1 // SPDX-License-Identifier: GPL-2.0
3 * Slab allocator functions that are independent of the allocator strategy
5 * (C) 2012 Christoph Lameter <cl@linux.com>
7 #include <linux/slab.h>
10 #include <linux/poison.h>
11 #include <linux/interrupt.h>
12 #include <linux/memory.h>
13 #include <linux/compiler.h>
14 #include <linux/module.h>
15 #include <linux/cpu.h>
16 #include <linux/uaccess.h>
17 #include <linux/seq_file.h>
18 #include <linux/proc_fs.h>
19 #include <asm/cacheflush.h>
20 #include <asm/tlbflush.h>
22 #include <linux/memcontrol.h>
24 #define CREATE_TRACE_POINTS
25 #include <trace/events/kmem.h>
29 enum slab_state slab_state;
30 LIST_HEAD(slab_caches);
31 DEFINE_MUTEX(slab_mutex);
32 struct kmem_cache *kmem_cache;
34 #ifdef CONFIG_HARDENED_USERCOPY
35 bool usercopy_fallback __ro_after_init =
36 IS_ENABLED(CONFIG_HARDENED_USERCOPY_FALLBACK);
37 module_param(usercopy_fallback, bool, 0400);
38 MODULE_PARM_DESC(usercopy_fallback,
39 "WARN instead of reject usercopy whitelist violations");
42 static LIST_HEAD(slab_caches_to_rcu_destroy);
43 static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work);
44 static DECLARE_WORK(slab_caches_to_rcu_destroy_work,
45 slab_caches_to_rcu_destroy_workfn);
48 * Set of flags that will prevent slab merging
50 #define SLAB_NEVER_MERGE (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \
51 SLAB_TRACE | SLAB_TYPESAFE_BY_RCU | SLAB_NOLEAKTRACE | \
52 SLAB_FAILSLAB | SLAB_KASAN)
54 #define SLAB_MERGE_SAME (SLAB_RECLAIM_ACCOUNT | SLAB_CACHE_DMA | \
58 * Merge control. If this is set then no merging of slab caches will occur.
60 static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT);
62 static int __init setup_slab_nomerge(char *str)
69 __setup_param("slub_nomerge", slub_nomerge, setup_slab_nomerge, 0);
72 __setup("slab_nomerge", setup_slab_nomerge);
75 * Determine the size of a slab object
77 unsigned int kmem_cache_size(struct kmem_cache *s)
79 return s->object_size;
81 EXPORT_SYMBOL(kmem_cache_size);
83 #ifdef CONFIG_DEBUG_VM
84 static int kmem_cache_sanity_check(const char *name, size_t size)
86 struct kmem_cache *s = NULL;
88 if (!name || in_interrupt() || size < sizeof(void *) ||
89 size > KMALLOC_MAX_SIZE) {
90 pr_err("kmem_cache_create(%s) integrity check failed\n", name);
94 list_for_each_entry(s, &slab_caches, list) {
99 * This happens when the module gets unloaded and doesn't
100 * destroy its slab cache and no-one else reuses the vmalloc
101 * area of the module. Print a warning.
103 res = probe_kernel_address(s->name, tmp);
105 pr_err("Slab cache with size %d has lost its name\n",
111 WARN_ON(strchr(name, ' ')); /* It confuses parsers */
115 static inline int kmem_cache_sanity_check(const char *name, size_t size)
121 void __kmem_cache_free_bulk(struct kmem_cache *s, size_t nr, void **p)
125 for (i = 0; i < nr; i++) {
127 kmem_cache_free(s, p[i]);
133 int __kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t nr,
138 for (i = 0; i < nr; i++) {
139 void *x = p[i] = kmem_cache_alloc(s, flags);
141 __kmem_cache_free_bulk(s, i, p);
148 #if defined(CONFIG_MEMCG) && !defined(CONFIG_SLOB)
150 LIST_HEAD(slab_root_caches);
152 void slab_init_memcg_params(struct kmem_cache *s)
154 s->memcg_params.root_cache = NULL;
155 RCU_INIT_POINTER(s->memcg_params.memcg_caches, NULL);
156 INIT_LIST_HEAD(&s->memcg_params.children);
159 static int init_memcg_params(struct kmem_cache *s,
160 struct mem_cgroup *memcg, struct kmem_cache *root_cache)
162 struct memcg_cache_array *arr;
165 s->memcg_params.root_cache = root_cache;
166 s->memcg_params.memcg = memcg;
167 INIT_LIST_HEAD(&s->memcg_params.children_node);
168 INIT_LIST_HEAD(&s->memcg_params.kmem_caches_node);
172 slab_init_memcg_params(s);
174 if (!memcg_nr_cache_ids)
177 arr = kvzalloc(sizeof(struct memcg_cache_array) +
178 memcg_nr_cache_ids * sizeof(void *),
183 RCU_INIT_POINTER(s->memcg_params.memcg_caches, arr);
187 static void destroy_memcg_params(struct kmem_cache *s)
189 if (is_root_cache(s))
190 kvfree(rcu_access_pointer(s->memcg_params.memcg_caches));
193 static void free_memcg_params(struct rcu_head *rcu)
195 struct memcg_cache_array *old;
197 old = container_of(rcu, struct memcg_cache_array, rcu);
201 static int update_memcg_params(struct kmem_cache *s, int new_array_size)
203 struct memcg_cache_array *old, *new;
205 new = kvzalloc(sizeof(struct memcg_cache_array) +
206 new_array_size * sizeof(void *), GFP_KERNEL);
210 old = rcu_dereference_protected(s->memcg_params.memcg_caches,
211 lockdep_is_held(&slab_mutex));
213 memcpy(new->entries, old->entries,
214 memcg_nr_cache_ids * sizeof(void *));
216 rcu_assign_pointer(s->memcg_params.memcg_caches, new);
218 call_rcu(&old->rcu, free_memcg_params);
222 int memcg_update_all_caches(int num_memcgs)
224 struct kmem_cache *s;
227 mutex_lock(&slab_mutex);
228 list_for_each_entry(s, &slab_root_caches, root_caches_node) {
229 ret = update_memcg_params(s, num_memcgs);
231 * Instead of freeing the memory, we'll just leave the caches
232 * up to this point in an updated state.
