW(x) do { } while (0)
a737b3e2 487#define STATS_SET_FREEABLE(x, i) do { } while (0)
1da177e4
LT		 488#define STATS_INC_ALLOCHIT(x) do { } while (0)
489#define STATS_INC_ALLOCMISS(x) do { } while (0)
490#define STATS_INC_FREEHIT(x) do { } while (0)
491#define STATS_INC_FREEMISS(x) do { } while (0)
492#endif
493
494#if DEBUG
a737b3e2
AM		 495/*
496 * Magic nums for obj red zoning.
1da177e4
LT		 497 * Placed in the first word before and the first word after an obj.
498 */
499#define RED_INACTIVE 0x5A2CF071UL /* when obj is inactive */
500#define RED_ACTIVE 0x170FC2A5UL /* when obj is active */
501
502/* ...and for poisoning */
503#define POISON_INUSE 0x5a /* for use-uninitialised poisoning */
504#define POISON_FREE 0x6b /* for use-after-free poisoning */
505#define POISON_END 0xa5 /* end-byte of poisoning */
506
a737b3e2
AM		 507/*
508 * memory layout of objects:
1da177e4 509 * 0 : objp
3dafccf2 510 * 0 .. cachep->obj_offset - BYTES_PER_WORD - 1: padding. This ensures that
1da177e4
LT		 511 * the end of an object is aligned with the end of the real
512 * allocation. Catches writes behind the end of the allocation.
3dafccf2 513 * cachep->obj_offset - BYTES_PER_WORD .. cachep->obj_offset - 1:
1da177e4 514 * redzone word.
3dafccf2
MS		 515 * cachep->obj_offset: The real object.
516 * cachep->buffer_size - 2* BYTES_PER_WORD: redzone word [BYTES_PER_WORD long]
a737b3e2
AM		 517 * cachep->buffer_size - 1* BYTES_PER_WORD: last caller address
518 * [BYTES_PER_WORD long]
1da177e4 519 */
343e0d7a 520static int obj_offset(struct kmem_cache *cachep)
1da177e4 521{
3dafccf2 522 return cachep->obj_offset;
1da177e4
LT		 523}
524
343e0d7a 525static int obj_size(struct kmem_cache *cachep)
1da177e4 526{
3dafccf2 527 return cachep->obj_size;
1da177e4
LT		 528}
529
343e0d7a 530static unsigned long *dbg_redzone1(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 531{
532 BUG_ON(!(cachep->flags & SLAB_RED_ZONE));
3dafccf2 533 return (unsigned long*) (objp+obj_offset(cachep)-BYTES_PER_WORD);
1da177e4
LT		 534}
535
343e0d7a 536static unsigned long *dbg_redzone2(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 537{
538 BUG_ON(!(cachep->flags & SLAB_RED_ZONE));
539 if (cachep->flags & SLAB_STORE_USER)
3dafccf2 540 return (unsigned long *)(objp + cachep->buffer_size -
b28a02de 541 2 * BYTES_PER_WORD);
3dafccf2 542 return (unsigned long *)(objp + cachep->buffer_size - BYTES_PER_WORD);
1da177e4
LT		 543}
544
343e0d7a 545static void **dbg_userword(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 546{
547 BUG_ON(!(cachep->flags & SLAB_STORE_USER));
3dafccf2 548 return (void **)(objp + cachep->buffer_size - BYTES_PER_WORD);
1da177e4
LT		 549}
550
551#else
552
3dafccf2
MS		 553#define obj_offset(x) 0
554#define obj_size(cachep) (cachep->buffer_size)
1da177e4
LT		 555#define dbg_redzone1(cachep, objp) ({BUG(); (unsigned long *)NULL;})
556#define dbg_redzone2(cachep, objp) ({BUG(); (unsigned long *)NULL;})
557#define dbg_userword(cachep, objp) ({BUG(); (void **)NULL;})
558
559#endif
560
561/*
a737b3e2
AM		 562 * Maximum size of an obj (in 2^order pages) and absolute limit for the gfp
563 * order.
1da177e4
LT		 564 */
565#if defined(CONFIG_LARGE_ALLOCS)
566#define MAX_OBJ_ORDER 13 /* up to 32Mb */
567#define MAX_GFP_ORDER 13 /* up to 32Mb */
568#elif defined(CONFIG_MMU)
569#define MAX_OBJ_ORDER 5 /* 32 pages */
570#define MAX_GFP_ORDER 5 /* 32 pages */
571#else
572#define MAX_OBJ_ORDER 8 /* up to 1Mb */
573#define MAX_GFP_ORDER 8 /* up to 1Mb */
574#endif
575
576/*
577 * Do not go above this order unless 0 objects fit into the slab.
578 */
579#define BREAK_GFP_ORDER_HI 1
580#define BREAK_GFP_ORDER_LO 0
581static int slab_break_gfp_order = BREAK_GFP_ORDER_LO;
582
a737b3e2
AM		 583/*
584 * Functions for storing/retrieving the cachep and or slab from the page
585 * allocator. These are used to find the slab an obj belongs to. With kfree(),
586 * these are used to find the cache which an obj belongs to.
1da177e4 587 */
065d41cb
PE		 588static inline void page_set_cache(struct page *page, struct kmem_cache *cache)
589{
590 page->lru.next = (struct list_head *)cache;
591}
592
593static inline struct kmem_cache *page_get_cache(struct page *page)
594{
84097518
NP		 595 if (unlikely(PageCompound(page)))
596 page = (struct page *)page_private(page);
ddc2e812 597 BUG_ON(!PageSlab(page));
065d41cb
PE		 598 return (struct kmem_cache *)page->lru.next;
599}
600
601static inline void page_set_slab(struct page *page, struct slab *slab)
602{
603 page->lru.prev = (struct list_head *)slab;
604}
605
606static inline struct slab *page_get_slab(struct page *page)
607{
84097518
NP		 608 if (unlikely(PageCompound(page)))
609 page = (struct page *)page_private(page);
ddc2e812 610 BUG_ON(!PageSlab(page));
065d41cb
PE		 611 return (struct slab *)page->lru.prev;
612}
1da177e4 613
6ed5eb22
PE		 614static inline struct kmem_cache *virt_to_cache(const void *obj)
615{
616 struct page *page = virt_to_page(obj);
617 return page_get_cache(page);
618}
619
620static inline struct slab *virt_to_slab(const void *obj)
621{
622 struct page *page = virt_to_page(obj);
623 return page_get_slab(page);
624}
625
8fea4e96
PE		 626static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab,
627 unsigned int idx)
628{
629 return slab->s_mem + cache->buffer_size * idx;
630}
631
632static inline unsigned int obj_to_index(struct kmem_cache *cache,
633 struct slab *slab, void *obj)
634{
635 return (unsigned)(obj - slab->s_mem) / cache->buffer_size;
636}
637
a737b3e2
AM		 638/*
639 * These are the default caches for kmalloc. Custom caches can have other sizes.
640 */
1da177e4
LT		 641struct cache_sizes malloc_sizes[] = {
642#define CACHE(x) { .cs_size = (x) },
643#include <linux/kmalloc_sizes.h>
644 CACHE(ULONG_MAX)
645#undef CACHE
646};
647EXPORT_SYMBOL(malloc_sizes);
648
649/* Must match cache_sizes above. Out of line to keep cache footprint low. */
650struct cache_names {
651 char *name;
652 char *name_dma;
653};
654
655static struct cache_names __initdata cache_names[] = {
656#define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" },
657#include <linux/kmalloc_sizes.h>
b28a02de 658 {NULL,}
1da177e4
LT		 659#undef CACHE
660};
661
662static struct arraycache_init initarray_cache __initdata =
b28a02de 663 { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
1da177e4 664static struct arraycache_init initarray_generic =
b28a02de 665 { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
1da177e4
LT		 666
667/* internal cache of cache description objs */
343e0d7a 668static struct kmem_cache cache_cache = {
b28a02de
PE		 669 .batchcount = 1,
670 .limit = BOOT_CPUCACHE_ENTRIES,
671 .shared = 1,
343e0d7a 672 .buffer_size = sizeof(struct kmem_cache),
b28a02de 673 .name = "kmem_cache",
1da177e4 674#if DEBUG
343e0d7a 675 .obj_size = sizeof(struct kmem_cache),
1da177e4
LT		 676#endif
677};
678
679/* Guard access to the cache-chain. */
fc0abb14 680static DEFINE_MUTEX(cache_chain_mutex);
1da177e4
LT		 681static struct list_head cache_chain;
682
683/*
a737b3e2
AM		 684 * vm_enough_memory() looks at this to determine how many slab-allocated pages
685 * are possibly freeable under pressure
1da177e4
LT		 686 *
687 * SLAB_RECLAIM_ACCOUNT turns this on per-slab
688 */
689atomic_t slab_reclaim_pages;
1da177e4
LT		 690
691/*
692 * chicken and egg problem: delay the per-cpu array allocation
693 * until the general caches are up.
694 */
695static enum {
696 NONE,
e498be7d
CL		 697 PARTIAL_AC,
698 PARTIAL_L3,
1da177e4
LT		 699 FULL
700} g_cpucache_up;
701
39d24e64
MK		 702/*
703 * used by boot code to determine if it can use slab based allocator
704 */
705int slab_is_available(void)
706{
707 return g_cpucache_up == FULL;
708}
709
1da177e4
LT		 710static DEFINE_PER_CPU(struct work_struct, reap_work);
711
a737b3e2
AM		 712static void free_block(struct kmem_cache *cachep, void **objpp, int len,
713 int node);
343e0d7a 714static void enable_cpucache(struct kmem_cache *cachep);
b28a02de 715static void cache_reap(void *unused);
343e0d7a 716static int __node_shrink(struct kmem_cache *cachep, int node);
1da177e4 717
343e0d7a 718static inline struct array_cache *cpu_cache_get(struct kmem_cache *cachep)
1da177e4
LT		 719{
720 return cachep->array[smp_processor_id()];
721}
722
a737b3e2
AM		 723static inline struct kmem_cache *__find_general_cachep(size_t size,
724 gfp_t gfpflags)
1da177e4
LT		 725{
726 struct cache_sizes *csizep = malloc_sizes;
727
728#if DEBUG
729 /* This happens if someone tries to call
b28a02de
PE		 730 * kmem_cache_create(), or __kmalloc(), before
731 * the generic caches are initialized.
732 */
c7e43c78 733 BUG_ON(malloc_sizes[INDEX_AC].cs_cachep == NULL);
1da177e4
LT		 734#endif
735 while (size > csizep->cs_size)
736 csizep++;
737
738 /*
0abf40c1 739 * Really subtle: The last entry with cs->cs_size==ULONG_MAX
1da177e4
LT		 740 * has cs_{dma,}cachep==NULL. Thus no special case
741 * for large kmalloc calls required.
742 */
743 if (unlikely(gfpflags & GFP_DMA))
744 return csizep->cs_dmacachep;
745 return csizep->cs_cachep;
746}
747
343e0d7a 748struct kmem_cache *kmem_find_general_cachep(size_t size, gfp_t gfpflags)
97e2bde4
MS		 749{
750 return __find_general_cachep(size, gfpflags);
751}
752EXPORT_SYMBOL(kmem_find_general_cachep);
753
fbaccacf 754static size_t slab_mgmt_size(size_t nr_objs, size_t align)
1da177e4 755{
fbaccacf
SR		 756 return ALIGN(sizeof(struct slab)+nr_objs*sizeof(kmem_bufctl_t), align);
757}
1da177e4 758
a737b3e2
AM		 759/*
760 * Calculate the number of objects and left-over bytes for a given buffer size.
761 */
fbaccacf
SR		 762static void cache_estimate(unsigned long gfporder, size_t buffer_size,
763 size_t align, int flags, size_t *left_over,
764 unsigned int *num)
765{
766 int nr_objs;
767 size_t mgmt_size;
768 size_t slab_size = PAGE_SIZE << gfporder;
1da177e4 769
fbaccacf
SR		 770 /*
771 * The slab management structure can be either off the slab or
772 * on it. For the latter case, the memory allocated for a
773 * slab is used for:
774 *
775 * - The struct slab
776 * - One kmem_bufctl_t for each object
777 * - Padding to respect alignment of @align
778 * - @buffer_size bytes for each object
779 *
780 * If the slab management structure is off the slab, then the
781 * alignment will already be calculated into the size. Because
782 * the slabs are all pages aligned, the objects will be at the
783 * correct alignment when allocated.
784 */
785 if (flags & CFLGS_OFF_SLAB) {
786 mgmt_size = 0;
787 nr_objs = slab_size / buffer_size;
788
789 if (nr_objs > SLAB_LIMIT)
790 nr_objs = SLAB_LIMIT;
791 } else {
792 /*
793 * Ignore padding for the initial guess. The padding
794 * is at most @align-1 bytes, and @buffer_size is at
795 * least @align. In the worst case, this result will
796 * be one greater than the number of objects that fit
797 * into the memory allocation when taking the padding
798 * into account.
799 */
800 nr_objs = (slab_size - sizeof(struct slab)) /
801 (buffer_size + sizeof(kmem_bufctl_t));
802
803 /*
804 * This calculated number will be either the right
805 * amount, or one greater than what we want.
806 */
807 if (slab_mgmt_size(nr_objs, align) + nr_objs*buffer_size
808 > slab_size)
809 nr_objs--;
810
811 if (nr_objs > SLAB_LIMIT)
812 nr_objs = SLAB_LIMIT;
813
814 mgmt_size = slab_mgmt_size(nr_objs, align);
815 }
816 *num = nr_objs;
817 *left_over = slab_size - nr_objs*buffer_size - mgmt_size;
1da177e4
LT		 818}
819
820#define slab_error(cachep, msg) __slab_error(__FUNCTION__, cachep, msg)
821
a737b3e2
AM		 822static void __slab_error(const char *function, struct kmem_cache *cachep,
823 char *msg)
1da177e4
LT		 824{
825 printk(KERN_ERR "slab error in %s(): cache `%s': %s\n",
b28a02de 826 function, cachep->name, msg);
1da177e4
LT		 827 dump_stack();
828}
829
8fce4d8e
CL		 830#ifdef CONFIG_NUMA
831/*
832 * Special reaping functions for NUMA systems called from cache_reap().
833 * These take care of doing round robin flushing of alien caches (containing
834 * objects freed on different nodes from which they were allocated) and the
835 * flushing of remote pcps by calling drain_node_pages.
836 */
837static DEFINE_PER_CPU(unsigned long, reap_node);
838
839static void init_reap_node(int cpu)
840{
841 int node;
842
843 node = next_node(cpu_to_node(cpu), node_online_map);
844 if (node == MAX_NUMNODES)
442295c9 845 node = first_node(node_online_map);
8fce4d8e
CL		 846
847 __get_cpu_var(reap_node) = node;
848}
849
850static void next_reap_node(void)
851{
852 int node = __get_cpu_var(reap_node);
853
854 /*
855 * Also drain per cpu pages on remote zones
856 */
857 if (node != numa_node_id())
858 drain_node_pages(node);
859
860 node = next_node(node, node_online_map);
861 if (unlikely(node >= MAX_NUMNODES))
862 node = first_node(node_online_map);
863 __get_cpu_var(reap_node) = node;
864}
865
866#else
867#define init_reap_node(cpu) do { } while (0)
868#define next_reap_node(void) do { } while (0)
869#endif
870
1da177e4
LT		 871/*
872 * Initiate the reap timer running on the target CPU. We run at around 1 to 2Hz
873 * via the workqueue/eventd.
874 * Add the CPU number into the expiration time to minimize the possibility of
875 * the CPUs getting into lockstep and contending for the global cache chain
876 * lock.
877 */
878static void __devinit start_cpu_timer(int cpu)
879{
880 struct work_struct *reap_work = &per_cpu(reap_work, cpu);
881
882 /*
883 * When this gets called from do_initcalls via cpucache_init(),
884 * init_workqueues() has already run, so keventd will be setup
885 * at that time.
886 */
887 if (keventd_up() && reap_work->func == NULL) {
8fce4d8e 888 init_reap_node(cpu);
1da177e4
LT		 889 INIT_WORK(reap_work, cache_reap, NULL);
890 schedule_delayed_work_on(cpu, reap_work, HZ + 3 * cpu);
891 }
892}
893
e498be7d 894static struct array_cache *alloc_arraycache(int node, int entries,
b28a02de 895 int batchcount)
1da177e4 896{
b28a02de 897 int memsize = sizeof(void *) * entries + sizeof(struct array_cache);
1da177e4
LT		 898 struct array_cache *nc = NULL;
899
e498be7d 900 nc = kmalloc_node(memsize, GFP_KERNEL, node);
1da177e4
LT		 901 if (nc) {
902 nc->avail = 0;
903 nc->limit = entries;
904 nc->batchcount = batchcount;
905 nc->touched = 0;
e498be7d 906 spin_lock_init(&nc->lock);
1da177e4
LT		 907 }
908 return nc;
909}
910
3ded175a
CL		 911/*
912 * Transfer objects in one arraycache to another.
913 * Locking must be handled by the caller.
914 *
915 * Return the number of entries transferred.
916 */
917static int transfer_objects(struct array_cache *to,
918 struct array_cache *from, unsigned int max)
919{
920 /* Figure out how many entries to transfer */
921 int nr = min(min(from->avail, max), to->limit - to->avail);
922
923 if (!nr)
924 return 0;
925
926 memcpy(to->entry + to->avail, from->entry + from->avail -nr,
927 sizeof(void *) *nr);
928
929 from->avail -= nr;
930 to->avail += nr;
931 to->touched = 1;
932 return nr;
933}
934
e498be7d 935#ifdef CONFIG_NUMA
343e0d7a 936static void *__cache_alloc_node(struct kmem_cache *, gfp_t, int);
c61afb18 937static void *alternate_node_alloc(struct kmem_cache *, gfp_t);
dc85da15 938
5295a74c 939static struct array_cache **alloc_alien_cache(int node, int limit)
e498be7d
CL		 940{
941 struct array_cache **ac_ptr;
b28a02de 942 int memsize = sizeof(void *) * MAX_NUMNODES;
e498be7d
CL		 943 int i;
944
945 if (limit > 1)
946 limit = 12;
947 ac_ptr = kmalloc_node(memsize, GFP_KERNEL, node);
948 if (ac_ptr) {
949 for_each_node(i) {
950 if (i == node || !node_online(i)) {
951 ac_ptr[i] = NULL;
952 continue;
953 }
954 ac_ptr[i] = alloc_arraycache(node, limit, 0xbaadf00d);
955 if (!ac_ptr[i]) {
b28a02de 956 for (i--; i <= 0; i--)
e498be7d
CL		 957 kfree(ac_ptr[i]);
958 kfree(ac_ptr);
959 return NULL;
960 }
961 }
962 }
963 return ac_ptr;
964}
965
5295a74c 966static void free_alien_cache(struct array_cache **ac_ptr)
e498be7d
CL		 967{
968 int i;
969
970 if (!ac_ptr)
971 return;
e498be7d 972 for_each_node(i)
b28a02de 973 kfree(ac_ptr[i]);
e498be7d
CL		 974 kfree(ac_ptr);
975}
976
343e0d7a 977static void __drain_alien_cache(struct kmem_cache *cachep,
5295a74c 978 struct array_cache *ac, int node)
e498be7d
CL		 979{
980 struct kmem_list3 *rl3 = cachep->nodelists[node];
981
982 if (ac->avail) {
983 spin_lock(&rl3->list_lock);
e00946fe
CL		 984 /*
985 * Stuff objects into the remote nodes shared array first.
986 * That way we could avoid the overhead of putting the objects
987 * into the free lists and getting them back later.
988 */
693f7d36 989 if (rl3->shared)
990 transfer_objects(rl3->shared, ac, ac->limit);
e00946fe 991
ff69416e 992 free_block(cachep, ac->entry, ac->avail, node);
e498be7d
CL		 993 ac->avail = 0;
994 spin_unlock(&rl3->list_lock);
995 }
996}
997
8fce4d8e
CL		 998/*
999 * Called from cache_reap() to regularly drain alien caches round robin.
