2 * SLUB: A slab allocator that limits cache line use instead of queuing
3 * objects in per cpu and per node lists.
5 * The allocator synchronizes using per slab locks and only
6 * uses a centralized lock to manage a pool of partial slabs.
8 * (C) 2007 SGI, Christoph Lameter <clameter@sgi.com>
12 #include <linux/module.h>
13 #include <linux/bit_spinlock.h>
14 #include <linux/interrupt.h>
15 #include <linux/bitops.h>
16 #include <linux/slab.h>
17 #include <linux/seq_file.h>
18 #include <linux/cpu.h>
19 #include <linux/cpuset.h>
20 #include <linux/mempolicy.h>
21 #include <linux/ctype.h>
22 #include <linux/kallsyms.h>
29 * The slab_lock protects operations on the object of a particular
30 * slab and its metadata in the page struct. If the slab lock
31 * has been taken then no allocations nor frees can be performed
32 * on the objects in the slab nor can the slab be added or removed
33 * from the partial or full lists since this would mean modifying
34 * the page_struct of the slab.
36 * The list_lock protects the partial and full list on each node and
37 * the partial slab counter. If taken then no new slabs may be added or
38 * removed from the lists nor make the number of partial slabs be modified.
39 * (Note that the total number of slabs is an atomic value that may be
40 * modified without taking the list lock).
42 * The list_lock is a centralized lock and thus we avoid taking it as
43 * much as possible. As long as SLUB does not have to handle partial
44 * slabs, operations can continue without any centralized lock. F.e.
45 * allocating a long series of objects that fill up slabs does not require
48 * The lock order is sometimes inverted when we are trying to get a slab
49 * off a list. We take the list_lock and then look for a page on the list
50 * to use. While we do that objects in the slabs may be freed. We can
51 * only operate on the slab if we have also taken the slab_lock. So we use
52 * a slab_trylock() on the slab. If trylock was successful then no frees
53 * can occur anymore and we can use the slab for allocations etc. If the
54 * slab_trylock() does not succeed then frees are in progress in the slab and
55 * we must stay away from it for a while since we may cause a bouncing
56 * cacheline if we try to acquire the lock. So go onto the next slab.
57 * If all pages are busy then we may allocate a new slab instead of reusing
58 * a partial slab. A new slab has noone operating on it and thus there is
59 * no danger of cacheline contention.
61 * Interrupts are disabled during allocation and deallocation in order to
62 * make the slab allocator safe to use in the context of an irq. In addition
63 * interrupts are disabled to ensure that the processor does not change
64 * while handling per_cpu slabs, due to kernel preemption.
66 * SLUB assigns one slab for allocation to each processor.
67 * Allocations only occur from these slabs called cpu slabs.
69 * Slabs with free elements are kept on a partial list and during regular
70 * operations no list for full slabs is used. If an object in a full slab is
71 * freed then the slab will show up again on the partial lists.
72 * We track full slabs for debugging purposes though because otherwise we
73 * cannot scan all objects.
75 * Slabs are freed when they become empty. Teardown and setup is
76 * minimal so we rely on the page allocators per cpu caches for
77 * fast frees and allocs.
79 * Overloading of page flags that are otherwise used for LRU management.
81 * PageActive The slab is used as a cpu cache. Allocations
82 * may be performed from the slab. The slab is not
83 * on any slab list and cannot be moved onto one.
85 * PageError Slab requires special handling due to debug
86 * options set. This moves slab handling out of
90 static inline int SlabDebug(struct page
*page
)
92 #ifdef CONFIG_SLUB_DEBUG
93 return PageError(page
);
99 static inline void SetSlabDebug(struct page
*page
)
101 #ifdef CONFIG_SLUB_DEBUG
106 static inline void ClearSlabDebug(struct page
*page
)
108 #ifdef CONFIG_SLUB_DEBUG
109 ClearPageError(page
);
114 * Issues still to be resolved:
116 * - The per cpu array is updated for each new slab and and is a remote
117 * cacheline for most nodes. This could become a bouncing cacheline given
118 * enough frequent updates. There are 16 pointers in a cacheline, so at
119 * max 16 cpus could compete for the cacheline which may be okay.
121 * - Support PAGE_ALLOC_DEBUG. Should be easy to do.
123 * - Variable sizing of the per node arrays
126 /* Enable to test recovery from slab corruption on boot */
127 #undef SLUB_RESILIENCY_TEST
132 * Small page size. Make sure that we do not fragment memory
134 #define DEFAULT_MAX_ORDER 1
135 #define DEFAULT_MIN_OBJECTS 4
140 * Large page machines are customarily able to handle larger
143 #define DEFAULT_MAX_ORDER 2
144 #define DEFAULT_MIN_OBJECTS 8
149 * Mininum number of partial slabs. These will be left on the partial
150 * lists even if they are empty. kmem_cache_shrink may reclaim them.
152 #define MIN_PARTIAL 2
155 * Maximum number of desirable partial slabs.
156 * The existence of more partial slabs makes kmem_cache_shrink
157 * sort the partial list by the number of objects in the.
159 #define MAX_PARTIAL 10
161 #define DEBUG_DEFAULT_FLAGS (SLAB_DEBUG_FREE | SLAB_RED_ZONE | \
162 SLAB_POISON | SLAB_STORE_USER)
165 * Set of flags that will prevent slab merging
167 #define SLUB_NEVER_MERGE (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \
168 SLAB_TRACE | SLAB_DESTROY_BY_RCU)
170 #define SLUB_MERGE_SAME (SLAB_DEBUG_FREE | SLAB_RECLAIM_ACCOUNT | \
173 #ifndef ARCH_KMALLOC_MINALIGN
174 #define ARCH_KMALLOC_MINALIGN __alignof__(unsigned long long)
177 #ifndef ARCH_SLAB_MINALIGN
178 #define ARCH_SLAB_MINALIGN __alignof__(unsigned long long)
181 /* Internal SLUB flags */
182 #define __OBJECT_POISON 0x80000000 /* Poison object */
184 /* Not all arches define cache_line_size */
185 #ifndef cache_line_size
186 #define cache_line_size() L1_CACHE_BYTES
189 static int kmem_size
= sizeof(struct kmem_cache
);
192 static struct notifier_block slab_notifier
;
196 DOWN
, /* No slab functionality available */
197 PARTIAL
, /* kmem_cache_open() works but kmalloc does not */
198 UP
, /* Everything works but does not show up in sysfs */
202 /* A list of all slab caches on the system */
203 static DECLARE_RWSEM(slub_lock
);
204 LIST_HEAD(slab_caches
);
207 * Tracking user of a slab.
210 void *addr
; /* Called from address */
211 int cpu
; /* Was running on cpu */
212 int pid
; /* Pid context */
213 unsigned long when
; /* When did the operation occur */
216 enum track_item
{ TRACK_ALLOC
, TRACK_FREE
};
218 #if defined(CONFIG_SYSFS) && defined(CONFIG_SLUB_DEBUG)
219 static int sysfs_slab_add(struct kmem_cache
*);
220 static int sysfs_slab_alias(struct kmem_cache
*, const char *);
221 static void sysfs_slab_remove(struct kmem_cache
*);
223 static int sysfs_slab_add(struct kmem_cache
*s
) { return 0; }
224 static int sysfs_slab_alias(struct kmem_cache
*s
, const char *p
) { return 0; }
225 static void sysfs_slab_remove(struct kmem_cache
*s
) {}
228 /********************************************************************
229 * Core slab cache functions
230 *******************************************************************/
232 int slab_is_available(void)
234 return slab_state
>= UP
;
237 static inline struct kmem_cache_node
*get_node(struct kmem_cache
*s
, int node
)
240 return s
->node
[node
];
242 return &s
->local_node
;
246 static inline int check_valid_pointer(struct kmem_cache
*s
,
247 struct page
*page
, const void *object
)
254 base
= page_address(page
);
255 if (object
< base
|| object
>= base
+ s
->objects
* s
->size
||
256 (object
- base
) % s
->size
) {
264 * Slow version of get and set free pointer.
266 * This version requires touching the cache lines of kmem_cache which
267 * we avoid to do in the fast alloc free paths. There we obtain the offset
268 * from the page struct.
270 static inline void *get_freepointer(struct kmem_cache
*s
, void *object
)
272 return *(void **)(object
+ s
->offset
);
275 static inline void set_freepointer(struct kmem_cache
*s
, void *object
, void *fp
)
277 *(void **)(object
+ s
->offset
) = fp
;
280 /* Loop over all objects in a slab */
281 #define for_each_object(__p, __s, __addr) \
282 for (__p = (__addr); __p < (__addr) + (__s)->objects * (__s)->size;\
286 #define for_each_free_object(__p, __s, __free) \
287 for (__p = (__free); __p; __p = get_freepointer((__s), __p))
289 /* Determine object index from a given position */
290 static inline int slab_index(void *p
, struct kmem_cache
*s
, void *addr
)
292 return (p
- addr
) / s
->size
;
295 #ifdef CONFIG_SLUB_DEBUG
299 static int slub_debug
;
301 static char *slub_debug_slabs
;
306 static void print_section(char *text
, u8
*addr
, unsigned int length
)
314 for (i
= 0; i
< length
; i
++) {
316 printk(KERN_ERR
"%10s 0x%p: ", text
, addr
+ i
);
319 printk(" %02x", addr
[i
]);
321 ascii
[offset
] = isgraph(addr
[i
]) ? addr
[i
] : '.';
323 printk(" %s\n",ascii
);
334 printk(" %s\n", ascii
);
338 static struct track
*get_track(struct kmem_cache
*s
, void *object
,
339 enum track_item alloc
)
344 p
= object
+ s
->offset
+ sizeof(void *);
346 p
= object
+ s
->inuse
;
351 static void set_track(struct kmem_cache
*s
, void *object
,
352 enum track_item alloc
, void *addr
)
357 p
= object
+ s
->offset
+ sizeof(void *);
359 p
= object
+ s
->inuse
;
364 p
->cpu
= smp_processor_id();
365 p
->pid
= current
? current
->pid
: -1;
368 memset(p
, 0, sizeof(struct track
));
371 static void init_tracking(struct kmem_cache
*s
, void *object
)
373 if (s
->flags
& SLAB_STORE_USER
) {
374 set_track(s
, object
, TRACK_FREE
, NULL
);
375 set_track(s
, object
, TRACK_ALLOC
, NULL
);
379 static void print_track(const char *s
, struct track
*t
)
384 printk(KERN_ERR
"%s: ", s
);
385 __print_symbol("%s", (unsigned long)t
->addr
);
386 printk(" jiffies_ago=%lu cpu=%u pid=%d\n", jiffies
- t
->when
, t
->cpu
, t
->pid
);
389 static void print_trailer(struct kmem_cache
*s
, u8
*p
)
391 unsigned int off
; /* Offset of last byte */
393 if (s
->flags
& SLAB_RED_ZONE
)
394 print_section("Redzone", p
+ s
->objsize
,
395 s
->inuse
- s
->objsize
);
397 printk(KERN_ERR
"FreePointer 0x%p -> 0x%p\n",
399 get_freepointer(s
, p
));
402 off
= s
->offset
+ sizeof(void *);
406 if (s
->flags
& SLAB_STORE_USER
) {
407 print_track("Last alloc", get_track(s
, p
, TRACK_ALLOC
));
408 print_track("Last free ", get_track(s
, p
, TRACK_FREE
));
409 off
+= 2 * sizeof(struct track
);
413 /* Beginning of the filler is the free pointer */
414 print_section("Filler", p
+ off
, s
->size
- off
);
417 static void object_err(struct kmem_cache
*s
, struct page
*page
,
418 u8
*object
, char *reason
)
420 u8
*addr
= page_address(page
);
422 printk(KERN_ERR
"*** SLUB %s: %s@0x%p slab 0x%p\n",
423 s
->name
, reason
, object
, page
);
424 printk(KERN_ERR
" offset=%tu flags=0x%04lx inuse=%u freelist=0x%p\n",
425 object
- addr
, page
->flags
, page
->inuse
, page
->freelist
);
426 if (object
> addr
+ 16)
427 print_section("Bytes b4", object
- 16, 16);
428 print_section("Object", object
, min(s
->objsize
, 128));
429 print_trailer(s
, object
);
433 static void slab_err(struct kmem_cache
*s
, struct page
*page
, char *reason
, ...)
