relay: prevent integer overflow in relay_open()
[linux-2.6.git] / mm / slob.c
blob8105be42cad13b9ba6d231de8fad5bf29af6de2f
1 /*
2 * SLOB Allocator: Simple List Of Blocks
4 * Matt Mackall <mpm@selenic.com> 12/30/03
6 * NUMA support by Paul Mundt, 2007.
8 * How SLOB works:
10 * The core of SLOB is a traditional K&R style heap allocator, with
11 * support for returning aligned objects. The granularity of this
12 * allocator is as little as 2 bytes, however typically most architectures
13 * will require 4 bytes on 32-bit and 8 bytes on 64-bit.
15 * The slob heap is a set of linked list of pages from alloc_pages(),
16 * and within each page, there is a singly-linked list of free blocks
17 * (slob_t). The heap is grown on demand. To reduce fragmentation,
18 * heap pages are segregated into three lists, with objects less than
19 * 256 bytes, objects less than 1024 bytes, and all other objects.
21 * Allocation from heap involves first searching for a page with
22 * sufficient free blocks (using a next-fit-like approach) followed by
23 * a first-fit scan of the page. Deallocation inserts objects back
24 * into the free list in address order, so this is effectively an
25 * address-ordered first fit.
27 * Above this is an implementation of kmalloc/kfree. Blocks returned
28 * from kmalloc are prepended with a 4-byte header with the kmalloc size.
29 * If kmalloc is asked for objects of PAGE_SIZE or larger, it calls
30 * alloc_pages() directly, allocating compound pages so the page order
31 * does not have to be separately tracked, and also stores the exact
32 * allocation size in page->private so that it can be used to accurately
33 * provide ksize(). These objects are detected in kfree() because slob_page()
34 * is false for them.
36 * SLAB is emulated on top of SLOB by simply calling constructors and
37 * destructors for every SLAB allocation. Objects are returned with the
38 * 4-byte alignment unless the SLAB_HWCACHE_ALIGN flag is set, in which
39 * case the low-level allocator will fragment blocks to create the proper
40 * alignment. Again, objects of page-size or greater are allocated by
41 * calling alloc_pages(). As SLAB objects know their size, no separate
42 * size bookkeeping is necessary and there is essentially no allocation
43 * space overhead, and compound pages aren't needed for multi-page
44 * allocations.
46 * NUMA support in SLOB is fairly simplistic, pushing most of the real
47 * logic down to the page allocator, and simply doing the node accounting
48 * on the upper levels. In the event that a node id is explicitly
49 * provided, alloc_pages_exact_node() with the specified node id is used
50 * instead. The common case (or when the node id isn't explicitly provided)
51 * will default to the current node, as per numa_node_id().
53 * Node aware pages are still inserted in to the global freelist, and
54 * these are scanned for by matching against the node id encoded in the
55 * page flags. As a result, block allocations that can be satisfied from
56 * the freelist will only be done so on pages residing on the same node,
57 * in order to prevent random node placement.
60 #include <linux/kernel.h>
61 #include <linux/slab.h>
62 #include <linux/mm.h>
63 #include <linux/swap.h> /* struct reclaim_state */
64 #include <linux/cache.h>
65 #include <linux/init.h>
66 #include <linux/export.h>
67 #include <linux/rcupdate.h>
68 #include <linux/list.h>
69 #include <linux/kmemleak.h>
71 #include <trace/events/kmem.h>
73 #include <linux/atomic.h>
76 * slob_block has a field 'units', which indicates size of block if +ve,
77 * or offset of next block if -ve (in SLOB_UNITs).
79 * Free blocks of size 1 unit simply contain the offset of the next block.
80 * Those with larger size contain their size in the first SLOB_UNIT of
81 * memory, and the offset of the next free block in the second SLOB_UNIT.
83 #if PAGE_SIZE <= (32767 * 2)
84 typedef s16 slobidx_t;
85 #else
86 typedef s32 slobidx_t;
87 #endif
89 struct slob_block {
90 slobidx_t units;
92 typedef struct slob_block slob_t;
95 * We use struct page fields to manage some slob allocation aspects,
96 * however to avoid the horrible mess in include/linux/mm_types.h, we'll
97 * just define our own struct page type variant here.