237 mutex_unlock(&slab_mutex);
241 void memcg_link_cache(struct kmem_cache *s)
243 if (is_root_cache(s)) {
244 list_add(&s->root_caches_node, &slab_root_caches);
246 list_add(&s->memcg_params.children_node,
247 &s->memcg_params.root_cache->memcg_params.children);
248 list_add(&s->memcg_params.kmem_caches_node,
249 &s->memcg_params.memcg->kmem_caches);
253 static void memcg_unlink_cache(struct kmem_cache *s)
255 if (is_root_cache(s)) {
256 list_del(&s->root_caches_node);
258 list_del(&s->memcg_params.children_node);
259 list_del(&s->memcg_params.kmem_caches_node);
263 static inline int init_memcg_params(struct kmem_cache *s,
264 struct mem_cgroup *memcg, struct kmem_cache *root_cache)
269 static inline void destroy_memcg_params(struct kmem_cache *s)
273 static inline void memcg_unlink_cache(struct kmem_cache *s)
276 #endif /* CONFIG_MEMCG && !CONFIG_SLOB */
279 * Find a mergeable slab cache
281 int slab_unmergeable(struct kmem_cache *s)
283 if (slab_nomerge || (s->flags & SLAB_NEVER_MERGE))
286 if (!is_root_cache(s))
296 * We may have set a slab to be unmergeable during bootstrap.
304 struct kmem_cache *find_mergeable(size_t size, size_t align,
305 slab_flags_t flags, const char *name, void (*ctor)(void *))
307 struct kmem_cache *s;
315 size = ALIGN(size, sizeof(void *));
316 align = calculate_alignment(flags, align, size);
317 size = ALIGN(size, align);
318 flags = kmem_cache_flags(size, flags, name, NULL);
320 if (flags & SLAB_NEVER_MERGE)
323 list_for_each_entry_reverse(s, &slab_root_caches, root_caches_node) {
324 if (slab_unmergeable(s))
330 if ((flags & SLAB_MERGE_SAME) != (s->flags & SLAB_MERGE_SAME))
333 * Check if alignment is compatible.
334 * Courtesy of Adrian Drzewiecki
336 if ((s->size & ~(align - 1)) != s->size)
339 if (s->size - size >= sizeof(void *))
342 if (IS_ENABLED(CONFIG_SLAB) && align &&
343 (align > s->align || s->align % align))
352 * Figure out what the alignment of the objects will be given a set of
353 * flags, a user specified alignment and the size of the objects.
355 unsigned long calculate_alignment(slab_flags_t flags,
356 unsigned long align, unsigned long size)
359 * If the user wants hardware cache aligned objects then follow that
360 * suggestion if the object is sufficiently large.
362 * The hardware cache alignment cannot override the specified
363 * alignment though. If that is greater then use it.
365 if (flags & SLAB_HWCACHE_ALIGN) {
366 unsigned long ralign = cache_line_size();
367 while (size <= ralign / 2)
369 align = max(align, ralign);
372 if (align < ARCH_SLAB_MINALIGN)
373 align = ARCH_SLAB_MINALIGN;
375 return ALIGN(align, sizeof(void *));
378 static struct kmem_cache *create_cache(const char *name,
379 size_t object_size, size_t size, size_t align,
380 slab_flags_t flags, size_t useroffset,
381 size_t usersize, void (*ctor)(void *),
382 struct mem_cgroup *memcg, struct kmem_cache *root_cache)
384 struct kmem_cache *s;
387 if (WARN_ON(useroffset + usersize > object_size))
388 useroffset = usersize = 0;
391 s = kmem_cache_zalloc(kmem_cache, GFP_KERNEL);
396 s->object_size = object_size;
400 s->useroffset = useroffset;
401 s->usersize = usersize;
403 err = init_memcg_params(s, memcg, root_cache);
407 err = __kmem_cache_create(s, flags);
412 list_add(&s->list, &slab_caches);
420 destroy_memcg_params(s);
421 kmem_cache_free(kmem_cache, s);
426 * kmem_cache_create_usercopy - Create a cache.
