| blob | 82376fde2d98d9f98c70f0dfef72abf30363a54b |
1 /*-------------------------------------------------------------------------
2 *
3 * dsa.c
4 * Dynamic shared memory areas.
5 *
6 * This module provides dynamic shared memory areas which are built on top of
7 * DSM segments. While dsm.c allows segments of memory of shared memory to be
8 * created and shared between backends, it isn't designed to deal with small
9 * objects. A DSA area is a shared memory heap usually backed by one or more
10 * DSM segments which can allocate memory using dsa_allocate() and dsa_free().
11 * Alternatively, it can be created in pre-existing shared memory, including a
12 * DSM segment, and then create extra DSM segments as required. Unlike the
13 * regular system heap, it deals in pseudo-pointers which must be converted to
14 * backend-local pointers before they are dereferenced. These pseudo-pointers
15 * can however be shared with other backends, and can be used to construct
16 * shared data structures.
17 *
18 * Each DSA area manages a set of DSM segments, adding new segments as
19 * required and detaching them when they are no longer needed. Each segment
20 * contains a number of 4KB pages, a free page manager for tracking
21 * consecutive runs of free pages, and a page map for tracking the source of
22 * objects allocated on each page. Allocation requests above 8KB are handled
23 * by choosing a segment and finding consecutive free pages in its free page
24 * manager. Allocation requests for smaller sizes are handled using pools of
25 * objects of a selection of sizes. Each pool consists of a number of 16 page
26 * (64KB) superblocks allocated in the same way as large objects. Allocation
27 * of large objects and new superblocks is serialized by a single LWLock, but
28 * allocation of small objects from pre-existing superblocks uses one LWLock
29 * per pool. Currently there is one pool, and therefore one lock, per size
30 * class. Per-core pools to increase concurrency and strategies for reducing
31 * the resulting fragmentation are areas for future research. Each superblock
32 * is managed with a 'span', which tracks the superblock's freelist. Free
33 * requests are handled by looking in the page map to find which span an
34 * address was allocated from, so that small objects can be returned to the
35 * appropriate free list, and large object pages can be returned directly to
36 * the free page map. When allocating, simple heuristics for selecting
37 * segments and superblocks try to encourage occupied memory to be
38 * concentrated, increasing the likelihood that whole superblocks can become
39 * empty and be returned to the free page manager, and whole segments can
40 * become empty and be returned to the operating system.
41 *
42 * Portions Copyright (c) 1996-2022, PostgreSQL Global Development Group
43 * Portions Copyright (c) 1994, Regents of the University of California
44 *
45 * IDENTIFICATION
46 * src/backend/utils/mmgr/dsa.c
47 *
48 *-------------------------------------------------------------------------
49 */
63 /*
64 * The size of the initial DSM segment that backs a dsa_area created by
65 * dsa_create. After creating some number of segments of this size we'll
66 * double this size, and so on. Larger segments may be created if necessary
67 * to satisfy large requests.
68 */
69 #define DSA_INITIAL_SEGMENT_SIZE ((size_t) (1 * 1024 * 1024))
71 /*
72 * How many segments to create before we double the segment size. If this is
73 * low, then there is likely to be a lot of wasted space in the largest
74 * segment. If it is high, then we risk running out of segment slots (see
75 * dsm.c's limits on total number of segments), or limiting the total size
76 * an area can manage when using small pointers.
77 */
78 #define DSA_NUM_SEGMENTS_AT_EACH_SIZE 2
80 /*
81 * The number of bits used to represent the offset part of a dsa_pointer.
82 * This controls the maximum size of a segment, the maximum possible
83 * allocation size and also the maximum number of segments per area.
84 */
85 #if SIZEOF_DSA_POINTER == 4
87 #else
89 #endif
91 /*
92 * The maximum number of DSM segments that an area can own, determined by
93 * the number of bits remaining (but capped at 1024).
94 */
95 #define DSA_MAX_SEGMENTS \
96 Min(1024, (1 << ((SIZEOF_DSA_POINTER * 8) - DSA_OFFSET_WIDTH)))
98 /* The bitmask for extracting the offset from a dsa_pointer. */
99 #define DSA_OFFSET_BITMASK (((dsa_pointer) 1 << DSA_OFFSET_WIDTH) - 1)
101 /* The maximum size of a DSM segment. */
102 #define DSA_MAX_SEGMENT_SIZE ((size_t) 1 << DSA_OFFSET_WIDTH)
104 /* Number of pages (see FPM_PAGE_SIZE) per regular superblock. */
105 #define DSA_PAGES_PER_SUPERBLOCK 16
107 /*
108 * A magic number used as a sanity check for following DSM segments belonging
109 * to a DSA area (this number will be XORed with the area handle and
110 * the segment index).