1000 */
1001static void reap_alien(struct kmem_cache *cachep, struct kmem_list3 *l3)
1002{
1003 int node = __get_cpu_var(reap_node);
1004
1005 if (l3->alien) {
1006 struct array_cache *ac = l3->alien[node];
e00946fe
CL		 1007
1008 if (ac && ac->avail && spin_trylock_irq(&ac->lock)) {
8fce4d8e
CL		 1009 __drain_alien_cache(cachep, ac, node);
1010 spin_unlock_irq(&ac->lock);
1011 }
1012 }
1013}
1014
a737b3e2
AM		 1015static void drain_alien_cache(struct kmem_cache *cachep,
1016 struct array_cache **alien)
e498be7d 1017{
b28a02de 1018 int i = 0;
e498be7d
CL		 1019 struct array_cache *ac;
1020 unsigned long flags;
1021
1022 for_each_online_node(i) {
4484ebf1 1023 ac = alien[i];
e498be7d
CL		 1024 if (ac) {
1025 spin_lock_irqsave(&ac->lock, flags);
1026 __drain_alien_cache(cachep, ac, i);
1027 spin_unlock_irqrestore(&ac->lock, flags);
1028 }
1029 }
1030}
729bd0b7
PE		 1031
1032static inline int cache_free_alien(struct kmem_cache *cachep, void *objp)
1033{
1034 struct slab *slabp = virt_to_slab(objp);
1035 int nodeid = slabp->nodeid;
1036 struct kmem_list3 *l3;
1037 struct array_cache *alien = NULL;
1038
1039 /*
1040 * Make sure we are not freeing a object from another node to the array
1041 * cache on this cpu.
1042 */
1043 if (likely(slabp->nodeid == numa_node_id()))
1044 return 0;
1045
1046 l3 = cachep->nodelists[numa_node_id()];
1047 STATS_INC_NODEFREES(cachep);
1048 if (l3->alien && l3->alien[nodeid]) {
1049 alien = l3->alien[nodeid];
1050 spin_lock(&alien->lock);
1051 if (unlikely(alien->avail == alien->limit)) {
1052 STATS_INC_ACOVERFLOW(cachep);
1053 __drain_alien_cache(cachep, alien, nodeid);
1054 }
1055 alien->entry[alien->avail++] = objp;
1056 spin_unlock(&alien->lock);
1057 } else {
1058 spin_lock(&(cachep->nodelists[nodeid])->list_lock);
1059 free_block(cachep, &objp, 1, nodeid);
1060 spin_unlock(&(cachep->nodelists[nodeid])->list_lock);
1061 }
1062 return 1;
1063}
1064
e498be7d 1065#else
7a21ef6f 1066
4484ebf1 1067#define drain_alien_cache(cachep, alien) do { } while (0)
8fce4d8e 1068#define reap_alien(cachep, l3) do { } while (0)
4484ebf1 1069
7a21ef6f
LT		 1070static inline struct array_cache **alloc_alien_cache(int node, int limit)
1071{
1072 return (struct array_cache **) 0x01020304ul;
1073}
1074
4484ebf1
RT		 1075static inline void free_alien_cache(struct array_cache **ac_ptr)
1076{
1077}
7a21ef6f 1078
729bd0b7
PE		 1079static inline int cache_free_alien(struct kmem_cache *cachep, void *objp)
1080{
1081 return 0;
1082}
1083
e498be7d
CL		 1084#endif
1085
83d722f7 1086static int cpuup_callback(struct notifier_block *nfb,
b28a02de 1087 unsigned long action, void *hcpu)
1da177e4
LT		 1088{
1089 long cpu = (long)hcpu;
343e0d7a 1090 struct kmem_cache *cachep;
e498be7d
CL		 1091 struct kmem_list3 *l3 = NULL;
1092 int node = cpu_to_node(cpu);
1093 int memsize = sizeof(struct kmem_list3);
1da177e4
LT		 1094
1095 switch (action) {
1096 case CPU_UP_PREPARE:
fc0abb14 1097 mutex_lock(&cache_chain_mutex);
a737b3e2
AM		 1098 /*
1099 * We need to do this right in the beginning since
e498be7d
CL		 1100 * alloc_arraycache's are going to use this list.
1101 * kmalloc_node allows us to add the slab to the right
1102 * kmem_list3 and not this cpu's kmem_list3
1103 */
1104
1da177e4 1105 list_for_each_entry(cachep, &cache_chain, next) {
a737b3e2
AM		 1106 /*
1107 * Set up the size64 kmemlist for cpu before we can
e498be7d
CL		 1108 * begin anything. Make sure some other cpu on this
1109 * node has not already allocated this
1110 */
1111 if (!cachep->nodelists[node]) {
a737b3e2
AM		 1112 l3 = kmalloc_node(memsize, GFP_KERNEL, node);
1113 if (!l3)
e498be7d
CL		 1114 goto bad;
1115 kmem_list3_init(l3);
1116 l3->next_reap = jiffies + REAPTIMEOUT_LIST3 +
b28a02de 1117 ((unsigned long)cachep) % REAPTIMEOUT_LIST3;
e498be7d 1118
4484ebf1
RT		 1119 /*
1120 * The l3s don't come and go as CPUs come and
1121 * go. cache_chain_mutex is sufficient
1122 * protection here.
1123 */
e498be7d
CL		 1124 cachep->nodelists[node] = l3;
1125 }
1da177e4 1126
e498be7d
CL		 1127 spin_lock_irq(&cachep->nodelists[node]->list_lock);
1128 cachep->nodelists[node]->free_limit =
a737b3e2
AM		 1129 (1 + nr_cpus_node(node)) *
1130 cachep->batchcount + cachep->num;
e498be7d
CL		 1131 spin_unlock_irq(&cachep->nodelists[node]->list_lock);
1132 }
1133
a737b3e2
AM		 1134 /*
1135 * Now we can go ahead with allocating the shared arrays and
1136 * array caches
1137 */
e498be7d 1138 list_for_each_entry(cachep, &cache_chain, next) {
cd105df4 1139 struct array_cache *nc;
4484ebf1
RT		 1140 struct array_cache *shared;
1141 struct array_cache **alien;
cd105df4 1142
e498be7d 1143 nc = alloc_arraycache(node, cachep->limit,
4484ebf1 1144 cachep->batchcount);
1da177e4
LT		 1145 if (!nc)
1146 goto bad;
4484ebf1
RT		 1147 shared = alloc_arraycache(node,
1148 cachep->shared * cachep->batchcount,
1149 0xbaadf00d);
1150 if (!shared)
1151 goto bad;
7a21ef6f 1152
4484ebf1
RT		 1153 alien = alloc_alien_cache(node, cachep->limit);
1154 if (!alien)
1155 goto bad;
1da177e4 1156 cachep->array[cpu] = nc;
e498be7d
CL		 1157 l3 = cachep->nodelists[node];
1158 BUG_ON(!l3);
e498be7d 1159
4484ebf1
RT		 1160 spin_lock_irq(&l3->list_lock);
1161 if (!l3->shared) {
1162 /*
1163 * We are serialised from CPU_DEAD or
1164 * CPU_UP_CANCELLED by the cpucontrol lock
1165 */
1166 l3->shared = shared;
1167 shared = NULL;
e498be7d 1168 }
4484ebf1
RT		 1169#ifdef CONFIG_NUMA
1170 if (!l3->alien) {
1171 l3->alien = alien;
1172 alien = NULL;
1173 }
1174#endif
1175 spin_unlock_irq(&l3->list_lock);
4484ebf1
RT		 1176 kfree(shared);
1177 free_alien_cache(alien);
1da177e4 1178 }
fc0abb14 1179 mutex_unlock(&cache_chain_mutex);
1da177e4
LT		 1180 break;
1181 case CPU_ONLINE:
1182 start_cpu_timer(cpu);
1183 break;
1184#ifdef CONFIG_HOTPLUG_CPU
1185 case CPU_DEAD:
4484ebf1
RT		 1186 /*
1187 * Even if all the cpus of a node are down, we don't free the
1188 * kmem_list3 of any cache. This to avoid a race between
1189 * cpu_down, and a kmalloc allocation from another cpu for
1190 * memory from the node of the cpu going down. The list3
1191 * structure is usually allocated from kmem_cache_create() and
1192 * gets destroyed at kmem_cache_destroy().
1193 */
1da177e4
LT		 1194 /* fall thru */
1195 case CPU_UP_CANCELED:
fc0abb14 1196 mutex_lock(&cache_chain_mutex);
1da177e4
LT		 1197 list_for_each_entry(cachep, &cache_chain, next) {
1198 struct array_cache *nc;
4484ebf1
RT		 1199 struct array_cache *shared;
1200 struct array_cache **alien;
e498be7d 1201 cpumask_t mask;
1da177e4 1202
e498be7d 1203 mask = node_to_cpumask(node);
1da177e4
LT		 1204 /* cpu is dead; no one can alloc from it. */
1205 nc = cachep->array[cpu];
1206 cachep->array[cpu] = NULL;
e498be7d
CL		 1207 l3 = cachep->nodelists[node];
1208
1209 if (!l3)
4484ebf1 1210 goto free_array_cache;
e498be7d 1211
ca3b9b91 1212 spin_lock_irq(&l3->list_lock);
e498be7d
CL		 1213
1214 /* Free limit for this kmem_list3 */
1215 l3->free_limit -= cachep->batchcount;
1216 if (nc)
ff69416e 1217 free_block(cachep, nc->entry, nc->avail, node);
e498be7d
CL		 1218
1219 if (!cpus_empty(mask)) {
ca3b9b91 1220 spin_unlock_irq(&l3->list_lock);
4484ebf1 1221 goto free_array_cache;
b28a02de 1222 }
e498be7d 1223
4484ebf1
RT		 1224 shared = l3->shared;
1225 if (shared) {
e498be7d 1226 free_block(cachep, l3->shared->entry,
b28a02de 1227 l3->shared->avail, node);
e498be7d
CL		 1228 l3->shared = NULL;
1229 }
e498be7d 1230
4484ebf1
RT		 1231 alien = l3->alien;
1232 l3->alien = NULL;
1233
1234 spin_unlock_irq(&l3->list_lock);
1235
1236 kfree(shared);
1237 if (alien) {
1238 drain_alien_cache(cachep, alien);
1239 free_alien_cache(alien);
e498be7d 1240 }
4484ebf1 1241free_array_cache:
1da177e4
LT		 1242 kfree(nc);
1243 }
4484ebf1
RT		 1244 /*
1245 * In the previous loop, all the objects were freed to
1246 * the respective cache's slabs, now we can go ahead and
1247 * shrink each nodelist to its limit.
1248 */
1249 list_for_each_entry(cachep, &cache_chain, next) {
1250 l3 = cachep->nodelists[node];
1251 if (!l3)
1252 continue;
1253 spin_lock_irq(&l3->list_lock);
1254 /* free slabs belonging to this node */
1255 __node_shrink(cachep, node);
1256 spin_unlock_irq(&l3->list_lock);
1257 }
fc0abb14 1258 mutex_unlock(&cache_chain_mutex);
1da177e4
LT		 1259 break;
1260#endif
1261 }
1262 return NOTIFY_OK;
a737b3e2 1263bad:
fc0abb14 1264 mutex_unlock(&cache_chain_mutex);
1da177e4
LT		 1265 return NOTIFY_BAD;
1266}
1267
1268static struct notifier_block cpucache_notifier = { &cpuup_callback, NULL, 0 };
1269
e498be7d
CL		 1270/*
1271 * swap the static kmem_list3 with kmalloced memory
1272 */
a737b3e2
AM		 1273static void init_list(struct kmem_cache *cachep, struct kmem_list3 *list,
1274 int nodeid)
e498be7d
CL		 1275{
1276 struct kmem_list3 *ptr;
1277
1278 BUG_ON(cachep->nodelists[nodeid] != list);
1279 ptr = kmalloc_node(sizeof(struct kmem_list3), GFP_KERNEL, nodeid);
1280 BUG_ON(!ptr);
1281
1282 local_irq_disable();
1283 memcpy(ptr, list, sizeof(struct kmem_list3));
1284 MAKE_ALL_LISTS(cachep, ptr, nodeid);
1285 cachep->nodelists[nodeid] = ptr;
1286 local_irq_enable();
1287}
1288
a737b3e2
AM		 1289/*
1290 * Initialisation. Called after the page allocator have been initialised and
1291 * before smp_init().
1da177e4
LT		 1292 */
1293void __init kmem_cache_init(void)
1294{
1295 size_t left_over;
1296 struct cache_sizes *sizes;
1297 struct cache_names *names;
e498be7d 1298 int i;
07ed76b2 1299 int order;
e498be7d
CL		 1300
1301 for (i = 0; i < NUM_INIT_LISTS; i++) {
1302 kmem_list3_init(&initkmem_list3[i]);
1303 if (i < MAX_NUMNODES)
1304 cache_cache.nodelists[i] = NULL;
1305 }
1da177e4
LT		 1306
1307 /*
1308 * Fragmentation resistance on low memory - only use bigger
1309 * page orders on machines with more than 32MB of memory.
1310 */
1311 if (num_physpages > (32 << 20) >> PAGE_SHIFT)
1312 slab_break_gfp_order = BREAK_GFP_ORDER_HI;
1313
1da177e4
LT		 1314 /* Bootstrap is tricky, because several objects are allocated
1315 * from caches that do not exist yet:
a737b3e2
AM		 1316 * 1) initialize the cache_cache cache: it contains the struct
1317 * kmem_cache structures of all caches, except cache_cache itself:
1318 * cache_cache is statically allocated.
e498be7d
CL		 1319 * Initially an __init data area is used for the head array and the
1320 * kmem_list3 structures, it's replaced with a kmalloc allocated
1321 * array at the end of the bootstrap.
1da177e4 1322 * 2) Create the first kmalloc cache.
343e0d7a 1323 * The struct kmem_cache for the new cache is allocated normally.
e498be7d
CL		 1324 * An __init data area is used for the head array.
1325 * 3) Create the remaining kmalloc caches, with minimally sized
1326 * head arrays.
1da177e4
LT		 1327 * 4) Replace the __init data head arrays for cache_cache and the first
1328 * kmalloc cache with kmalloc allocated arrays.
e498be7d
CL		 1329 * 5) Replace the __init data for kmem_list3 for cache_cache and
1330 * the other cache's with kmalloc allocated memory.
1331 * 6) Resize the head arrays of the kmalloc caches to their final sizes.
1da177e4
LT		 1332 */
1333
1334 /* 1) create the cache_cache */
1da177e4
LT		 1335 INIT_LIST_HEAD(&cache_chain);
1336 list_add(&cache_cache.next, &cache_chain);
1337 cache_cache.colour_off = cache_line_size();
1338 cache_cache.array[smp_processor_id()] = &initarray_cache.cache;
e498be7d 1339 cache_cache.nodelists[numa_node_id()] = &initkmem_list3[CACHE_CACHE];
1da177e4 1340
a737b3e2
AM		 1341 cache_cache.buffer_size = ALIGN(cache_cache.buffer_size,
1342 cache_line_size());
1da177e4 1343
07ed76b2
JS		 1344 for (order = 0; order < MAX_ORDER; order++) {
1345 cache_estimate(order, cache_cache.buffer_size,
1346 cache_line_size(), 0, &left_over, &cache_cache.num);
1347 if (cache_cache.num)
1348 break;
1349 }
40094fa6 1350 BUG_ON(!cache_cache.num);
07ed76b2 1351 cache_cache.gfporder = order;
b28a02de 1352 cache_cache.colour = left_over / cache_cache.colour_off;
b28a02de
PE		 1353 cache_cache.slab_size = ALIGN(cache_cache.num * sizeof(kmem_bufctl_t) +
1354 sizeof(struct slab), cache_line_size());
1da177e4
LT		 1355
1356 /* 2+3) create the kmalloc caches */
1357 sizes = malloc_sizes;
1358 names = cache_names;
1359
a737b3e2
AM		 1360 /*
1361 * Initialize the caches that provide memory for the array cache and the
1362 * kmem_list3 structures first. Without this, further allocations will
1363 * bug.
e498be7d
CL		 1364 */
1365
1366 sizes[INDEX_AC].cs_cachep = kmem_cache_create(names[INDEX_AC].name,
a737b3e2
AM		 1367 sizes[INDEX_AC].cs_size,
1368 ARCH_KMALLOC_MINALIGN,
1369 ARCH_KMALLOC_FLAGS|SLAB_PANIC,
1370 NULL, NULL);
e498be7d 1371
a737b3e2 1372 if (INDEX_AC != INDEX_L3) {
e498be7d 1373 sizes[INDEX_L3].cs_cachep =
a737b3e2
AM		 1374 kmem_cache_create(names[INDEX_L3].name,
1375 sizes[INDEX_L3].cs_size,
1376 ARCH_KMALLOC_MINALIGN,
1377 ARCH_KMALLOC_FLAGS|SLAB_PANIC,
1378 NULL, NULL);
1379 }
e498be7d 1380
e0a42726
IM		 1381 slab_early_init = 0;
1382
1da177e4 1383 while (sizes->cs_size != ULONG_MAX) {
e498be7d
CL		 1384 /*
1385 * For performance, all the general caches are L1 aligned.
1da177e4
LT		 1386 * This should be particularly beneficial on SMP boxes, as it
1387 * eliminates "false sharing".
1388 * Note for systems short on memory removing the alignment will
e498be7d
CL		 1389 * allow tighter packing of the smaller caches.
1390 */
a737b3e2 1391 if (!sizes->cs_cachep) {
e498be7d 1392 sizes->cs_cachep = kmem_cache_create(names->name,
a737b3e2
AM		 1393 sizes->cs_size,
1394 ARCH_KMALLOC_MINALIGN,
1395 ARCH_KMALLOC_FLAGS|SLAB_PANIC,
1396 NULL, NULL);
1397 }
1da177e4 1398
1da177e4 1399 sizes->cs_dmacachep = kmem_cache_create(names->name_dma,
a737b3e2
AM		 1400 sizes->cs_size,
1401 ARCH_KMALLOC_MINALIGN,
1402 ARCH_KMALLOC_FLAGS|SLAB_CACHE_DMA|
1403 SLAB_PANIC,
1404 NULL, NULL);
1da177e4
LT		 1405 sizes++;
1406 names++;
1407 }
1408 /* 4) Replace the bootstrap head arrays */
1409 {
b28a02de 1410 void *ptr;
e498be7d 1411
1da177e4 1412 ptr = kmalloc(sizeof(struct arraycache_init), GFP_KERNEL);
e498be7d 1413
1da177e4 1414 local_irq_disable();
9a2dba4b
PE		 1415 BUG_ON(cpu_cache_get(&cache_cache) != &initarray_cache.cache);
1416 memcpy(ptr, cpu_cache_get(&cache_cache),
b28a02de 1417 sizeof(struct arraycache_init));
1da177e4
LT		 1418 cache_cache.array[smp_processor_id()] = ptr;
1419 local_irq_enable();
e498be7d 1420
1da177e4 1421 ptr = kmalloc(sizeof(struct arraycache_init), GFP_KERNEL);
e498be7d 1422
1da177e4 1423 local_irq_disable();
9a2dba4b 1424 BUG_ON(cpu_cache_get(malloc_sizes[INDEX_AC].cs_cachep)
b28a02de 1425 != &initarray_generic.cache);
9a2dba4b 1426 memcpy(ptr, cpu_cache_get(malloc_sizes[INDEX_AC].cs_cachep),
b28a02de 1427 sizeof(struct arraycache_init));
e498be7d 1428 malloc_sizes[INDEX_AC].cs_cachep->array[smp_processor_id()] =
b28a02de 1429 ptr;
1da177e4
LT		 1430 local_irq_enable();
1431 }
e498be7d
CL		 1432 /* 5) Replace the bootstrap kmem_list3's */
1433 {
1434 int node;
1435 /* Replace the static kmem_list3 structures for the boot cpu */
1436 init_list(&cache_cache, &initkmem_list3[CACHE_CACHE],
b28a02de 1437 numa_node_id());
e498be7d
CL		 1438
1439 for_each_online_node(node) {
1440 init_list(malloc_sizes[INDEX_AC].cs_cachep,
b28a02de 1441 &initkmem_list3[SIZE_AC + node], node);
e498be7d
CL		 1442
1443 if (INDEX_AC != INDEX_L3) {
1444 init_list(malloc_sizes[INDEX_L3].cs_cachep,
b28a02de
PE		 1445 &initkmem_list3[SIZE_L3 + node],
1446 node);
e498be7d
CL		 1447 }
1448 }
1449 }
1da177e4 1450
e498be7d 1451 /* 6) resize the head arrays to their final sizes */
1da177e4 1452 {
343e0d7a 1453 struct kmem_cache *cachep;
fc0abb14 1454 mutex_lock(&cache_chain_mutex);
1da177e4 1455 list_for_each_entry(cachep, &cache_chain, next)
a737b3e2 1456 enable_cpucache(cachep);
fc0abb14 1457 mutex_unlock(&cache_chain_mutex);
1da177e4
LT		 1458 }
1459
1460 /* Done! */
1461 g_cpucache_up = FULL;
1462
a737b3e2
AM		 1463 /*
1464 * Register a cpu startup notifier callback that initializes
1465 * cpu_cache_get for all new cpus
1da177e4
LT		 1466 */
1467 register_cpu_notifier(&cpucache_notifier);
1da177e4 1468
a737b3e2
AM		 1469 /*
1470 * The reap timers are started later, with a module init call: That part
1471 * of the kernel is not yet operational.