438 va_start(args
, reason
);
439 vsnprintf(buf
, sizeof(buf
), reason
, args
);
441 printk(KERN_ERR
"*** SLUB %s: %s in slab @0x%p\n", s
->name
, buf
,
446 static void init_object(struct kmem_cache
*s
, void *object
, int active
)
450 if (s
->flags
& __OBJECT_POISON
) {
451 memset(p
, POISON_FREE
, s
->objsize
- 1);
452 p
[s
->objsize
-1] = POISON_END
;
455 if (s
->flags
& SLAB_RED_ZONE
)
456 memset(p
+ s
->objsize
,
457 active
? SLUB_RED_ACTIVE
: SLUB_RED_INACTIVE
,
458 s
->inuse
- s
->objsize
);
461 static int check_bytes(u8
*start
, unsigned int value
, unsigned int bytes
)
464 if (*start
!= (u8
)value
)
476 * Bytes of the object to be managed.
477 * If the freepointer may overlay the object then the free
478 * pointer is the first word of the object.
480 * Poisoning uses 0x6b (POISON_FREE) and the last byte is
483 * object + s->objsize
484 * Padding to reach word boundary. This is also used for Redzoning.
485 * Padding is extended by another word if Redzoning is enabled and
488 * We fill with 0xbb (RED_INACTIVE) for inactive objects and with
489 * 0xcc (RED_ACTIVE) for objects in use.
492 * Meta data starts here.
494 * A. Free pointer (if we cannot overwrite object on free)
495 * B. Tracking data for SLAB_STORE_USER
496 * C. Padding to reach required alignment boundary or at mininum
497 * one word if debuggin is on to be able to detect writes
498 * before the word boundary.
500 * Padding is done using 0x5a (POISON_INUSE)
503 * Nothing is used beyond s->size.
505 * If slabcaches are merged then the objsize and inuse boundaries are mostly
506 * ignored. And therefore no slab options that rely on these boundaries
507 * may be used with merged slabcaches.
510 static void restore_bytes(struct kmem_cache
*s
, char *message
, u8 data
,
511 void *from
, void *to
)
513 printk(KERN_ERR
"@@@ SLUB %s: Restoring %s (0x%x) from 0x%p-0x%p\n",
514 s
->name
, message
, data
, from
, to
- 1);
515 memset(from
, data
, to
- from
);
518 static int check_pad_bytes(struct kmem_cache
*s
, struct page
*page
, u8
*p
)
520 unsigned long off
= s
->inuse
; /* The end of info */
523 /* Freepointer is placed after the object. */
524 off
+= sizeof(void *);
526 if (s
->flags
& SLAB_STORE_USER
)
527 /* We also have user information there */
528 off
+= 2 * sizeof(struct track
);
533 if (check_bytes(p
+ off
, POISON_INUSE
, s
->size
- off
))
536 object_err(s
, page
, p
, "Object padding check fails");
541 restore_bytes(s
, "object padding", POISON_INUSE
, p
+ off
, p
+ s
->size
);
545 static int slab_pad_check(struct kmem_cache
*s
, struct page
*page
)
548 int length
, remainder
;
550 if (!(s
->flags
& SLAB_POISON
))
553 p
= page_address(page
);
554 length
= s
->objects
* s
->size
;
555 remainder
= (PAGE_SIZE
<< s
->order
) - length
;
559 if (!check_bytes(p
+ length
, POISON_INUSE
, remainder
)) {
560 slab_err(s
, page
, "Padding check failed");
561 restore_bytes(s
, "slab padding", POISON_INUSE
, p
+ length
,
562 p
+ length
+ remainder
);
568 static int check_object(struct kmem_cache
*s
, struct page
*page
,
569 void *object
, int active
)
572 u8
*endobject
= object
+ s
->objsize
;
574 if (s
->flags
& SLAB_RED_ZONE
) {
576 active
? SLUB_RED_ACTIVE
: SLUB_RED_INACTIVE
;
578 if (!check_bytes(endobject
, red
, s
->inuse
- s
->objsize
)) {
579 object_err(s
, page
, object
,
580 active
? "Redzone Active" : "Redzone Inactive");
581 restore_bytes(s
, "redzone", red
,
582 endobject
, object
+ s
->inuse
);
586 if ((s
->flags
& SLAB_POISON
) && s
->objsize
< s
->inuse
&&
587 !check_bytes(endobject
, POISON_INUSE
,
588 s
->inuse
- s
->objsize
)) {
589 object_err(s
, page
, p
, "Alignment padding check fails");
591 * Fix it so that there will not be another report.
593 * Hmmm... We may be corrupting an object that now expects
594 * to be longer than allowed.
596 restore_bytes(s
, "alignment padding", POISON_INUSE
,
597 endobject
, object
+ s
->inuse
);
601 if (s
->flags
& SLAB_POISON
) {
602 if (!active
&& (s
->flags
& __OBJECT_POISON
) &&
603 (!check_bytes(p
, POISON_FREE
, s
->objsize
- 1) ||
604 p
[s
->objsize
- 1] != POISON_END
)) {
606 object_err(s
, page
, p
, "Poison check failed");
607 restore_bytes(s
, "Poison", POISON_FREE
,
608 p
, p
+ s
->objsize
-1);
609 restore_bytes(s
, "Poison", POISON_END
,
610 p
+ s
->objsize
- 1, p
+ s
->objsize
);
614 * check_pad_bytes cleans up on its own.
616 check_pad_bytes(s
, page
, p
);
619 if (!s
->offset
&& active
)
621 * Object and freepointer overlap. Cannot check
622 * freepointer while object is allocated.
626 /* Check free pointer validity */
627 if (!check_valid_pointer(s
, page
, get_freepointer(s
, p
))) {
628 object_err(s
, page
, p
, "Freepointer corrupt");
630 * No choice but to zap it and thus loose the remainder
631 * of the free objects in this slab. May cause
632 * another error because the object count is now wrong.
634 set_freepointer(s
, p
, NULL
);
640 static int check_slab(struct kmem_cache
*s
, struct page
*page
)
642 VM_BUG_ON(!irqs_disabled());
644 if (!PageSlab(page
)) {
645 slab_err(s
, page
, "Not a valid slab page flags=%lx "
646 "mapping=0x%p count=%d", page
->flags
, page
->mapping
,
650 if (page
->offset
* sizeof(void *) != s
->offset
) {
651 slab_err(s
, page
, "Corrupted offset %lu flags=0x%lx "
652 "mapping=0x%p count=%d",
653 (unsigned long)(page
->offset
* sizeof(void *)),
659 if (page
->inuse
> s
->objects
) {
660 slab_err(s
, page
, "inuse %u > max %u @0x%p flags=%lx "
661 "mapping=0x%p count=%d",
662 s
->name
, page
->inuse
, s
->objects
, page
->flags
,
663 page
->mapping
, page_count(page
));
666 /* Slab_pad_check fixes things up after itself */
667 slab_pad_check(s
, page
);
672 * Determine if a certain object on a page is on the freelist. Must hold the
673 * slab lock to guarantee that the chains are in a consistent state.
675 static int on_freelist(struct kmem_cache
*s
, struct page
*page
, void *search
)
678 void *fp
= page
->freelist
;
681 while (fp
&& nr
<= s
->objects
) {
684 if (!check_valid_pointer(s
, page
, fp
)) {
686 object_err(s
, page
, object
,
687 "Freechain corrupt");
688 set_freepointer(s
, object
, NULL
);
691 slab_err(s
, page
, "Freepointer 0x%p corrupt",
693 page
->freelist
= NULL
;
694 page
->inuse
= s
->objects
;
695 printk(KERN_ERR
"@@@ SLUB %s: Freelist "
696 "cleared. Slab 0x%p\n",
703 fp
= get_freepointer(s
, object
);
707 if (page
->inuse
!= s
->objects
- nr
) {
708 slab_err(s
, page
, "Wrong object count. Counter is %d but "
709 "counted were %d", s
, page
, page
->inuse
,
711 page
->inuse
= s
->objects
- nr
;
712 printk(KERN_ERR
"@@@ SLUB %s: Object count adjusted. "
713 "Slab @0x%p\n", s
->name
, page
);
715 return search
== NULL
;
719 * Tracking of fully allocated slabs for debugging purposes.
721 static void add_full(struct kmem_cache_node
*n
, struct page
*page
)
723 spin_lock(&n
->list_lock
);
724 list_add(&page
->lru
, &n
->full
);
725 spin_unlock(&n
->list_lock
);
728 static void remove_full(struct kmem_cache
*s
, struct page
*page
)
730 struct kmem_cache_node
*n
;
732 if (!(s
->flags
& SLAB_STORE_USER
))
735 n
= get_node(s
, page_to_nid(page
));
737 spin_lock(&n
->list_lock
);
738 list_del(&page
->lru
);
739 spin_unlock(&n
->list_lock
);
742 static int alloc_object_checks(struct kmem_cache
*s
, struct page
*page
,
745 if (!check_slab(s
, page
))
748 if (object
&& !on_freelist(s
, page
, object
)) {
749 slab_err(s
, page
, "Object 0x%p already allocated", object
);
753 if (!check_valid_pointer(s
, page
, object
)) {
754 object_err(s
, page
, object
, "Freelist Pointer check fails");
761 if (!check_object(s
, page
, object
, 0))
766 if (PageSlab(page
)) {
768 * If this is a slab page then lets do the best we can
769 * to avoid issues in the future. Marking all objects
770 * as used avoids touching the remaining objects.
772 printk(KERN_ERR
"@@@ SLUB: %s slab 0x%p. Marking all objects used.\n",
774 page
->inuse
= s
->objects
;
775 page
->freelist
= NULL
;
776 /* Fix up fields that may be corrupted */
777 page
->offset
= s
->offset
/ sizeof(void *);
782 static int free_object_checks(struct kmem_cache
*s
, struct page
*page
,
785 if (!check_slab(s
, page
))
788 if (!check_valid_pointer(s
, page
, object
)) {
789 slab_err(s
, page
, "Invalid object pointer 0x%p", object
);
793 if (on_freelist(s
, page
, object
)) {
794 slab_err(s
, page
, "Object 0x%p already free", object
);
798 if (!check_object(s
, page
, object
, 1))
801 if (unlikely(s
!= page
->slab
)) {
803 slab_err(s
, page
, "Attempt to free object(0x%p) "
804 "outside of slab", object
);
808 "SLUB <none>: no slab for object 0x%p.\n",
813 slab_err(s
, page
, "object at 0x%p belongs "
814 "to slab %s", object
, page
->slab
->name
);
819 printk(KERN_ERR
"@@@ SLUB: %s slab 0x%p object at 0x%p not freed.\n",
820 s
->name
, page
, object
);
824 static void trace(struct kmem_cache
*s
, struct page
*page
, void *object
, int alloc
)
826 if (s
->flags
& SLAB_TRACE
) {
827 printk(KERN_INFO
"TRACE %s %s 0x%p inuse=%d fp=0x%p\n",
829 alloc
? "alloc" : "free",
834 print_section("Object", (void *)object
, s
->objsize
);
840 static int __init
setup_slub_debug(char *str
)
842 if (!str
|| *str
!= '=')
843 slub_debug
= DEBUG_DEFAULT_FLAGS
;
846 if (*str
== 0 || *str
== ',')
847 slub_debug
= DEBUG_DEFAULT_FLAGS
;
849 for( ;*str
&& *str
!= ','; str
++)
851 case 'f' : case 'F' :
852 slub_debug
|= SLAB_DEBUG_FREE
;
854 case 'z' : case 'Z' :
855 slub_debug
|= SLAB_RED_ZONE
;
857 case 'p' : case 'P' :
858 slub_debug
|= SLAB_POISON
;
860 case 'u' : case 'U' :
861 slub_debug
|= SLAB_STORE_USER
;
863 case 't' : case 'T' :
864 slub_debug
|= SLAB_TRACE
;
867 printk(KERN_ERR
"slub_debug option '%c' "
868 "unknown. skipped\n",*str
);
873 slub_debug_slabs
= str
+ 1;
877 __setup("slub_debug", setup_slub_debug
);
879 static void kmem_cache_open_debug_check(struct kmem_cache
*s
)
882 * The page->offset field is only 16 bit wide. This is an offset
883 * in units of words from the beginning of an object. If the slab
884 * size is bigger then we cannot move the free pointer behind the
887 * On 32 bit platforms the limit is 256k. On 64bit platforms
890 * Debugging or ctor/dtors may create a need to move the free
891 * pointer. Fail if this happens.