111 */
112 #define DSA_SEGMENT_HEADER_MAGIC 0x0ce26608
114 /* Build a dsa_pointer given a segment number and offset. */
115 #define DSA_MAKE_POINTER(segment_number, offset) \
116 (((dsa_pointer) (segment_number) << DSA_OFFSET_WIDTH) | (offset))
118 /* Extract the segment number from a dsa_pointer. */
119 #define DSA_EXTRACT_SEGMENT_NUMBER(dp) ((dp) >> DSA_OFFSET_WIDTH)
121 /* Extract the offset from a dsa_pointer. */
122 #define DSA_EXTRACT_OFFSET(dp) ((dp) & DSA_OFFSET_BITMASK)
124 /* The type used for index segment indexes (zero based). */
127 /* Sentinel value for dsa_segment_index indicating 'none' or 'end'. */
128 #define DSA_SEGMENT_INDEX_NONE (~(dsa_segment_index)0)
130 /*
131 * How many bins of segments do we have? The bins are used to categorize
132 * segments by their largest contiguous run of free pages.
133 */
134 #define DSA_NUM_SEGMENT_BINS 16
136 /*
137 * What is the lowest bin that holds segments that *might* have n contiguous
138 * free pages? There is no point in looking in segments in lower bins; they
139 * definitely can't service a request for n free pages.
140 */
143 {
148 else
152 }
154 /* Macros for access to locks. */
155 #define DSA_AREA_LOCK(area) (&area->control->lock)
156 #define DSA_SCLASS_LOCK(area, sclass) (&area->control->pools[sclass].lock)
158 /*
159 * The header for an individual segment. This lives at the start of each DSM
160 * segment owned by a DSA area including the first segment (where it appears
161 * as part of the dsa_area_control struct).
162 */
164 {
165 /* Sanity check magic value. */
166 uint32 magic;
167 /* Total number of pages in this segment (excluding metadata area). */
169 /* Total size of this segment in bytes. */
172 /*
173 * Index of the segment that precedes this one in the same segment bin, or
174 * DSA_SEGMENT_INDEX_NONE if this is the first one.
175 */
176 dsa_segment_index prev;
178 /*
179 * Index of the segment that follows this one in the same segment bin, or
180 * DSA_SEGMENT_INDEX_NONE if this is the last one.
181 */
182 dsa_segment_index next;
183 /* The index of the bin that contains this segment. */
186 /*
187 * A flag raised to indicate that this segment is being returned to the
188 * operating system and has been unpinned.
189 */
193 /*
194 * Metadata for one superblock.
195 *
196 * For most blocks, span objects are stored out-of-line; that is, the span
197 * object is not stored within the block itself. But, as an exception, for a
198 * "span of spans", the span object is stored "inline". The allocation is
199 * always exactly one page, and the dsa_area_span object is located at
200 * the beginning of that page. The size class is DSA_SCLASS_BLOCK_OF_SPANS,
201 * and the remaining fields are used just as they would be in an ordinary
202 * block. We can't allocate spans out of ordinary superblocks because
203 * creating an ordinary superblock requires us to be able to allocate a span
204 * *first*. Doing it this way avoids that circularity.
205 */
207 {
221 /*
222 * Given a pointer to an object in a span, access the index of the next free
223 * object in the same span (ie in the span's freelist) as an L-value.
224 */
225 #define NextFreeObjectIndex(object) (* (uint16 *) (object))
227 /*
228 * Small allocations are handled by dividing a single block of memory into
229 * many small objects of equal size. The possible allocation sizes are
230 * defined by the following array. Larger size classes are spaced more widely
231 * than smaller size classes. We fudge the spacing for size classes >1kB to
232 * avoid space wastage: based on the knowledge that we plan to allocate 64kB
233 * blocks, we bump the maximum object size up to the largest multiple of
234 * 8 bytes that still lets us fit the same number of objects into one block.
235 *
236 * NB: Because of this fudging, if we were ever to use differently-sized blocks
237 * for small allocations, these size classes would need to be reworked to be
238 * optimal for the new size.
239 *
240 * NB: The optimal spacing for size classes, as well as the size of the blocks
241 * out of which small objects are allocated, is not a question that has one
242 * right answer. Some allocators (such as tcmalloc) use more closely-spaced
243 * size classes than we do here, while others (like aset.c) use more
244 * widely-spaced classes. Spacing the classes more closely avoids wasting
245 * memory within individual chunks, but also means a larger number of
246 * potentially-unfilled blocks.