427 * @name: A string which is used in /proc/slabinfo to identify this cache.
428 * @size: The size of objects to be created in this cache.
429 * @align: The required alignment for the objects.
431 * @useroffset: Usercopy region offset
432 * @usersize: Usercopy region size
433 * @ctor: A constructor for the objects.
435 * Returns a ptr to the cache on success, NULL on failure.
436 * Cannot be called within a interrupt, but can be interrupted.
437 * The @ctor is run when new pages are allocated by the cache.
441 * %SLAB_POISON - Poison the slab with a known test pattern (a5a5a5a5)
442 * to catch references to uninitialised memory.
444 * %SLAB_RED_ZONE - Insert `Red' zones around the allocated memory to check
445 * for buffer overruns.
447 * %SLAB_HWCACHE_ALIGN - Align the objects in this cache to a hardware
448 * cacheline. This can be beneficial if you're counting cycles as closely
452 kmem_cache_create_usercopy(const char *name, size_t size, size_t align,
453 slab_flags_t flags, size_t useroffset, size_t usersize,
454 void (*ctor)(void *))
456 struct kmem_cache *s = NULL;
457 const char *cache_name;
462 memcg_get_cache_ids();
464 mutex_lock(&slab_mutex);
466 err = kmem_cache_sanity_check(name, size);
471 /* Refuse requests with allocator specific flags */
472 if (flags & ~SLAB_FLAGS_PERMITTED) {
478 * Some allocators will constraint the set of valid flags to a subset
479 * of all flags. We expect them to define CACHE_CREATE_MASK in this
480 * case, and we'll just provide them with a sanitized version of the
483 flags &= CACHE_CREATE_MASK;
485 /* Fail closed on bad usersize of useroffset values. */
486 if (WARN_ON(!usersize && useroffset) ||
487 WARN_ON(size < usersize || size - usersize < useroffset))
488 usersize = useroffset = 0;
491 s = __kmem_cache_alias(name, size, align, flags, ctor);
495 cache_name = kstrdup_const(name, GFP_KERNEL);
501 s = create_cache(cache_name, size, size,
502 calculate_alignment(flags, align, size),
503 flags, useroffset, usersize, ctor, NULL, NULL);
506 kfree_const(cache_name);
510 mutex_unlock(&slab_mutex);
512 memcg_put_cache_ids();
517 if (flags & SLAB_PANIC)
518 panic("kmem_cache_create: Failed to create slab '%s'. Error %d\n",
521 pr_warn("kmem_cache_create(%s) failed with error %d\n",
529 EXPORT_SYMBOL(kmem_cache_create_usercopy);
532 kmem_cache_create(const char *name, size_t size, size_t align,
533 slab_flags_t flags, void (*ctor)(void *))
535 return kmem_cache_create_usercopy(name, size, align, flags, 0, 0,
538 EXPORT_SYMBOL(kmem_cache_create);
540 static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work)
542 LIST_HEAD(to_destroy);
543 struct kmem_cache *s, *s2;
546 * On destruction, SLAB_TYPESAFE_BY_RCU kmem_caches are put on the
547 * @slab_caches_to_rcu_destroy list. The slab pages are freed
548 * through RCU and and the associated kmem_cache are dereferenced
549 * while freeing the pages, so the kmem_caches should be freed only
550 * after the pending RCU operations are finished. As rcu_barrier()
551 * is a pretty slow operation, we batch all pending destructions
554 mutex_lock(&slab_mutex);
555 list_splice_init(&slab_caches_to_rcu_destroy, &to_destroy);
556 mutex_unlock(&slab_mutex);
558 if (list_empty(&to_destroy))
563 list_for_each_entry_safe(s, s2, &to_destroy, list) {
564 #ifdef SLAB_SUPPORTS_SYSFS
565 sysfs_slab_release(s);
567 slab_kmem_cache_release(s);
572 static int shutdown_cache(struct kmem_cache *s)
574 /* free asan quarantined objects */
575 kasan_cache_shutdown(s);
577 if (__kmem_cache_shutdown(s) != 0)
580 memcg_unlink_cache(s);
583 if (s->flags & SLAB_TYPESAFE_BY_RCU) {
584 list_add_tail(&s->list, &slab_caches_to_rcu_destroy);
585 schedule_work(&slab_caches_to_rcu_destroy_work);
587 #ifdef SLAB_SUPPORTS_SYSFS
588 sysfs_slab_release(s);
590 slab_kmem_cache_release(s);
597 #if defined(CONFIG_MEMCG) && !defined(CONFIG_SLOB)
599 * memcg_create_kmem_cache - Create a cache for a memory cgroup.
600 * @memcg: The memory cgroup the new cache is for.
601 * @root_cache: The parent of the new cache.