893 if (s
->size
>= 65535 * sizeof(void *)) {
894 BUG_ON(s
->flags
& (SLAB_RED_ZONE
| SLAB_POISON
|
895 SLAB_STORE_USER
| SLAB_DESTROY_BY_RCU
));
896 BUG_ON(s
->ctor
|| s
->dtor
);
900 * Enable debugging if selected on the kernel commandline.
902 if (slub_debug
&& (!slub_debug_slabs
||
903 strncmp(slub_debug_slabs
, s
->name
,
904 strlen(slub_debug_slabs
)) == 0))
905 s
->flags
|= slub_debug
;
909 static inline int alloc_object_checks(struct kmem_cache
*s
,
910 struct page
*page
, void *object
) { return 0; }
912 static inline int free_object_checks(struct kmem_cache
*s
,
913 struct page
*page
, void *object
) { return 0; }
915 static inline void add_full(struct kmem_cache_node
*n
, struct page
*page
) {}
916 static inline void remove_full(struct kmem_cache
*s
, struct page
*page
) {}
917 static inline void trace(struct kmem_cache
*s
, struct page
*page
,
918 void *object
, int alloc
) {}
919 static inline void init_object(struct kmem_cache
*s
,
920 void *object
, int active
) {}
921 static inline void init_tracking(struct kmem_cache
*s
, void *object
) {}
922 static inline int slab_pad_check(struct kmem_cache
*s
, struct page
*page
)
924 static inline int check_object(struct kmem_cache
*s
, struct page
*page
,
925 void *object
, int active
) { return 1; }
926 static inline void set_track(struct kmem_cache
*s
, void *object
,
927 enum track_item alloc
, void *addr
) {}
928 static inline void kmem_cache_open_debug_check(struct kmem_cache
*s
) {}
932 * Slab allocation and freeing
934 static struct page
*allocate_slab(struct kmem_cache
*s
, gfp_t flags
, int node
)
937 int pages
= 1 << s
->order
;
942 if (s
->flags
& SLAB_CACHE_DMA
)
946 page
= alloc_pages(flags
, s
->order
);
948 page
= alloc_pages_node(node
, flags
, s
->order
);
953 mod_zone_page_state(page_zone(page
),
954 (s
->flags
& SLAB_RECLAIM_ACCOUNT
) ?
955 NR_SLAB_RECLAIMABLE
: NR_SLAB_UNRECLAIMABLE
,
961 static void setup_object(struct kmem_cache
*s
, struct page
*page
,
964 if (SlabDebug(page
)) {
965 init_object(s
, object
, 0);
966 init_tracking(s
, object
);
969 if (unlikely(s
->ctor
))
970 s
->ctor(object
, s
, SLAB_CTOR_CONSTRUCTOR
);
973 static struct page
*new_slab(struct kmem_cache
*s
, gfp_t flags
, int node
)
976 struct kmem_cache_node
*n
;
982 BUG_ON(flags
& ~(GFP_DMA
| GFP_LEVEL_MASK
));
984 if (flags
& __GFP_WAIT
)
987 page
= allocate_slab(s
, flags
& GFP_LEVEL_MASK
, node
);
991 n
= get_node(s
, page_to_nid(page
));
993 atomic_long_inc(&n
->nr_slabs
);
994 page
->offset
= s
->offset
/ sizeof(void *);
996 page
->flags
|= 1 << PG_slab
;
997 if (s
->flags
& (SLAB_DEBUG_FREE
| SLAB_RED_ZONE
| SLAB_POISON
|
998 SLAB_STORE_USER
| SLAB_TRACE
))
1001 start
= page_address(page
);
1002 end
= start
+ s
->objects
* s
->size
;
1004 if (unlikely(s
->flags
& SLAB_POISON
))
1005 memset(start
, POISON_INUSE
, PAGE_SIZE
<< s
->order
);
1008 for_each_object(p
, s
, start
) {
1009 setup_object(s
, page
, last
);
1010 set_freepointer(s
, last
, p
);
1013 setup_object(s
, page
, last
);
1014 set_freepointer(s
, last
, NULL
);
1016 page
->freelist
= start
;
1019 if (flags
& __GFP_WAIT
)
1020 local_irq_disable();
1024 static void __free_slab(struct kmem_cache
*s
, struct page
*page
)
1026 int pages
= 1 << s
->order
;
1028 if (unlikely(SlabDebug(page
) || s
->dtor
)) {
1031 slab_pad_check(s
, page
);
1032 for_each_object(p
, s
, page_address(page
)) {
1035 check_object(s
, page
, p
, 0);
1039 mod_zone_page_state(page_zone(page
),
1040 (s
->flags
& SLAB_RECLAIM_ACCOUNT
) ?
1041 NR_SLAB_RECLAIMABLE
: NR_SLAB_UNRECLAIMABLE
,
1044 page
->mapping
= NULL
;
1045 __free_pages(page
, s
->order
);
1048 static void rcu_free_slab(struct rcu_head
*h
)
1052 page
= container_of((struct list_head
*)h
, struct page
, lru
);
1053 __free_slab(page
->slab
, page
);
1056 static void free_slab(struct kmem_cache
*s
, struct page
*page
)
1058 if (unlikely(s
->flags
& SLAB_DESTROY_BY_RCU
)) {
1060 * RCU free overloads the RCU head over the LRU
1062 struct rcu_head
*head
= (void *)&page
->lru
;
1064 call_rcu(head
, rcu_free_slab
);
1066 __free_slab(s
, page
);
1069 static void discard_slab(struct kmem_cache
*s
, struct page
*page
)
1071 struct kmem_cache_node
*n
= get_node(s
, page_to_nid(page
));
1073 atomic_long_dec(&n
->nr_slabs
);
1074 reset_page_mapcount(page
);
1075 ClearSlabDebug(page
);
1076 __ClearPageSlab(page
);
1081 * Per slab locking using the pagelock
1083 static __always_inline
void slab_lock(struct page
*page
)
1085 bit_spin_lock(PG_locked
, &page
->flags
);
1088 static __always_inline
void slab_unlock(struct page
*page
)
1090 bit_spin_unlock(PG_locked
, &page
->flags
);
1093 static __always_inline
int slab_trylock(struct page
*page
)
1097 rc
= bit_spin_trylock(PG_locked
, &page
->flags
);
1102 * Management of partially allocated slabs
1104 static void add_partial_tail(struct kmem_cache_node
*n
, struct page
*page
)
1106 spin_lock(&n
->list_lock
);
1108 list_add_tail(&page
->lru
, &n
->partial
);
1109 spin_unlock(&n
->list_lock
);
1112 static void add_partial(struct kmem_cache_node
*n
, struct page
*page
)
1114 spin_lock(&n
->list_lock
);
1116 list_add(&page
->lru
, &n
->partial
);
1117 spin_unlock(&n
->list_lock
);
1120 static void remove_partial(struct kmem_cache
*s
,
1123 struct kmem_cache_node
*n
= get_node(s
, page_to_nid(page
));
1125 spin_lock(&n
->list_lock
);
1126 list_del(&page
->lru
);
1128 spin_unlock(&n
->list_lock
);
1132 * Lock slab and remove from the partial list.
1134 * Must hold list_lock.
1136 static int lock_and_del_slab(struct kmem_cache_node
*n
, struct page
*page
)
1138 if (slab_trylock(page
)) {
1139 list_del(&page
->lru
);
1147 * Try to allocate a partial slab from a specific node.
1149 static struct page
*get_partial_node(struct kmem_cache_node
*n
)
1154 * Racy check. If we mistakenly see no partial slabs then we
1155 * just allocate an empty slab. If we mistakenly try to get a
1156 * partial slab and there is none available then get_partials()
1159 if (!n
|| !n
->nr_partial
)
1162 spin_lock(&n
->list_lock
);
1163 list_for_each_entry(page
, &n
->partial
, lru
)
1164 if (lock_and_del_slab(n
, page
))
1168 spin_unlock(&n
->list_lock
);
1173 * Get a page from somewhere. Search in increasing NUMA distances.
1175 static struct page
*get_any_partial(struct kmem_cache
*s
, gfp_t flags
)
1178 struct zonelist
*zonelist
;
1183 * The defrag ratio allows a configuration of the tradeoffs between
1184 * inter node defragmentation and node local allocations. A lower
1185 * defrag_ratio increases the tendency to do local allocations
1186 * instead of attempting to obtain partial slabs from other nodes.
1188 * If the defrag_ratio is set to 0 then kmalloc() always
1189 * returns node local objects. If the ratio is higher then kmalloc()
1190 * may return off node objects because partial slabs are obtained
1191 * from other nodes and filled up.
1193 * If /sys/slab/xx/defrag_ratio is set to 100 (which makes
1194 * defrag_ratio = 1000) then every (well almost) allocation will
1195 * first attempt to defrag slab caches on other nodes. This means
1196 * scanning over all nodes to look for partial slabs which may be
1197 * expensive if we do it every time we are trying to find a slab
1198 * with available objects.
1200 if (!s
->defrag_ratio
|| get_cycles() % 1024 > s
->defrag_ratio
)
1203 zonelist
= &NODE_DATA(slab_node(current
->mempolicy
))
1204 ->node_zonelists
[gfp_zone(flags
)];
1205 for (z
= zonelist
->zones
; *z
; z
++) {
1206 struct kmem_cache_node
*n
;
1208 n
= get_node(s
, zone_to_nid(*z
));
1210 if (n
&& cpuset_zone_allowed_hardwall(*z
, flags
) &&
1211 n
->nr_partial
> MIN_PARTIAL
) {
1212 page
= get_partial_node(n
);
1222 * Get a partial page, lock it and return it.
1224 static struct page
*get_partial(struct kmem_cache
*s
, gfp_t flags
, int node
)
1227 int searchnode
= (node
== -1) ? numa_node_id() : node
;
1229 page
= get_partial_node(get_node(s
, searchnode
));
1230 if (page
|| (flags
& __GFP_THISNODE
))
1233 return get_any_partial(s
, flags
);
1237 * Move a page back to the lists.
1239 * Must be called with the slab lock held.
1241 * On exit the slab lock will have been dropped.
1243 static void putback_slab(struct kmem_cache
*s
, struct page
*page
)
1245 struct kmem_cache_node
*n
= get_node(s
, page_to_nid(page
));
1250 add_partial(n
, page
);
1251 else if (SlabDebug(page
) && (s
->flags
& SLAB_STORE_USER
))
1256 if (n
->nr_partial
< MIN_PARTIAL
) {
1258 * Adding an empty slab to the partial slabs in order
1259 * to avoid page allocator overhead. This slab needs
1260 * to come after the other slabs with objects in
1261 * order to fill them up. That way the size of the
1262 * partial list stays small. kmem_cache_shrink can
1263 * reclaim empty slabs from the partial list.
1265 add_partial_tail(n
, page
);
1269 discard_slab(s
, page
);
1275 * Remove the cpu slab
1277 static void deactivate_slab(struct kmem_cache
*s
, struct page
*page
, int cpu
)
1279 s
->cpu_slab
[cpu
] = NULL
;
1280 ClearPageActive(page
);
1282 putback_slab(s
, page
);
1285 static void flush_slab(struct kmem_cache
*s
, struct page
*page
, int cpu
)
1288 deactivate_slab(s
, page
, cpu
);
1293 * Called from IPI handler with interrupts disabled.