247 */
258 };
259 #define DSA_NUM_SIZE_CLASSES lengthof(dsa_size_classes)
261 /* Special size classes. */
262 #define DSA_SCLASS_BLOCK_OF_SPANS 0
263 #define DSA_SCLASS_SPAN_LARGE 1
265 /*
266 * The following lookup table is used to map the size of small objects
267 * (less than 1kB) onto the corresponding size class. To use this table,
268 * round the size of the object up to the next multiple of 8 bytes, and then
269 * index into this array.
270 */
280 };
281 #define DSA_SIZE_CLASS_MAP_QUANTUM 8
283 /*
284 * Superblocks are binned by how full they are. Generally, each fullness
285 * class corresponds to one quartile, but the block being used for
286 * allocations is always at the head of the list for fullness class 1,
287 * regardless of how full it really is.
288 */
289 #define DSA_FULLNESS_CLASSES 4
291 /*
292 * A dsa_area_pool represents a set of objects of a given size class.
293 *
294 * Perhaps there should be multiple pools for the same size class for
295 * contention avoidance, but for now there is just one!
296 */
298 {
299 /* A lock protecting access to this pool. */
300 LWLock lock;
301 /* A set of linked lists of spans, arranged by fullness. */
303 /* Should we pad this out to a cacheline boundary? */
306 /*
307 * The control block for an area. This lives in shared memory, at the start of
308 * the first DSM segment controlled by this area.
309 */
311 {
312 /* The segment header for the first segment. */
313 dsa_segment_header segment_header;
314 /* The handle for this area. */
315 dsa_handle handle;
316 /* The handles of the segments owned by this area. */
318 /* Lists of segments, binned by maximum contiguous run of free pages. */
320 /* The object pools for each size class. */
322 /* The total size of all active segments. */
324 /* The maximum total size of backing storage we are allowed. */
326 /* Highest used segment index in the history of this area. */
327 dsa_segment_index high_segment_index;
328 /* The reference count for this area. */
330 /* A flag indicating that this area has been pinned. */
332 /* The number of times that segments have been freed. */
334 /* The LWLock tranche ID. */
336 /* The general lock (protects everything except object pools). */
337 LWLock lock;
340 /* Given a pointer to a pool, find a dsa_pointer. */
341 #define DsaAreaPoolToDsaPointer(area, p) \
342 DSA_MAKE_POINTER(0, (char *) p - (char *) area->control)
344 /*
345 * A dsa_segment_map is stored within the backend-private memory of each
346 * individual backend. It holds the base address of the segment within that
347 * backend, plus the addresses of key objects within the segment. Those
348 * could instead be derived from the base address but it's handy to have them
349 * around.
350 */
352 {
360 /*
361 * Per-backend state for a storage area. Backends obtain one of these by
362 * creating an area or attaching to an existing one using a handle. Each
363 * process that needs to use an area uses its own object to track where the
364 * segments are mapped.
365 */
366 struct dsa_area
367 {
368 /* Pointer to the control object in shared memory. */
371 /* Has the mapping been pinned? */
374 /*
375 * This backend's array of segment maps, ordered by segment index
376 * corresponding to control->segment_handles. Some of the area's segments
377 * may not be mapped in this backend yet, and some slots may have been
378 * freed and need to be detached; these operations happen on demand.
379 */
382 /* The highest segment index this backend has ever mapped. */
383 dsa_segment_index high_segment_index;
385 /* The last observed freed_segment_counter. */
387 };
389 #define DSA_SPAN_NOTHING_FREE ((uint16) -1)
390 #define DSA_SUPERBLOCK_SIZE (DSA_PAGES_PER_SUPERBLOCK * FPM_PAGE_SIZE)
392 /* Given a pointer to a segment_map, obtain a segment index number. */
393 #define get_segment_index(area, segment_map_ptr) \
394 (segment_map_ptr - &area->segment_maps[0])
398 uint16 size_class);
405 dsa_segment_index index);
415 dsm_handle control_handle,
418 dsa_handle handle);
422 /*
423 * Create a new shared area in a new DSM segment. Further DSM segments will
424 * be allocated as required to extend the available space.
425 *
426 * We can't allocate a LWLock tranche_id within this function, because tranche
427 * IDs are a scarce resource; there are only 64k available, using low numbers
428 * when possible matters, and we have no provision for recycling them. So,
429 * we require the caller to provide one.
430 */
431 dsa_area *
433 {
437 /*
438 * Create the DSM segment that will hold the shared control object and the
439 * first segment of usable space.
440 */
443 /*
444 * All segments backing this area are pinned, so that DSA can explicitly
445 * control their lifetime (otherwise a newly created segment belonging to
446 * this area might be freed when the only backend that happens to have it
447 * mapped in ends, corrupting the area).