603 * This function attempts to create a kmem cache that will serve allocation
604 * requests going from @memcg to @root_cache. The new cache inherits properties
607 void memcg_create_kmem_cache(struct mem_cgroup *memcg,
608 struct kmem_cache *root_cache)
610 static char memcg_name_buf[NAME_MAX + 1]; /* protected by slab_mutex */
611 struct cgroup_subsys_state *css = &memcg->css;
612 struct memcg_cache_array *arr;
613 struct kmem_cache *s = NULL;
620 mutex_lock(&slab_mutex);
623 * The memory cgroup could have been offlined while the cache
624 * creation work was pending.
626 if (memcg->kmem_state != KMEM_ONLINE)
629 idx = memcg_cache_id(memcg);
630 arr = rcu_dereference_protected(root_cache->memcg_params.memcg_caches,
631 lockdep_is_held(&slab_mutex));
634 * Since per-memcg caches are created asynchronously on first
635 * allocation (see memcg_kmem_get_cache()), several threads can try to
636 * create the same cache, but only one of them may succeed.
638 if (arr->entries[idx])
641 cgroup_name(css->cgroup, memcg_name_buf, sizeof(memcg_name_buf));
642 cache_name = kasprintf(GFP_KERNEL, "%s(%llu:%s)", root_cache->name,
643 css->serial_nr, memcg_name_buf);
647 s = create_cache(cache_name, root_cache->object_size,
648 root_cache->size, root_cache->align,
649 root_cache->flags & CACHE_CREATE_MASK,
650 root_cache->useroffset, root_cache->usersize,
651 root_cache->ctor, memcg, root_cache);
653 * If we could not create a memcg cache, do not complain, because
654 * that's not critical at all as we can always proceed with the root
663 * Since readers won't lock (see cache_from_memcg_idx()), we need a
664 * barrier here to ensure nobody will see the kmem_cache partially
668 arr->entries[idx] = s;
671 mutex_unlock(&slab_mutex);
677 static void kmemcg_deactivate_workfn(struct work_struct *work)
679 struct kmem_cache *s = container_of(work, struct kmem_cache,
680 memcg_params.deact_work);
685 mutex_lock(&slab_mutex);
687 s->memcg_params.deact_fn(s);
689 mutex_unlock(&slab_mutex);
694 /* done, put the ref from slab_deactivate_memcg_cache_rcu_sched() */
695 css_put(&s->memcg_params.memcg->css);
698 static void kmemcg_deactivate_rcufn(struct rcu_head *head)
700 struct kmem_cache *s = container_of(head, struct kmem_cache,
701 memcg_params.deact_rcu_head);
704 * We need to grab blocking locks. Bounce to ->deact_work. The
705 * work item shares the space with the RCU head and can't be
706 * initialized eariler.
708 INIT_WORK(&s->memcg_params.deact_work, kmemcg_deactivate_workfn);
709 queue_work(memcg_kmem_cache_wq, &s->memcg_params.deact_work);
713 * slab_deactivate_memcg_cache_rcu_sched - schedule deactivation after a
714 * sched RCU grace period
715 * @s: target kmem_cache
716 * @deact_fn: deactivation function to call
718 * Schedule @deact_fn to be invoked with online cpus, mems and slab_mutex
719 * held after a sched RCU grace period. The slab is guaranteed to stay
720 * alive until @deact_fn is finished. This is to be used from
721 * __kmemcg_cache_deactivate().
723 void slab_deactivate_memcg_cache_rcu_sched(struct kmem_cache *s,
724 void (*deact_fn)(struct kmem_cache *))
726 if (WARN_ON_ONCE(is_root_cache(s)) ||
727 WARN_ON_ONCE(s->memcg_params.deact_fn))
730 /* pin memcg so that @s doesn't get destroyed in the middle */
731 css_get(&s->memcg_params.memcg->css);
733 s->memcg_params.deact_fn = deact_fn;
734 call_rcu_sched(&s->memcg_params.deact_rcu_head, kmemcg_deactivate_rcufn);
737 void memcg_deactivate_kmem_caches(struct mem_cgroup *memcg)
740 struct memcg_cache_array *arr;
741 struct kmem_cache *s, *c;
743 idx = memcg_cache_id(memcg);
748 mutex_lock(&slab_mutex);
749 list_for_each_entry(s, &slab_root_caches, root_caches_node) {
750 arr = rcu_dereference_protected(s->memcg_params.memcg_caches,
751 lockdep_is_held(&slab_mutex));
752 c = arr->entries[idx];
756 __kmemcg_cache_deactivate(c);
757 arr->entries[idx] = NULL;
759 mutex_unlock(&slab_mutex);
765 void memcg_destroy_kmem_caches(struct mem_cgroup *memcg)
767 struct kmem_cache *s, *s2;
772 mutex_lock(&slab_mutex);
773 list_for_each_entry_safe(s, s2, &memcg->kmem_caches,
774 memcg_params.kmem_caches_node) {
776 * The cgroup is about to be freed and therefore has no charges
777 * left. Hence, all its caches must be empty by now.