1da177e4
LT		 1472 */
1473}
1474
1475static int __init cpucache_init(void)
1476{
1477 int cpu;
1478
a737b3e2
AM		 1479 /*
1480 * Register the timers that return unneeded pages to the page allocator
1da177e4 1481 */
e498be7d 1482 for_each_online_cpu(cpu)
a737b3e2 1483 start_cpu_timer(cpu);
1da177e4
LT		 1484 return 0;
1485}
1da177e4
LT		 1486__initcall(cpucache_init);
1487
1488/*
1489 * Interface to system's page allocator. No need to hold the cache-lock.
1490 *
1491 * If we requested dmaable memory, we will get it. Even if we
1492 * did not request dmaable memory, we might get it, but that
1493 * would be relatively rare and ignorable.
1494 */
343e0d7a 1495static void *kmem_getpages(struct kmem_cache *cachep, gfp_t flags, int nodeid)
1da177e4
LT		 1496{
1497 struct page *page;
e1b6aa6f 1498 int nr_pages;
1da177e4
LT		 1499 int i;
1500
d6fef9da 1501#ifndef CONFIG_MMU
e1b6aa6f
CH		 1502 /*
1503 * Nommu uses slab's for process anonymous memory allocations, and thus
1504 * requires __GFP_COMP to properly refcount higher order allocations
d6fef9da 1505 */
e1b6aa6f 1506 flags |= __GFP_COMP;
d6fef9da 1507#endif
e1b6aa6f
CH		 1508 flags |= cachep->gfpflags;
1509
1510 page = alloc_pages_node(nodeid, flags, cachep->gfporder);
1da177e4
LT		 1511 if (!page)
1512 return NULL;
1da177e4 1513
e1b6aa6f 1514 nr_pages = (1 << cachep->gfporder);
1da177e4 1515 if (cachep->flags & SLAB_RECLAIM_ACCOUNT)
e1b6aa6f
CH		 1516 atomic_add(nr_pages, &slab_reclaim_pages);
1517 add_page_state(nr_slab, nr_pages);
1518 for (i = 0; i < nr_pages; i++)
1519 __SetPageSlab(page + i);
1520 return page_address(page);
1da177e4
LT		 1521}
1522
1523/*
1524 * Interface to system's page release.
1525 */
343e0d7a 1526static void kmem_freepages(struct kmem_cache *cachep, void *addr)
1da177e4 1527{
b28a02de 1528 unsigned long i = (1 << cachep->gfporder);
1da177e4
LT		 1529 struct page *page = virt_to_page(addr);
1530 const unsigned long nr_freed = i;
1531
1532 while (i--) {
f205b2fe
NP		 1533 BUG_ON(!PageSlab(page));
1534 __ClearPageSlab(page);
1da177e4
LT		 1535 page++;
1536 }
1537 sub_page_state(nr_slab, nr_freed);
1538 if (current->reclaim_state)
1539 current->reclaim_state->reclaimed_slab += nr_freed;
1540 free_pages((unsigned long)addr, cachep->gfporder);
b28a02de
PE		 1541 if (cachep->flags & SLAB_RECLAIM_ACCOUNT)
1542 atomic_sub(1 << cachep->gfporder, &slab_reclaim_pages);
1da177e4
LT		 1543}
1544
1545static void kmem_rcu_free(struct rcu_head *head)
1546{
b28a02de 1547 struct slab_rcu *slab_rcu = (struct slab_rcu *)head;
343e0d7a 1548 struct kmem_cache *cachep = slab_rcu->cachep;
1da177e4
LT		 1549
1550 kmem_freepages(cachep, slab_rcu->addr);
1551 if (OFF_SLAB(cachep))
1552 kmem_cache_free(cachep->slabp_cache, slab_rcu);
1553}
1554
1555#if DEBUG
1556
1557#ifdef CONFIG_DEBUG_PAGEALLOC
343e0d7a 1558static void store_stackinfo(struct kmem_cache *cachep, unsigned long *addr,
b28a02de 1559 unsigned long caller)
1da177e4 1560{
3dafccf2 1561 int size = obj_size(cachep);
1da177e4 1562
3dafccf2 1563 addr = (unsigned long *)&((char *)addr)[obj_offset(cachep)];
1da177e4 1564
b28a02de 1565 if (size < 5 * sizeof(unsigned long))
1da177e4
LT		 1566 return;
1567
b28a02de
PE		 1568 *addr++ = 0x12345678;
1569 *addr++ = caller;
1570 *addr++ = smp_processor_id();
1571 size -= 3 * sizeof(unsigned long);
1da177e4
LT		 1572 {
1573 unsigned long *sptr = &caller;
1574 unsigned long svalue;
1575
1576 while (!kstack_end(sptr)) {
1577 svalue = *sptr++;
1578 if (kernel_text_address(svalue)) {
b28a02de 1579 *addr++ = svalue;
1da177e4
LT		 1580 size -= sizeof(unsigned long);
1581 if (size <= sizeof(unsigned long))
1582 break;
1583 }
1584 }
1585
1586 }
b28a02de 1587 *addr++ = 0x87654321;
1da177e4
LT		 1588}
1589#endif
1590
343e0d7a 1591static void poison_obj(struct kmem_cache *cachep, void *addr, unsigned char val)
1da177e4 1592{
3dafccf2
MS		 1593 int size = obj_size(cachep);
1594 addr = &((char *)addr)[obj_offset(cachep)];
1da177e4
LT		 1595
1596 memset(addr, val, size);
b28a02de 1597 *(unsigned char *)(addr + size - 1) = POISON_END;
1da177e4
LT		 1598}
1599
1600static void dump_line(char *data, int offset, int limit)
1601{
1602 int i;
1603 printk(KERN_ERR "%03x:", offset);
a737b3e2 1604 for (i = 0; i < limit; i++)
b28a02de 1605 printk(" %02x", (unsigned char)data[offset + i]);
1da177e4
LT		 1606 printk("\n");
1607}
1608#endif
1609
1610#if DEBUG
1611
343e0d7a 1612static void print_objinfo(struct kmem_cache *cachep, void *objp, int lines)
1da177e4
LT		 1613{
1614 int i, size;
1615 char *realobj;
1616
1617 if (cachep->flags & SLAB_RED_ZONE) {
1618 printk(KERN_ERR "Redzone: 0x%lx/0x%lx.\n",
a737b3e2
AM		 1619 *dbg_redzone1(cachep, objp),
1620 *dbg_redzone2(cachep, objp));
1da177e4
LT		 1621 }
1622
1623 if (cachep->flags & SLAB_STORE_USER) {
1624 printk(KERN_ERR "Last user: [<%p>]",
a737b3e2 1625 *dbg_userword(cachep, objp));
1da177e4 1626 print_symbol("(%s)",
a737b3e2 1627 (unsigned long)*dbg_userword(cachep, objp));
1da177e4
LT		 1628 printk("\n");
1629 }
3dafccf2
MS		 1630 realobj = (char *)objp + obj_offset(cachep);
1631 size = obj_size(cachep);
b28a02de 1632 for (i = 0; i < size && lines; i += 16, lines--) {
1da177e4
LT		 1633 int limit;
1634 limit = 16;
b28a02de
PE		 1635 if (i + limit > size)
1636 limit = size - i;
1da177e4
LT		 1637 dump_line(realobj, i, limit);
1638 }
1639}
1640
343e0d7a 1641static void check_poison_obj(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 1642{
1643 char *realobj;
1644 int size, i;
1645 int lines = 0;
1646
3dafccf2
MS		 1647 realobj = (char *)objp + obj_offset(cachep);
1648 size = obj_size(cachep);
1da177e4 1649
b28a02de 1650 for (i = 0; i < size; i++) {
1da177e4 1651 char exp = POISON_FREE;
b28a02de 1652 if (i == size - 1)
1da177e4
LT		 1653 exp = POISON_END;
1654 if (realobj[i] != exp) {
1655 int limit;
1656 /* Mismatch ! */
1657 /* Print header */
1658 if (lines == 0) {
b28a02de 1659 printk(KERN_ERR
a737b3e2
AM		 1660 "Slab corruption: start=%p, len=%d\n",
1661 realobj, size);
1da177e4
LT		 1662 print_objinfo(cachep, objp, 0);
1663 }
1664 /* Hexdump the affected line */
b28a02de 1665 i = (i / 16) * 16;
1da177e4 1666 limit = 16;
b28a02de
PE		 1667 if (i + limit > size)
1668 limit = size - i;
1da177e4
LT		 1669 dump_line(realobj, i, limit);
1670 i += 16;
1671 lines++;
1672 /* Limit to 5 lines */
1673 if (lines > 5)
1674 break;
1675 }
1676 }
1677 if (lines != 0) {
1678 /* Print some data about the neighboring objects, if they
1679 * exist:
1680 */
6ed5eb22 1681 struct slab *slabp = virt_to_slab(objp);
8fea4e96 1682 unsigned int objnr;
1da177e4 1683
8fea4e96 1684 objnr = obj_to_index(cachep, slabp, objp);
1da177e4 1685 if (objnr) {
8fea4e96 1686 objp = index_to_obj(cachep, slabp, objnr - 1);
3dafccf2 1687 realobj = (char *)objp + obj_offset(cachep);
1da177e4 1688 printk(KERN_ERR "Prev obj: start=%p, len=%d\n",
b28a02de 1689 realobj, size);
1da177e4
LT		 1690 print_objinfo(cachep, objp, 2);
1691 }
b28a02de 1692 if (objnr + 1 < cachep->num) {
8fea4e96 1693 objp = index_to_obj(cachep, slabp, objnr + 1);
3dafccf2 1694 realobj = (char *)objp + obj_offset(cachep);
1da177e4 1695 printk(KERN_ERR "Next obj: start=%p, len=%d\n",
b28a02de 1696 realobj, size);
1da177e4
LT		 1697 print_objinfo(cachep, objp, 2);
1698 }
1699 }
1700}
1701#endif
1702
12dd36fa
MD		 1703#if DEBUG
1704/**
911851e6
RD		 1705 * slab_destroy_objs - destroy a slab and its objects
1706 * @cachep: cache pointer being destroyed
1707 * @slabp: slab pointer being destroyed
1708 *
1709 * Call the registered destructor for each object in a slab that is being
1710 * destroyed.
1da177e4 1711 */
343e0d7a 1712static void slab_destroy_objs(struct kmem_cache *cachep, struct slab *slabp)
1da177e4 1713{
1da177e4
LT		 1714 int i;
1715 for (i = 0; i < cachep->num; i++) {
8fea4e96 1716 void *objp = index_to_obj(cachep, slabp, i);
1da177e4
LT		 1717
1718 if (cachep->flags & SLAB_POISON) {
1719#ifdef CONFIG_DEBUG_PAGEALLOC
a737b3e2
AM		 1720 if (cachep->buffer_size % PAGE_SIZE == 0 &&
1721 OFF_SLAB(cachep))
b28a02de 1722 kernel_map_pages(virt_to_page(objp),
a737b3e2 1723 cachep->buffer_size / PAGE_SIZE, 1);
1da177e4
LT		 1724 else
1725 check_poison_obj(cachep, objp);
1726#else
1727 check_poison_obj(cachep, objp);
1728#endif
1729 }
1730 if (cachep->flags & SLAB_RED_ZONE) {
1731 if (*dbg_redzone1(cachep, objp) != RED_INACTIVE)
1732 slab_error(cachep, "start of a freed object "
b28a02de 1733 "was overwritten");
1da177e4
LT		 1734 if (*dbg_redzone2(cachep, objp) != RED_INACTIVE)
1735 slab_error(cachep, "end of a freed object "
b28a02de 1736 "was overwritten");
1da177e4
LT		 1737 }
1738 if (cachep->dtor && !(cachep->flags & SLAB_POISON))
3dafccf2 1739 (cachep->dtor) (objp + obj_offset(cachep), cachep, 0);
1da177e4 1740 }
12dd36fa 1741}
1da177e4 1742#else
343e0d7a 1743static void slab_destroy_objs(struct kmem_cache *cachep, struct slab *slabp)
12dd36fa 1744{
1da177e4
LT		 1745 if (cachep->dtor) {
1746 int i;
1747 for (i = 0; i < cachep->num; i++) {
8fea4e96 1748 void *objp = index_to_obj(cachep, slabp, i);
b28a02de 1749 (cachep->dtor) (objp, cachep, 0);
1da177e4
LT		 1750 }
1751 }
12dd36fa 1752}
1da177e4
LT		 1753#endif
1754
911851e6
RD		 1755/**
1756 * slab_destroy - destroy and release all objects in a slab
1757 * @cachep: cache pointer being destroyed
1758 * @slabp: slab pointer being destroyed
1759 *
12dd36fa 1760 * Destroy all the objs in a slab, and release the mem back to the system.
a737b3e2
AM		 1761 * Before calling the slab must have been unlinked from the cache. The
1762 * cache-lock is not held/needed.
12dd36fa 1763 */
343e0d7a 1764static void slab_destroy(struct kmem_cache *cachep, struct slab *slabp)
12dd36fa
MD		 1765{
1766 void *addr = slabp->s_mem - slabp->colouroff;
1767
1768 slab_destroy_objs(cachep, slabp);
1da177e4
LT		 1769 if (unlikely(cachep->flags & SLAB_DESTROY_BY_RCU)) {
1770 struct slab_rcu *slab_rcu;
1771
b28a02de 1772 slab_rcu = (struct slab_rcu *)slabp;
1da177e4
LT		 1773 slab_rcu->cachep = cachep;
1774 slab_rcu->addr = addr;
1775 call_rcu(&slab_rcu->head, kmem_rcu_free);
1776 } else {
1777 kmem_freepages(cachep, addr);
1778 if (OFF_SLAB(cachep))
1779 kmem_cache_free(cachep->slabp_cache, slabp);
1780 }
1781}
1782
a737b3e2
AM		 1783/*
1784 * For setting up all the kmem_list3s for cache whose buffer_size is same as
1785 * size of kmem_list3.
1786 */
343e0d7a 1787static void set_up_list3s(struct kmem_cache *cachep, int index)
e498be7d
CL		 1788{
1789 int node;
1790
1791 for_each_online_node(node) {
b28a02de 1792 cachep->nodelists[node] = &initkmem_list3[index + node];
e498be7d 1793 cachep->nodelists[node]->next_reap = jiffies +
b28a02de
PE		 1794 REAPTIMEOUT_LIST3 +
1795 ((unsigned long)cachep) % REAPTIMEOUT_LIST3;
e498be7d
CL		 1796 }
1797}
1798
4d268eba 1799/**
a70773dd
RD		 1800 * calculate_slab_order - calculate size (page order) of slabs
1801 * @cachep: pointer to the cache that is being created
1802 * @size: size of objects to be created in this cache.
1803 * @align: required alignment for the objects.
1804 * @flags: slab allocation flags
1805 *
1806 * Also calculates the number of objects per slab.
4d268eba
PE		 1807 *
1808 * This could be made much more intelligent. For now, try to avoid using
1809 * high order pages for slabs. When the gfp() functions are more friendly
1810 * towards high-order requests, this should be changed.
1811 */
a737b3e2 1812static size_t calculate_slab_order(struct kmem_cache *cachep,
ee13d785 1813 size_t size, size_t align, unsigned long flags)
4d268eba 1814{
b1ab41c4 1815 unsigned long offslab_limit;
4d268eba 1816 size_t left_over = 0;
9888e6fa 1817 int gfporder;
4d268eba 1818
a737b3e2 1819 for (gfporder = 0; gfporder <= MAX_GFP_ORDER; gfporder++) {
4d268eba
PE		 1820 unsigned int num;
1821 size_t remainder;
1822
9888e6fa 1823 cache_estimate(gfporder, size, align, flags, &remainder, &num);
4d268eba
PE		 1824 if (!num)
1825 continue;
9888e6fa 1826
b1ab41c4
IM		 1827 if (flags & CFLGS_OFF_SLAB) {
1828 /*
1829 * Max number of objs-per-slab for caches which
1830 * use off-slab slabs. Needed to avoid a possible
1831 * looping condition in cache_grow().
1832 */
1833 offslab_limit = size - sizeof(struct slab);
1834 offslab_limit /= sizeof(kmem_bufctl_t);
1835
1836 if (num > offslab_limit)
1837 break;
1838 }
4d268eba 1839
9888e6fa 1840 /* Found something acceptable - save it away */
4d268eba 1841 cachep->num = num;
9888e6fa 1842 cachep->gfporder = gfporder;
4d268eba
PE		 1843 left_over = remainder;
1844
f78bb8ad
LT		 1845 /*
1846 * A VFS-reclaimable slab tends to have most allocations
1847 * as GFP_NOFS and we really don't want to have to be allocating
1848 * higher-order pages when we are unable to shrink dcache.
1849 */
1850 if (flags & SLAB_RECLAIM_ACCOUNT)
1851 break;
1852
4d268eba
PE		 1853 /*
1854 * Large number of objects is good, but very large slabs are
1855 * currently bad for the gfp()s.
1856 */
9888e6fa 1857 if (gfporder >= slab_break_gfp_order)
4d268eba
PE		 1858 break;
1859
9888e6fa
LT		 1860 /*
1861 * Acceptable internal fragmentation?
1862 */
a737b3e2 1863 if (left_over * 8 <= (PAGE_SIZE << gfporder))
4d268eba
PE		 1864 break;
1865 }
1866 return left_over;
1867}
1868
f30cf7d1
PE		 1869static void setup_cpu_cache(struct kmem_cache *cachep)
1870{
1871 if (g_cpucache_up == FULL) {
1872 enable_cpucache(cachep);
1873 return;
1874 }
1875 if (g_cpucache_up == NONE) {
1876 /*
1877 * Note: the first kmem_cache_create must create the cache
1878 * that's used by kmalloc(24), otherwise the creation of
1879 * further caches will BUG().
1880 */
1881 cachep->array[smp_processor_id()] = &initarray_generic.cache;
1882
1883 /*
1884 * If the cache that's used by kmalloc(sizeof(kmem_list3)) is
1885 * the first cache, then we need to set up all its list3s,
1886 * otherwise the creation of further caches will BUG().