448 */
451 /* Create a new DSA area with the control object in this segment. */
453 DSA_INITIAL_SEGMENT_SIZE,
454 tranche_id,
457 /* Clean up when the control segment detaches. */
462 }
464 /*
465 * Create a new shared area in an existing shared memory space, which may be
466 * either DSM or Postmaster-initialized memory. DSM segments will be
467 * allocated as required to extend the available space, though that can be
468 * prevented with dsa_set_size_limit(area, size) using the same size provided
469 * to dsa_create_in_place.
470 *
471 * Areas created in-place must eventually be released by the backend that
472 * created them and all backends that attach to them. This can be done
473 * explicitly with dsa_release_in_place, or, in the special case that 'place'
474 * happens to be in a pre-existing DSM segment, by passing in a pointer to the
475 * segment so that a detach hook can be registered with the containing DSM
476 * segment.
477 *
478 * See dsa_create() for a note about the tranche arguments.
479 */
480 dsa_area *
483 {
489 /*
490 * Clean up when the control segment detaches, if a containing DSM segment
491 * was provided.
492 */
498 }
500 /*
501 * Obtain a handle that can be passed to other processes so that they can
502 * attach to the given area. Cannot be called for areas created with
503 * dsa_create_in_place.
504 */
505 dsa_handle
507 {
510 }
512 /*
513 * Attach to an area given a handle generated (possibly in another process) by
514 * dsa_get_handle. The area must have been created with dsa_create (not
515 * dsa_create_in_place).
516 */
517 dsa_area *
519 {
523 /*
524 * An area handle is really a DSM segment handle for the first segment, so
525 * we go ahead and attach to that.
526 */
535 /* Clean up when the control segment detaches. */
540 }
542 /*
543 * Attach to an area that was created with dsa_create_in_place. The caller
544 * must somehow know the location in memory that was used when the area was
545 * created, though it may be mapped at a different virtual address in this
546 * process.
547 *
548 * See dsa_create_in_place for note about releasing in-place areas, and the
549 * optional 'segment' argument which can be provided to allow automatic
550 * release if the containing memory happens to be a DSM segment.
551 */
552 dsa_area *
554 {
559 /*
560 * Clean up when the control segment detaches, if a containing DSM segment
561 * was provided.
562 */
568 }
570 /*
571 * Release a DSA area that was produced by dsa_create_in_place or
572 * dsa_attach_in_place. The 'segment' argument is ignored but provides an
573 * interface suitable for on_dsm_detach, for the convenience of users who want
574 * to create a DSA segment inside an existing DSM segment and have it
575 * automatically released when the containing DSM segment is detached.
576 * 'place' should be the address of the place where the area was created.
577 *
578 * This callback is automatically registered for the DSM segment containing
579 * the control object of in-place areas when a segment is provided to
580 * dsa_create_in_place or dsa_attach_in_place, and also for all areas created
581 * with dsa_create.
582 */
583 void
585 {
587 }
589 /*
590 * Release a DSA area that was produced by dsa_create_in_place or
591 * dsa_attach_in_place. The 'code' argument is ignored but provides an
592 * interface suitable for on_shmem_exit or before_shmem_exit, for the
593 * convenience of users who want to create a DSA segment inside shared memory
594 * other than a DSM segment and have it automatically release at backend exit.
595 * 'place' should be the address of the place where the area was created.
596 */
597 void
599 {
601 }
603 /*
604 * Release a DSA area that was produced by dsa_create_in_place or
605 * dsa_attach_in_place. It is preferable to use one of the 'dsa_on_XXX'
606 * callbacks so that this is managed automatically, because failure to release
607 * an area created in-place leaks its segments permanently.
608 *
609 * This is also called automatically for areas produced by dsa_create or
610 * dsa_attach as an implementation detail.
611 */
612 void
614 {
623 {
625 {
626 dsm_handle handle;
631 }
632 }
634 }
636 /*
637 * Keep a DSA area attached until end of session or explicit detach.
638 *
639 * By default, areas are owned by the current resource owner, which means they
640 * are detached automatically when that scope ends.
641 */
642 void
644 {
653 }
655 /*
656 * Allocate memory in this storage area. The return value is a dsa_pointer
657 * that can be passed to other processes, and converted to a local pointer
658 * with dsa_get_address. 'flags' is a bitmap which should be constructed
659 * from the following values:
660 *
661 * DSA_ALLOC_HUGE allows allocations >= 1GB. Otherwise, such allocations
662 * will result in an ERROR.
663 *
664 * DSA_ALLOC_NO_OOM causes this function to return InvalidDsaPointer when
665 * no memory is available or a size limit established by dsa_set_size_limit
666 * would be exceeded. Otherwise, such allocations will result in an ERROR.