779 BUG_ON(shutdown_cache(s));
781 mutex_unlock(&slab_mutex);
787 static int shutdown_memcg_caches(struct kmem_cache *s)
789 struct memcg_cache_array *arr;
790 struct kmem_cache *c, *c2;
794 BUG_ON(!is_root_cache(s));
797 * First, shutdown active caches, i.e. caches that belong to online
800 arr = rcu_dereference_protected(s->memcg_params.memcg_caches,
801 lockdep_is_held(&slab_mutex));
802 for_each_memcg_cache_index(i) {
806 if (shutdown_cache(c))
808 * The cache still has objects. Move it to a temporary
809 * list so as not to try to destroy it for a second
810 * time while iterating over inactive caches below.
812 list_move(&c->memcg_params.children_node, &busy);
815 * The cache is empty and will be destroyed soon. Clear
816 * the pointer to it in the memcg_caches array so that
817 * it will never be accessed even if the root cache
820 arr->entries[i] = NULL;
824 * Second, shutdown all caches left from memory cgroups that are now
827 list_for_each_entry_safe(c, c2, &s->memcg_params.children,
828 memcg_params.children_node)
831 list_splice(&busy, &s->memcg_params.children);
834 * A cache being destroyed must be empty. In particular, this means
835 * that all per memcg caches attached to it must be empty too.
837 if (!list_empty(&s->memcg_params.children))
842 static inline int shutdown_memcg_caches(struct kmem_cache *s)
846 #endif /* CONFIG_MEMCG && !CONFIG_SLOB */
848 void slab_kmem_cache_release(struct kmem_cache *s)
850 __kmem_cache_release(s);
851 destroy_memcg_params(s);
852 kfree_const(s->name);
853 kmem_cache_free(kmem_cache, s);
856 void kmem_cache_destroy(struct kmem_cache *s)
866 mutex_lock(&slab_mutex);
872 err = shutdown_memcg_caches(s);
874 err = shutdown_cache(s);
877 pr_err("kmem_cache_destroy %s: Slab cache still has objects\n",
882 mutex_unlock(&slab_mutex);
887 EXPORT_SYMBOL(kmem_cache_destroy);
890 * kmem_cache_shrink - Shrink a cache.
891 * @cachep: The cache to shrink.
893 * Releases as many slabs as possible for a cache.
894 * To help debugging, a zero exit status indicates all slabs were released.
896 int kmem_cache_shrink(struct kmem_cache *cachep)
902 kasan_cache_shrink(cachep);
903 ret = __kmem_cache_shrink(cachep);
908 EXPORT_SYMBOL(kmem_cache_shrink);
910 bool slab_is_available(void)
912 return slab_state >= UP;
916 /* Create a cache during boot when no slab services are available yet */
917 void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t size,
918 slab_flags_t flags, size_t useroffset, size_t usersize)
923 s->size = s->object_size = size;
924 s->align = calculate_alignment(flags, ARCH_KMALLOC_MINALIGN, size);
925 s->useroffset = useroffset;
926 s->usersize = usersize;
928 slab_init_memcg_params(s);
930 err = __kmem_cache_create(s, flags);
933 panic("Creation of kmalloc slab %s size=%zu failed. Reason %d\n",
936 s->refcount = -1; /* Exempt from merging for now */
939 struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
940 slab_flags_t flags, size_t useroffset,
943 struct kmem_cache *s = kmem_cache_zalloc(kmem_cache, GFP_NOWAIT);
946 panic("Out of memory when creating slab %s\n", name);
948 create_boot_cache(s, name, size, flags, useroffset, usersize);
949 list_add(&s->list, &slab_caches);
955 struct kmem_cache *kmalloc_caches[KMALLOC_SHIFT_HIGH + 1];
956 EXPORT_SYMBOL(kmalloc_caches);
958 #ifdef CONFIG_ZONE_DMA
959 struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
960 EXPORT_SYMBOL(kmalloc_dma_caches);
964 * Conversion table for small slabs sizes / 8 to the index in the
965 * kmalloc array. This is necessary for slabs < 192 since we have non power
966 * of two cache sizes there. The size of larger slabs can be determined using
969 static s8 size_index[24] = {
996 static inline int size_index_elem(size_t bytes)
998 return (bytes - 1) / 8;
1002 * Find the kmem_cache structure that serves a given size of
1005 struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)
1009 if (unlikely(size > KMALLOC_MAX_SIZE)) {
1010 WARN_ON_ONCE(!(flags & __GFP_NOWARN));
1016 return ZERO_SIZE_PTR;
1018 index = size_index[size_index_elem(size)];
1020 index = fls(size - 1);
1022 #ifdef CONFIG_ZONE_DMA
1023 if (unlikely((flags & GFP_DMA)))
1024 return kmalloc_dma_caches[index];
1027 return kmalloc_caches[index];
1031 * kmalloc_info[] is to make slub_debug=,kmalloc-xx option work at boot time.