99 struct slob_page {
100 union {
101 struct {
102 unsigned long flags; /* mandatory */
103 atomic_t _count; /* mandatory */
104 slobidx_t units; /* free units left in page */
105 unsigned long pad[2];
106 slob_t *free; /* first free slob_t in page */
107 struct list_head list; /* linked list of free pages */
109 struct page page;
112 static inline void struct_slob_page_wrong_size(void)
113 { BUILD_BUG_ON(sizeof(struct slob_page) != sizeof(struct page)); }
116 * free_slob_page: call before a slob_page is returned to the page allocator.
118 static inline void free_slob_page(struct slob_page *sp)
120 reset_page_mapcount(&sp->page);
121 sp->page.mapping = NULL;
125 * All partially free slob pages go on these lists.
127 #define SLOB_BREAK1 256
128 #define SLOB_BREAK2 1024
129 static LIST_HEAD(free_slob_small);
130 static LIST_HEAD(free_slob_medium);
131 static LIST_HEAD(free_slob_large);
134 * is_slob_page: True for all slob pages (false for bigblock pages)
136 static inline int is_slob_page(struct slob_page *sp)
138 return PageSlab((struct page *)sp);
141 static inline void set_slob_page(struct slob_page *sp)
143 __SetPageSlab((struct page *)sp);
146 static inline void clear_slob_page(struct slob_page *sp)
148 __ClearPageSlab((struct page *)sp);
151 static inline struct slob_page *slob_page(const void *addr)
153 return (struct slob_page *)virt_to_page(addr);
157 * slob_page_free: true for pages on free_slob_pages list.
159 static inline int slob_page_free(struct slob_page *sp)
161 return PageSlobFree((struct page *)sp);
164 static void set_slob_page_free(struct slob_page *sp, struct list_head *list)
166 list_add(&sp->list, list);
167 __SetPageSlobFree((struct page *)sp);
170 static inline void clear_slob_page_free(struct slob_page *sp)
172 list_del(&sp->list);
173 __ClearPageSlobFree((struct page *)sp);
176 #define SLOB_UNIT sizeof(slob_t)
177 #define SLOB_UNITS(size) (((size) + SLOB_UNIT - 1)/SLOB_UNIT)
178 #define SLOB_ALIGN L1_CACHE_BYTES
181 * struct slob_rcu is inserted at the tail of allocated slob blocks, which
182 * were created with a SLAB_DESTROY_BY_RCU slab. slob_rcu is used to free
183 * the block using call_rcu.
185 struct slob_rcu {
186 struct rcu_head head;
187 int size;
191 * slob_lock protects all slob allocator structures.
193 static DEFINE_SPINLOCK(slob_lock);
196 * Encode the given size and next info into a free slob block s.
198 static void set_slob(slob_t *s, slobidx_t size, slob_t *next)
200 slob_t *base = (slob_t *)((unsigned long)s & PAGE_MASK);
201 slobidx_t offset = next - base;
203 if (size > 1) {
204 s[0].units = size;
205 s[1].units = offset;
206 } else
207 s[0].units = -offset;
211 * Return the size of a slob block.
213 static slobidx_t slob_units(slob_t *s)
215 if (s->units > 0)
216 return s->units;
217 return 1;
221 * Return the next free slob block pointer after this one.
223 static slob_t *slob_next(slob_t *s)
225 slob_t *base = (slob_t *)((unsigned long)s & PAGE_MASK);
226 slobidx_t next;
228 if (s[0].units < 0)
229 next = -s[0].units;
230 else
231 next = s[1].units;
232 return base+next;
236 * Returns true if s is the last free block in its page.
238 static int slob_last(slob_t *s)
240 return !((unsigned long)slob_next(s) & ~PAGE_MASK);
243 static void *slob_new_pages(gfp_t gfp, int order, int node)
245 void *page;
247 #ifdef CONFIG_NUMA
248 if (node != -1)
249 page = alloc_pages_exact_node(node, gfp, order);
250 else
251 #endif
252 page = alloc_pages(gfp, order);
254 if (!page)
255 return NULL;
257 return page_address(page);
260 static void slob_free_pages(void *b, int order)
262 if (current->reclaim_state)
263 current->reclaim_state->reclaimed_slab += 1 << order;
264 free_pages((unsigned long)b, order);
268 * Allocate a slob block within a given slob_page sp.