667 *
668 * DSA_ALLOC_ZERO causes the allocated memory to be zeroed. Otherwise, the
669 * contents of newly-allocated memory are indeterminate.
670 *
671 * These flags correspond to similarly named flags used by
672 * MemoryContextAllocExtended(). See also the macros dsa_allocate and
673 * dsa_allocate0 which expand to a call to this function with commonly used
674 * flags.
675 */
676 dsa_pointer
678 {
679 uint16 size_class;
680 dsa_pointer start_pointer;
682 dsa_pointer result;
686 /* Sanity check on huge individual allocation size. */
691 /*
692 * If bigger than the largest size class, just grab a run of pages from
693 * the free page manager, instead of allocating an object from a pool.
694 * There will still be a span, but it's a special class of span that
695 * manages this whole allocation and simply gives all pages back to the
696 * free page manager when dsa_free is called.
697 */
699 {
702 dsa_pointer span_pointer;
705 /* Obtain a span object. */
708 {
709 /* Raise error unless asked not to. */
715 size)));
717 }
721 /* Find a segment from which to allocate. */
726 {
727 /* Can't make any more segments: game over. */
731 /* Raise error unless asked not to. */
737 size)));
739 }
741 /*
742 * Ask the free page manager for a run of pages. This should always
743 * succeed, since both get_best_segment and make_new_segment should
744 * only return a non-NULL pointer if it actually contains enough
745 * contiguous freespace. If it does fail, something in our backend
746 * private state is out of whack, so use FATAL to kill the process.
747 */
756 /* Initialize span and pagemap. */
758 LW_EXCLUSIVE);
760 DSA_SCLASS_SPAN_LARGE);
764 /* Zero-initialize the memory if requested. */
769 }
771 /* Map allocation to a size class. */
773 {
776 /* For smaller sizes we have a lookup table... */
780 }
781 else
782 {
783 uint16 min;
784 uint16 max;
786 /* ... and for the rest we search by binary chop. */
791 {
797 else
799 }
802 }
806 /* Attempt to allocate an object from the appropriate pool. */
809 /* Check for failure to allocate. */
811 {
812 /* Raise error unless asked not to. */
819 }
821 /* Zero-initialize the memory if requested. */
826 }
828 /*
829 * Free memory obtained with dsa_allocate.
830 */
831 void
833 {
836 dsa_pointer span_pointer;
843 /* Make sure we don't have a stale segment in the slot 'dp' refers to. */
846 /* Locate the object, span and pool. */
856 /*
857 * Special case for large objects that live in a special span: we return
858 * those pages directly to the free page manager and free the span.
859 */
861 {
863 #ifdef CLOBBER_FREED_MEMORY
865 #endif
867 /* Give pages back to free page manager. */
873 /* Unlink span. */
875 LW_EXCLUSIVE);
878 /* Free the span object so it can be reused. */
881 }
883 #ifdef CLOBBER_FREED_MEMORY
885 #endif
889 /* Put the object on the span's freelist. */
897 /*
898 * See if the span needs to moved to a different fullness class, or be
899 * freed so its pages can be given back to the segment.
900 */
902 {
903 /*
904 * The block was completely full and is located in the
905 * highest-numbered fullness class, which is never scanned for free
906 * chunks. We must move it to the next-lower fullness class.
907 */
912 /*
913 * If this is the only span, and there is no active span, then we
914 * should probably move this span to fullness class 1. (Otherwise if
915 * you allocate exactly all the objects in the only span, it moves to
916 * class 3, then you free them all, it moves to 2, and then is given
917 * back, leaving no active span).
918 */
919 }
922 {
923 /*
924 * This entire block is free, and it's not the active block for this
925 * size class. Return the memory to the free page manager. We don't
926 * do this for the active block to prevent hysteresis: if we
927 * repeatedly allocate and free the only chunk in the active block, it
928 * will be very inefficient if we deallocate and reallocate the block
929 * every time.
930 */
932 }
935 }
937 /*
938 * Obtain a backend-local address for a dsa_pointer. 'dp' must point to
939 * memory allocated by the given area (possibly in another process) that
940 * hasn't yet been freed. This may cause a segment to be mapped into the
941 * current process if required, and may cause freed segments to be unmapped.
942 */
945 {
946 dsa_segment_index index;
949 /* Convert InvalidDsaPointer to NULL. */
953 /* Process any requests to detach from freed segments. */
956 /* Break the dsa_pointer into its components. */
961 /* Check if we need to cause this segment to be mapped in. */
963 {
964 /* Call for effect (we don't need the result). */
966 }
969 }
971 /*
972 * Pin this area, so that it will continue to exist even if all backends
973 * detach from it. In that case, the area can still be reattached to if a
974 * handle has been recorded somewhere.