1887 */
1888 set_up_list3s(cachep, SIZE_AC);
1889 if (INDEX_AC == INDEX_L3)
1890 g_cpucache_up = PARTIAL_L3;
1891 else
1892 g_cpucache_up = PARTIAL_AC;
1893 } else {
1894 cachep->array[smp_processor_id()] =
1895 kmalloc(sizeof(struct arraycache_init), GFP_KERNEL);
1896
1897 if (g_cpucache_up == PARTIAL_AC) {
1898 set_up_list3s(cachep, SIZE_L3);
1899 g_cpucache_up = PARTIAL_L3;
1900 } else {
1901 int node;
1902 for_each_online_node(node) {
1903 cachep->nodelists[node] =
1904 kmalloc_node(sizeof(struct kmem_list3),
1905 GFP_KERNEL, node);
1906 BUG_ON(!cachep->nodelists[node]);
1907 kmem_list3_init(cachep->nodelists[node]);
1908 }
1909 }
1910 }
1911 cachep->nodelists[numa_node_id()]->next_reap =
1912 jiffies + REAPTIMEOUT_LIST3 +
1913 ((unsigned long)cachep) % REAPTIMEOUT_LIST3;
1914
1915 cpu_cache_get(cachep)->avail = 0;
1916 cpu_cache_get(cachep)->limit = BOOT_CPUCACHE_ENTRIES;
1917 cpu_cache_get(cachep)->batchcount = 1;
1918 cpu_cache_get(cachep)->touched = 0;
1919 cachep->batchcount = 1;
1920 cachep->limit = BOOT_CPUCACHE_ENTRIES;
1921}
1922
1da177e4
LT		 1923/**
1924 * kmem_cache_create - Create a cache.
1925 * @name: A string which is used in /proc/slabinfo to identify this cache.
1926 * @size: The size of objects to be created in this cache.
1927 * @align: The required alignment for the objects.
1928 * @flags: SLAB flags
1929 * @ctor: A constructor for the objects.
1930 * @dtor: A destructor for the objects.
1931 *
1932 * Returns a ptr to the cache on success, NULL on failure.
1933 * Cannot be called within a int, but can be interrupted.
1934 * The @ctor is run when new pages are allocated by the cache
1935 * and the @dtor is run before the pages are handed back.
1936 *
1937 * @name must be valid until the cache is destroyed. This implies that
a737b3e2
AM		 1938 * the module calling this has to destroy the cache before getting unloaded.
1939 *
1da177e4
LT		 1940 * The flags are
1941 *
1942 * %SLAB_POISON - Poison the slab with a known test pattern (a5a5a5a5)
1943 * to catch references to uninitialised memory.
1944 *
1945 * %SLAB_RED_ZONE - Insert `Red' zones around the allocated memory to check
1946 * for buffer overruns.
1947 *
1da177e4
LT		 1948 * %SLAB_HWCACHE_ALIGN - Align the objects in this cache to a hardware
1949 * cacheline. This can be beneficial if you're counting cycles as closely
1950 * as davem.
1951 */
343e0d7a 1952struct kmem_cache *
1da177e4 1953kmem_cache_create (const char *name, size_t size, size_t align,
a737b3e2
AM		 1954 unsigned long flags,
1955 void (*ctor)(void*, struct kmem_cache *, unsigned long),
343e0d7a 1956 void (*dtor)(void*, struct kmem_cache *, unsigned long))
1da177e4
LT		 1957{
1958 size_t left_over, slab_size, ralign;
7a7c381d 1959 struct kmem_cache *cachep = NULL, *pc;
1da177e4
LT		 1960
1961 /*
1962 * Sanity checks... these are all serious usage bugs.
1963 */
a737b3e2 1964 if (!name || in_interrupt() || (size < BYTES_PER_WORD) ||
b28a02de 1965 (size > (1 << MAX_OBJ_ORDER) * PAGE_SIZE) || (dtor && !ctor)) {
a737b3e2
AM		 1966 printk(KERN_ERR "%s: Early error in slab %s\n", __FUNCTION__,
1967 name);
b28a02de
PE		 1968 BUG();
1969 }
1da177e4 1970
f0188f47
RT		 1971 /*
1972 * Prevent CPUs from coming and going.
1973 * lock_cpu_hotplug() nests outside cache_chain_mutex
1974 */
1975 lock_cpu_hotplug();
1976
fc0abb14 1977 mutex_lock(&cache_chain_mutex);
4f12bb4f 1978
7a7c381d 1979 list_for_each_entry(pc, &cache_chain, next) {
4f12bb4f
AM		 1980 mm_segment_t old_fs = get_fs();
1981 char tmp;
1982 int res;
1983
1984 /*
1985 * This happens when the module gets unloaded and doesn't
1986 * destroy its slab cache and no-one else reuses the vmalloc
1987 * area of the module. Print a warning.
1988 */
1989 set_fs(KERNEL_DS);
1990 res = __get_user(tmp, pc->name);
1991 set_fs(old_fs);
1992 if (res) {
1993 printk("SLAB: cache with size %d has lost its name\n",
3dafccf2 1994 pc->buffer_size);
4f12bb4f
AM		 1995 continue;
1996 }
1997
b28a02de 1998 if (!strcmp(pc->name, name)) {
4f12bb4f
AM		 1999 printk("kmem_cache_create: duplicate cache %s\n", name);
2000 dump_stack();
2001 goto oops;
2002 }
2003 }
2004
1da177e4
LT		 2005#if DEBUG
2006 WARN_ON(strchr(name, ' ')); /* It confuses parsers */
2007 if ((flags & SLAB_DEBUG_INITIAL) && !ctor) {
2008 /* No constructor, but inital state check requested */
2009 printk(KERN_ERR "%s: No con, but init state check "
b28a02de 2010 "requested - %s\n", __FUNCTION__, name);
1da177e4
LT		 2011 flags &= ~SLAB_DEBUG_INITIAL;
2012 }
1da177e4
LT		 2013#if FORCED_DEBUG
2014 /*
2015 * Enable redzoning and last user accounting, except for caches with
2016 * large objects, if the increased size would increase the object size
2017 * above the next power of two: caches with object sizes just above a
2018 * power of two have a significant amount of internal fragmentation.
2019 */
a737b3e2 2020 if (size < 4096 || fls(size - 1) == fls(size-1 + 3 * BYTES_PER_WORD))
b28a02de 2021 flags |= SLAB_RED_ZONE | SLAB_STORE_USER;
1da177e4
LT		 2022 if (!(flags & SLAB_DESTROY_BY_RCU))
2023 flags |= SLAB_POISON;
2024#endif
2025 if (flags & SLAB_DESTROY_BY_RCU)
2026 BUG_ON(flags & SLAB_POISON);
2027#endif
2028 if (flags & SLAB_DESTROY_BY_RCU)
2029 BUG_ON(dtor);
2030
2031 /*
a737b3e2
AM		 2032 * Always checks flags, a caller might be expecting debug support which
2033 * isn't available.
1da177e4 2034 */
40094fa6 2035 BUG_ON(flags & ~CREATE_MASK);
1da177e4 2036
a737b3e2
AM		 2037 /*
2038 * Check that size is in terms of words. This is needed to avoid
1da177e4
LT		 2039 * unaligned accesses for some archs when redzoning is used, and makes
2040 * sure any on-slab bufctl's are also correctly aligned.
2041 */
b28a02de
PE		 2042 if (size & (BYTES_PER_WORD - 1)) {
2043 size += (BYTES_PER_WORD - 1);
2044 size &= ~(BYTES_PER_WORD - 1);
1da177e4
LT		 2045 }
2046
a737b3e2
AM		 2047 /* calculate the final buffer alignment: */
2048
1da177e4
LT		 2049 /* 1) arch recommendation: can be overridden for debug */
2050 if (flags & SLAB_HWCACHE_ALIGN) {
a737b3e2
AM		 2051 /*
2052 * Default alignment: as specified by the arch code. Except if
2053 * an object is really small, then squeeze multiple objects into
2054 * one cacheline.
1da177e4
LT		 2055 */
2056 ralign = cache_line_size();
b28a02de 2057 while (size <= ralign / 2)
1da177e4
LT		 2058 ralign /= 2;
2059 } else {
2060 ralign = BYTES_PER_WORD;
2061 }
2062 /* 2) arch mandated alignment: disables debug if necessary */
2063 if (ralign < ARCH_SLAB_MINALIGN) {
2064 ralign = ARCH_SLAB_MINALIGN;
2065 if (ralign > BYTES_PER_WORD)
b28a02de 2066 flags &= ~(SLAB_RED_ZONE | SLAB_STORE_USER);
1da177e4
LT		 2067 }
2068 /* 3) caller mandated alignment: disables debug if necessary */
2069 if (ralign < align) {
2070 ralign = align;
2071 if (ralign > BYTES_PER_WORD)
b28a02de 2072 flags &= ~(SLAB_RED_ZONE | SLAB_STORE_USER);
1da177e4 2073 }
a737b3e2
AM		 2074 /*
2075 * 4) Store it. Note that the debug code below can reduce
1da177e4
LT		 2076 * the alignment to BYTES_PER_WORD.
2077 */
2078 align = ralign;
2079
2080 /* Get cache's description obj. */
c5e3b83e 2081 cachep = kmem_cache_zalloc(&cache_cache, SLAB_KERNEL);
1da177e4 2082 if (!cachep)
4f12bb4f 2083 goto oops;
1da177e4
LT		 2084
2085#if DEBUG
3dafccf2 2086 cachep->obj_size = size;
1da177e4
LT		 2087
2088 if (flags & SLAB_RED_ZONE) {
2089 /* redzoning only works with word aligned caches */
2090 align = BYTES_PER_WORD;
2091
2092 /* add space for red zone words */
3dafccf2 2093 cachep->obj_offset += BYTES_PER_WORD;
b28a02de 2094 size += 2 * BYTES_PER_WORD;
1da177e4
LT		 2095 }
2096 if (flags & SLAB_STORE_USER) {
2097 /* user store requires word alignment and
2098 * one word storage behind the end of the real
2099 * object.
2100 */
2101 align = BYTES_PER_WORD;
2102 size += BYTES_PER_WORD;
2103 }
2104#if FORCED_DEBUG && defined(CONFIG_DEBUG_PAGEALLOC)
b28a02de 2105 if (size >= malloc_sizes[INDEX_L3 + 1].cs_size
3dafccf2
MS		 2106 && cachep->obj_size > cache_line_size() && size < PAGE_SIZE) {
2107 cachep->obj_offset += PAGE_SIZE - size;
1da177e4
LT		 2108 size = PAGE_SIZE;
2109 }
2110#endif
2111#endif
2112
e0a42726
IM		 2113 /*
2114 * Determine if the slab management is 'on' or 'off' slab.
2115 * (bootstrapping cannot cope with offslab caches so don't do
2116 * it too early on.)
2117 */
2118 if ((size >= (PAGE_SIZE >> 3)) && !slab_early_init)
1da177e4
LT		 2119 /*
2120 * Size is large, assume best to place the slab management obj
2121 * off-slab (should allow better packing of objs).
2122 */
2123 flags |= CFLGS_OFF_SLAB;
2124
2125 size = ALIGN(size, align);
2126
f78bb8ad 2127 left_over = calculate_slab_order(cachep, size, align, flags);
1da177e4
LT		 2128
2129 if (!cachep->num) {
2130 printk("kmem_cache_create: couldn't create cache %s.\n", name);
2131 kmem_cache_free(&cache_cache, cachep);
2132 cachep = NULL;
4f12bb4f 2133 goto oops;
1da177e4 2134 }
b28a02de
PE		 2135 slab_size = ALIGN(cachep->num * sizeof(kmem_bufctl_t)
2136 + sizeof(struct slab), align);
1da177e4
LT		 2137
2138 /*
2139 * If the slab has been placed off-slab, and we have enough space then
2140 * move it on-slab. This is at the expense of any extra colouring.
2141 */
2142 if (flags & CFLGS_OFF_SLAB && left_over >= slab_size) {
2143 flags &= ~CFLGS_OFF_SLAB;
2144 left_over -= slab_size;
2145 }
2146
2147 if (flags & CFLGS_OFF_SLAB) {
2148 /* really off slab. No need for manual alignment */
b28a02de
PE		 2149 slab_size =
2150 cachep->num * sizeof(kmem_bufctl_t) + sizeof(struct slab);
1da177e4
LT		 2151 }
2152
2153 cachep->colour_off = cache_line_size();
2154 /* Offset must be a multiple of the alignment. */
2155 if (cachep->colour_off < align)
2156 cachep->colour_off = align;
b28a02de 2157 cachep->colour = left_over / cachep->colour_off;
1da177e4
LT		 2158 cachep->slab_size = slab_size;
2159 cachep->flags = flags;
2160 cachep->gfpflags = 0;
2161 if (flags & SLAB_CACHE_DMA)
2162 cachep->gfpflags |= GFP_DMA;
3dafccf2 2163 cachep->buffer_size = size;
1da177e4
LT		 2164
2165 if (flags & CFLGS_OFF_SLAB)
b2d55073 2166 cachep->slabp_cache = kmem_find_general_cachep(slab_size, 0u);
1da177e4
LT		 2167 cachep->ctor = ctor;
2168 cachep->dtor = dtor;
2169 cachep->name = name;
2170
1da177e4 2171
f30cf7d1 2172 setup_cpu_cache(cachep);
1da177e4 2173
1da177e4
LT		 2174 /* cache setup completed, link it into the list */
2175 list_add(&cachep->next, &cache_chain);
a737b3e2 2176oops:
1da177e4
LT		 2177 if (!cachep && (flags & SLAB_PANIC))
2178 panic("kmem_cache_create(): failed to create slab `%s'\n",
b28a02de 2179 name);
fc0abb14 2180 mutex_unlock(&cache_chain_mutex);
f0188f47 2181 unlock_cpu_hotplug();
1da177e4
LT		 2182 return cachep;
2183}
2184EXPORT_SYMBOL(kmem_cache_create);
2185
2186#if DEBUG
2187static void check_irq_off(void)
2188{
2189 BUG_ON(!irqs_disabled());
2190}
2191
2192static void check_irq_on(void)
2193{
2194 BUG_ON(irqs_disabled());
2195}
2196
343e0d7a 2197static void check_spinlock_acquired(struct kmem_cache *cachep)
1da177e4
LT		 2198{
2199#ifdef CONFIG_SMP
2200 check_irq_off();
e498be7d 2201 assert_spin_locked(&cachep->nodelists[numa_node_id()]->list_lock);
1da177e4
LT		 2202#endif
2203}
e498be7d 2204
343e0d7a 2205static void check_spinlock_acquired_node(struct kmem_cache *cachep, int node)
e498be7d
CL		 2206{
2207#ifdef CONFIG_SMP
2208 check_irq_off();
2209 assert_spin_locked(&cachep->nodelists[node]->list_lock);
2210#endif
2211}
2212
1da177e4
LT		 2213#else
2214#define check_irq_off() do { } while(0)
2215#define check_irq_on() do { } while(0)
2216#define check_spinlock_acquired(x) do { } while(0)
e498be7d 2217#define check_spinlock_acquired_node(x, y) do { } while(0)
1da177e4
LT		 2218#endif
2219
aab2207c
CL		 2220static void drain_array(struct kmem_cache *cachep, struct kmem_list3 *l3,
2221 struct array_cache *ac,
2222 int force, int node);
2223
1da177e4
LT		 2224static void do_drain(void *arg)
2225{
a737b3e2 2226 struct kmem_cache *cachep = arg;
1da177e4 2227 struct array_cache *ac;
ff69416e 2228 int node = numa_node_id();
1da177e4
LT		 2229
2230 check_irq_off();
9a2dba4b 2231 ac = cpu_cache_get(cachep);
ff69416e
CL		 2232 spin_lock(&cachep->nodelists[node]->list_lock);
2233 free_block(cachep, ac->entry, ac->avail, node);
2234 spin_unlock(&cachep->nodelists[node]->list_lock);
1da177e4
LT		 2235 ac->avail = 0;
2236}
2237
343e0d7a 2238static void drain_cpu_caches(struct kmem_cache *cachep)
1da177e4 2239{
e498be7d
CL		 2240 struct kmem_list3 *l3;
2241 int node;
2242
a07fa394 2243 on_each_cpu(do_drain, cachep, 1, 1);
1da177e4 2244 check_irq_on();
b28a02de 2245 for_each_online_node(node) {
e498be7d 2246 l3 = cachep->nodelists[node];
a4523a8b
RD		 2247 if (l3 && l3->alien)
2248 drain_alien_cache(cachep, l3->alien);
2249 }
2250
2251 for_each_online_node(node) {
2252 l3 = cachep->nodelists[node];
2253 if (l3)
aab2207c 2254 drain_array(cachep, l3, l3->shared, 1, node);
e498be7d 2255 }
1da177e4
LT		 2256}
2257
343e0d7a 2258static int __node_shrink(struct kmem_cache *cachep, int node)
1da177e4
LT		 2259{
2260 struct slab *slabp;
e498be7d 2261 struct kmem_list3 *l3 = cachep->nodelists[node];
1da177e4
LT		 2262 int ret;
2263
e498be7d 2264 for (;;) {
1da177e4
LT		 2265 struct list_head *p;
2266
e498be7d
CL		 2267 p = l3->slabs_free.prev;
2268 if (p == &l3->slabs_free)
1da177e4
LT		 2269 break;
2270
e498be7d 2271 slabp = list_entry(l3->slabs_free.prev, struct slab, list);
1da177e4 2272#if DEBUG
40094fa6 2273 BUG_ON(slabp->inuse);
1da177e4
LT		 2274#endif
2275 list_del(&slabp->list);
2276
e498be7d
CL		 2277 l3->free_objects -= cachep->num;
2278 spin_unlock_irq(&l3->list_lock);
1da177e4 2279 slab_destroy(cachep, slabp);
e498be7d 2280 spin_lock_irq(&l3->list_lock);
1da177e4 2281 }
b28a02de 2282 ret = !list_empty(&l3->slabs_full) || !list_empty(&l3->slabs_partial);
1da177e4
LT		 2283 return ret;
2284}
2285
343e0d7a 2286static int __cache_shrink(struct kmem_cache *cachep)
e498be7d
CL		 2287{
2288 int ret = 0, i = 0;
2289 struct kmem_list3 *l3;
2290
2291 drain_cpu_caches(cachep);
2292
2293 check_irq_on();
2294 for_each_online_node(i) {
2295 l3 = cachep->nodelists[i];
2296 if (l3) {
2297 spin_lock_irq(&l3->list_lock);
2298 ret += __node_shrink(cachep, i);
2299 spin_unlock_irq(&l3->list_lock);
2300 }
2301 }
2302 return (ret ? 1 : 0);
2303}
2304
1da177e4
LT		 2305/**
2306 * kmem_cache_shrink - Shrink a cache.
2307 * @cachep: The cache to shrink.
2308 *
2309 * Releases as many slabs as possible for a cache.
2310 * To help debugging, a zero exit status indicates all slabs were released.
2311 */
343e0d7a 2312int kmem_cache_shrink(struct kmem_cache *cachep)
1da177e4 2313{
40094fa6 2314 BUG_ON(!cachep || in_interrupt());
1da177e4
LT		 2315
2316 return __cache_shrink(cachep);
2317}
2318EXPORT_SYMBOL(kmem_cache_shrink);
2319
2320/**
2321 * kmem_cache_destroy - delete a cache
2322 * @cachep: the cache to destroy
2323 *
343e0d7a 2324 * Remove a struct kmem_cache object from the slab cache.
1da177e4
LT		 2325 * Returns 0 on success.
2326 *
2327 * It is expected this function will be called by a module when it is
2328 * unloaded. This will remove the cache completely, and avoid a duplicate
2329 * cache being allocated each time a module is loaded and unloaded, if the
2330 * module doesn't have persistent in-kernel storage across loads and unloads.
2331 *
2332 * The cache must be empty before calling this function.