270 static void *slob_page_alloc(struct slob_page *sp, size_t size, int align)
272 slob_t *prev, *cur, *aligned = NULL;
273 int delta = 0, units = SLOB_UNITS(size);
275 for (prev = NULL, cur = sp->free; ; prev = cur, cur = slob_next(cur)) {
276 slobidx_t avail = slob_units(cur);
278 if (align) {
279 aligned = (slob_t *)ALIGN((unsigned long)cur, align);
280 delta = aligned - cur;
282 if (avail >= units + delta) { /* room enough? */
283 slob_t *next;
285 if (delta) { /* need to fragment head to align? */
286 next = slob_next(cur);
287 set_slob(aligned, avail - delta, next);
288 set_slob(cur, delta, aligned);
289 prev = cur;
290 cur = aligned;
291 avail = slob_units(cur);
294 next = slob_next(cur);
295 if (avail == units) { /* exact fit? unlink. */
296 if (prev)
297 set_slob(prev, slob_units(prev), next);
298 else
299 sp->free = next;
300 } else { /* fragment */
301 if (prev)
302 set_slob(prev, slob_units(prev), cur + units);
303 else
304 sp->free = cur + units;
305 set_slob(cur + units, avail - units, next);
308 sp->units -= units;
309 if (!sp->units)
310 clear_slob_page_free(sp);
311 return cur;
313 if (slob_last(cur))
314 return NULL;
319 * slob_alloc: entry point into the slob allocator.
321 static void *slob_alloc(size_t size, gfp_t gfp, int align, int node)
323 struct slob_page *sp;
324 struct list_head *prev;
325 struct list_head *slob_list;
326 slob_t *b = NULL;
327 unsigned long flags;
329 if (size < SLOB_BREAK1)
330 slob_list = &free_slob_small;
331 else if (size < SLOB_BREAK2)
332 slob_list = &free_slob_medium;
333 else
334 slob_list = &free_slob_large;
336 spin_lock_irqsave(&slob_lock, flags);
337 /* Iterate through each partially free page, try to find room */
338 list_for_each_entry(sp, slob_list, list) {
339 #ifdef CONFIG_NUMA
341 * If there's a node specification, search for a partial
342 * page with a matching node id in the freelist.
344 if (node != -1 && page_to_nid(&sp->page) != node)
345 continue;
346 #endif
347 /* Enough room on this page? */
348 if (sp->units < SLOB_UNITS(size))
349 continue;
351 /* Attempt to alloc */
352 prev = sp->list.prev;
353 b = slob_page_alloc(sp, size, align);
354 if (!b)
355 continue;
357 /* Improve fragment distribution and reduce our average
358 * search time by starting our next search here. (see
359 * Knuth vol 1, sec 2.5, pg 449) */
360 if (prev != slob_list->prev &&
361 slob_list->next != prev->next)
362 list_move_tail(slob_list, prev->next);
363 break;
365 spin_unlock_irqrestore(&slob_lock, flags);
367 /* Not enough space: must allocate a new page */
368 if (!b) {
369 b = slob_new_pages(gfp & ~__GFP_ZERO, 0, node);
370 if (!b)
371 return NULL;
372 sp = slob_page(b);
373 set_slob_page(sp);
375 spin_lock_irqsave(&slob_lock, flags);
376 sp->units = SLOB_UNITS(PAGE_SIZE);
377 sp->free = b;
378 INIT_LIST_HEAD(&sp->list);
379 set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE));
380 set_slob_page_free(sp, slob_list);
381 b = slob_page_alloc(sp, size, align);
382 BUG_ON(!b);
383 spin_unlock_irqrestore(&slob_lock, flags);
385 if (unlikely((gfp & __GFP_ZERO) && b))
386 memset(b, 0, size);
387 return b;
391 * slob_free: entry point into the slob allocator.