1032 * kmalloc_index() supports up to 2^26=64MB, so the final entry of the table is
1035 const struct kmalloc_info_struct kmalloc_info[] __initconst = {
1036 {NULL, 0}, {"kmalloc-96", 96},
1037 {"kmalloc-192", 192}, {"kmalloc-8", 8},
1038 {"kmalloc-16", 16}, {"kmalloc-32", 32},
1039 {"kmalloc-64", 64}, {"kmalloc-128", 128},
1040 {"kmalloc-256", 256}, {"kmalloc-512", 512},
1041 {"kmalloc-1024", 1024}, {"kmalloc-2048", 2048},
1042 {"kmalloc-4096", 4096}, {"kmalloc-8192", 8192},
1043 {"kmalloc-16384", 16384}, {"kmalloc-32768", 32768},
1044 {"kmalloc-65536", 65536}, {"kmalloc-131072", 131072},
1045 {"kmalloc-262144", 262144}, {"kmalloc-524288", 524288},
1046 {"kmalloc-1048576", 1048576}, {"kmalloc-2097152", 2097152},
1047 {"kmalloc-4194304", 4194304}, {"kmalloc-8388608", 8388608},
1048 {"kmalloc-16777216", 16777216}, {"kmalloc-33554432", 33554432},
1049 {"kmalloc-67108864", 67108864}
1053 * Patch up the size_index table if we have strange large alignment
1054 * requirements for the kmalloc array. This is only the case for
1055 * MIPS it seems. The standard arches will not generate any code here.
1057 * Largest permitted alignment is 256 bytes due to the way we
1058 * handle the index determination for the smaller caches.
1060 * Make sure that nothing crazy happens if someone starts tinkering
1061 * around with ARCH_KMALLOC_MINALIGN
1063 void __init setup_kmalloc_cache_index_table(void)
1067 BUILD_BUG_ON(KMALLOC_MIN_SIZE > 256 ||
1068 (KMALLOC_MIN_SIZE & (KMALLOC_MIN_SIZE - 1)));
1070 for (i = 8; i < KMALLOC_MIN_SIZE; i += 8) {
1071 int elem = size_index_elem(i);
1073 if (elem >= ARRAY_SIZE(size_index))
1075 size_index[elem] = KMALLOC_SHIFT_LOW;
1078 if (KMALLOC_MIN_SIZE >= 64) {
1080 * The 96 byte size cache is not used if the alignment
1083 for (i = 64 + 8; i <= 96; i += 8)
1084 size_index[size_index_elem(i)] = 7;
1088 if (KMALLOC_MIN_SIZE >= 128) {
1090 * The 192 byte sized cache is not used if the alignment
1091 * is 128 byte. Redirect kmalloc to use the 256 byte cache
1094 for (i = 128 + 8; i <= 192; i += 8)
1095 size_index[size_index_elem(i)] = 8;
1099 static void __init new_kmalloc_cache(int idx, slab_flags_t flags)
1101 kmalloc_caches[idx] = create_kmalloc_cache(kmalloc_info[idx].name,
1102 kmalloc_info[idx].size, flags, 0,
1103 kmalloc_info[idx].size);
1107 * Create the kmalloc array. Some of the regular kmalloc arrays
1108 * may already have been created because they were needed to
1109 * enable allocations for slab creation.
1111 void __init create_kmalloc_caches(slab_flags_t flags)
1115 for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) {
1116 if (!kmalloc_caches[i])
1117 new_kmalloc_cache(i, flags);
1120 * Caches that are not of the two-to-the-power-of size.
1121 * These have to be created immediately after the
1122 * earlier power of two caches
1124 if (KMALLOC_MIN_SIZE <= 32 && !kmalloc_caches[1] && i == 6)
1125 new_kmalloc_cache(1, flags);
1126 if (KMALLOC_MIN_SIZE <= 64 && !kmalloc_caches[2] && i == 7)
1127 new_kmalloc_cache(2, flags);
1130 /* Kmalloc array is now usable */
1133 #ifdef CONFIG_ZONE_DMA
1134 for (i = 0; i <= KMALLOC_SHIFT_HIGH; i++) {
1135 struct kmem_cache *s = kmalloc_caches[i];
1138 int size = kmalloc_size(i);
1139 char *n = kasprintf(GFP_NOWAIT,
1140 "dma-kmalloc-%d", size);
1143 kmalloc_dma_caches[i] = create_kmalloc_cache(n,
1144 size, SLAB_CACHE_DMA | flags, 0, 0);
1149 #endif /* !CONFIG_SLOB */
1152 * To avoid unnecessary overhead, we pass through large allocation requests
1153 * directly to the page allocator. We use __GFP_COMP, because we will need to
1154 * know the allocation order to free the pages properly in kfree.