2333 *
2334 * The caller must guarantee that noone will allocate memory from the cache
2335 * during the kmem_cache_destroy().
2336 */
343e0d7a 2337int kmem_cache_destroy(struct kmem_cache *cachep)
1da177e4
LT		 2338{
2339 int i;
e498be7d 2340 struct kmem_list3 *l3;
1da177e4 2341
40094fa6 2342 BUG_ON(!cachep || in_interrupt());
1da177e4
LT		 2343
2344 /* Don't let CPUs to come and go */
2345 lock_cpu_hotplug();
2346
2347 /* Find the cache in the chain of caches. */
fc0abb14 2348 mutex_lock(&cache_chain_mutex);
1da177e4
LT		 2349 /*
2350 * the chain is never empty, cache_cache is never destroyed
2351 */
2352 list_del(&cachep->next);
fc0abb14 2353 mutex_unlock(&cache_chain_mutex);
1da177e4
LT		 2354
2355 if (__cache_shrink(cachep)) {
2356 slab_error(cachep, "Can't free all objects");
fc0abb14 2357 mutex_lock(&cache_chain_mutex);
b28a02de 2358 list_add(&cachep->next, &cache_chain);
fc0abb14 2359 mutex_unlock(&cache_chain_mutex);
1da177e4
LT		 2360 unlock_cpu_hotplug();
2361 return 1;
2362 }
2363
2364 if (unlikely(cachep->flags & SLAB_DESTROY_BY_RCU))
fbd568a3 2365 synchronize_rcu();
1da177e4 2366
e498be7d 2367 for_each_online_cpu(i)
b28a02de 2368 kfree(cachep->array[i]);
1da177e4
LT		 2369
2370 /* NUMA: free the list3 structures */
e498be7d 2371 for_each_online_node(i) {
a737b3e2
AM		 2372 l3 = cachep->nodelists[i];
2373 if (l3) {
e498be7d
CL		 2374 kfree(l3->shared);
2375 free_alien_cache(l3->alien);
2376 kfree(l3);
2377 }
2378 }
1da177e4 2379 kmem_cache_free(&cache_cache, cachep);
1da177e4 2380 unlock_cpu_hotplug();
1da177e4
LT		 2381 return 0;
2382}
2383EXPORT_SYMBOL(kmem_cache_destroy);
2384
2385/* Get the memory for a slab management obj. */
343e0d7a 2386static struct slab *alloc_slabmgmt(struct kmem_cache *cachep, void *objp,
5b74ada7
RT		 2387 int colour_off, gfp_t local_flags,
2388 int nodeid)
1da177e4
LT		 2389{
2390 struct slab *slabp;
b28a02de 2391
1da177e4
LT		 2392 if (OFF_SLAB(cachep)) {
2393 /* Slab management obj is off-slab. */
5b74ada7
RT		 2394 slabp = kmem_cache_alloc_node(cachep->slabp_cache,
2395 local_flags, nodeid);
1da177e4
LT		 2396 if (!slabp)
2397 return NULL;
2398 } else {
b28a02de 2399 slabp = objp + colour_off;
1da177e4
LT		 2400 colour_off += cachep->slab_size;
2401 }
2402 slabp->inuse = 0;
2403 slabp->colouroff = colour_off;
b28a02de 2404 slabp->s_mem = objp + colour_off;
5b74ada7 2405 slabp->nodeid = nodeid;
1da177e4
LT		 2406 return slabp;
2407}
2408
2409static inline kmem_bufctl_t *slab_bufctl(struct slab *slabp)
2410{
b28a02de 2411 return (kmem_bufctl_t *) (slabp + 1);
1da177e4
LT		 2412}
2413
343e0d7a 2414static void cache_init_objs(struct kmem_cache *cachep,
b28a02de 2415 struct slab *slabp, unsigned long ctor_flags)
1da177e4
LT		 2416{
2417 int i;
2418
2419 for (i = 0; i < cachep->num; i++) {
8fea4e96 2420 void *objp = index_to_obj(cachep, slabp, i);
1da177e4
LT		 2421#if DEBUG
2422 /* need to poison the objs? */
2423 if (cachep->flags & SLAB_POISON)
2424 poison_obj(cachep, objp, POISON_FREE);
2425 if (cachep->flags & SLAB_STORE_USER)
2426 *dbg_userword(cachep, objp) = NULL;
2427
2428 if (cachep->flags & SLAB_RED_ZONE) {
2429 *dbg_redzone1(cachep, objp) = RED_INACTIVE;
2430 *dbg_redzone2(cachep, objp) = RED_INACTIVE;
2431 }
2432 /*
a737b3e2
AM		 2433 * Constructors are not allowed to allocate memory from the same
2434 * cache which they are a constructor for. Otherwise, deadlock.
2435 * They must also be threaded.
1da177e4
LT		 2436 */
2437 if (cachep->ctor && !(cachep->flags & SLAB_POISON))
3dafccf2 2438 cachep->ctor(objp + obj_offset(cachep), cachep,
b28a02de 2439 ctor_flags);
1da177e4
LT		 2440
2441 if (cachep->flags & SLAB_RED_ZONE) {
2442 if (*dbg_redzone2(cachep, objp) != RED_INACTIVE)
2443 slab_error(cachep, "constructor overwrote the"
b28a02de 2444 " end of an object");
1da177e4
LT		 2445 if (*dbg_redzone1(cachep, objp) != RED_INACTIVE)
2446 slab_error(cachep, "constructor overwrote the"
b28a02de 2447 " start of an object");
1da177e4 2448 }
a737b3e2
AM		 2449 if ((cachep->buffer_size % PAGE_SIZE) == 0 &&
2450 OFF_SLAB(cachep) && cachep->flags & SLAB_POISON)
b28a02de 2451 kernel_map_pages(virt_to_page(objp),
3dafccf2 2452 cachep->buffer_size / PAGE_SIZE, 0);
1da177e4
LT		 2453#else
2454 if (cachep->ctor)
2455 cachep->ctor(objp, cachep, ctor_flags);
2456#endif
b28a02de 2457 slab_bufctl(slabp)[i] = i + 1;
1da177e4 2458 }
b28a02de 2459 slab_bufctl(slabp)[i - 1] = BUFCTL_END;
1da177e4
LT		 2460 slabp->free = 0;
2461}
2462
343e0d7a 2463static void kmem_flagcheck(struct kmem_cache *cachep, gfp_t flags)
1da177e4 2464{
a737b3e2
AM		 2465 if (flags & SLAB_DMA)
2466 BUG_ON(!(cachep->gfpflags & GFP_DMA));
2467 else
2468 BUG_ON(cachep->gfpflags & GFP_DMA);
1da177e4
LT		 2469}
2470
a737b3e2
AM		 2471static void *slab_get_obj(struct kmem_cache *cachep, struct slab *slabp,
2472 int nodeid)
78d382d7 2473{
8fea4e96 2474 void *objp = index_to_obj(cachep, slabp, slabp->free);
78d382d7
MD		 2475 kmem_bufctl_t next;
2476
2477 slabp->inuse++;
2478 next = slab_bufctl(slabp)[slabp->free];
2479#if DEBUG
2480 slab_bufctl(slabp)[slabp->free] = BUFCTL_FREE;
2481 WARN_ON(slabp->nodeid != nodeid);
2482#endif
2483 slabp->free = next;
2484
2485 return objp;
2486}
2487
a737b3e2
AM		 2488static void slab_put_obj(struct kmem_cache *cachep, struct slab *slabp,
2489 void *objp, int nodeid)
78d382d7 2490{
8fea4e96 2491 unsigned int objnr = obj_to_index(cachep, slabp, objp);
78d382d7
MD		 2492
2493#if DEBUG
2494 /* Verify that the slab belongs to the intended node */
2495 WARN_ON(slabp->nodeid != nodeid);
2496
871751e2 2497 if (slab_bufctl(slabp)[objnr] + 1 <= SLAB_LIMIT + 1) {
78d382d7 2498 printk(KERN_ERR "slab: double free detected in cache "
a737b3e2 2499 "'%s', objp %p\n", cachep->name, objp);
78d382d7
MD		 2500 BUG();
2501 }
2502#endif
2503 slab_bufctl(slabp)[objnr] = slabp->free;
2504 slabp->free = objnr;
2505 slabp->inuse--;
2506}
2507
4776874f
PE		 2508/*
2509 * Map pages beginning at addr to the given cache and slab. This is required
2510 * for the slab allocator to be able to lookup the cache and slab of a
2511 * virtual address for kfree, ksize, kmem_ptr_validate, and slab debugging.
2512 */
2513static void slab_map_pages(struct kmem_cache *cache, struct slab *slab,
2514 void *addr)
1da177e4 2515{
4776874f 2516 int nr_pages;
1da177e4
LT		 2517 struct page *page;
2518
4776874f 2519 page = virt_to_page(addr);
84097518 2520
4776874f 2521 nr_pages = 1;
84097518 2522 if (likely(!PageCompound(page)))
4776874f
PE		 2523 nr_pages <<= cache->gfporder;
2524
1da177e4 2525 do {
4776874f
PE		 2526 page_set_cache(page, cache);
2527 page_set_slab(page, slab);
1da177e4 2528 page++;
4776874f 2529 } while (--nr_pages);
1da177e4
LT		 2530}
2531
2532/*
2533 * Grow (by 1) the number of slabs within a cache. This is called by
2534 * kmem_cache_alloc() when there are no active objs left in a cache.
2535 */
343e0d7a 2536static int cache_grow(struct kmem_cache *cachep, gfp_t flags, int nodeid)
1da177e4 2537{
b28a02de
PE		 2538 struct slab *slabp;
2539 void *objp;
2540 size_t offset;
2541 gfp_t local_flags;
2542 unsigned long ctor_flags;
e498be7d 2543 struct kmem_list3 *l3;
1da177e4 2544
a737b3e2
AM		 2545 /*
2546 * Be lazy and only check for valid flags here, keeping it out of the
2547 * critical path in kmem_cache_alloc().
1da177e4 2548 */
40094fa6 2549 BUG_ON(flags & ~(SLAB_DMA | SLAB_LEVEL_MASK | SLAB_NO_GROW));
1da177e4
LT		 2550 if (flags & SLAB_NO_GROW)
2551 return 0;
2552
2553 ctor_flags = SLAB_CTOR_CONSTRUCTOR;
2554 local_flags = (flags & SLAB_LEVEL_MASK);
2555 if (!(local_flags & __GFP_WAIT))
2556 /*
2557 * Not allowed to sleep. Need to tell a constructor about
2558 * this - it might need to know...
2559 */
2560 ctor_flags |= SLAB_CTOR_ATOMIC;
2561
2e1217cf 2562 /* Take the l3 list lock to change the colour_next on this node */
1da177e4 2563 check_irq_off();
2e1217cf
RT		 2564 l3 = cachep->nodelists[nodeid];
2565 spin_lock(&l3->list_lock);
1da177e4
LT		 2566
2567 /* Get colour for the slab, and cal the next value. */
2e1217cf
RT		 2568 offset = l3->colour_next;
2569 l3->colour_next++;
2570 if (l3->colour_next >= cachep->colour)
2571 l3->colour_next = 0;
2572 spin_unlock(&l3->list_lock);
1da177e4 2573
2e1217cf 2574 offset *= cachep->colour_off;
1da177e4
LT		 2575
2576 if (local_flags & __GFP_WAIT)
2577 local_irq_enable();
2578
2579 /*
2580 * The test for missing atomic flag is performed here, rather than
2581 * the more obvious place, simply to reduce the critical path length
2582 * in kmem_cache_alloc(). If a caller is seriously mis-behaving they
2583 * will eventually be caught here (where it matters).
2584 */
2585 kmem_flagcheck(cachep, flags);
2586
a737b3e2
AM		 2587 /*
2588 * Get mem for the objs. Attempt to allocate a physical page from
2589 * 'nodeid'.
e498be7d 2590 */
a737b3e2
AM		 2591 objp = kmem_getpages(cachep, flags, nodeid);
2592 if (!objp)
1da177e4
LT		 2593 goto failed;
2594
2595 /* Get slab management. */
5b74ada7 2596 slabp = alloc_slabmgmt(cachep, objp, offset, local_flags, nodeid);
a737b3e2 2597 if (!slabp)
1da177e4
LT		 2598 goto opps1;
2599
e498be7d 2600 slabp->nodeid = nodeid;
4776874f 2601 slab_map_pages(cachep, slabp, objp);
1da177e4
LT		 2602
2603 cache_init_objs(cachep, slabp, ctor_flags);
2604
2605 if (local_flags & __GFP_WAIT)
2606 local_irq_disable();
2607 check_irq_off();
e498be7d 2608 spin_lock(&l3->list_lock);
1da177e4
LT		 2609
2610 /* Make slab active. */
e498be7d 2611 list_add_tail(&slabp->list, &(l3->slabs_free));
1da177e4 2612 STATS_INC_GROWN(cachep);
e498be7d
CL		 2613 l3->free_objects += cachep->num;
2614 spin_unlock(&l3->list_lock);
1da177e4 2615 return 1;
a737b3e2 2616opps1:
1da177e4 2617 kmem_freepages(cachep, objp);
a737b3e2 2618failed:
1da177e4
LT		 2619 if (local_flags & __GFP_WAIT)
2620 local_irq_disable();
2621 return 0;
2622}
2623
2624#if DEBUG
2625
2626/*
2627 * Perform extra freeing checks:
2628 * - detect bad pointers.
2629 * - POISON/RED_ZONE checking
2630 * - destructor calls, for caches with POISON+dtor
2631 */
2632static void kfree_debugcheck(const void *objp)
2633{
2634 struct page *page;
2635
2636 if (!virt_addr_valid(objp)) {
2637 printk(KERN_ERR "kfree_debugcheck: out of range ptr %lxh.\n",
b28a02de
PE		 2638 (unsigned long)objp);
2639 BUG();
1da177e4
LT		 2640 }
2641 page = virt_to_page(objp);
2642 if (!PageSlab(page)) {
b28a02de
PE		 2643 printk(KERN_ERR "kfree_debugcheck: bad ptr %lxh.\n",
2644 (unsigned long)objp);
1da177e4
LT		 2645 BUG();
2646 }
2647}
2648
58ce1fd5
PE		 2649static inline void verify_redzone_free(struct kmem_cache *cache, void *obj)
2650{
2651 unsigned long redzone1, redzone2;
2652
2653 redzone1 = *dbg_redzone1(cache, obj);
2654 redzone2 = *dbg_redzone2(cache, obj);
2655
2656 /*
2657 * Redzone is ok.
2658 */
2659 if (redzone1 == RED_ACTIVE && redzone2 == RED_ACTIVE)
2660 return;
2661
2662 if (redzone1 == RED_INACTIVE && redzone2 == RED_INACTIVE)
2663 slab_error(cache, "double free detected");
2664 else
2665 slab_error(cache, "memory outside object was overwritten");
2666
2667 printk(KERN_ERR "%p: redzone 1:0x%lx, redzone 2:0x%lx.\n",
2668 obj, redzone1, redzone2);
2669}
2670
343e0d7a 2671static void *cache_free_debugcheck(struct kmem_cache *cachep, void *objp,
b28a02de 2672 void *caller)
1da177e4
LT		 2673{
2674 struct page *page;
2675 unsigned int objnr;
2676 struct slab *slabp;
2677
3dafccf2 2678 objp -= obj_offset(cachep);
1da177e4
LT		 2679 kfree_debugcheck(objp);
2680 page = virt_to_page(objp);
2681
065d41cb 2682 slabp = page_get_slab(page);
1da177e4
LT		 2683
2684 if (cachep->flags & SLAB_RED_ZONE) {
58ce1fd5 2685 verify_redzone_free(cachep, objp);
1da177e4
LT		 2686 *dbg_redzone1(cachep, objp) = RED_INACTIVE;
2687 *dbg_redzone2(cachep, objp) = RED_INACTIVE;
2688 }
2689 if (cachep->flags & SLAB_STORE_USER)
2690 *dbg_userword(cachep, objp) = caller;
2691
8fea4e96 2692 objnr = obj_to_index(cachep, slabp, objp);
1da177e4
LT		 2693
2694 BUG_ON(objnr >= cachep->num);
8fea4e96 2695 BUG_ON(objp != index_to_obj(cachep, slabp, objnr));
1da177e4
LT		 2696
2697 if (cachep->flags & SLAB_DEBUG_INITIAL) {
a737b3e2
AM		 2698 /*
2699 * Need to call the slab's constructor so the caller can
2700 * perform a verify of its state (debugging). Called without
2701 * the cache-lock held.
1da177e4 2702 */
3dafccf2 2703 cachep->ctor(objp + obj_offset(cachep),
b28a02de 2704 cachep, SLAB_CTOR_CONSTRUCTOR | SLAB_CTOR_VERIFY);
1da177e4
LT		 2705 }
2706 if (cachep->flags & SLAB_POISON && cachep->dtor) {
2707 /* we want to cache poison the object,
2708 * call the destruction callback
2709 */
3dafccf2 2710 cachep->dtor(objp + obj_offset(cachep), cachep, 0);
1da177e4 2711 }
871751e2
AV		 2712#ifdef CONFIG_DEBUG_SLAB_LEAK
2713 slab_bufctl(slabp)[objnr] = BUFCTL_FREE;
2714#endif
1da177e4
LT		 2715 if (cachep->flags & SLAB_POISON) {
2716#ifdef CONFIG_DEBUG_PAGEALLOC
a737b3e2 2717 if ((cachep->buffer_size % PAGE_SIZE)==0 && OFF_SLAB(cachep)) {
1da177e4 2718 store_stackinfo(cachep, objp, (unsigned long)caller);
b28a02de 2719 kernel_map_pages(virt_to_page(objp),
3dafccf2 2720 cachep->buffer_size / PAGE_SIZE, 0);
1da177e4
LT		 2721 } else {
2722 poison_obj(cachep, objp, POISON_FREE);
2723 }
2724#else
2725 poison_obj(cachep, objp, POISON_FREE);
2726#endif
2727 }
2728 return objp;
2729}
2730
343e0d7a 2731static void check_slabp(struct kmem_cache *cachep, struct slab *slabp)
1da177e4
LT		 2732{
2733 kmem_bufctl_t i;
2734 int entries = 0;
b28a02de 2735
1da177e4
LT		 2736 /* Check slab's freelist to see if this obj is there. */
2737 for (i = slabp->free; i != BUFCTL_END; i = slab_bufctl(slabp)[i]) {
2738 entries++;
2739 if (entries > cachep->num || i >= cachep->num)
2740 goto bad;
2741 }
2742 if (entries != cachep->num - slabp->inuse) {
a737b3e2
AM		 2743bad:
2744 printk(KERN_ERR "slab: Internal list corruption detected in "
2745 "cache '%s'(%d), slabp %p(%d). Hexdump:\n",
2746 cachep->name, cachep->num, slabp, slabp->inuse);
b28a02de 2747 for (i = 0;
264132bc 2748 i < sizeof(*slabp) + cachep->num * sizeof(kmem_bufctl_t);
b28a02de 2749 i++) {
a737b3e2 2750 if (i % 16 == 0)
1da177e4 2751 printk("\n%03x:", i);
b28a02de 2752 printk(" %02x", ((unsigned char *)slabp)[i]);
1da177e4
LT		 2753 }
2754 printk("\n");
2755 BUG();
2756 }
2757}
2758#else
2759#define kfree_debugcheck(x) do { } while(0)
2760#define cache_free_debugcheck(x,objp,z) (objp)
2761#define check_slabp(x,y) do { } while(0)
2762#endif
2763
343e0d7a 2764static void *cache_alloc_refill(struct kmem_cache *cachep, gfp_t flags)
1da177e4
LT		 2765{
2766 int batchcount;
2767 struct kmem_list3 *l3;
2768 struct array_cache *ac;
2769
2770 check_irq_off();
9a2dba4b 2771 ac = cpu_cache_get(cachep);
a737b3e2 2772retry:
1da177e4
LT		 2773 batchcount = ac->batchcount;
2774 if (!ac->touched && batchcount > BATCHREFILL_LIMIT) {
a737b3e2
AM		 2775 /*
2776 * If there was little recent activity on this cache, then
2777 * perform only a partial refill. Otherwise we could generate
2778 * refill bouncing.