975 */
976 void
978 {
981 {
984 }
988 }
990 /*
991 * Undo the effects of dsa_pin, so that the given area can be freed when no
992 * backends are attached to it. May be called only if dsa_pin has been
993 * called.
994 */
995 void
997 {
1001 {
1004 }
1008 }
1010 /*
1011 * Set the total size limit for this area. This limit is checked whenever new
1012 * segments need to be allocated from the operating system. If the new size
1013 * limit is already exceeded, this has no immediate effect.
1014 *
1015 * Note that the total virtual memory usage may be temporarily larger than
1016 * this limit when segments have been freed, but not yet detached by all
1017 * backends that have attached to them.
1018 */
1019 void
1021 {
1025 }
1027 /*
1028 * Aggressively free all spare memory in the hope of returning DSM segments to
1029 * the operating system.
1030 */
1031 void
1033 {
1036 /*
1037 * Trim in reverse pool order so we get to the spans-of-spans last, just
1038 * in case any become entirely free while processing all the other pools.
1039 */
1041 {
1043 dsa_pointer span_pointer;
1046 {
1047 /* Large object frees give back segments aggressively already. */
1049 }
1051 /*
1052 * Search fullness class 1 only. That is where we expect to find an
1053 * entirely empty superblock (entirely empty superblocks in other
1054 * fullness classes are returned to the free page map by dsa_free).
1055 */
1059 {
1067 }
1069 }
1070 }
1072 /*
1073 * Print out debugging information about the internal state of the shared
1074 * memory area.
1075 */
1076 void
1078 {
1080 j;
1082 /*
1083 * Note: This gives an inconsistent snapshot as it acquires and releases
1084 * individual locks as it goes...
1085 */
1098 {
1100 {
1101 dsa_segment_index segment_index;
1108 {
1111 segment_map =
1115 " segment index %zu, usable_pages = %zu, "
1117 segment_index,
1122 }
1123 }
1124 }
1129 {
1137 {
1142 else
1147 {
1150 else
1151 {
1156 {
1161 " span descriptor at "
1162 DSA_POINTER_FORMAT ", superblock at "
1163 DSA_POINTER_FORMAT
1168 }
1169 }
1170 }
1171 }
1173 }
1174 }
1176 /*
1177 * Return the smallest size that you can successfully provide to
1178 * dsa_create_in_place.
1179 */
1180 size_t
1182 {
1189 /* Figure out how many pages we need, including the page map... */
1191 {
1194 }
1197 }
1199 /*
1200 * Workhorse function for dsa_create and dsa_create_in_place.
1201 */
1205 dsm_handle control_handle,
1207 {
1216 /* Sanity check on the space we have to work in. */
1221 /* Now figure out how much space is usable */
1223 metadata_bytes =
1227 /* Add padding up to next page boundary. */
1233 /*
1234 * Initialize the dsa_area_control object located at the start of the
1235 * space.
1236 */
1255 /*
1256 * Create the dsa_area object that this backend will use to access the
1257 * area. Other backends will need to obtain their own dsa_area object by
1258 * attaching.
1259 */
1271 /* Set up the segment map for this process's mapping. */
1284 /* Set up the free page map. */
1286 /* There can be 0 usable pages if size is dsa_minimum_size(). */
1290 usable_pages);
1292 /* Put this segment into the appropriate bin. */
1297 }
1299 /*
1300 * Workhorse function for dsa_attach and dsa_attach_in_place.
1301 */
1304 {
1315 /* Build the backend-local area object. */
1323 /* Set up the segment map for this process's mapping. */
1334 /* Bump the reference count. */
1337 {
1338 /* We can't attach to a DSA area that has already been destroyed. */
1342 }
1348 }
1350 /*
1351 * Add a new span to fullness class 1 of the indicated pool.
1352 */
1353 static void
1355 dsa_pointer span_pointer,
1357 uint16 size_class)
1358 {
1362 /*
1363 * The per-pool lock must be held because we manipulate the span list for
1364 * this pool.
1365 */
1368 /* Push this span onto the front of the span list for fullness class 1. */
1370 {
1375 }
1386 {
1387 /*
1388 * A block-of-spans contains its own descriptor, so mark one object as
1389 * initialized and reduce the count of allocatable objects by one.
1390 * Doing this here has the side effect of also reducing nmax by one,
1391 * which is important to make sure we free this object at the correct
1392 * time.
1393 */
1396 }
1402 }
1404 /*
1405 * Transfer the first span in one fullness class to the head of another
1406 * fullness class.