393 static void slob_free(void *block, int size)
395 struct slob_page *sp;
396 slob_t *prev, *next, *b = (slob_t *)block;
397 slobidx_t units;
398 unsigned long flags;
399 struct list_head *slob_list;
401 if (unlikely(ZERO_OR_NULL_PTR(block)))
402 return;
403 BUG_ON(!size);
405 sp = slob_page(block);
406 units = SLOB_UNITS(size);
408 spin_lock_irqsave(&slob_lock, flags);
410 if (sp->units + units == SLOB_UNITS(PAGE_SIZE)) {
411 /* Go directly to page allocator. Do not pass slob allocator */
412 if (slob_page_free(sp))
413 clear_slob_page_free(sp);
414 spin_unlock_irqrestore(&slob_lock, flags);
415 clear_slob_page(sp);
416 free_slob_page(sp);
417 slob_free_pages(b, 0);
418 return;
421 if (!slob_page_free(sp)) {
422 /* This slob page is about to become partially free. Easy! */
423 sp->units = units;
424 sp->free = b;
425 set_slob(b, units,
426 (void *)((unsigned long)(b +
427 SLOB_UNITS(PAGE_SIZE)) & PAGE_MASK));
428 if (size < SLOB_BREAK1)
429 slob_list = &free_slob_small;
430 else if (size < SLOB_BREAK2)
431 slob_list = &free_slob_medium;
432 else
433 slob_list = &free_slob_large;
434 set_slob_page_free(sp, slob_list);
435 goto out;
439 * Otherwise the page is already partially free, so find reinsertion
440 * point.
442 sp->units += units;
444 if (b < sp->free) {
445 if (b + units == sp->free) {
446 units += slob_units(sp->free);
447 sp->free = slob_next(sp->free);
449 set_slob(b, units, sp->free);
450 sp->free = b;
451 } else {
452 prev = sp->free;
453 next = slob_next(prev);
454 while (b > next) {
455 prev = next;
456 next = slob_next(prev);
459 if (!slob_last(prev) && b + units == next) {
460 units += slob_units(next);
461 set_slob(b, units, slob_next(next));
462 } else
463 set_slob(b, units, next);
465 if (prev + slob_units(prev) == b) {
466 units = slob_units(b) + slob_units(prev);
467 set_slob(prev, units, slob_next(b));
468 } else
469 set_slob(prev, slob_units(prev), b);
471 out:
472 spin_unlock_irqrestore(&slob_lock, flags);
476 * End of slob allocator proper. Begin kmem_cache_alloc and kmalloc frontend.
479 void *__kmalloc_node(size_t size, gfp_t gfp, int node)
481 unsigned int *m;
482 int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
483 void *ret;
485 gfp &= gfp_allowed_mask;
487 lockdep_trace_alloc(gfp);
489 if (size < PAGE_SIZE - align) {
490 if (!size)
491 return ZERO_SIZE_PTR;
493 m = slob_alloc(size + align, gfp, align, node);
495 if (!m)
496 return NULL;
497 *m = size;
498 ret = (void *)m + align;
500 trace_kmalloc_node(_RET_IP_, ret,
501 size, size + align, gfp, node);
502 } else {
503 unsigned int order = get_order(size);
505 if (likely(order))
506 gfp |= __GFP_COMP;
507 ret = slob_new_pages(gfp, order, node);
508 if (ret) {
509 struct page *page;
510 page = virt_to_page(ret);
511 page->private = size;
514 trace_kmalloc_node(_RET_IP_, ret,
515 size, PAGE_SIZE << order, gfp, node);
518 kmemleak_alloc(ret, size, 1, gfp);
519 return ret;
521 EXPORT_SYMBOL(__kmalloc_node);
523 void kfree(const void *block)
525 struct slob_page *sp;
527 trace_kfree(_RET_IP_, block);
529 if (unlikely(ZERO_OR_NULL_PTR(block)))
530 return;
531 kmemleak_free(block);
533 sp = slob_page(block);
534 if (is_slob_page(sp)) {
535 int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
536 unsigned int *m = (unsigned int *)(block - align);
537 slob_free(m, *m + align);
538 } else
539 put_page(&sp->page);
541 EXPORT_SYMBOL(kfree);
543 /* can't use ksize for kmem_cache_alloc memory, only kmalloc */
544 size_t ksize(const void *block)
546 struct slob_page *sp;
548 BUG_ON(!block);