1156 void *kmalloc_order(size_t size, gfp_t flags, unsigned int order)
1161 flags |= __GFP_COMP;
1162 page = alloc_pages(flags, order);
1163 ret = page ? page_address(page) : NULL;
1164 kmemleak_alloc(ret, size, 1, flags);
1165 kasan_kmalloc_large(ret, size, flags);
1168 EXPORT_SYMBOL(kmalloc_order);
1170 #ifdef CONFIG_TRACING
1171 void *kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order)
1173 void *ret = kmalloc_order(size, flags, order);
1174 trace_kmalloc(_RET_IP_, ret, size, PAGE_SIZE << order, flags);
1177 EXPORT_SYMBOL(kmalloc_order_trace);
1180 #ifdef CONFIG_SLAB_FREELIST_RANDOM
1181 /* Randomize a generic freelist */
1182 static void freelist_randomize(struct rnd_state *state, unsigned int *list,
1188 for (i = 0; i < count; i++)
1191 /* Fisher-Yates shuffle */
1192 for (i = count - 1; i > 0; i--) {
1193 rand = prandom_u32_state(state);
1195 swap(list[i], list[rand]);
1199 /* Create a random sequence per cache */
1200 int cache_random_seq_create(struct kmem_cache *cachep, unsigned int count,
1203 struct rnd_state state;
1205 if (count < 2 || cachep->random_seq)
1208 cachep->random_seq = kcalloc(count, sizeof(unsigned int), gfp);
1209 if (!cachep->random_seq)
1212 /* Get best entropy at this stage of boot */
1213 prandom_seed_state(&state, get_random_long());
1215 freelist_randomize(&state, cachep->random_seq, count);
1219 /* Destroy the per-cache random freelist sequence */
1220 void cache_random_seq_destroy(struct kmem_cache *cachep)
1222 kfree(cachep->random_seq);
1223 cachep->random_seq = NULL;
1225 #endif /* CONFIG_SLAB_FREELIST_RANDOM */
1227 #if defined(CONFIG_SLAB) || defined(CONFIG_SLUB_DEBUG)
1229 #define SLABINFO_RIGHTS (S_IWUSR | S_IRUSR)
1231 #define SLABINFO_RIGHTS S_IRUSR
1234 static void print_slabinfo_header(struct seq_file *m)
1237 * Output format version, so at least we can change it
1238 * without _too_ many complaints.
1240 #ifdef CONFIG_DEBUG_SLAB
1241 seq_puts(m, "slabinfo - version: 2.1 (statistics)\n");
1243 seq_puts(m, "slabinfo - version: 2.1\n");
1245 seq_puts(m, "# name <active_objs> <num_objs> <objsize> <objperslab> <pagesperslab>");
1246 seq_puts(m, " : tunables <limit> <batchcount> <sharedfactor>");
1247 seq_puts(m, " : slabdata <active_slabs> <num_slabs> <sharedavail>");
1248 #ifdef CONFIG_DEBUG_SLAB
1249 seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> <error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>");
1250 seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>");
1255 void *slab_start(struct seq_file *m, loff_t *pos)
1257 mutex_lock(&slab_mutex);
1258 return seq_list_start(&slab_root_caches, *pos);
1261 void *slab_next(struct seq_file *m, void *p, loff_t *pos)
1263 return seq_list_next(p, &slab_root_caches, pos);
1266 void slab_stop(struct seq_file *m, void *p)
1268 mutex_unlock(&slab_mutex);
1272 memcg_accumulate_slabinfo(struct kmem_cache *s, struct slabinfo *info)
1274 struct kmem_cache *c;
1275 struct slabinfo sinfo;
1277 if (!is_root_cache(s))
1280 for_each_memcg_cache(c, s) {
1281 memset(&sinfo, 0, sizeof(sinfo));
1282 get_slabinfo(c, &sinfo);
1284 info->active_slabs += sinfo.active_slabs;
1285 info->num_slabs += sinfo.num_slabs;
1286 info->shared_avail += sinfo.shared_avail;
1287 info->active_objs += sinfo.active_objs;
1288 info->num_objs += sinfo.num_objs;
1292 static void cache_show(struct kmem_cache *s, struct seq_file *m)
1294 struct slabinfo sinfo;
1296 memset(&sinfo, 0, sizeof(sinfo));
1297 get_slabinfo(s, &sinfo);
1299 memcg_accumulate_slabinfo(s, &sinfo);
1301 seq_printf(m, "%-17s %6lu %6lu %6u %4u %4d",
1302 cache_name(s), sinfo.active_objs, sinfo.num_objs, s->size,
1303 sinfo.objects_per_slab, (1 << sinfo.cache_order));
1305 seq_printf(m, " : tunables %4u %4u %4u",
1306 sinfo.limit, sinfo.batchcount, sinfo.shared);
1307 seq_printf(m, " : slabdata %6lu %6lu %6lu",
1308 sinfo.active_slabs, sinfo.num_slabs, sinfo.shared_avail);
1309 slabinfo_show_stats(m, s);
1313 static int slab_show(struct seq_file *m, void *p)
1315 struct kmem_cache *s = list_entry(p, struct kmem_cache, root_caches_node);
1317 if (p == slab_root_caches.next)
1318 print_slabinfo_header(m);
1323 void dump_unreclaimable_slab(void)
1325 struct kmem_cache *s, *s2;
1326 struct slabinfo sinfo;
1329 * Here acquiring slab_mutex is risky since we don't prefer to get
1330 * sleep in oom path. But, without mutex hold, it may introduce a
1332 * Use mutex_trylock to protect the list traverse, dump nothing
1333 * without acquiring the mutex.