1407 */
1408 static bool
1411 {
1412 dsa_pointer span_pointer;
1416 /* Can't do it if source list is empty. */
1421 /* Remove span from head of source list. */
1425 {
1429 }
1431 /* Add span to head of target list. */
1435 {
1439 }
1443 }
1445 /*
1446 * Allocate one object of the requested size class from the given area.
1447 */
1450 {
1453 dsa_pointer block;
1454 dsa_pointer result;
1458 /*
1459 * Even though ensure_active_superblock can in turn call alloc_object if
1460 * it needs to allocate a new span, that's always from a different pool,
1461 * and the order of lock acquisition is always the same, so it's OK that
1462 * we hold this lock for the duration of this function.
1463 */
1467 /*
1468 * If there's no active superblock, we must successfully obtain one or
1469 * fail the request.
1470 */
1473 {
1475 }
1476 else
1477 {
1478 /*
1479 * There should be a block in fullness class 1 at this point, and it
1480 * should never be completely full. Thus we can either pop an object
1481 * from the free list or, failing that, initialize a new object.
1482 */
1491 {
1495 }
1496 else
1497 {
1500 }
1503 /* If it's now full, move it to the highest-numbered fullness class. */
1506 }
1512 }
1514 /*
1515 * Ensure an active (i.e. fullness class 1) superblock, unless all existing
1516 * superblocks are completely full and no more can be allocated.
1517 *
1518 * Fullness classes K of 0..N are loosely intended to represent blocks whose
1519 * utilization percentage is at least K/N, but we only enforce this rigorously
1520 * for the highest-numbered fullness class, which always contains exactly
1521 * those blocks that are completely full. It's otherwise acceptable for a
1522 * block to be in a higher-numbered fullness class than the one to which it
1523 * logically belongs. In addition, the active block, which is always the
1524 * first block in fullness class 1, is permitted to have a higher allocation
1525 * percentage than would normally be allowable for that fullness class; we
1526 * don't move it until it's completely full, and then it goes to the
1527 * highest-numbered fullness class.
1528 *
1529 * It might seem odd that the active block is the head of fullness class 1
1530 * rather than fullness class 0, but experience with other allocators has
1531 * shown that it's usually better to allocate from a block that's moderately
1532 * full rather than one that's nearly empty. Insofar as is reasonably
1533 * possible, we want to avoid performing new allocations in a block that would
1534 * otherwise become empty soon.
1535 */
1536 static bool
1539 {
1540 dsa_pointer span_pointer;
1541 dsa_pointer start_pointer;
1552 /*
1553 * Compute the number of objects that will fit in a block of this size
1554 * class. Span-of-spans blocks are just a single page, and the first
1555 * object isn't available for use because it describes the block-of-spans
1556 * itself.
1557 */
1560 else
1563 /*
1564 * If fullness class 1 is empty, try to find a span to put in it by
1565 * scanning higher-numbered fullness classes (excluding the last one,
1566 * whose blocks are certain to all be completely full).
1567 */
1569 {
1573 {
1578 dsa_pointer next_span_pointer;
1584 /* Figure out what fullness class should contain this span. */
1588 /* Look up next span. */
1592 else
1595 /*
1596 * If utilization has dropped enough that this now belongs in some
1597 * other fullness class, move it there.
1598 */
1600 {
1601 /* Remove from the current fullness class list. */
1603 {
1604 /* It was the head; remove it. */
1609 }
1610 else
1611 {
1612 /* It was not the head. */
1617 }
1621 /* Push onto the head of the new fullness class list. */
1626 {
1630 }
1632 }
1634 /* Advance to next span on list. */
1636 }
1638 /* Stop now if we found a suitable block. */
1641 }
1643 /*
1644 * If there are no blocks that properly belong in fullness class 1, pick
1645 * one from some other fullness class and move it there anyway, so that we
1646 * have an allocation target. Our last choice is to transfer a block
1647 * that's almost empty (and might become completely empty soon if left
1648 * alone), but even that is better than failing, which is what we must do
1649 * if there are no blocks at all with freespace.
1650 */
1659 /*
1660 * We failed to find an existing span with free objects, so we need to
1661 * allocate a new superblock and construct a new span to manage it.
1662 *
1663 * First, get a dsa_area_span object to describe the new superblock block
1664 * ... unless this allocation is for a dsa_area_span object, in which case
1665 * that's surely not going to work. We handle that case by storing the
1666 * span describing a block-of-spans inline.
1667 */
1669 {
1674 }
1676 /* Find or create a segment and allocate the superblock. */
1680 {
1683 {
1686 }
1687 }
1689 /*
1690 * This shouldn't happen: get_best_segment() or make_new_segment()
1691 * promised that we can successfully allocate npages.
1692 */
1696 npages);
1699 /* Compute the start of the superblock. */
1700 start_pointer =
1704 /*
1705 * If this is a block-of-spans, carve the descriptor right out of the
1706 * allocated space.