1295 static void __flush_cpu_slab(struct kmem_cache
*s
, int cpu
)
1297 struct page
*page
= s
->cpu_slab
[cpu
];
1300 flush_slab(s
, page
, cpu
);
1303 static void flush_cpu_slab(void *d
)
1305 struct kmem_cache
*s
= d
;
1306 int cpu
= smp_processor_id();
1308 __flush_cpu_slab(s
, cpu
);
1311 static void flush_all(struct kmem_cache
*s
)
1314 on_each_cpu(flush_cpu_slab
, s
, 1, 1);
1316 unsigned long flags
;
1318 local_irq_save(flags
);
1320 local_irq_restore(flags
);
1325 * slab_alloc is optimized to only modify two cachelines on the fast path
1326 * (aside from the stack):
1328 * 1. The page struct
1329 * 2. The first cacheline of the object to be allocated.
1331 * The only other cache lines that are read (apart from code) is the
1332 * per cpu array in the kmem_cache struct.
1334 * Fastpath is not possible if we need to get a new slab or have
1335 * debugging enabled (which means all slabs are marked with SlabDebug)
1337 static void *slab_alloc(struct kmem_cache
*s
,
1338 gfp_t gfpflags
, int node
, void *addr
)
1342 unsigned long flags
;
1345 local_irq_save(flags
);
1346 cpu
= smp_processor_id();
1347 page
= s
->cpu_slab
[cpu
];
1352 if (unlikely(node
!= -1 && page_to_nid(page
) != node
))
1355 object
= page
->freelist
;
1356 if (unlikely(!object
))
1358 if (unlikely(SlabDebug(page
)))
1363 page
->freelist
= object
[page
->offset
];
1365 local_irq_restore(flags
);
1369 deactivate_slab(s
, page
, cpu
);
1372 page
= get_partial(s
, gfpflags
, node
);
1375 s
->cpu_slab
[cpu
] = page
;
1376 SetPageActive(page
);
1380 page
= new_slab(s
, gfpflags
, node
);
1382 cpu
= smp_processor_id();
1383 if (s
->cpu_slab
[cpu
]) {
1385 * Someone else populated the cpu_slab while we
1386 * enabled interrupts, or we have gotten scheduled
1387 * on another cpu. The page may not be on the
1388 * requested node even if __GFP_THISNODE was
1389 * specified. So we need to recheck.
1392 page_to_nid(s
->cpu_slab
[cpu
]) == node
) {
1394 * Current cpuslab is acceptable and we
1395 * want the current one since its cache hot
1397 discard_slab(s
, page
);
1398 page
= s
->cpu_slab
[cpu
];
1402 /* New slab does not fit our expectations */
1403 flush_slab(s
, s
->cpu_slab
[cpu
], cpu
);
1408 local_irq_restore(flags
);
1411 if (!alloc_object_checks(s
, page
, object
))
1413 if (s
->flags
& SLAB_STORE_USER
)
1414 set_track(s
, object
, TRACK_ALLOC
, addr
);
1415 trace(s
, page
, object
, 1);
1416 init_object(s
, object
, 1);
1420 void *kmem_cache_alloc(struct kmem_cache
*s
, gfp_t gfpflags
)
1422 return slab_alloc(s
, gfpflags
, -1, __builtin_return_address(0));
1424 EXPORT_SYMBOL(kmem_cache_alloc
);
1427 void *kmem_cache_alloc_node(struct kmem_cache
*s
, gfp_t gfpflags
, int node
)
1429 return slab_alloc(s
, gfpflags
, node
, __builtin_return_address(0));
1431 EXPORT_SYMBOL(kmem_cache_alloc_node
);
1435 * The fastpath only writes the cacheline of the page struct and the first
1436 * cacheline of the object.
1438 * We read the cpu_slab cacheline to check if the slab is the per cpu
1439 * slab for this processor.
1441 static void slab_free(struct kmem_cache
*s
, struct page
*page
,
1442 void *x
, void *addr
)
1445 void **object
= (void *)x
;
1446 unsigned long flags
;
1448 local_irq_save(flags
);
1451 if (unlikely(SlabDebug(page
)))
1454 prior
= object
[page
->offset
] = page
->freelist
;
1455 page
->freelist
= object
;
1458 if (unlikely(PageActive(page
)))
1460 * Cpu slabs are never on partial lists and are
1465 if (unlikely(!page
->inuse
))
1469 * Objects left in the slab. If it
1470 * was not on the partial list before
1473 if (unlikely(!prior
))
1474 add_partial(get_node(s
, page_to_nid(page
)), page
);
1478 local_irq_restore(flags
);
1484 * Slab still on the partial list.
1486 remove_partial(s
, page
);
1489 discard_slab(s
, page
);
1490 local_irq_restore(flags
);
1494 if (!free_object_checks(s
, page
, x
))
1496 if (!PageActive(page
) && !page
->freelist
)
1497 remove_full(s
, page
);
1498 if (s
->flags
& SLAB_STORE_USER
)
1499 set_track(s
, x
, TRACK_FREE
, addr
);
1500 trace(s
, page
, object
, 0);
1501 init_object(s
, object
, 0);
1505 void kmem_cache_free(struct kmem_cache
*s
, void *x
)
1509 page
= virt_to_head_page(x
);
1511 slab_free(s
, page
, x
, __builtin_return_address(0));
1513 EXPORT_SYMBOL(kmem_cache_free
);
1515 /* Figure out on which slab object the object resides */
1516 static struct page
*get_object_page(const void *x
)
1518 struct page
*page
= virt_to_head_page(x
);
1520 if (!PageSlab(page
))
1527 * Object placement in a slab is made very easy because we always start at
1528 * offset 0. If we tune the size of the object to the alignment then we can
1529 * get the required alignment by putting one properly sized object after
1532 * Notice that the allocation order determines the sizes of the per cpu
1533 * caches. Each processor has always one slab available for allocations.
1534 * Increasing the allocation order reduces the number of times that slabs
1535 * must be moved on and off the partial lists and is therefore a factor in
1540 * Mininum / Maximum order of slab pages. This influences locking overhead
1541 * and slab fragmentation. A higher order reduces the number of partial slabs
1542 * and increases the number of allocations possible without having to
1543 * take the list_lock.
1545 static int slub_min_order
;
1546 static int slub_max_order
= DEFAULT_MAX_ORDER
;
1547 static int slub_min_objects
= DEFAULT_MIN_OBJECTS
;
1550 * Merge control. If this is set then no merging of slab caches will occur.
1551 * (Could be removed. This was introduced to pacify the merge skeptics.)
1553 static int slub_nomerge
;
1556 * Calculate the order of allocation given an slab object size.
1558 * The order of allocation has significant impact on performance and other
1559 * system components. Generally order 0 allocations should be preferred since
1560 * order 0 does not cause fragmentation in the page allocator. Larger objects
1561 * be problematic to put into order 0 slabs because there may be too much
1562 * unused space left. We go to a higher order if more than 1/8th of the slab
1565 * In order to reach satisfactory performance we must ensure that a minimum
1566 * number of objects is in one slab. Otherwise we may generate too much
1567 * activity on the partial lists which requires taking the list_lock. This is
1568 * less a concern for large slabs though which are rarely used.
1570 * slub_max_order specifies the order where we begin to stop considering the
1571 * number of objects in a slab as critical. If we reach slub_max_order then
1572 * we try to keep the page order as low as possible. So we accept more waste
1573 * of space in favor of a small page order.
1575 * Higher order allocations also allow the placement of more objects in a
1576 * slab and thereby reduce object handling overhead. If the user has
1577 * requested a higher mininum order then we start with that one instead of
1578 * the smallest order which will fit the object.
1580 static inline int slab_order(int size
, int min_objects
,
1581 int max_order
, int fract_leftover
)
1586 for (order
= max(slub_min_order
,
1587 fls(min_objects
* size
- 1) - PAGE_SHIFT
);
1588 order
<= max_order
; order
++) {
1590 unsigned long slab_size
= PAGE_SIZE
<< order
;
1592 if (slab_size
< min_objects
* size
)
1595 rem
= slab_size
% size
;
1597 if (rem
<= slab_size
/ fract_leftover
)
1605 static inline int calculate_order(int size
)
1612 * Attempt to find best configuration for a slab. This
1613 * works by first attempting to generate a layout with
1614 * the best configuration and backing off gradually.
1616 * First we reduce the acceptable waste in a slab. Then
1617 * we reduce the minimum objects required in a slab.
1619 min_objects
= slub_min_objects
;
1620 while (min_objects
> 1) {
1622 while (fraction
>= 4) {
1623 order
= slab_order(size
, min_objects
,
1624 slub_max_order
, fraction
);
1625 if (order
<= slub_max_order
)
1633 * We were unable to place multiple objects in a slab. Now
1634 * lets see if we can place a single object there.
1636 order
= slab_order(size
, 1, slub_max_order
, 1);
1637 if (order
<= slub_max_order
)
1641 * Doh this slab cannot be placed using slub_max_order.
1643 order
= slab_order(size
, 1, MAX_ORDER
, 1);
1644 if (order
<= MAX_ORDER
)
1650 * Figure out what the alignment of the objects will be.
1652 static unsigned long calculate_alignment(unsigned long flags
,
1653 unsigned long align
, unsigned long size
)
1656 * If the user wants hardware cache aligned objects then
1657 * follow that suggestion if the object is sufficiently
1660 * The hardware cache alignment cannot override the
1661 * specified alignment though. If that is greater
1664 if ((flags
& SLAB_HWCACHE_ALIGN
) &&
1665 size
> cache_line_size() / 2)
1666 return max_t(unsigned long, align
, cache_line_size());
1668 if (align
< ARCH_SLAB_MINALIGN
)
1669 return ARCH_SLAB_MINALIGN
;
1671 return ALIGN(align
, sizeof(void *));
1674 static void init_kmem_cache_node(struct kmem_cache_node
*n
)
1677 atomic_long_set(&n
->nr_slabs
, 0);
1678 spin_lock_init(&n
->list_lock
);
1679 INIT_LIST_HEAD(&n
->partial
);
1680 INIT_LIST_HEAD(&n
->full
);
1685 * No kmalloc_node yet so do it by hand. We know that this is the first
1686 * slab on the node for this slabcache. There are no concurrent accesses
1689 * Note that this function only works on the kmalloc_node_cache
1690 * when allocating for the kmalloc_node_cache.
1692 static struct kmem_cache_node
* __init
early_kmem_cache_node_alloc(gfp_t gfpflags
,
1696 struct kmem_cache_node
*n
;
1698 BUG_ON(kmalloc_caches
->size
< sizeof(struct kmem_cache_node
));
1700 page
= new_slab(kmalloc_caches
, gfpflags
| GFP_THISNODE
, node
);
1701 /* new_slab() disables interupts */
1707 page
->freelist
= get_freepointer(kmalloc_caches
, n
);
1709 kmalloc_caches
->node
[node
] = n
;
1710 init_object(kmalloc_caches
, n
, 1);
1711 init_kmem_cache_node(n
);
1712 atomic_long_inc(&n
->nr_slabs
);
1713 add_partial(n
, page
);
1717 static void free_kmem_cache_nodes(struct kmem_cache
*s
)
1721 for_each_online_node(node
) {
1722 struct kmem_cache_node
*n
= s
->node
[node
];
1723 if (n
&& n
!= &s
->local_node
)
1724 kmem_cache_free(kmalloc_caches
, n
);
1725 s
->node
[node
] = NULL
;
1729 static int init_kmem_cache_nodes(struct kmem_cache
*s
, gfp_t gfpflags
)
1734 if (slab_state
>= UP
)
1735 local_node
= page_to_nid(virt_to_page(s
));
1739 for_each_online_node(node
) {
1740 struct kmem_cache_node
*n
;
1742 if (local_node
== node
)
1745 if (slab_state
== DOWN
) {
1746 n
= early_kmem_cache_node_alloc(gfpflags
,
1750 n
= kmem_cache_alloc_node(kmalloc_caches
,
1754 free_kmem_cache_nodes(s
);
1760 init_kmem_cache_node(n
);
1765 static void free_kmem_cache_nodes(struct kmem_cache
*s
)
1769 static int init_kmem_cache_nodes(struct kmem_cache
*s
, gfp_t gfpflags
)
1771 init_kmem_cache_node(&s
->local_node
);
1777 * calculate_sizes() determines the order and the distribution of data within
1780 static int calculate_sizes(struct kmem_cache
*s
)
1782 unsigned long flags
= s
->flags
;
1783 unsigned long size
= s
->objsize
;
1784 unsigned long align
= s
->align
;
1787 * Determine if we can poison the object itself. If the user of
1788 * the slab may touch the object after free or before allocation
1789 * then we should never poison the object itself.