1335 if (!mutex_trylock(&slab_mutex)) {
1336 pr_warn("excessive unreclaimable slab but cannot dump stats\n");
1340 pr_info("Unreclaimable slab info:\n");
1341 pr_info("Name Used Total\n");
1343 list_for_each_entry_safe(s, s2, &slab_caches, list) {
1344 if (!is_root_cache(s) || (s->flags & SLAB_RECLAIM_ACCOUNT))
1347 get_slabinfo(s, &sinfo);
1349 if (sinfo.num_objs > 0)
1350 pr_info("%-17s %10luKB %10luKB\n", cache_name(s),
1351 (sinfo.active_objs * s->size) / 1024,
1352 (sinfo.num_objs * s->size) / 1024);
1354 mutex_unlock(&slab_mutex);
1357 #if defined(CONFIG_MEMCG)
1358 void *memcg_slab_start(struct seq_file *m, loff_t *pos)
1360 struct mem_cgroup *memcg = mem_cgroup_from_css(seq_css(m));
1362 mutex_lock(&slab_mutex);
1363 return seq_list_start(&memcg->kmem_caches, *pos);
1366 void *memcg_slab_next(struct seq_file *m, void *p, loff_t *pos)
1368 struct mem_cgroup *memcg = mem_cgroup_from_css(seq_css(m));
1370 return seq_list_next(p, &memcg->kmem_caches, pos);
1373 void memcg_slab_stop(struct seq_file *m, void *p)
1375 mutex_unlock(&slab_mutex);
1378 int memcg_slab_show(struct seq_file *m, void *p)
1380 struct kmem_cache *s = list_entry(p, struct kmem_cache,
1381 memcg_params.kmem_caches_node);
1382 struct mem_cgroup *memcg = mem_cgroup_from_css(seq_css(m));
1384 if (p == memcg->kmem_caches.next)
1385 print_slabinfo_header(m);
1392 * slabinfo_op - iterator that generates /proc/slabinfo
1401 * num-pages-per-slab
1402 * + further values on SMP and with statistics enabled
1404 static const struct seq_operations slabinfo_op = {
1405 .start = slab_start,
1411 static int slabinfo_open(struct inode *inode, struct file *file)
1413 return seq_open(file, &slabinfo_op);
1416 static const struct file_operations proc_slabinfo_operations = {
1417 .open = slabinfo_open,
1419 .write = slabinfo_write,
1420 .llseek = seq_lseek,
1421 .release = seq_release,
1424 static int __init slab_proc_init(void)
1426 proc_create("slabinfo", SLABINFO_RIGHTS, NULL,
1427 &proc_slabinfo_operations);
1430 module_init(slab_proc_init);
1431 #endif /* CONFIG_SLAB || CONFIG_SLUB_DEBUG */
1433 static __always_inline void *__do_krealloc(const void *p, size_t new_size,
1442 if (ks >= new_size) {
1443 kasan_krealloc((void *)p, new_size, flags);
1447 ret = kmalloc_track_caller(new_size, flags);
1455 * __krealloc - like krealloc() but don't free @p.
1456 * @p: object to reallocate memory for.
1457 * @new_size: how many bytes of memory are required.
1458 * @flags: the type of memory to allocate.
1460 * This function is like krealloc() except it never frees the originally
1461 * allocated buffer. Use this if you don't want to free the buffer immediately
1462 * like, for example, with RCU.
1464 void *__krealloc(const void *p, size_t new_size, gfp_t flags)
1466 if (unlikely(!new_size))
1467 return ZERO_SIZE_PTR;
1469 return __do_krealloc(p, new_size, flags);
1472 EXPORT_SYMBOL(__krealloc);
1475 * krealloc - reallocate memory. The contents will remain unchanged.
1476 * @p: object to reallocate memory for.
1477 * @new_size: how many bytes of memory are required.
1478 * @flags: the type of memory to allocate.
1480 * The contents of the object pointed to are preserved up to the
1481 * lesser of the new and old sizes. If @p is %NULL, krealloc()
1482 * behaves exactly like kmalloc(). If @new_size is 0 and @p is not a
1483 * %NULL pointer, the object pointed to is freed.
1485 void *krealloc(const void *p, size_t new_size, gfp_t flags)
1489 if (unlikely(!new_size)) {
1491 return ZERO_SIZE_PTR;
1494 ret = __do_krealloc(p, new_size, flags);
1495 if (ret && p != ret)
1500 EXPORT_SYMBOL(krealloc);
1503 * kzfree - like kfree but zero memory
1504 * @p: object to free memory of
1506 * The memory of the object @p points to is zeroed before freed.
1507 * If @p is %NULL, kzfree() does nothing.
1509 * Note: this function zeroes the whole allocated buffer which can be a good
1510 * deal bigger than the requested buffer size passed to kmalloc(). So be
1511 * careful when using this function in performance sensitive code.
1513 void kzfree(const void *p)
1516 void *mem = (void *)p;
1518 if (unlikely(ZERO_OR_NULL_PTR(mem)))
1524 EXPORT_SYMBOL(kzfree);
1526 /* Tracepoints definitions. */
1527 EXPORT_TRACEPOINT_SYMBOL(kmalloc);
1528 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_alloc);
1529 EXPORT_TRACEPOINT_SYMBOL(kmalloc_node);
1530 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_alloc_node);
1531 EXPORT_TRACEPOINT_SYMBOL(kfree);
1532 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_free);