549 if (unlikely(block == ZERO_SIZE_PTR))
550 return 0;
552 sp = slob_page(block);
553 if (is_slob_page(sp)) {
554 int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
555 unsigned int *m = (unsigned int *)(block - align);
556 return SLOB_UNITS(*m) * SLOB_UNIT;
557 } else
558 return sp->page.private;
560 EXPORT_SYMBOL(ksize);
562 struct kmem_cache {
563 unsigned int size, align;
564 unsigned long flags;
565 const char *name;
566 void (*ctor)(void *);
569 struct kmem_cache *kmem_cache_create(const char *name, size_t size,
570 size_t align, unsigned long flags, void (*ctor)(void *))
572 struct kmem_cache *c;
574 c = slob_alloc(sizeof(struct kmem_cache),
575 GFP_KERNEL, ARCH_KMALLOC_MINALIGN, -1);
577 if (c) {
578 c->name = name;
579 c->size = size;
580 if (flags & SLAB_DESTROY_BY_RCU) {
581 /* leave room for rcu footer at the end of object */
582 c->size += sizeof(struct slob_rcu);
584 c->flags = flags;
585 c->ctor = ctor;
586 /* ignore alignment unless it's forced */
587 c->align = (flags & SLAB_HWCACHE_ALIGN) ? SLOB_ALIGN : 0;
588 if (c->align < ARCH_SLAB_MINALIGN)
589 c->align = ARCH_SLAB_MINALIGN;
590 if (c->align < align)
591 c->align = align;
592 } else if (flags & SLAB_PANIC)
593 panic("Cannot create slab cache %s\n", name);
595 kmemleak_alloc(c, sizeof(struct kmem_cache), 1, GFP_KERNEL);
596 return c;
598 EXPORT_SYMBOL(kmem_cache_create);
600 void kmem_cache_destroy(struct kmem_cache *c)
602 kmemleak_free(c);
603 if (c->flags & SLAB_DESTROY_BY_RCU)
604 rcu_barrier();
605 slob_free(c, sizeof(struct kmem_cache));
607 EXPORT_SYMBOL(kmem_cache_destroy);
609 void *kmem_cache_alloc_node(struct kmem_cache *c, gfp_t flags, int node)
611 void *b;
613 flags &= gfp_allowed_mask;
615 lockdep_trace_alloc(flags);
617 if (c->size < PAGE_SIZE) {
618 b = slob_alloc(c->size, flags, c->align, node);
619 trace_kmem_cache_alloc_node(_RET_IP_, b, c->size,
620 SLOB_UNITS(c->size) * SLOB_UNIT,
621 flags, node);
622 } else {
623 b = slob_new_pages(flags, get_order(c->size), node);
624 trace_kmem_cache_alloc_node(_RET_IP_, b, c->size,
625 PAGE_SIZE << get_order(c->size),
626 flags, node);
629 if (c->ctor)
630 c->ctor(b);
632 kmemleak_alloc_recursive(b, c->size, 1, c->flags, flags);
633 return b;
635 EXPORT_SYMBOL(kmem_cache_alloc_node);
637 static void __kmem_cache_free(void *b, int size)
639 if (size < PAGE_SIZE)
640 slob_free(b, size);
641 else
642 slob_free_pages(b, get_order(size));
645 static void kmem_rcu_free(struct rcu_head *head)
647 struct slob_rcu *slob_rcu = (struct slob_rcu *)head;
648 void *b = (void *)slob_rcu - (slob_rcu->size - sizeof(struct slob_rcu));
650 __kmem_cache_free(b, slob_rcu->size);
653 void kmem_cache_free(struct kmem_cache *c, void *b)
655 kmemleak_free_recursive(b, c->flags);
656 if (unlikely(c->flags & SLAB_DESTROY_BY_RCU)) {
657 struct slob_rcu *slob_rcu;
658 slob_rcu = b + (c->size - sizeof(struct slob_rcu));
659 slob_rcu->size = c->size;
660 call_rcu(&slob_rcu->head, kmem_rcu_free);
661 } else {
662 __kmem_cache_free(b, c->size);
665 trace_kmem_cache_free(_RET_IP_, b);
667 EXPORT_SYMBOL(kmem_cache_free);
669 unsigned int kmem_cache_size(struct kmem_cache *c)
671 return c->size;
673 EXPORT_SYMBOL(kmem_cache_size);
675 int kmem_cache_shrink(struct kmem_cache *d)
677 return 0;
679 EXPORT_SYMBOL(kmem_cache_shrink);
681 static unsigned int slob_ready __read_mostly;
683 int slab_is_available(void)
685 return slob_ready;
688 void __init kmem_cache_init(void)
690 slob_ready = 1;
693 void __init kmem_cache_init_late(void)
695 /* Nothing to do */