1791 if ((flags
& SLAB_POISON
) && !(flags
& SLAB_DESTROY_BY_RCU
) &&
1792 !s
->ctor
&& !s
->dtor
)
1793 s
->flags
|= __OBJECT_POISON
;
1795 s
->flags
&= ~__OBJECT_POISON
;
1798 * Round up object size to the next word boundary. We can only
1799 * place the free pointer at word boundaries and this determines
1800 * the possible location of the free pointer.
1802 size
= ALIGN(size
, sizeof(void *));
1804 #ifdef CONFIG_SLUB_DEBUG
1806 * If we are Redzoning then check if there is some space between the
1807 * end of the object and the free pointer. If not then add an
1808 * additional word to have some bytes to store Redzone information.
1810 if ((flags
& SLAB_RED_ZONE
) && size
== s
->objsize
)
1811 size
+= sizeof(void *);
1815 * With that we have determined the number of bytes in actual use
1816 * by the object. This is the potential offset to the free pointer.
1820 #ifdef CONFIG_SLUB_DEBUG
1821 if (((flags
& (SLAB_DESTROY_BY_RCU
| SLAB_POISON
)) ||
1822 s
->ctor
|| s
->dtor
)) {
1824 * Relocate free pointer after the object if it is not
1825 * permitted to overwrite the first word of the object on
1828 * This is the case if we do RCU, have a constructor or
1829 * destructor or are poisoning the objects.
1832 size
+= sizeof(void *);
1835 if (flags
& SLAB_STORE_USER
)
1837 * Need to store information about allocs and frees after
1840 size
+= 2 * sizeof(struct track
);
1842 if (flags
& SLAB_RED_ZONE
)
1844 * Add some empty padding so that we can catch
1845 * overwrites from earlier objects rather than let
1846 * tracking information or the free pointer be
1847 * corrupted if an user writes before the start
1850 size
+= sizeof(void *);
1854 * Determine the alignment based on various parameters that the
1855 * user specified and the dynamic determination of cache line size
1858 align
= calculate_alignment(flags
, align
, s
->objsize
);
1861 * SLUB stores one object immediately after another beginning from
1862 * offset 0. In order to align the objects we have to simply size
1863 * each object to conform to the alignment.
1865 size
= ALIGN(size
, align
);
1868 s
->order
= calculate_order(size
);
1873 * Determine the number of objects per slab
1875 s
->objects
= (PAGE_SIZE
<< s
->order
) / size
;
1878 * Verify that the number of objects is within permitted limits.
1879 * The page->inuse field is only 16 bit wide! So we cannot have
1880 * more than 64k objects per slab.
1882 if (!s
->objects
|| s
->objects
> 65535)
1888 static int kmem_cache_open(struct kmem_cache
*s
, gfp_t gfpflags
,
1889 const char *name
, size_t size
,
1890 size_t align
, unsigned long flags
,
1891 void (*ctor
)(void *, struct kmem_cache
*, unsigned long),
1892 void (*dtor
)(void *, struct kmem_cache
*, unsigned long))
1894 memset(s
, 0, kmem_size
);
1901 kmem_cache_open_debug_check(s
);
1903 if (!calculate_sizes(s
))
1908 s
->defrag_ratio
= 100;
1911 if (init_kmem_cache_nodes(s
, gfpflags
& ~SLUB_DMA
))
1914 if (flags
& SLAB_PANIC
)
1915 panic("Cannot create slab %s size=%lu realsize=%u "
1916 "order=%u offset=%u flags=%lx\n",
1917 s
->name
, (unsigned long)size
, s
->size
, s
->order
,
1921 EXPORT_SYMBOL(kmem_cache_open
);
1924 * Check if a given pointer is valid
1926 int kmem_ptr_validate(struct kmem_cache
*s
, const void *object
)
1930 page
= get_object_page(object
);
1932 if (!page
|| s
!= page
->slab
)
1933 /* No slab or wrong slab */
1936 if (!check_valid_pointer(s
, page
, object
))
1940 * We could also check if the object is on the slabs freelist.
1941 * But this would be too expensive and it seems that the main
1942 * purpose of kmem_ptr_valid is to check if the object belongs
1943 * to a certain slab.
1947 EXPORT_SYMBOL(kmem_ptr_validate
);
1950 * Determine the size of a slab object
1952 unsigned int kmem_cache_size(struct kmem_cache
*s
)
1956 EXPORT_SYMBOL(kmem_cache_size
);
1958 const char *kmem_cache_name(struct kmem_cache
*s
)
1962 EXPORT_SYMBOL(kmem_cache_name
);
1965 * Attempt to free all slabs on a node. Return the number of slabs we
1966 * were unable to free.
1968 static int free_list(struct kmem_cache
*s
, struct kmem_cache_node
*n
,
1969 struct list_head
*list
)
1971 int slabs_inuse
= 0;
1972 unsigned long flags
;
1973 struct page
*page
, *h
;
1975 spin_lock_irqsave(&n
->list_lock
, flags
);
1976 list_for_each_entry_safe(page
, h
, list
, lru
)
1978 list_del(&page
->lru
);
1979 discard_slab(s
, page
);
1982 spin_unlock_irqrestore(&n
->list_lock
, flags
);
1987 * Release all resources used by a slab cache.
1989 static int kmem_cache_close(struct kmem_cache
*s
)
1995 /* Attempt to free all objects */
1996 for_each_online_node(node
) {
1997 struct kmem_cache_node
*n
= get_node(s
, node
);
1999 n
->nr_partial
-= free_list(s
, n
, &n
->partial
);
2000 if (atomic_long_read(&n
->nr_slabs
))
2003 free_kmem_cache_nodes(s
);
2008 * Close a cache and release the kmem_cache structure
2009 * (must be used for caches created using kmem_cache_create)
2011 void kmem_cache_destroy(struct kmem_cache
*s
)
2013 down_write(&slub_lock
);
2017 if (kmem_cache_close(s
))
2019 sysfs_slab_remove(s
);
2022 up_write(&slub_lock
);
2024 EXPORT_SYMBOL(kmem_cache_destroy
);
2026 /********************************************************************
2028 *******************************************************************/
2030 struct kmem_cache kmalloc_caches
[KMALLOC_SHIFT_HIGH
+ 1] __cacheline_aligned
;
2031 EXPORT_SYMBOL(kmalloc_caches
);
2033 #ifdef CONFIG_ZONE_DMA
2034 static struct kmem_cache
*kmalloc_caches_dma
[KMALLOC_SHIFT_HIGH
+ 1];
2037 static int __init
setup_slub_min_order(char *str
)
2039 get_option (&str
, &slub_min_order
);
2044 __setup("slub_min_order=", setup_slub_min_order
);
2046 static int __init
setup_slub_max_order(char *str
)
2048 get_option (&str
, &slub_max_order
);
2053 __setup("slub_max_order=", setup_slub_max_order
);
2055 static int __init
setup_slub_min_objects(char *str
)
2057 get_option (&str
, &slub_min_objects
);
2062 __setup("slub_min_objects=", setup_slub_min_objects
);
2064 static int __init
setup_slub_nomerge(char *str
)
2070 __setup("slub_nomerge", setup_slub_nomerge
);
2072 static struct kmem_cache
*create_kmalloc_cache(struct kmem_cache
*s
,
2073 const char *name
, int size
, gfp_t gfp_flags
)
2075 unsigned int flags
= 0;
2077 if (gfp_flags
& SLUB_DMA
)
2078 flags
= SLAB_CACHE_DMA
;
2080 down_write(&slub_lock
);
2081 if (!kmem_cache_open(s
, gfp_flags
, name
, size
, ARCH_KMALLOC_MINALIGN
,
2085 list_add(&s
->list
, &slab_caches
);
2086 up_write(&slub_lock
);
2087 if (sysfs_slab_add(s
))
2092 panic("Creation of kmalloc slab %s size=%d failed.\n", name
, size
);
2095 static struct kmem_cache
*get_slab(size_t size
, gfp_t flags
)
2097 int index
= kmalloc_index(size
);
2102 /* Allocation too large? */
2105 #ifdef CONFIG_ZONE_DMA
2106 if ((flags
& SLUB_DMA
)) {
2107 struct kmem_cache
*s
;
2108 struct kmem_cache
*x
;
2112 s
= kmalloc_caches_dma
[index
];
2116 /* Dynamically create dma cache */
2117 x
= kmalloc(kmem_size
, flags
& ~SLUB_DMA
);
2119 panic("Unable to allocate memory for dma cache\n");
2121 if (index
<= KMALLOC_SHIFT_HIGH
)
2122 realsize
= 1 << index
;
2130 text
= kasprintf(flags
& ~SLUB_DMA
, "kmalloc_dma-%d",
2131 (unsigned int)realsize
);
2132 s
= create_kmalloc_cache(x
, text
, realsize
, flags
);
2133 kmalloc_caches_dma
[index
] = s
;
2137 return &kmalloc_caches
[index
];
2140 void *__kmalloc(size_t size
, gfp_t flags
)
2142 struct kmem_cache
*s
= get_slab(size
, flags
);
2145 return slab_alloc(s
, flags
, -1, __builtin_return_address(0));
2148 EXPORT_SYMBOL(__kmalloc
);
2151 void *__kmalloc_node(size_t size
, gfp_t flags
, int node
)
2153 struct kmem_cache
*s
= get_slab(size
, flags
);
2156 return slab_alloc(s
, flags
, node
, __builtin_return_address(0));
2159 EXPORT_SYMBOL(__kmalloc_node
);
2162 size_t ksize(const void *object
)
2164 struct page
*page
= get_object_page(object
);
2165 struct kmem_cache
*s
;
2172 * Debugging requires use of the padding between object
2173 * and whatever may come after it.
2175 if (s
->flags
& (SLAB_RED_ZONE
| SLAB_POISON
))
2179 * If we have the need to store the freelist pointer
2180 * back there or track user information then we can
2181 * only use the space before that information.
2183 if (s
->flags
& (SLAB_DESTROY_BY_RCU
| SLAB_STORE_USER
))
2187 * Else we can use all the padding etc for the allocation
2191 EXPORT_SYMBOL(ksize
);
2193 void kfree(const void *x
)
2195 struct kmem_cache
*s
;
2201 page
= virt_to_head_page(x
);
2204 slab_free(s
, page
, (void *)x
, __builtin_return_address(0));
2206 EXPORT_SYMBOL(kfree
);
2209 * kmem_cache_shrink removes empty slabs from the partial lists and sorts
2210 * the remaining slabs by the number of items in use. The slabs with the
2211 * most items in use come first. New allocations will then fill those up
2212 * and thus they can be removed from the partial lists.
2214 * The slabs with the least items are placed last. This results in them
2215 * being allocated from last increasing the chance that the last objects
2216 * are freed in them.
2218 int kmem_cache_shrink(struct kmem_cache
*s
)
2222 struct kmem_cache_node
*n
;
2225 struct list_head
*slabs_by_inuse
=
2226 kmalloc(sizeof(struct list_head
) * s
->objects
, GFP_KERNEL
);
2227 unsigned long flags
;
2229 if (!slabs_by_inuse
)
2233 for_each_online_node(node
) {
2234 n
= get_node(s
, node
);
2239 for (i
= 0; i
< s
->objects
; i
++)
2240 INIT_LIST_HEAD(slabs_by_inuse
+ i
);
2242 spin_lock_irqsave(&n
->list_lock
, flags
);
2245 * Build lists indexed by the items in use in each slab.