1da177e4
LT		 2779 */
2780 batchcount = BATCHREFILL_LIMIT;
2781 }
e498be7d
CL		 2782 l3 = cachep->nodelists[numa_node_id()];
2783
2784 BUG_ON(ac->avail > 0 || !l3);
2785 spin_lock(&l3->list_lock);
1da177e4 2786
3ded175a
CL		 2787 /* See if we can refill from the shared array */
2788 if (l3->shared && transfer_objects(ac, l3->shared, batchcount))
2789 goto alloc_done;
2790
1da177e4
LT		 2791 while (batchcount > 0) {
2792 struct list_head *entry;
2793 struct slab *slabp;
2794 /* Get slab alloc is to come from. */
2795 entry = l3->slabs_partial.next;
2796 if (entry == &l3->slabs_partial) {
2797 l3->free_touched = 1;
2798 entry = l3->slabs_free.next;
2799 if (entry == &l3->slabs_free)
2800 goto must_grow;
2801 }
2802
2803 slabp = list_entry(entry, struct slab, list);
2804 check_slabp(cachep, slabp);
2805 check_spinlock_acquired(cachep);
2806 while (slabp->inuse < cachep->num && batchcount--) {
1da177e4
LT		 2807 STATS_INC_ALLOCED(cachep);
2808 STATS_INC_ACTIVE(cachep);
2809 STATS_SET_HIGH(cachep);
2810
78d382d7
MD		 2811 ac->entry[ac->avail++] = slab_get_obj(cachep, slabp,
2812 numa_node_id());
1da177e4
LT		 2813 }
2814 check_slabp(cachep, slabp);
2815
2816 /* move slabp to correct slabp list: */
2817 list_del(&slabp->list);
2818 if (slabp->free == BUFCTL_END)
2819 list_add(&slabp->list, &l3->slabs_full);
2820 else
2821 list_add(&slabp->list, &l3->slabs_partial);
2822 }
2823
a737b3e2 2824must_grow:
1da177e4 2825 l3->free_objects -= ac->avail;
a737b3e2 2826alloc_done:
e498be7d 2827 spin_unlock(&l3->list_lock);
1da177e4
LT		 2828
2829 if (unlikely(!ac->avail)) {
2830 int x;
e498be7d
CL		 2831 x = cache_grow(cachep, flags, numa_node_id());
2832
a737b3e2 2833 /* cache_grow can reenable interrupts, then ac could change. */
9a2dba4b 2834 ac = cpu_cache_get(cachep);
a737b3e2 2835 if (!x && ac->avail == 0) /* no objects in sight? abort */
1da177e4
LT		 2836 return NULL;
2837
a737b3e2 2838 if (!ac->avail) /* objects refilled by interrupt? */
1da177e4
LT		 2839 goto retry;
2840 }
2841 ac->touched = 1;
e498be7d 2842 return ac->entry[--ac->avail];
1da177e4
LT		 2843}
2844
a737b3e2
AM		 2845static inline void cache_alloc_debugcheck_before(struct kmem_cache *cachep,
2846 gfp_t flags)
1da177e4
LT		 2847{
2848 might_sleep_if(flags & __GFP_WAIT);
2849#if DEBUG
2850 kmem_flagcheck(cachep, flags);
2851#endif
2852}
2853
2854#if DEBUG
a737b3e2
AM		 2855static void *cache_alloc_debugcheck_after(struct kmem_cache *cachep,
2856 gfp_t flags, void *objp, void *caller)
1da177e4 2857{
b28a02de 2858 if (!objp)
1da177e4 2859 return objp;
b28a02de 2860 if (cachep->flags & SLAB_POISON) {
1da177e4 2861#ifdef CONFIG_DEBUG_PAGEALLOC
3dafccf2 2862 if ((cachep->buffer_size % PAGE_SIZE) == 0 && OFF_SLAB(cachep))
b28a02de 2863 kernel_map_pages(virt_to_page(objp),
3dafccf2 2864 cachep->buffer_size / PAGE_SIZE, 1);
1da177e4
LT		 2865 else
2866 check_poison_obj(cachep, objp);
2867#else
2868 check_poison_obj(cachep, objp);
2869#endif
2870 poison_obj(cachep, objp, POISON_INUSE);
2871 }
2872 if (cachep->flags & SLAB_STORE_USER)
2873 *dbg_userword(cachep, objp) = caller;
2874
2875 if (cachep->flags & SLAB_RED_ZONE) {
a737b3e2
AM		 2876 if (*dbg_redzone1(cachep, objp) != RED_INACTIVE ||
2877 *dbg_redzone2(cachep, objp) != RED_INACTIVE) {
2878 slab_error(cachep, "double free, or memory outside"
2879 " object was overwritten");
b28a02de 2880 printk(KERN_ERR
a737b3e2
AM		 2881 "%p: redzone 1:0x%lx, redzone 2:0x%lx\n",
2882 objp, *dbg_redzone1(cachep, objp),
2883 *dbg_redzone2(cachep, objp));
1da177e4
LT		 2884 }
2885 *dbg_redzone1(cachep, objp) = RED_ACTIVE;
2886 *dbg_redzone2(cachep, objp) = RED_ACTIVE;
2887 }
871751e2
AV		 2888#ifdef CONFIG_DEBUG_SLAB_LEAK
2889 {
2890 struct slab *slabp;
2891 unsigned objnr;
2892
2893 slabp = page_get_slab(virt_to_page(objp));
2894 objnr = (unsigned)(objp - slabp->s_mem) / cachep->buffer_size;
2895 slab_bufctl(slabp)[objnr] = BUFCTL_ACTIVE;
2896 }
2897#endif
3dafccf2 2898 objp += obj_offset(cachep);
1da177e4 2899 if (cachep->ctor && cachep->flags & SLAB_POISON) {
b28a02de 2900 unsigned long ctor_flags = SLAB_CTOR_CONSTRUCTOR;
1da177e4
LT		 2901
2902 if (!(flags & __GFP_WAIT))
2903 ctor_flags |= SLAB_CTOR_ATOMIC;
2904
2905 cachep->ctor(objp, cachep, ctor_flags);
b28a02de 2906 }
1da177e4
LT		 2907 return objp;
2908}
2909#else
2910#define cache_alloc_debugcheck_after(a,b,objp,d) (objp)
2911#endif
2912
343e0d7a 2913static inline void *____cache_alloc(struct kmem_cache *cachep, gfp_t flags)
1da177e4 2914{
b28a02de 2915 void *objp;
1da177e4
LT		 2916 struct array_cache *ac;
2917
dc85da15 2918#ifdef CONFIG_NUMA
b2455396 2919 if (unlikely(current->flags & (PF_SPREAD_SLAB | PF_MEMPOLICY))) {
c61afb18
PJ		 2920 objp = alternate_node_alloc(cachep, flags);
2921 if (objp != NULL)
2922 return objp;
dc85da15
CL		 2923 }
2924#endif
2925
5c382300 2926 check_irq_off();
9a2dba4b 2927 ac = cpu_cache_get(cachep);
1da177e4
LT		 2928 if (likely(ac->avail)) {
2929 STATS_INC_ALLOCHIT(cachep);
2930 ac->touched = 1;
e498be7d 2931 objp = ac->entry[--ac->avail];
1da177e4
LT		 2932 } else {
2933 STATS_INC_ALLOCMISS(cachep);
2934 objp = cache_alloc_refill(cachep, flags);
2935 }
5c382300
AK		 2936 return objp;
2937}
2938
a737b3e2
AM		 2939static __always_inline void *__cache_alloc(struct kmem_cache *cachep,
2940 gfp_t flags, void *caller)
5c382300
AK		 2941{
2942 unsigned long save_flags;
b28a02de 2943 void *objp;
5c382300
AK		 2944
2945 cache_alloc_debugcheck_before(cachep, flags);
2946
2947 local_irq_save(save_flags);
2948 objp = ____cache_alloc(cachep, flags);
1da177e4 2949 local_irq_restore(save_flags);
34342e86 2950 objp = cache_alloc_debugcheck_after(cachep, flags, objp,
7fd6b141 2951 caller);
34342e86 2952 prefetchw(objp);
1da177e4
LT		 2953 return objp;
2954}
2955
e498be7d 2956#ifdef CONFIG_NUMA
c61afb18 2957/*
b2455396 2958 * Try allocating on another node if PF_SPREAD_SLAB|PF_MEMPOLICY.
c61afb18
PJ		 2959 *
2960 * If we are in_interrupt, then process context, including cpusets and
2961 * mempolicy, may not apply and should not be used for allocation policy.
2962 */
2963static void *alternate_node_alloc(struct kmem_cache *cachep, gfp_t flags)
2964{
2965 int nid_alloc, nid_here;
2966
2967 if (in_interrupt())
2968 return NULL;
2969 nid_alloc = nid_here = numa_node_id();
2970 if (cpuset_do_slab_mem_spread() && (cachep->flags & SLAB_MEM_SPREAD))
2971 nid_alloc = cpuset_mem_spread_node();
2972 else if (current->mempolicy)
2973 nid_alloc = slab_node(current->mempolicy);
2974 if (nid_alloc != nid_here)
2975 return __cache_alloc_node(cachep, flags, nid_alloc);
2976 return NULL;
2977}
2978
e498be7d
CL		 2979/*
2980 * A interface to enable slab creation on nodeid
1da177e4 2981 */
a737b3e2
AM		 2982static void *__cache_alloc_node(struct kmem_cache *cachep, gfp_t flags,
2983 int nodeid)
e498be7d
CL		 2984{
2985 struct list_head *entry;
b28a02de
PE		 2986 struct slab *slabp;
2987 struct kmem_list3 *l3;
2988 void *obj;
b28a02de
PE		 2989 int x;
2990
2991 l3 = cachep->nodelists[nodeid];
2992 BUG_ON(!l3);
2993
a737b3e2 2994retry:
ca3b9b91 2995 check_irq_off();
b28a02de
PE		 2996 spin_lock(&l3->list_lock);
2997 entry = l3->slabs_partial.next;
2998 if (entry == &l3->slabs_partial) {
2999 l3->free_touched = 1;
3000 entry = l3->slabs_free.next;
3001 if (entry == &l3->slabs_free)
3002 goto must_grow;
3003 }
3004
3005 slabp = list_entry(entry, struct slab, list);
3006 check_spinlock_acquired_node(cachep, nodeid);
3007 check_slabp(cachep, slabp);
3008
3009 STATS_INC_NODEALLOCS(cachep);
3010 STATS_INC_ACTIVE(cachep);
3011 STATS_SET_HIGH(cachep);
3012
3013 BUG_ON(slabp->inuse == cachep->num);
3014
78d382d7 3015 obj = slab_get_obj(cachep, slabp, nodeid);
b28a02de
PE		 3016 check_slabp(cachep, slabp);
3017 l3->free_objects--;
3018 /* move slabp to correct slabp list: */
3019 list_del(&slabp->list);
3020
a737b3e2 3021 if (slabp->free == BUFCTL_END)
b28a02de 3022 list_add(&slabp->list, &l3->slabs_full);
a737b3e2 3023 else
b28a02de 3024 list_add(&slabp->list, &l3->slabs_partial);
e498be7d 3025
b28a02de
PE		 3026 spin_unlock(&l3->list_lock);
3027 goto done;
e498be7d 3028
a737b3e2 3029must_grow:
b28a02de
PE		 3030 spin_unlock(&l3->list_lock);
3031 x = cache_grow(cachep, flags, nodeid);
1da177e4 3032
b28a02de
PE		 3033 if (!x)
3034 return NULL;
e498be7d 3035
b28a02de 3036 goto retry;
a737b3e2 3037done:
b28a02de 3038 return obj;
e498be7d
CL		 3039}
3040#endif
3041
3042/*
3043 * Caller needs to acquire correct kmem_list's list_lock
3044 */
343e0d7a 3045static void free_block(struct kmem_cache *cachep, void **objpp, int nr_objects,
b28a02de 3046 int node)
1da177e4
LT		 3047{
3048 int i;
e498be7d 3049 struct kmem_list3 *l3;
1da177e4
LT		 3050
3051 for (i = 0; i < nr_objects; i++) {
3052 void *objp = objpp[i];
3053 struct slab *slabp;
1da177e4 3054
6ed5eb22 3055 slabp = virt_to_slab(objp);
ff69416e 3056 l3 = cachep->nodelists[node];
1da177e4 3057 list_del(&slabp->list);
ff69416e 3058 check_spinlock_acquired_node(cachep, node);
1da177e4 3059 check_slabp(cachep, slabp);
78d382d7 3060 slab_put_obj(cachep, slabp, objp, node);
1da177e4 3061 STATS_DEC_ACTIVE(cachep);
e498be7d 3062 l3->free_objects++;
1da177e4
LT		 3063 check_slabp(cachep, slabp);
3064
3065 /* fixup slab chains */
3066 if (slabp->inuse == 0) {
e498be7d
CL		 3067 if (l3->free_objects > l3->free_limit) {
3068 l3->free_objects -= cachep->num;
1da177e4
LT		 3069 slab_destroy(cachep, slabp);
3070 } else {
e498be7d 3071 list_add(&slabp->list, &l3->slabs_free);
1da177e4
LT		 3072 }
3073 } else {
3074 /* Unconditionally move a slab to the end of the
3075 * partial list on free - maximum time for the
3076 * other objects to be freed, too.
3077 */
e498be7d 3078 list_add_tail(&slabp->list, &l3->slabs_partial);
1da177e4
LT		 3079 }
3080 }
3081}
3082
343e0d7a 3083static void cache_flusharray(struct kmem_cache *cachep, struct array_cache *ac)
1da177e4
LT		 3084{
3085 int batchcount;
e498be7d 3086 struct kmem_list3 *l3;
ff69416e 3087 int node = numa_node_id();
1da177e4
LT		 3088
3089 batchcount = ac->batchcount;
3090#if DEBUG
3091 BUG_ON(!batchcount || batchcount > ac->avail);
3092#endif
3093 check_irq_off();
ff69416e 3094 l3 = cachep->nodelists[node];
e498be7d
CL		 3095 spin_lock(&l3->list_lock);
3096 if (l3->shared) {
3097 struct array_cache *shared_array = l3->shared;
b28a02de 3098 int max = shared_array->limit - shared_array->avail;
1da177e4
LT		 3099 if (max) {
3100 if (batchcount > max)
3101 batchcount = max;
e498be7d 3102 memcpy(&(shared_array->entry[shared_array->avail]),
b28a02de 3103 ac->entry, sizeof(void *) * batchcount);
1da177e4
LT		 3104 shared_array->avail += batchcount;
3105 goto free_done;
3106 }
3107 }
3108
ff69416e 3109 free_block(cachep, ac->entry, batchcount, node);
a737b3e2 3110free_done:
1da177e4
LT		 3111#if STATS
3112 {
3113 int i = 0;
3114 struct list_head *p;
3115
e498be7d
CL		 3116 p = l3->slabs_free.next;
3117 while (p != &(l3->slabs_free)) {
1da177e4
LT		 3118 struct slab *slabp;
3119
3120 slabp = list_entry(p, struct slab, list);
3121 BUG_ON(slabp->inuse);
3122
3123 i++;
3124 p = p->next;
3125 }
3126 STATS_SET_FREEABLE(cachep, i);
3127 }
3128#endif
e498be7d 3129 spin_unlock(&l3->list_lock);
1da177e4 3130 ac->avail -= batchcount;
a737b3e2 3131 memmove(ac->entry, &(ac->entry[batchcount]), sizeof(void *)*ac->avail);
1da177e4
LT		 3132}
3133
3134/*
a737b3e2
AM		 3135 * Release an obj back to its cache. If the obj has a constructed state, it must
3136 * be in this state _before_ it is released. Called with disabled ints.
1da177e4 3137 */
343e0d7a 3138static inline void __cache_free(struct kmem_cache *cachep, void *objp)
1da177e4 3139{
9a2dba4b 3140 struct array_cache *ac = cpu_cache_get(cachep);
1da177e4
LT		 3141
3142 check_irq_off();
3143 objp = cache_free_debugcheck(cachep, objp, __builtin_return_address(0));
3144
729bd0b7
PE		 3145 if (cache_free_alien(cachep, objp))
3146 return;
3147
1da177e4
LT		 3148 if (likely(ac->avail < ac->limit)) {
3149 STATS_INC_FREEHIT(cachep);
e498be7d 3150 ac->entry[ac->avail++] = objp;
1da177e4
LT		 3151 return;
3152 } else {
3153 STATS_INC_FREEMISS(cachep);
3154 cache_flusharray(cachep, ac);
e498be7d 3155 ac->entry[ac->avail++] = objp;
1da177e4
LT		 3156 }
3157}
3158
3159/**
3160 * kmem_cache_alloc - Allocate an object
3161 * @cachep: The cache to allocate from.
3162 * @flags: See kmalloc().
3163 *
3164 * Allocate an object from this cache. The flags are only relevant
3165 * if the cache has no available objects.
3166 */
343e0d7a 3167void *kmem_cache_alloc(struct kmem_cache *cachep, gfp_t flags)
1da177e4 3168{
7fd6b141 3169 return __cache_alloc(cachep, flags, __builtin_return_address(0));
1da177e4
LT		 3170}
3171EXPORT_SYMBOL(kmem_cache_alloc);
3172
a8c0f9a4
PE		 3173/**
3174 * kmem_cache_alloc - Allocate an object. The memory is set to zero.
3175 * @cache: The cache to allocate from.
3176 * @flags: See kmalloc().
3177 *
3178 * Allocate an object from this cache and set the allocated memory to zero.
3179 * The flags are only relevant if the cache has no available objects.
3180 */
3181void *kmem_cache_zalloc(struct kmem_cache *cache, gfp_t flags)
3182{
3183 void *ret = __cache_alloc(cache, flags, __builtin_return_address(0));
3184 if (ret)
3185 memset(ret, 0, obj_size(cache));
3186 return ret;
3187}
3188EXPORT_SYMBOL(kmem_cache_zalloc);
3189
1da177e4
LT		 3190/**
3191 * kmem_ptr_validate - check if an untrusted pointer might
3192 * be a slab entry.
3193 * @cachep: the cache we're checking against
3194 * @ptr: pointer to validate
3195 *
3196 * This verifies that the untrusted pointer looks sane:
3197 * it is _not_ a guarantee that the pointer is actually
3198 * part of the slab cache in question, but it at least
3199 * validates that the pointer can be dereferenced and
3200 * looks half-way sane.
3201 *
3202 * Currently only used for dentry validation.
3203 */
343e0d7a 3204int fastcall kmem_ptr_validate(struct kmem_cache *cachep, void *ptr)
1da177e4 3205{
b28a02de 3206 unsigned long addr = (unsigned long)ptr;
1da177e4 3207 unsigned long min_addr = PAGE_OFFSET;
b28a02de 3208 unsigned long align_mask = BYTES_PER_WORD - 1;
3dafccf2 3209 unsigned long size = cachep->buffer_size;
1da177e4
LT		 3210 struct page *page;
3211
3212 if (unlikely(addr < min_addr))
3213 goto out;
3214 if (unlikely(addr > (unsigned long)high_memory - size))
3215 goto out;
3216 if (unlikely(addr & align_mask))
3217 goto out;
3218 if (unlikely(!kern_addr_valid(addr)))
3219 goto out;
3220 if (unlikely(!kern_addr_valid(addr + size - 1)))
3221 goto out;
3222 page = virt_to_page(ptr);
3223 if (unlikely(!PageSlab(page)))
3224 goto out;
065d41cb 3225 if (unlikely(page_get_cache(page) != cachep))
1da177e4
LT		 3226 goto out;
3227 return 1;
a737b3e2 3228out:
1da177e4
LT		 3229 return 0;
3230}
3231
3232#ifdef CONFIG_NUMA
3233/**
3234 * kmem_cache_alloc_node - Allocate an object on the specified node
3235 * @cachep: The cache to allocate from.