2247 * Note that concurrent frees may occur while we hold the
2248 * list_lock. page->inuse here is the upper limit.
2250 list_for_each_entry_safe(page
, t
, &n
->partial
, lru
) {
2251 if (!page
->inuse
&& slab_trylock(page
)) {
2253 * Must hold slab lock here because slab_free
2254 * may have freed the last object and be
2255 * waiting to release the slab.
2257 list_del(&page
->lru
);
2260 discard_slab(s
, page
);
2262 if (n
->nr_partial
> MAX_PARTIAL
)
2263 list_move(&page
->lru
,
2264 slabs_by_inuse
+ page
->inuse
);
2268 if (n
->nr_partial
<= MAX_PARTIAL
)
2272 * Rebuild the partial list with the slabs filled up most
2273 * first and the least used slabs at the end.
2275 for (i
= s
->objects
- 1; i
>= 0; i
--)
2276 list_splice(slabs_by_inuse
+ i
, n
->partial
.prev
);
2279 spin_unlock_irqrestore(&n
->list_lock
, flags
);
2282 kfree(slabs_by_inuse
);
2285 EXPORT_SYMBOL(kmem_cache_shrink
);
2288 * krealloc - reallocate memory. The contents will remain unchanged.
2289 * @p: object to reallocate memory for.
2290 * @new_size: how many bytes of memory are required.
2291 * @flags: the type of memory to allocate.
2293 * The contents of the object pointed to are preserved up to the
2294 * lesser of the new and old sizes. If @p is %NULL, krealloc()
2295 * behaves exactly like kmalloc(). If @size is 0 and @p is not a
2296 * %NULL pointer, the object pointed to is freed.
2298 void *krealloc(const void *p
, size_t new_size
, gfp_t flags
)
2304 return kmalloc(new_size
, flags
);
2306 if (unlikely(!new_size
)) {
2315 ret
= kmalloc(new_size
, flags
);
2317 memcpy(ret
, p
, min(new_size
, ks
));
2322 EXPORT_SYMBOL(krealloc
);
2324 /********************************************************************
2325 * Basic setup of slabs
2326 *******************************************************************/
2328 void __init
kmem_cache_init(void)
2334 * Must first have the slab cache available for the allocations of the
2335 * struct kmem_cache_node's. There is special bootstrap code in
2336 * kmem_cache_open for slab_state == DOWN.
2338 create_kmalloc_cache(&kmalloc_caches
[0], "kmem_cache_node",
2339 sizeof(struct kmem_cache_node
), GFP_KERNEL
);
2342 /* Able to allocate the per node structures */
2343 slab_state
= PARTIAL
;
2345 /* Caches that are not of the two-to-the-power-of size */
2346 create_kmalloc_cache(&kmalloc_caches
[1],
2347 "kmalloc-96", 96, GFP_KERNEL
);
2348 create_kmalloc_cache(&kmalloc_caches
[2],
2349 "kmalloc-192", 192, GFP_KERNEL
);
2351 for (i
= KMALLOC_SHIFT_LOW
; i
<= KMALLOC_SHIFT_HIGH
; i
++)
2352 create_kmalloc_cache(&kmalloc_caches
[i
],
2353 "kmalloc", 1 << i
, GFP_KERNEL
);
2357 /* Provide the correct kmalloc names now that the caches are up */
2358 for (i
= KMALLOC_SHIFT_LOW
; i
<= KMALLOC_SHIFT_HIGH
; i
++)
2359 kmalloc_caches
[i
]. name
=
2360 kasprintf(GFP_KERNEL
, "kmalloc-%d", 1 << i
);
2363 register_cpu_notifier(&slab_notifier
);
2366 if (nr_cpu_ids
) /* Remove when nr_cpu_ids is fixed upstream ! */
2367 kmem_size
= offsetof(struct kmem_cache
, cpu_slab
)
2368 + nr_cpu_ids
* sizeof(struct page
*);
2370 printk(KERN_INFO
"SLUB: Genslabs=%d, HWalign=%d, Order=%d-%d, MinObjects=%d,"
2371 " Processors=%d, Nodes=%d\n",
2372 KMALLOC_SHIFT_HIGH
, cache_line_size(),
2373 slub_min_order
, slub_max_order
, slub_min_objects
,
2374 nr_cpu_ids
, nr_node_ids
);
2378 * Find a mergeable slab cache
2380 static int slab_unmergeable(struct kmem_cache
*s
)
2382 if (slub_nomerge
|| (s
->flags
& SLUB_NEVER_MERGE
))
2385 if (s
->ctor
|| s
->dtor
)
2391 static struct kmem_cache
*find_mergeable(size_t size
,
2392 size_t align
, unsigned long flags
,
2393 void (*ctor
)(void *, struct kmem_cache
*, unsigned long),
2394 void (*dtor
)(void *, struct kmem_cache
*, unsigned long))
2396 struct list_head
*h
;
2398 if (slub_nomerge
|| (flags
& SLUB_NEVER_MERGE
))
2404 size
= ALIGN(size
, sizeof(void *));
2405 align
= calculate_alignment(flags
, align
, size
);
2406 size
= ALIGN(size
, align
);
2408 list_for_each(h
, &slab_caches
) {
2409 struct kmem_cache
*s
=
2410 container_of(h
, struct kmem_cache
, list
);
2412 if (slab_unmergeable(s
))
2418 if (((flags
| slub_debug
) & SLUB_MERGE_SAME
) !=
2419 (s
->flags
& SLUB_MERGE_SAME
))
2422 * Check if alignment is compatible.
2423 * Courtesy of Adrian Drzewiecki
2425 if ((s
->size
& ~(align
-1)) != s
->size
)
2428 if (s
->size
- size
>= sizeof(void *))
2436 struct kmem_cache
*kmem_cache_create(const char *name
, size_t size
,
2437 size_t align
, unsigned long flags
,
2438 void (*ctor
)(void *, struct kmem_cache
*, unsigned long),
2439 void (*dtor
)(void *, struct kmem_cache
*, unsigned long))
2441 struct kmem_cache
*s
;
2443 down_write(&slub_lock
);
2444 s
= find_mergeable(size
, align
, flags
, dtor
, ctor
);
2448 * Adjust the object sizes so that we clear
2449 * the complete object on kzalloc.
2451 s
->objsize
= max(s
->objsize
, (int)size
);
2452 s
->inuse
= max_t(int, s
->inuse
, ALIGN(size
, sizeof(void *)));
2453 if (sysfs_slab_alias(s
, name
))
2456 s
= kmalloc(kmem_size
, GFP_KERNEL
);
2457 if (s
&& kmem_cache_open(s
, GFP_KERNEL
, name
,
2458 size
, align
, flags
, ctor
, dtor
)) {
2459 if (sysfs_slab_add(s
)) {
2463 list_add(&s
->list
, &slab_caches
);
2467 up_write(&slub_lock
);
2471 up_write(&slub_lock
);
2472 if (flags
& SLAB_PANIC
)
2473 panic("Cannot create slabcache %s\n", name
);
2478 EXPORT_SYMBOL(kmem_cache_create
);
2480 void *kmem_cache_zalloc(struct kmem_cache
*s
, gfp_t flags
)
2484 x
= slab_alloc(s
, flags
, -1, __builtin_return_address(0));
2486 memset(x
, 0, s
->objsize
);
2489 EXPORT_SYMBOL(kmem_cache_zalloc
);
2492 static void for_all_slabs(void (*func
)(struct kmem_cache
*, int), int cpu
)
2494 struct list_head
*h
;
2496 down_read(&slub_lock
);
2497 list_for_each(h
, &slab_caches
) {
2498 struct kmem_cache
*s
=
2499 container_of(h
, struct kmem_cache
, list
);
2503 up_read(&slub_lock
);
2507 * Use the cpu notifier to insure that the cpu slabs are flushed when
2510 static int __cpuinit
slab_cpuup_callback(struct notifier_block
*nfb
,
2511 unsigned long action
, void *hcpu
)
2513 long cpu
= (long)hcpu
;
2516 case CPU_UP_CANCELED
:
2517 case CPU_UP_CANCELED_FROZEN
:
2519 case CPU_DEAD_FROZEN
:
2520 for_all_slabs(__flush_cpu_slab
, cpu
);
2528 static struct notifier_block __cpuinitdata slab_notifier
=
2529 { &slab_cpuup_callback
, NULL
, 0 };
2533 void *__kmalloc_track_caller(size_t size
, gfp_t gfpflags
, void *caller
)
2535 struct kmem_cache
*s
= get_slab(size
, gfpflags
);
2540 return slab_alloc(s
, gfpflags
, -1, caller
);
2543 void *__kmalloc_node_track_caller(size_t size
, gfp_t gfpflags
,
2544 int node
, void *caller
)
2546 struct kmem_cache
*s
= get_slab(size
, gfpflags
);
2551 return slab_alloc(s
, gfpflags
, node
, caller
);
2554 #if defined(CONFIG_SYSFS) && defined(CONFIG_SLUB_DEBUG)
2555 static int validate_slab(struct kmem_cache
*s
, struct page
*page
)
2558 void *addr
= page_address(page
);
2559 DECLARE_BITMAP(map
, s
->objects
);
2561 if (!check_slab(s
, page
) ||
2562 !on_freelist(s
, page
, NULL
))
2565 /* Now we know that a valid freelist exists */
2566 bitmap_zero(map
, s
->objects
);
2568 for_each_free_object(p
, s
, page
->freelist
) {
2569 set_bit(slab_index(p
, s
, addr
), map
);
2570 if (!check_object(s
, page
, p
, 0))
2574 for_each_object(p
, s
, addr
)
2575 if (!test_bit(slab_index(p
, s
, addr
), map
))
2576 if (!check_object(s
, page
, p
, 1))
2581 static void validate_slab_slab(struct kmem_cache
*s
, struct page
*page
)
2583 if (slab_trylock(page
)) {
2584 validate_slab(s
, page
);
2587 printk(KERN_INFO
"SLUB %s: Skipped busy slab 0x%p\n",
2590 if (s
->flags
& DEBUG_DEFAULT_FLAGS
) {
2591 if (!SlabDebug(page
))
2592 printk(KERN_ERR
"SLUB %s: SlabDebug not set "
2593 "on slab 0x%p\n", s
->name
, page
);
2595 if (SlabDebug(page
))
2596 printk(KERN_ERR
"SLUB %s: SlabDebug set on "
2597 "slab 0x%p\n", s
->name
, page
);
2601 static int validate_slab_node(struct kmem_cache
*s
, struct kmem_cache_node
*n
)
2603 unsigned long count
= 0;
2605 unsigned long flags
;
2607 spin_lock_irqsave(&n
->list_lock
, flags
);
2609 list_for_each_entry(page
, &n
->partial
, lru
) {
2610 validate_slab_slab(s
, page
);
2613 if (count
!= n
->nr_partial
)
2614 printk(KERN_ERR
"SLUB %s: %ld partial slabs counted but "
2615 "counter=%ld\n", s
->name
, count
, n
->nr_partial
);
2617 if (!(s
->flags
& SLAB_STORE_USER
))
2620 list_for_each_entry(page
, &n
->full
, lru
) {
2621 validate_slab_slab(s
, page
);
2624 if (count
!= atomic_long_read(&n
->nr_slabs
))
2625 printk(KERN_ERR
"SLUB: %s %ld slabs counted but "
2626 "counter=%ld\n", s
->name
, count
,
2627 atomic_long_read(&n
->nr_slabs
));
2630 spin_unlock_irqrestore(&n
->list_lock
, flags
);
2634 static unsigned long validate_slab_cache(struct kmem_cache
*s
)
2637 unsigned long count
= 0;
2640 for_each_online_node(node
) {
2641 struct kmem_cache_node
*n
= get_node(s
, node
);
2643 count
+= validate_slab_node(s
, n
);
2648 #ifdef SLUB_RESILIENCY_TEST
2649 static void resiliency_test(void)
2653 printk(KERN_ERR
"SLUB resiliency testing\n");
2654 printk(KERN_ERR
"-----------------------\n");
2655 printk(KERN_ERR
"A. Corruption after allocation\n");
2657 p
= kzalloc(16, GFP_KERNEL
);
2659 printk(KERN_ERR
"\n1. kmalloc-16: Clobber Redzone/next pointer"
2660 " 0x12->0x%p\n\n", p
+ 16);
2662 validate_slab_cache(kmalloc_caches
+ 4);
2664 /* Hmmm... The next two are dangerous */
2665 p
= kzalloc(32, GFP_KERNEL
);
2666 p
[32 + sizeof(void *)] = 0x34;
2667 printk(KERN_ERR
"\n2. kmalloc-32: Clobber next pointer/next slab"
2668 " 0x34 -> -0x%p\n", p
);
2669 printk(KERN_ERR
"If allocated object is overwritten then not detectable\n\n");
2671 validate_slab_cache(kmalloc_caches
+ 5);
2672 p
= kzalloc(64, GFP_KERNEL
);
2673 p
+= 64 + (get_cycles() & 0xff) * sizeof(void *);
2675 printk(KERN_ERR
"\n3. kmalloc-64: corrupting random byte 0x56->0x%p\n",
2677 printk(KERN_ERR
"If allocated object is overwritten then not detectable\n\n");
2678 validate_slab_cache(kmalloc_caches
+ 6);
2680 printk(KERN_ERR
"\nB. Corruption after free\n");
2681 p
= kzalloc(128, GFP_KERNEL
);
2684 printk(KERN_ERR
"1. kmalloc-128: Clobber first word 0x78->0x%p\n\n", p
);
2685 validate_slab_cache(kmalloc_caches
+ 7);
2687 p
= kzalloc(256, GFP_KERNEL
);
2690 printk(KERN_ERR
"\n2. kmalloc-256: Clobber 50th byte 0x9a->0x%p\n\n", p
);
2691 validate_slab_cache(kmalloc_caches
+ 8);
2693 p
= kzalloc(512, GFP_KERNEL
);
2696 printk(KERN_ERR
"\n3. kmalloc-512: Clobber redzone 0xab->0x%p\n\n", p
);
2697 validate_slab_cache(kmalloc_caches
+ 9);
2700 static void resiliency_test(void) {};
2704 * Generate lists of code addresses where slabcache objects are allocated
2709 unsigned long count
;
2722 unsigned long count
;
2723 struct location
*loc
;
2726 static void free_loc_track(struct loc_track
*t
)
2729 free_pages((unsigned long)t
->loc
,
2730 get_order(sizeof(struct location
) * t
->max
));
2733 static int alloc_loc_track(struct loc_track
*t
, unsigned long max
)
2739 max
= PAGE_SIZE
/ sizeof(struct location
);
2741 order
= get_order(sizeof(struct location
) * max
);
2743 l
= (void *)__get_free_pages(GFP_KERNEL
, order
);
2749 memcpy(l
, t
->loc
, sizeof(struct location
) * t
->count
);
2757 static int add_location(struct loc_track
*t
, struct kmem_cache
*s
,
2758 const struct track
*track
)
2760 long start
, end
, pos
;
2763 unsigned long age
= jiffies
- track
->when
;
2769 pos
= start
+ (end
- start
+ 1) / 2;
2772 * There is nothing at "end". If we end up there
2773 * we need to add something to before end.
2778 caddr
= t
->loc
[pos
].addr
;
2779 if (track
->addr
== caddr
) {
2785 if (age
< l
->min_time
)
2787 if (age
> l
->max_time
)
2790 if (track
->pid
< l
->min_pid
)
2791 l
->min_pid
= track
->pid
;
2792 if (track
->pid
> l
->max_pid
)
2793 l
->max_pid
= track
->pid
;
2795 cpu_set(track
->cpu
, l
->cpus
);
2797 node_set(page_to_nid(virt_to_page(track
)), l
->nodes
);
2801 if (track
->addr
< caddr
)
2808 * Not found. Insert new tracking element.
2810 if (t
->count
>= t
->max
&& !alloc_loc_track(t
, 2 * t
->max
))
2816 (t
->count
- pos
) * sizeof(struct location
));
2819 l
->addr
= track
->addr
;
2823 l
->min_pid
= track
->pid
;
2824 l
->max_pid
= track
->pid
;
2825 cpus_clear(l
->cpus
);
2826 cpu_set(track
->cpu
, l
->cpus
);
2827 nodes_clear(l
->nodes
);
2828 node_set(page_to_nid(virt_to_page(track
)), l
->nodes
);
2832 static void process_slab(struct loc_track
*t
, struct kmem_cache
*s
,
2833 struct page
*page
, enum track_item alloc
)
2835 void *addr
= page_address(page
);
2836 DECLARE_BITMAP(map
, s
->objects
);
2839 bitmap_zero(map
, s
->objects
);
2840 for_each_free_object(p
, s
, page
->freelist
)
2841 set_bit(slab_index(p
, s
, addr
), map
);
2843 for_each_object(p
, s
, addr
)
2844 if (!test_bit(slab_index(p
, s
, addr
), map
))
2845 add_location(t
, s
, get_track(s
, p
, alloc
));
2848 static int list_locations(struct kmem_cache
*s
, char *buf
,
2849 enum track_item alloc
)
2859 /* Push back cpu slabs */
2862 for_each_online_node(node
) {
2863 struct kmem_cache_node
*n
= get_node(s
, node
);
2864 unsigned long flags
;
2867 if (!atomic_read(&n
->nr_slabs
))
2870 spin_lock_irqsave(&n
->list_lock
, flags
);
2871 list_for_each_entry(page
, &n
->partial
, lru
)
2872 process_slab(&t
, s
, page
, alloc
);
2873 list_for_each_entry(page
, &n
->full
, lru
)
2874 process_slab(&t
, s
, page
, alloc
);
2875 spin_unlock_irqrestore(&n
->list_lock
, flags
);
2878 for (i
= 0; i
< t
.count
; i
++) {
2879 struct location
*l
= &t
.loc
[i
];
2881 if (n
> PAGE_SIZE
- 100)
2883 n
+= sprintf(buf
+ n
, "%7ld ", l
->count
);
2886 n
+= sprint_symbol(buf
+ n
, (unsigned long)l
->addr
);
2888 n
+= sprintf(buf
+ n
, "<not-available>");
2890 if (l
->sum_time
!= l
->min_time
) {
2891 unsigned long remainder
;
2893 n
+= sprintf(buf
+ n
, " age=%ld/%ld/%ld",
2895 div_long_long_rem(l
->sum_time
, l
->count
, &remainder
),
2898 n
+= sprintf(buf
+ n
, " age=%ld",
2901 if (l
->min_pid
!= l
->max_pid
)
2902 n
+= sprintf(buf
+ n
, " pid=%ld-%ld",
2903 l
->min_pid
, l
->max_pid
);
2905 n
+= sprintf(buf
+ n
, " pid=%ld",
2908 if (num_online_cpus() > 1 && !cpus_empty(l
->cpus
)) {
2909 n
+= sprintf(buf
+ n
, " cpus=");
2910 n
+= cpulist_scnprintf(buf
+ n
, PAGE_SIZE
- n
- 50,
2914 if (num_online_nodes() > 1 && !nodes_empty(l
->nodes
)) {
2915 n
+= sprintf(buf
+ n
, " nodes=");
2916 n
+= nodelist_scnprintf(buf
+ n
, PAGE_SIZE
- n
- 50,
2920 n
+= sprintf(buf
+ n
, "\n");
2925 n
+= sprintf(buf
, "No data\n");
2929 static unsigned long count_partial(struct kmem_cache_node
*n
)
2931 unsigned long flags
;
2932 unsigned long x
= 0;
2935 spin_lock_irqsave(&n
->list_lock
, flags
);
2936 list_for_each_entry(page
, &n
->partial
, lru
)
2938 spin_unlock_irqrestore(&n
->list_lock
, flags
);
2942 enum slab_stat_type
{
2949 #define SO_FULL (1 << SL_FULL)
2950 #define SO_PARTIAL (1 << SL_PARTIAL)
2951 #define SO_CPU (1 << SL_CPU)
2952 #define SO_OBJECTS (1 << SL_OBJECTS)
2954 static unsigned long slab_objects(struct kmem_cache
*s
,
2955 char *buf
, unsigned long flags
)
2957 unsigned long total
= 0;
2961 unsigned long *nodes
;
2962 unsigned long *per_cpu
;
2964 nodes
= kzalloc(2 * sizeof(unsigned long) * nr_node_ids
, GFP_KERNEL
);
2965 per_cpu
= nodes
+ nr_node_ids
;
2967 for_each_possible_cpu(cpu
) {
2968 struct page
*page
= s
->cpu_slab
[cpu
];
2972 node
= page_to_nid(page
);
2973 if (flags
& SO_CPU
) {
2976 if (flags
& SO_OBJECTS
)
2987 for_each_online_node(node
) {
2988 struct kmem_cache_node
*n
= get_node(s
, node
);
2990 if (flags
& SO_PARTIAL
) {
2991 if (flags
& SO_OBJECTS
)
2992 x
= count_partial(n
);
2999 if (flags
& SO_FULL
) {
3000 int full_slabs
= atomic_read(&n
->nr_slabs
)
3004 if (flags
& SO_OBJECTS
)
3005 x
= full_slabs
* s
->objects
;
3013 x
= sprintf(buf
, "%lu", total
);
3015 for_each_online_node(node
)
3017 x
+= sprintf(buf
+ x
, " N%d=%lu",
3021 return x
+ sprintf(buf
+ x
, "\n");
3024 static int any_slab_objects(struct kmem_cache
*s
)
3029 for_each_possible_cpu(cpu
)
3030 if (s
->cpu_slab
[cpu
])
3033 for_each_node(node
) {
3034 struct kmem_cache_node
*n
= get_node(s
, node
);
3036 if (n
->nr_partial
|| atomic_read(&n
->nr_slabs
))
3042 #define to_slab_attr(n) container_of(n, struct slab_attribute, attr)
3043 #define to_slab(n) container_of(n, struct kmem_cache, kobj);
3045 struct slab_attribute
{
3046 struct attribute attr
;
3047 ssize_t (*show
)(struct kmem_cache
*s
, char *buf
);
3048 ssize_t (*store
)(struct kmem_cache
*s
, const char *x
, size_t count
);
3051 #define SLAB_ATTR_RO(_name) \
3052 static struct slab_attribute _name##_attr = __ATTR_RO(_name)
3054 #define SLAB_ATTR(_name) \
3055 static struct slab_attribute _name##_attr = \
3056 __ATTR(_name, 0644, _name##_show, _name##_store)
3058 static ssize_t
slab_size_show(struct kmem_cache
*s
, char *buf
)
3060 return sprintf(buf
, "%d\n", s
->size
);
3062 SLAB_ATTR_RO(slab_size
);
3064 static ssize_t
align_show(struct kmem_cache
*s
, char *buf
)
3066 return sprintf(buf
, "%d\n", s
->align
);
3068 SLAB_ATTR_RO(align
);
3070 static ssize_t
object_size_show(struct kmem_cache
*s
, char *buf
)
3072 return sprintf(buf
, "%d\n", s
->objsize
);
3074 SLAB_ATTR_RO(object_size
);
3076 static ssize_t
objs_per_slab_show(struct kmem_cache
*s
, char *buf
)
3078 return sprintf(buf
, "%d\n", s
->objects
);
3080 SLAB_ATTR_RO(objs_per_slab
);
3082 static ssize_t
order_show(struct kmem_cache
*s
, char *buf
)
3084 return sprintf(buf
, "%d\n", s
->order
);
3086 SLAB_ATTR_RO(order
);
3088 static ssize_t
ctor_show(struct kmem_cache
*s
, char *buf
)
3091 int n
= sprint_symbol(buf
, (unsigned long)s
->ctor
);
3093 return n
+ sprintf(buf
+ n
, "\n");
3099 static ssize_t
dtor_show(struct kmem_cache
*s
, char *buf
)
3102 int n
= sprint_symbol(buf
, (unsigned long)s
->dtor
);
3104 return n
+ sprintf(buf
+ n
, "\n");
3110 static ssize_t
aliases_show(struct kmem_cache
*s
, char *buf
)
3112 return sprintf(buf
, "%d\n", s
->refcount
- 1);
3114 SLAB_ATTR_RO(aliases
);
3116 static ssize_t
slabs_show(struct kmem_cache
*s
, char *buf
)
3118 return slab_objects(s
, buf
, SO_FULL
|SO_PARTIAL
|SO_CPU
);
3120 SLAB_ATTR_RO(slabs
);
3122 static ssize_t
partial_show(struct kmem_cache
*s
, char *buf
)
3124 return slab_objects(s
, buf
, SO_PARTIAL
);
3126 SLAB_ATTR_RO(partial
);
3128 static ssize_t
cpu_slabs_show(struct kmem_cache
*s
, char *buf
)
3130 return slab_objects(s
, buf
, SO_CPU
);
3132 SLAB_ATTR_RO(cpu_slabs
);
3134 static ssize_t
objects_show(struct kmem_cache
*s
, char *buf
)
3136 return slab_objects(s
, buf
, SO_FULL
|SO_PARTIAL
|SO_CPU
|SO_OBJECTS
);
3138 SLAB_ATTR_RO(objects
);
3140 static ssize_t
sanity_checks_show(struct kmem_cache
*s
, char *buf
)
3142 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_DEBUG_FREE
));
3145 static ssize_t
sanity_checks_store(struct kmem_cache
*s
,
3146 const char *buf
, size_t length
)
3148 s
->flags
&= ~SLAB_DEBUG_FREE
;
3150 s
->flags
|= SLAB_DEBUG_FREE
;
3153 SLAB_ATTR(sanity_checks
);
3155 static ssize_t
trace_show(struct kmem_cache
*s
, char *buf
)
3157 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_TRACE
));
3160 static ssize_t
trace_store(struct kmem_cache
*s
, const char *buf
,
3163 s
->flags
&= ~SLAB_TRACE
;
3165 s
->flags
|= SLAB_TRACE
;
3170 static ssize_t