3236 * @flags: See kmalloc().
3237 * @nodeid: node number of the target node.
3238 *
3239 * Identical to kmem_cache_alloc, except that this function is slow
3240 * and can sleep. And it will allocate memory on the given node, which
3241 * can improve the performance for cpu bound structures.
e498be7d
CL		 3242 * New and improved: it will now make sure that the object gets
3243 * put on the correct node list so that there is no false sharing.
1da177e4 3244 */
343e0d7a 3245void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t flags, int nodeid)
1da177e4 3246{
e498be7d
CL		 3247 unsigned long save_flags;
3248 void *ptr;
1da177e4 3249
e498be7d
CL		 3250 cache_alloc_debugcheck_before(cachep, flags);
3251 local_irq_save(save_flags);
18f820f6
CL		 3252
3253 if (nodeid == -1 || nodeid == numa_node_id() ||
a737b3e2 3254 !cachep->nodelists[nodeid])
5c382300
AK		 3255 ptr = ____cache_alloc(cachep, flags);
3256 else
3257 ptr = __cache_alloc_node(cachep, flags, nodeid);
e498be7d 3258 local_irq_restore(save_flags);
18f820f6
CL		 3259
3260 ptr = cache_alloc_debugcheck_after(cachep, flags, ptr,
3261 __builtin_return_address(0));
1da177e4 3262
e498be7d 3263 return ptr;
1da177e4
LT		 3264}
3265EXPORT_SYMBOL(kmem_cache_alloc_node);
3266
dd0fc66f 3267void *kmalloc_node(size_t size, gfp_t flags, int node)
97e2bde4 3268{
343e0d7a 3269 struct kmem_cache *cachep;
97e2bde4
MS		 3270
3271 cachep = kmem_find_general_cachep(size, flags);
3272 if (unlikely(cachep == NULL))
3273 return NULL;
3274 return kmem_cache_alloc_node(cachep, flags, node);
3275}
3276EXPORT_SYMBOL(kmalloc_node);
1da177e4
LT		 3277#endif
3278
3279/**
3280 * kmalloc - allocate memory
3281 * @size: how many bytes of memory are required.
3282 * @flags: the type of memory to allocate.
911851e6 3283 * @caller: function caller for debug tracking of the caller
1da177e4
LT		 3284 *
3285 * kmalloc is the normal method of allocating memory
3286 * in the kernel.
3287 *
3288 * The @flags argument may be one of:
3289 *
3290 * %GFP_USER - Allocate memory on behalf of user. May sleep.
3291 *
3292 * %GFP_KERNEL - Allocate normal kernel ram. May sleep.
3293 *
3294 * %GFP_ATOMIC - Allocation will not sleep. Use inside interrupt handlers.
3295 *
3296 * Additionally, the %GFP_DMA flag may be set to indicate the memory
3297 * must be suitable for DMA. This can mean different things on different
3298 * platforms. For example, on i386, it means that the memory must come
3299 * from the first 16MB.
3300 */
7fd6b141
PE		 3301static __always_inline void *__do_kmalloc(size_t size, gfp_t flags,
3302 void *caller)
1da177e4 3303{
343e0d7a 3304 struct kmem_cache *cachep;
1da177e4 3305
97e2bde4
MS		 3306 /* If you want to save a few bytes .text space: replace
3307 * __ with kmem_.
3308 * Then kmalloc uses the uninlined functions instead of the inline
3309 * functions.
3310 */
3311 cachep = __find_general_cachep(size, flags);
dbdb9045
AM		 3312 if (unlikely(cachep == NULL))
3313 return NULL;
7fd6b141
PE		 3314 return __cache_alloc(cachep, flags, caller);
3315}
3316
7fd6b141
PE		 3317
3318void *__kmalloc(size_t size, gfp_t flags)
3319{
871751e2 3320#ifndef CONFIG_DEBUG_SLAB
7fd6b141 3321 return __do_kmalloc(size, flags, NULL);
871751e2
AV		 3322#else
3323 return __do_kmalloc(size, flags, __builtin_return_address(0));
3324#endif
1da177e4
LT		 3325}
3326EXPORT_SYMBOL(__kmalloc);
3327
871751e2 3328#ifdef CONFIG_DEBUG_SLAB
7fd6b141
PE		 3329void *__kmalloc_track_caller(size_t size, gfp_t flags, void *caller)
3330{
3331 return __do_kmalloc(size, flags, caller);
3332}
3333EXPORT_SYMBOL(__kmalloc_track_caller);
7fd6b141
PE		 3334#endif
3335
1da177e4
LT		 3336#ifdef CONFIG_SMP
3337/**
3338 * __alloc_percpu - allocate one copy of the object for every present
3339 * cpu in the system, zeroing them.
3340 * Objects should be dereferenced using the per_cpu_ptr macro only.
3341 *
3342 * @size: how many bytes of memory are required.
1da177e4 3343 */
f9f75005 3344void *__alloc_percpu(size_t size)
1da177e4
LT		 3345{
3346 int i;
b28a02de 3347 struct percpu_data *pdata = kmalloc(sizeof(*pdata), GFP_KERNEL);
1da177e4
LT		 3348
3349 if (!pdata)
3350 return NULL;
3351
e498be7d
CL		 3352 /*
3353 * Cannot use for_each_online_cpu since a cpu may come online
3354 * and we have no way of figuring out how to fix the array
3355 * that we have allocated then....
3356 */
0a945022 3357 for_each_possible_cpu(i) {
e498be7d
CL		 3358 int node = cpu_to_node(i);
3359
3360 if (node_online(node))
3361 pdata->ptrs[i] = kmalloc_node(size, GFP_KERNEL, node);
3362 else
3363 pdata->ptrs[i] = kmalloc(size, GFP_KERNEL);
1da177e4
LT		 3364
3365 if (!pdata->ptrs[i])
3366 goto unwind_oom;
3367 memset(pdata->ptrs[i], 0, size);
3368 }
3369
3370 /* Catch derefs w/o wrappers */
b28a02de 3371 return (void *)(~(unsigned long)pdata);
1da177e4 3372
a737b3e2 3373unwind_oom:
1da177e4
LT		 3374 while (--i >= 0) {
3375 if (!cpu_possible(i))
3376 continue;
3377 kfree(pdata->ptrs[i]);
3378 }
3379 kfree(pdata);
3380 return NULL;
3381}
3382EXPORT_SYMBOL(__alloc_percpu);
3383#endif
3384
3385/**
3386 * kmem_cache_free - Deallocate an object
3387 * @cachep: The cache the allocation was from.
3388 * @objp: The previously allocated object.
3389 *
3390 * Free an object which was previously allocated from this
3391 * cache.
3392 */
343e0d7a 3393void kmem_cache_free(struct kmem_cache *cachep, void *objp)
1da177e4
LT		 3394{
3395 unsigned long flags;
3396
ddc2e812
PE		 3397 BUG_ON(virt_to_cache(objp) != cachep);
3398
1da177e4
LT		 3399 local_irq_save(flags);
3400 __cache_free(cachep, objp);
3401 local_irq_restore(flags);
3402}
3403EXPORT_SYMBOL(kmem_cache_free);
3404
1da177e4
LT		 3405/**
3406 * kfree - free previously allocated memory
3407 * @objp: pointer returned by kmalloc.
3408 *
80e93eff
PE		 3409 * If @objp is NULL, no operation is performed.
3410 *
1da177e4
LT		 3411 * Don't free memory not originally allocated by kmalloc()
3412 * or you will run into trouble.
3413 */
3414void kfree(const void *objp)
3415{
343e0d7a 3416 struct kmem_cache *c;
1da177e4
LT		 3417 unsigned long flags;
3418
3419 if (unlikely(!objp))
3420 return;
3421 local_irq_save(flags);
3422 kfree_debugcheck(objp);
6ed5eb22 3423 c = virt_to_cache(objp);
3dafccf2 3424 mutex_debug_check_no_locks_freed(objp, obj_size(c));
b28a02de 3425 __cache_free(c, (void *)objp);
1da177e4
LT		 3426 local_irq_restore(flags);
3427}
3428EXPORT_SYMBOL(kfree);
3429
3430#ifdef CONFIG_SMP
3431/**
3432 * free_percpu - free previously allocated percpu memory
3433 * @objp: pointer returned by alloc_percpu.
3434 *
3435 * Don't free memory not originally allocated by alloc_percpu()
3436 * The complemented objp is to check for that.
3437 */
b28a02de 3438void free_percpu(const void *objp)
1da177e4
LT		 3439{
3440 int i;
b28a02de 3441 struct percpu_data *p = (struct percpu_data *)(~(unsigned long)objp);
1da177e4 3442
e498be7d
CL		 3443 /*
3444 * We allocate for all cpus so we cannot use for online cpu here.
3445 */
0a945022 3446 for_each_possible_cpu(i)
b28a02de 3447 kfree(p->ptrs[i]);
1da177e4
LT		 3448 kfree(p);
3449}
3450EXPORT_SYMBOL(free_percpu);
3451#endif
3452
343e0d7a 3453unsigned int kmem_cache_size(struct kmem_cache *cachep)
1da177e4 3454{
3dafccf2 3455 return obj_size(cachep);
1da177e4
LT		 3456}
3457EXPORT_SYMBOL(kmem_cache_size);
3458
343e0d7a 3459const char *kmem_cache_name(struct kmem_cache *cachep)
1944972d
ACM		 3460{
3461 return cachep->name;
3462}
3463EXPORT_SYMBOL_GPL(kmem_cache_name);
3464
e498be7d 3465/*
0718dc2a 3466 * This initializes kmem_list3 or resizes varioius caches for all nodes.
e498be7d 3467 */
343e0d7a 3468static int alloc_kmemlist(struct kmem_cache *cachep)
e498be7d
CL		 3469{
3470 int node;
3471 struct kmem_list3 *l3;
cafeb02e
CL		 3472 struct array_cache *new_shared;
3473 struct array_cache **new_alien;
e498be7d
CL		 3474
3475 for_each_online_node(node) {
cafeb02e 3476
a737b3e2
AM		 3477 new_alien = alloc_alien_cache(node, cachep->limit);
3478 if (!new_alien)
e498be7d 3479 goto fail;
cafeb02e 3480
0718dc2a
CL		 3481 new_shared = alloc_arraycache(node,
3482 cachep->shared*cachep->batchcount,
a737b3e2 3483 0xbaadf00d);
0718dc2a
CL		 3484 if (!new_shared) {
3485 free_alien_cache(new_alien);
e498be7d 3486 goto fail;
0718dc2a 3487 }
cafeb02e 3488
a737b3e2
AM		 3489 l3 = cachep->nodelists[node];
3490 if (l3) {
cafeb02e
CL		 3491 struct array_cache *shared = l3->shared;
3492
e498be7d
CL		 3493 spin_lock_irq(&l3->list_lock);
3494
cafeb02e 3495 if (shared)
0718dc2a
CL		 3496 free_block(cachep, shared->entry,
3497 shared->avail, node);
e498be7d 3498
cafeb02e
CL		 3499 l3->shared = new_shared;
3500 if (!l3->alien) {
e498be7d
CL		 3501 l3->alien = new_alien;
3502 new_alien = NULL;
3503 }
b28a02de 3504 l3->free_limit = (1 + nr_cpus_node(node)) *
a737b3e2 3505 cachep->batchcount + cachep->num;
e498be7d 3506 spin_unlock_irq(&l3->list_lock);
cafeb02e 3507 kfree(shared);
e498be7d
CL		 3508 free_alien_cache(new_alien);
3509 continue;
3510 }
a737b3e2 3511 l3 = kmalloc_node(sizeof(struct kmem_list3), GFP_KERNEL, node);
0718dc2a
CL		 3512 if (!l3) {
3513 free_alien_cache(new_alien);
3514 kfree(new_shared);
e498be7d 3515 goto fail;
0718dc2a 3516 }
e498be7d
CL		 3517
3518 kmem_list3_init(l3);
3519 l3->next_reap = jiffies + REAPTIMEOUT_LIST3 +
a737b3e2 3520 ((unsigned long)cachep) % REAPTIMEOUT_LIST3;
cafeb02e 3521 l3->shared = new_shared;
e498be7d 3522 l3->alien = new_alien;
b28a02de 3523 l3->free_limit = (1 + nr_cpus_node(node)) *
a737b3e2 3524 cachep->batchcount + cachep->num;
e498be7d
CL		 3525 cachep->nodelists[node] = l3;
3526 }
cafeb02e 3527 return 0;
0718dc2a 3528
a737b3e2 3529fail:
0718dc2a
CL		 3530 if (!cachep->next.next) {
3531 /* Cache is not active yet. Roll back what we did */
3532 node--;
3533 while (node >= 0) {
3534 if (cachep->nodelists[node]) {
3535 l3 = cachep->nodelists[node];
3536
3537 kfree(l3->shared);
3538 free_alien_cache(l3->alien);
3539 kfree(l3);
3540 cachep->nodelists[node] = NULL;
3541 }
3542 node--;
3543 }
3544 }
cafeb02e 3545 return -ENOMEM;
e498be7d
CL		 3546}
3547
1da177e4 3548struct ccupdate_struct {
343e0d7a 3549 struct kmem_cache *cachep;
1da177e4
LT		 3550 struct array_cache *new[NR_CPUS];
3551};
3552
3553static void do_ccupdate_local(void *info)
3554{
a737b3e2 3555 struct ccupdate_struct *new = info;
1da177e4
LT		 3556 struct array_cache *old;
3557
3558 check_irq_off();
9a2dba4b 3559 old = cpu_cache_get(new->cachep);
e498be7d 3560
1da177e4
LT		 3561 new->cachep->array[smp_processor_id()] = new->new[smp_processor_id()];
3562 new->new[smp_processor_id()] = old;
3563}
3564
b5d8ca7c 3565/* Always called with the cache_chain_mutex held */
a737b3e2
AM		 3566static int do_tune_cpucache(struct kmem_cache *cachep, int limit,
3567 int batchcount, int shared)
1da177e4
LT		 3568{
3569 struct ccupdate_struct new;
e498be7d 3570 int i, err;
1da177e4 3571
b28a02de 3572 memset(&new.new, 0, sizeof(new.new));
e498be7d 3573 for_each_online_cpu(i) {
a737b3e2
AM		 3574 new.new[i] = alloc_arraycache(cpu_to_node(i), limit,
3575 batchcount);
e498be7d 3576 if (!new.new[i]) {
b28a02de
PE		 3577 for (i--; i >= 0; i--)
3578 kfree(new.new[i]);
e498be7d 3579 return -ENOMEM;
1da177e4
LT		 3580 }
3581 }
3582 new.cachep = cachep;
3583
a07fa394 3584 on_each_cpu(do_ccupdate_local, (void *)&new, 1, 1);
e498be7d 3585
1da177e4 3586 check_irq_on();
1da177e4
LT		 3587 cachep->batchcount = batchcount;
3588 cachep->limit = limit;
e498be7d 3589 cachep->shared = shared;
1da177e4 3590
e498be7d 3591 for_each_online_cpu(i) {
1da177e4
LT		 3592 struct array_cache *ccold = new.new[i];
3593 if (!ccold)
3594 continue;
e498be7d 3595 spin_lock_irq(&cachep->nodelists[cpu_to_node(i)]->list_lock);
ff69416e 3596 free_block(cachep, ccold->entry, ccold->avail, cpu_to_node(i));
e498be7d 3597 spin_unlock_irq(&cachep->nodelists[cpu_to_node(i)]->list_lock);
1da177e4
LT		 3598 kfree(ccold);
3599 }
1da177e4 3600
e498be7d
CL		 3601 err = alloc_kmemlist(cachep);
3602 if (err) {
3603 printk(KERN_ERR "alloc_kmemlist failed for %s, error %d.\n",
b28a02de 3604 cachep->name, -err);
e498be7d 3605 BUG();
1da177e4 3606 }
1da177e4
LT		 3607 return 0;
3608}
3609
b5d8ca7c 3610/* Called with cache_chain_mutex held always */
343e0d7a 3611static void enable_cpucache(struct kmem_cache *cachep)
1da177e4
LT		 3612{
3613 int err;
3614 int limit, shared;
3615
a737b3e2
AM		 3616 /*
3617 * The head array serves three purposes:
1da177e4
LT		 3618 * - create a LIFO ordering, i.e. return objects that are cache-warm
3619 * - reduce the number of spinlock operations.
a737b3e2 3620 * - reduce the number of linked list operations on the slab and
1da177e4
LT		 3621 * bufctl chains: array operations are cheaper.
3622 * The numbers are guessed, we should auto-tune as described by
3623 * Bonwick.
3624 */
3dafccf2 3625 if (cachep->buffer_size > 131072)
1da177e4 3626 limit = 1;
3dafccf2 3627 else if (cachep->buffer_size > PAGE_SIZE)
1da177e4 3628 limit = 8;
3dafccf2 3629 else if (cachep->buffer_size > 1024)
1da177e4 3630 limit = 24;
3dafccf2 3631 else if (cachep->buffer_size > 256)
1da177e4
LT		 3632 limit = 54;
3633 else
3634 limit = 120;
3635
a737b3e2
AM		 3636 /*
3637 * CPU bound tasks (e.g. network routing) can exhibit cpu bound
1da177e4
LT		 3638 * allocation behaviour: Most allocs on one cpu, most free operations
3639 * on another cpu. For these cases, an efficient object passing between
3640 * cpus is necessary. This is provided by a shared array. The array
3641 * replaces Bonwick's magazine layer.
3642 * On uniprocessor, it's functionally equivalent (but less efficient)
3643 * to a larger limit. Thus disabled by default.
3644 */
3645 shared = 0;
3646#ifdef CONFIG_SMP
3dafccf2 3647 if (cachep->buffer_size <= PAGE_SIZE)
1da177e4
LT		 3648 shared = 8;
3649#endif
3650
3651#if DEBUG
a737b3e2
AM		 3652 /*
3653 * With debugging enabled, large batchcount lead to excessively long
3654 * periods with disabled local interrupts. Limit the batchcount
1da177e4
LT		 3655 */
3656 if (limit > 32)
3657 limit = 32;
3658#endif
b28a02de 3659 err = do_tune_cpucache(cachep, limit, (limit + 1) / 2, shared);
1da177e4
LT		 3660 if (err)
3661 printk(KERN_ERR "enable_cpucache failed for %s, error %d.\n",
b28a02de 3662 cachep->name, -err);
1da177e4
LT		 3663}
3664
1b55253a
CL		 3665/*
3666 * Drain an array if it contains any elements taking the l3 lock only if
b18e7e65
CL		 3667 * necessary. Note that the l3 listlock also protects the array_cache
3668 * if drain_array() is used on the shared array.
1b55253a
CL		 3669 */
3670void drain_array(struct kmem_cache *cachep, struct kmem_list3 *l3,
3671 struct array_cache *ac, int force, int node)
1da177e4
LT		 3672{
3673 int tofree;
3674
1b55253a
CL		 3675 if (!ac || !ac->avail)
3676 return;
1da177e4
LT		 3677 if (ac->touched && !force) {
3678 ac->touched = 0;
b18e7e65 3679 } else {
1b55253a 3680 spin_lock_irq(&l3->list_lock);
b18e7e65
CL		 3681 if (ac->avail) {
3682 tofree = force ? ac->avail : (ac->limit + 4) / 5;
3683 if (tofree > ac->avail)
3684 tofree = (ac->avail + 1) / 2;
3685 free_block(cachep, ac->entry, tofree, node);
3686 ac->avail -= tofree;
3687 memmove(ac->entry, &(ac->entry[tofree]),
3688 sizeof(void *) * ac->avail);
3689 }
1b55253a 3690 spin_unlock_irq(&l3->list_lock);
1da177e4
LT		 3691 }
3692}
3693
3694/**
3695 * cache_reap - Reclaim memory from caches.