reclaim_account_show(struct kmem_cache
*s
, char *buf
)
3172 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_RECLAIM_ACCOUNT
));
3175 static ssize_t
reclaim_account_store(struct kmem_cache
*s
,
3176 const char *buf
, size_t length
)
3178 s
->flags
&= ~SLAB_RECLAIM_ACCOUNT
;
3180 s
->flags
|= SLAB_RECLAIM_ACCOUNT
;
3183 SLAB_ATTR(reclaim_account
);
3185 static ssize_t
hwcache_align_show(struct kmem_cache
*s
, char *buf
)
3187 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_HWCACHE_ALIGN
));
3189 SLAB_ATTR_RO(hwcache_align
);
3191 #ifdef CONFIG_ZONE_DMA
3192 static ssize_t
cache_dma_show(struct kmem_cache
*s
, char *buf
)
3194 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_CACHE_DMA
));
3196 SLAB_ATTR_RO(cache_dma
);
3199 static ssize_t
destroy_by_rcu_show(struct kmem_cache
*s
, char *buf
)
3201 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_DESTROY_BY_RCU
));
3203 SLAB_ATTR_RO(destroy_by_rcu
);
3205 static ssize_t
red_zone_show(struct kmem_cache
*s
, char *buf
)
3207 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_RED_ZONE
));
3210 static ssize_t
red_zone_store(struct kmem_cache
*s
,
3211 const char *buf
, size_t length
)
3213 if (any_slab_objects(s
))
3216 s
->flags
&= ~SLAB_RED_ZONE
;
3218 s
->flags
|= SLAB_RED_ZONE
;
3222 SLAB_ATTR(red_zone
);
3224 static ssize_t
poison_show(struct kmem_cache
*s
, char *buf
)
3226 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_POISON
));
3229 static ssize_t
poison_store(struct kmem_cache
*s
,
3230 const char *buf
, size_t length
)
3232 if (any_slab_objects(s
))
3235 s
->flags
&= ~SLAB_POISON
;
3237 s
->flags
|= SLAB_POISON
;
3243 static ssize_t
store_user_show(struct kmem_cache
*s
, char *buf
)
3245 return sprintf(buf
, "%d\n", !!(s
->flags
& SLAB_STORE_USER
));
3248 static ssize_t
store_user_store(struct kmem_cache
*s
,
3249 const char *buf
, size_t length
)
3251 if (any_slab_objects(s
))
3254 s
->flags
&= ~SLAB_STORE_USER
;
3256 s
->flags
|= SLAB_STORE_USER
;
3260 SLAB_ATTR(store_user
);
3262 static ssize_t
validate_show(struct kmem_cache
*s
, char *buf
)
3267 static ssize_t
validate_store(struct kmem_cache
*s
,
3268 const char *buf
, size_t length
)
3271 validate_slab_cache(s
);
3276 SLAB_ATTR(validate
);
3278 static ssize_t
shrink_show(struct kmem_cache
*s
, char *buf
)
3283 static ssize_t
shrink_store(struct kmem_cache
*s
,
3284 const char *buf
, size_t length
)
3286 if (buf
[0] == '1') {
3287 int rc
= kmem_cache_shrink(s
);
3297 static ssize_t
alloc_calls_show(struct kmem_cache
*s
, char *buf
)
3299 if (!(s
->flags
& SLAB_STORE_USER
))
3301 return list_locations(s
, buf
, TRACK_ALLOC
);
3303 SLAB_ATTR_RO(alloc_calls
);
3305 static ssize_t
free_calls_show(struct kmem_cache
*s
, char *buf
)
3307 if (!(s
->flags
& SLAB_STORE_USER
))
3309 return list_locations(s
, buf
, TRACK_FREE
);
3311 SLAB_ATTR_RO(free_calls
);
3314 static ssize_t
defrag_ratio_show(struct kmem_cache
*s
, char *buf
)
3316 return sprintf(buf
, "%d\n", s
->defrag_ratio
/ 10);
3319 static ssize_t
defrag_ratio_store(struct kmem_cache
*s
,
3320 const char *buf
, size_t length
)
3322 int n
= simple_strtoul(buf
, NULL
, 10);
3325 s
->defrag_ratio
= n
* 10;
3328 SLAB_ATTR(defrag_ratio
);
3331 static struct attribute
* slab_attrs
[] = {
3332 &slab_size_attr
.attr
,
3333 &object_size_attr
.attr
,
3334 &objs_per_slab_attr
.attr
,
3339 &cpu_slabs_attr
.attr
,
3344 &sanity_checks_attr
.attr
,
3346 &hwcache_align_attr
.attr
,
3347 &reclaim_account_attr
.attr
,
3348 &destroy_by_rcu_attr
.attr
,
3349 &red_zone_attr
.attr
,
3351 &store_user_attr
.attr
,
3352 &validate_attr
.attr
,
3354 &alloc_calls_attr
.attr
,
3355 &free_calls_attr
.attr
,
3356 #ifdef CONFIG_ZONE_DMA
3357 &cache_dma_attr
.attr
,
3360 &defrag_ratio_attr
.attr
,
3365 static struct attribute_group slab_attr_group
= {
3366 .attrs
= slab_attrs
,
3369 static ssize_t
slab_attr_show(struct kobject
*kobj
,
3370 struct attribute
*attr
,
3373 struct slab_attribute
*attribute
;
3374 struct kmem_cache
*s
;
3377 attribute
= to_slab_attr(attr
);
3380 if (!attribute
->show
)
3383 err
= attribute
->show(s
, buf
);
3388 static ssize_t
slab_attr_store(struct kobject
*kobj
,
3389 struct attribute
*attr
,
3390 const char *buf
, size_t len
)
3392 struct slab_attribute
*attribute
;
3393 struct kmem_cache
*s
;
3396 attribute
= to_slab_attr(attr
);
3399 if (!attribute
->store
)
3402 err
= attribute
->store(s
, buf
, len
);
3407 static struct sysfs_ops slab_sysfs_ops
= {
3408 .show
= slab_attr_show
,
3409 .store
= slab_attr_store
,
3412 static struct kobj_type slab_ktype
= {
3413 .sysfs_ops
= &slab_sysfs_ops
,
3416 static int uevent_filter(struct kset
*kset
, struct kobject
*kobj
)
3418 struct kobj_type
*ktype
= get_ktype(kobj
);
3420 if (ktype
== &slab_ktype
)
3425 static struct kset_uevent_ops slab_uevent_ops
= {
3426 .filter
= uevent_filter
,
3429 decl_subsys(slab
, &slab_ktype
, &slab_uevent_ops
);
3431 #define ID_STR_LENGTH 64
3433 /* Create a unique string id for a slab cache:
3435 * :[flags-]size:[memory address of kmemcache]
3437 static char *create_unique_id(struct kmem_cache
*s
)
3439 char *name
= kmalloc(ID_STR_LENGTH
, GFP_KERNEL
);
3446 * First flags affecting slabcache operations. We will only
3447 * get here for aliasable slabs so we do not need to support
3448 * too many flags. The flags here must cover all flags that
3449 * are matched during merging to guarantee that the id is
3452 if (s
->flags
& SLAB_CACHE_DMA
)
3454 if (s
->flags
& SLAB_RECLAIM_ACCOUNT
)
3456 if (s
->flags
& SLAB_DEBUG_FREE
)
3460 p
+= sprintf(p
, "%07d", s
->size
);
3461 BUG_ON(p
> name
+ ID_STR_LENGTH
- 1);
3465 static int sysfs_slab_add(struct kmem_cache
*s
)
3471 if (slab_state
< SYSFS
)
3472 /* Defer until later */
3475 unmergeable
= slab_unmergeable(s
);
3478 * Slabcache can never be merged so we can use the name proper.
3479 * This is typically the case for debug situations. In that
3480 * case we can catch duplicate names easily.
3482 sysfs_remove_link(&slab_subsys
.kobj
, s
->name
);
3486 * Create a unique name for the slab as a target
3489 name
= create_unique_id(s
);
3492 kobj_set_kset_s(s
, slab_subsys
);
3493 kobject_set_name(&s
->kobj
, name
);
3494 kobject_init(&s
->kobj
);
3495 err
= kobject_add(&s
->kobj
);
3499 err
= sysfs_create_group(&s
->kobj
, &slab_attr_group
);
3502 kobject_uevent(&s
->kobj
, KOBJ_ADD
);
3504 /* Setup first alias */
3505 sysfs_slab_alias(s
, s
->name
);
3511 static void sysfs_slab_remove(struct kmem_cache
*s
)
3513 kobject_uevent(&s
->kobj
, KOBJ_REMOVE
);
3514 kobject_del(&s
->kobj
);
3518 * Need to buffer aliases during bootup until sysfs becomes
3519 * available lest we loose that information.
3521 struct saved_alias
{
3522 struct kmem_cache
*s
;
3524 struct saved_alias
*next
;
3527 struct saved_alias
*alias_list
;
3529 static int sysfs_slab_alias(struct kmem_cache
*s
, const char *name
)
3531 struct saved_alias
*al
;
3533 if (slab_state
== SYSFS
) {
3535 * If we have a leftover link then remove it.
3537 sysfs_remove_link(&slab_subsys
.kobj
, name
);
3538 return sysfs_create_link(&slab_subsys
.kobj
,
3542 al
= kmalloc(sizeof(struct saved_alias
), GFP_KERNEL
);
3548 al
->next
= alias_list
;
3553 static int __init
slab_sysfs_init(void)
3555 struct list_head
*h
;
3558 err
= subsystem_register(&slab_subsys
);
3560 printk(KERN_ERR
"Cannot register slab subsystem.\n");
3566 list_for_each(h
, &slab_caches
) {
3567 struct kmem_cache
*s
=
3568 container_of(h
, struct kmem_cache
, list
);
3570 err
= sysfs_slab_add(s
);
3574 while (alias_list
) {
3575 struct saved_alias
*al
= alias_list
;
3577 alias_list
= alias_list
->next
;
3578 err
= sysfs_slab_alias(al
->s
, al
->name
);
3587 __initcall(slab_sysfs_init
);