1e5d5331 3696 * @unused: unused parameter
1da177e4
LT		 3697 *
3698 * Called from workqueue/eventd every few seconds.
3699 * Purpose:
3700 * - clear the per-cpu caches for this CPU.
3701 * - return freeable pages to the main free memory pool.
3702 *
a737b3e2
AM		 3703 * If we cannot acquire the cache chain mutex then just give up - we'll try
3704 * again on the next iteration.
1da177e4
LT		 3705 */
3706static void cache_reap(void *unused)
3707{
7a7c381d 3708 struct kmem_cache *searchp;
e498be7d 3709 struct kmem_list3 *l3;
aab2207c 3710 int node = numa_node_id();
1da177e4 3711
fc0abb14 3712 if (!mutex_trylock(&cache_chain_mutex)) {
1da177e4 3713 /* Give up. Setup the next iteration. */
b28a02de
PE		 3714 schedule_delayed_work(&__get_cpu_var(reap_work),
3715 REAPTIMEOUT_CPUC);
1da177e4
LT		 3716 return;
3717 }
3718
7a7c381d 3719 list_for_each_entry(searchp, &cache_chain, next) {
b28a02de 3720 struct list_head *p;
1da177e4
LT		 3721 int tofree;
3722 struct slab *slabp;
3723
1da177e4
LT		 3724 check_irq_on();
3725
35386e3b
CL		 3726 /*
3727 * We only take the l3 lock if absolutely necessary and we
3728 * have established with reasonable certainty that
3729 * we can do some work if the lock was obtained.
3730 */
aab2207c 3731 l3 = searchp->nodelists[node];
35386e3b 3732
8fce4d8e 3733 reap_alien(searchp, l3);
1da177e4 3734
aab2207c 3735 drain_array(searchp, l3, cpu_cache_get(searchp), 0, node);
1da177e4 3736
35386e3b
CL		 3737 /*
3738 * These are racy checks but it does not matter
3739 * if we skip one check or scan twice.
3740 */
e498be7d 3741 if (time_after(l3->next_reap, jiffies))
35386e3b 3742 goto next;
1da177e4 3743
e498be7d 3744 l3->next_reap = jiffies + REAPTIMEOUT_LIST3;
1da177e4 3745
aab2207c 3746 drain_array(searchp, l3, l3->shared, 0, node);
1da177e4 3747
e498be7d
CL		 3748 if (l3->free_touched) {
3749 l3->free_touched = 0;
35386e3b 3750 goto next;
1da177e4
LT		 3751 }
3752
a737b3e2
AM		 3753 tofree = (l3->free_limit + 5 * searchp->num - 1) /
3754 (5 * searchp->num);
1da177e4 3755 do {
35386e3b
CL		 3756 /*
3757 * Do not lock if there are no free blocks.
3758 */
3759 if (list_empty(&l3->slabs_free))
3760 break;
3761
3762 spin_lock_irq(&l3->list_lock);
e498be7d 3763 p = l3->slabs_free.next;
35386e3b
CL		 3764 if (p == &(l3->slabs_free)) {
3765 spin_unlock_irq(&l3->list_lock);
1da177e4 3766 break;
35386e3b 3767 }
1da177e4
LT		 3768
3769 slabp = list_entry(p, struct slab, list);
3770 BUG_ON(slabp->inuse);
3771 list_del(&slabp->list);
3772 STATS_INC_REAPED(searchp);
3773
a737b3e2
AM		 3774 /*
3775 * Safe to drop the lock. The slab is no longer linked
3776 * to the cache. searchp cannot disappear, we hold
1da177e4
LT		 3777 * cache_chain_lock
3778 */
e498be7d
CL		 3779 l3->free_objects -= searchp->num;
3780 spin_unlock_irq(&l3->list_lock);
1da177e4 3781 slab_destroy(searchp, slabp);
b28a02de 3782 } while (--tofree > 0);
35386e3b 3783next:
1da177e4
LT		 3784 cond_resched();
3785 }
3786 check_irq_on();
fc0abb14 3787 mutex_unlock(&cache_chain_mutex);
8fce4d8e 3788 next_reap_node();
a737b3e2 3789 /* Set up the next iteration */
cd61ef62 3790 schedule_delayed_work(&__get_cpu_var(reap_work), REAPTIMEOUT_CPUC);
1da177e4
LT		 3791}
3792
3793#ifdef CONFIG_PROC_FS
3794
85289f98 3795static void print_slabinfo_header(struct seq_file *m)
1da177e4 3796{
85289f98
PE		 3797 /*
3798 * Output format version, so at least we can change it
3799 * without _too_ many complaints.
3800 */
1da177e4 3801#if STATS
85289f98 3802 seq_puts(m, "slabinfo - version: 2.1 (statistics)\n");
1da177e4 3803#else
85289f98 3804 seq_puts(m, "slabinfo - version: 2.1\n");
1da177e4 3805#endif
85289f98
PE		 3806 seq_puts(m, "# name <active_objs> <num_objs> <objsize> "
3807 "<objperslab> <pagesperslab>");
3808 seq_puts(m, " : tunables <limit> <batchcount> <sharedfactor>");
3809 seq_puts(m, " : slabdata <active_slabs> <num_slabs> <sharedavail>");
1da177e4 3810#if STATS
85289f98 3811 seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> "
fb7faf33 3812 "<error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>");
85289f98 3813 seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>");
1da177e4 3814#endif
85289f98
PE		 3815 seq_putc(m, '\n');
3816}
3817
3818static void *s_start(struct seq_file *m, loff_t *pos)
3819{
3820 loff_t n = *pos;
3821 struct list_head *p;
3822
fc0abb14 3823 mutex_lock(&cache_chain_mutex);
85289f98
PE		 3824 if (!n)
3825 print_slabinfo_header(m);
1da177e4
LT		 3826 p = cache_chain.next;
3827 while (n--) {
3828 p = p->next;
3829 if (p == &cache_chain)
3830 return NULL;
3831 }
343e0d7a 3832 return list_entry(p, struct kmem_cache, next);
1da177e4
LT		 3833}
3834
3835static void *s_next(struct seq_file *m, void *p, loff_t *pos)
3836{
343e0d7a 3837 struct kmem_cache *cachep = p;
1da177e4 3838 ++*pos;
a737b3e2
AM		 3839 return cachep->next.next == &cache_chain ?
3840 NULL : list_entry(cachep->next.next, struct kmem_cache, next);
1da177e4
LT		 3841}
3842
3843static void s_stop(struct seq_file *m, void *p)
3844{
fc0abb14 3845 mutex_unlock(&cache_chain_mutex);
1da177e4
LT		 3846}
3847
3848static int s_show(struct seq_file *m, void *p)
3849{
343e0d7a 3850 struct kmem_cache *cachep = p;
b28a02de
PE		 3851 struct slab *slabp;
3852 unsigned long active_objs;
3853 unsigned long num_objs;
3854 unsigned long active_slabs = 0;
3855 unsigned long num_slabs, free_objects = 0, shared_avail = 0;
e498be7d 3856 const char *name;
1da177e4 3857 char *error = NULL;
e498be7d
CL		 3858 int node;
3859 struct kmem_list3 *l3;
1da177e4 3860
1da177e4
LT		 3861 active_objs = 0;
3862 num_slabs = 0;
e498be7d
CL		 3863 for_each_online_node(node) {
3864 l3 = cachep->nodelists[node];
3865 if (!l3)
3866 continue;
3867
ca3b9b91
RT		 3868 check_irq_on();
3869 spin_lock_irq(&l3->list_lock);
e498be7d 3870
7a7c381d 3871 list_for_each_entry(slabp, &l3->slabs_full, list) {
e498be7d
CL		 3872 if (slabp->inuse != cachep->num && !error)
3873 error = "slabs_full accounting error";
3874 active_objs += cachep->num;
3875 active_slabs++;
3876 }
7a7c381d 3877 list_for_each_entry(slabp, &l3->slabs_partial, list) {
e498be7d
CL		 3878 if (slabp->inuse == cachep->num && !error)
3879 error = "slabs_partial inuse accounting error";
3880 if (!slabp->inuse && !error)
3881 error = "slabs_partial/inuse accounting error";
3882 active_objs += slabp->inuse;
3883 active_slabs++;
3884 }
7a7c381d 3885 list_for_each_entry(slabp, &l3->slabs_free, list) {
e498be7d
CL		 3886 if (slabp->inuse && !error)
3887 error = "slabs_free/inuse accounting error";
3888 num_slabs++;
3889 }
3890 free_objects += l3->free_objects;
4484ebf1
RT		 3891 if (l3->shared)
3892 shared_avail += l3->shared->avail;
e498be7d 3893
ca3b9b91 3894 spin_unlock_irq(&l3->list_lock);
1da177e4 3895 }
b28a02de
PE		 3896 num_slabs += active_slabs;
3897 num_objs = num_slabs * cachep->num;
e498be7d 3898 if (num_objs - active_objs != free_objects && !error)
1da177e4
LT		 3899 error = "free_objects accounting error";
3900
b28a02de 3901 name = cachep->name;
1da177e4
LT		 3902 if (error)
3903 printk(KERN_ERR "slab: cache %s error: %s\n", name, error);
3904
3905 seq_printf(m, "%-17s %6lu %6lu %6u %4u %4d",
3dafccf2 3906 name, active_objs, num_objs, cachep->buffer_size,
b28a02de 3907 cachep->num, (1 << cachep->gfporder));
1da177e4 3908 seq_printf(m, " : tunables %4u %4u %4u",
b28a02de 3909 cachep->limit, cachep->batchcount, cachep->shared);
e498be7d 3910 seq_printf(m, " : slabdata %6lu %6lu %6lu",
b28a02de 3911 active_slabs, num_slabs, shared_avail);
1da177e4 3912#if STATS
b28a02de 3913 { /* list3 stats */
1da177e4
LT		 3914 unsigned long high = cachep->high_mark;
3915 unsigned long allocs = cachep->num_allocations;
3916 unsigned long grown = cachep->grown;
3917 unsigned long reaped = cachep->reaped;
3918 unsigned long errors = cachep->errors;
3919 unsigned long max_freeable = cachep->max_freeable;
1da177e4 3920 unsigned long node_allocs = cachep->node_allocs;
e498be7d 3921 unsigned long node_frees = cachep->node_frees;
fb7faf33 3922 unsigned long overflows = cachep->node_overflow;
1da177e4 3923
e498be7d 3924 seq_printf(m, " : globalstat %7lu %6lu %5lu %4lu \
fb7faf33 3925 %4lu %4lu %4lu %4lu %4lu", allocs, high, grown,
a737b3e2 3926 reaped, errors, max_freeable, node_allocs,
fb7faf33 3927 node_frees, overflows);
1da177e4
LT		 3928 }
3929 /* cpu stats */
3930 {
3931 unsigned long allochit = atomic_read(&cachep->allochit);
3932 unsigned long allocmiss = atomic_read(&cachep->allocmiss);
3933 unsigned long freehit = atomic_read(&cachep->freehit);
3934 unsigned long freemiss = atomic_read(&cachep->freemiss);
3935
3936 seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu",
b28a02de 3937 allochit, allocmiss, freehit, freemiss);
1da177e4
LT		 3938 }
3939#endif
3940 seq_putc(m, '\n');
1da177e4
LT		 3941 return 0;
3942}
3943
3944/*
3945 * slabinfo_op - iterator that generates /proc/slabinfo
3946 *
3947 * Output layout:
3948 * cache-name
3949 * num-active-objs
3950 * total-objs
3951 * object size
3952 * num-active-slabs
3953 * total-slabs
3954 * num-pages-per-slab
3955 * + further values on SMP and with statistics enabled
3956 */
3957
3958struct seq_operations slabinfo_op = {
b28a02de
PE		 3959 .start = s_start,
3960 .next = s_next,
3961 .stop = s_stop,
3962 .show = s_show,
1da177e4
LT		 3963};
3964
3965#define MAX_SLABINFO_WRITE 128
3966/**
3967 * slabinfo_write - Tuning for the slab allocator
3968 * @file: unused
3969 * @buffer: user buffer
3970 * @count: data length
3971 * @ppos: unused
3972 */
b28a02de
PE		 3973ssize_t slabinfo_write(struct file *file, const char __user * buffer,
3974 size_t count, loff_t *ppos)
1da177e4 3975{
b28a02de 3976 char kbuf[MAX_SLABINFO_WRITE + 1], *tmp;
1da177e4 3977 int limit, batchcount, shared, res;
7a7c381d 3978 struct kmem_cache *cachep;
b28a02de 3979
1da177e4
LT		 3980 if (count > MAX_SLABINFO_WRITE)
3981 return -EINVAL;
3982 if (copy_from_user(&kbuf, buffer, count))
3983 return -EFAULT;
b28a02de 3984 kbuf[MAX_SLABINFO_WRITE] = '\0';
1da177e4
LT		 3985
3986 tmp = strchr(kbuf, ' ');
3987 if (!tmp)
3988 return -EINVAL;
3989 *tmp = '\0';
3990 tmp++;
3991 if (sscanf(tmp, " %d %d %d", &limit, &batchcount, &shared) != 3)
3992 return -EINVAL;
3993
3994 /* Find the cache in the chain of caches. */
fc0abb14 3995 mutex_lock(&cache_chain_mutex);
1da177e4 3996 res = -EINVAL;
7a7c381d 3997 list_for_each_entry(cachep, &cache_chain, next) {
1da177e4 3998 if (!strcmp(cachep->name, kbuf)) {
a737b3e2
AM		 3999 if (limit < 1 || batchcount < 1 ||
4000 batchcount > limit || shared < 0) {
e498be7d 4001 res = 0;
1da177e4 4002 } else {
e498be7d 4003 res = do_tune_cpucache(cachep, limit,
b28a02de 4004 batchcount, shared);
1da177e4
LT		 4005 }
4006 break;
4007 }
4008 }
fc0abb14 4009 mutex_unlock(&cache_chain_mutex);
1da177e4
LT		 4010 if (res >= 0)
4011 res = count;
4012 return res;
4013}
871751e2
AV		 4014
4015#ifdef CONFIG_DEBUG_SLAB_LEAK
4016
4017static void *leaks_start(struct seq_file *m, loff_t *pos)
4018{
4019 loff_t n = *pos;
4020 struct list_head *p;
4021
4022 mutex_lock(&cache_chain_mutex);
4023 p = cache_chain.next;
4024 while (n--) {
4025 p = p->next;
4026 if (p == &cache_chain)
4027 return NULL;
4028 }
4029 return list_entry(p, struct kmem_cache, next);
4030}
4031
4032static inline int add_caller(unsigned long *n, unsigned long v)
4033{
4034 unsigned long *p;
4035 int l;
4036 if (!v)
4037 return 1;
4038 l = n[1];
4039 p = n + 2;
4040 while (l) {
4041 int i = l/2;
4042 unsigned long *q = p + 2 * i;
4043 if (*q == v) {
4044 q[1]++;
4045 return 1;
4046 }
4047 if (*q > v) {
4048 l = i;
4049 } else {
4050 p = q + 2;
4051 l -= i + 1;
4052 }
4053 }
4054 if (++n[1] == n[0])
4055 return 0;
4056 memmove(p + 2, p, n[1] * 2 * sizeof(unsigned long) - ((void *)p - (void *)n));
4057 p[0] = v;
4058 p[1] = 1;
4059 return 1;
4060}
4061
4062static void handle_slab(unsigned long *n, struct kmem_cache *c, struct slab *s)
4063{
4064 void *p;
4065 int i;
4066 if (n[0] == n[1])
4067 return;
4068 for (i = 0, p = s->s_mem; i < c->num; i++, p += c->buffer_size) {
4069 if (slab_bufctl(s)[i] != BUFCTL_ACTIVE)
4070 continue;
4071 if (!add_caller(n, (unsigned long)*dbg_userword(c, p)))
4072 return;
4073 }
4074}
4075
4076static void show_symbol(struct seq_file *m, unsigned long address)
4077{
4078#ifdef CONFIG_KALLSYMS
4079 char *modname;
4080 const char *name;
4081 unsigned long offset, size;
4082 char namebuf[KSYM_NAME_LEN+1];
4083
4084 name = kallsyms_lookup(address, &size, &offset, &modname, namebuf);
4085
4086 if (name) {
4087 seq_printf(m, "%s+%#lx/%#lx", name, offset, size);
4088 if (modname)
4089 seq_printf(m, " [%s]", modname);
4090 return;
4091 }
4092#endif
4093 seq_printf(m, "%p", (void *)address);
4094}
4095
4096static int leaks_show(struct seq_file *m, void *p)
4097{
4098 struct kmem_cache *cachep = p;
871751e2
AV		 4099 struct slab *slabp;
4100 struct kmem_list3 *l3;
4101 const char *name;
4102 unsigned long *n = m->private;
4103 int node;
4104 int i;
4105
4106 if (!(cachep->flags & SLAB_STORE_USER))
4107 return 0;
4108 if (!(cachep->flags & SLAB_RED_ZONE))
4109 return 0;
4110
4111 /* OK, we can do it */
4112
4113 n[1] = 0;
4114
4115 for_each_online_node(node) {
4116 l3 = cachep->nodelists[node];
4117 if (!l3)
4118 continue;
4119
4120 check_irq_on();
4121 spin_lock_irq(&l3->list_lock);
4122
7a7c381d 4123 list_for_each_entry(slabp, &l3->slabs_full, list)
871751e2 4124 handle_slab(n, cachep, slabp);
7a7c381d 4125 list_for_each_entry(slabp, &l3->slabs_partial, list)
871751e2 4126 handle_slab(n, cachep, slabp);
871751e2
AV		 4127 spin_unlock_irq(&l3->list_lock);
4128 }
4129 name = cachep->name;
4130 if (n[0] == n[1]) {
4131 /* Increase the buffer size */
4132 mutex_unlock(&cache_chain_mutex);
4133 m->private = kzalloc(n[0] * 4 * sizeof(unsigned long), GFP_KERNEL);
4134 if (!m->private) {
4135 /* Too bad, we are really out */
4136 m->private = n;
4137 mutex_lock(&cache_chain_mutex);
4138 return -ENOMEM;
4139 }
4140 *(unsigned long *)m->private = n[0] * 2;
4141 kfree(n);
4142 mutex_lock(&cache_chain_mutex);
4143 /* Now make sure this entry will be retried */
4144 m->count = m->size;
4145 return 0;
4146 }
4147 for (i = 0; i < n[1]; i++) {
4148 seq_printf(m, "%s: %lu ", name, n[2*i+3]);
4149 show_symbol(m, n[2*i+2]);
4150 seq_putc(m, '\n');
4151 }
4152 return 0;
4153}
4154
4155struct seq_operations slabstats_op = {
4156 .start = leaks_start,
4157 .next = s_next,
4158 .stop = s_stop,
4159 .show = leaks_show,
4160};
4161#endif
1da177e4
LT		 4162#endif
4163
00e145b6
MS		 4164/**
4165 * ksize - get the actual amount of memory allocated for a given object
4166 * @objp: Pointer to the object
4167 *
4168 * kmalloc may internally round up allocations and return more memory
4169 * than requested. ksize() can be used to determine the actual amount of
4170 * memory allocated. The caller may use this additional memory, even though
4171 * a smaller amount of memory was initially specified with the kmalloc call.
4172 * The caller must guarantee that objp points to a valid object previously
4173 * allocated with either kmalloc() or kmem_cache_alloc(). The object
4174 * must not be freed during the duration of the call.
4175 */
1da177e4
LT		 4176unsigned int ksize(const void *objp)
4177{
00e145b6
MS		 4178 if (unlikely(objp == NULL))
4179 return 0;
1da177e4 4180
6ed5eb22 4181 return obj_size(virt_to_cache(objp));
1da177e4 4182}
Linux 6.x block layer and io_uring tree(s)