1707 */
1709 {
1710 /*
1711 * We have a pointer into the segment. We need to build a dsa_pointer
1712 * from the segment index and offset into the segment.
1713 */
1715 }
1717 /* Initialize span and pagemap. */
1723 }
1725 /*
1726 * Return the segment map corresponding to a given segment index, mapping the
1727 * segment in if necessary. For internal segment book-keeping, this is called
1728 * with the area lock held. It is also called by dsa_free and dsa_get_address
1729 * without any locking, relying on the fact they have a known live segment
1730 * index and they always call check_for_freed_segments to ensures that any
1731 * freed segment occupying the same slot is detached first.
1732 */
1735 {
1737 {
1738 dsm_handle handle;
1742 /*
1743 * If we are reached by dsa_free or dsa_get_address, there must be at
1744 * least one object allocated in the referenced segment. Otherwise,
1745 * their caller has a double-free or access-after-free bug, which we
1746 * have no hope of detecting. So we know it's safe to access this
1747 * array slot without holding a lock; it won't change underneath us.
1748 * Furthermore, we know that we can see the latest contents of the
1749 * slot, as explained in check_for_freed_segments, which those
1750 * functions call before arriving here.
1751 */
1754 /* It's an error to try to access an unused slot. */
1777 /* Remember the highest index this backend has ever mapped. */
1783 }
1785 /*
1786 * Callers of dsa_get_address() and dsa_free() don't hold the area lock,
1787 * but it's a bug in the calling code and undefined behavior if the
1788 * address is not live (ie if the segment might possibly have been freed,
1789 * they're trying to use a dangling pointer).
1790 *
1791 * For dsa.c code that holds the area lock to manipulate segment_bins
1792 * lists, it would be a bug if we ever reach a freed segment here. After
1793 * it's marked as freed, the only thing any backend should do with it is
1794 * unmap it, and it should always have done that in
1795 * check_for_freed_segments_locked() before arriving here to resolve an
1796 * index to a segment_map.
1797 *
1798 * Either way we can assert that we aren't returning a freed segment.
1799 */
1803 }
1805 /*
1806 * Return a superblock to the free page manager. If the underlying segment
1807 * has become entirely free, then return it to the operating system.
1808 *
1809 * The appropriate pool lock must be held.
1810 */
1811 static void
1813 {
1819 /* Remove it from its fullness class list. */
1822 /*
1823 * Note: Here we acquire the area lock while we already hold a per-pool
1824 * lock. We never hold the area lock and then take a pool lock, or we
1825 * could deadlock.
1826 */
1829 segment_map =
1834 /* Check if the segment is now entirely free. */
1836 {
1839 /* If it's not the segment with extra control data, free it. */
1841 {
1842 /*
1843 * Give it back to the OS, and allow other backends to detect that
1844 * they need to detach.
1845 */
1859 }
1860 }
1863 /*
1864 * Span-of-spans blocks store the span which describes them within the
1865 * block itself, so freeing the storage implicitly frees the descriptor
1866 * also. If this is a block of any other type, we need to separately free
1867 * the span object also. This recursive call to dsa_free will acquire the
1868 * span pool's lock. We can't deadlock because the acquisition order is
1869 * always some other pool and then the span pool.
1870 */
1873 }
1875 static void
1877 {
1879 {
1883 }
1885 {
1889 }
1890 else
1891 {
1895 }
1896 }
1898 static void
1900 dsa_pointer span_pointer,
1902 {
1906 {
1911 }
1916 }
1918 /*
1919 * Detach from an area that was either created or attached to by this process.
1920 */
1921 void
1923 {
1926 /* Detach from all segments. */
1931 /*
1932 * Note that 'detaching' (= detaching from DSM segments) doesn't include
1933 * 'releasing' (= adjusting the reference count). It would be nice to
1934 * combine these operations, but client code might never get around to
1935 * calling dsa_detach because of an error path, and a detach hook on any
1936 * particular segment is too late to detach other segments in the area
1937 * without risking a 'leak' warning in the non-error path.
1938 */
1940 /* Free the backend-local area object. */
1942 }
1944 /*
1945 * Unlink a segment from the bin that contains it.
1946 */
1947 static void
1949 {
1951 {
1956 }
1957 else
1958 {
1963 }
1965 {
1970 }
1971 }
1973 /*
1974 * Find a segment that could satisfy a request for 'npages' of contiguous
1975 * memory, or return NULL if none can be found. This may involve attaching to
1976 * segments that weren't previously attached so that we can query their free
1977 * pages map.
1978 */
1981 {
1987 /*
1988 * Start searching from the first bin that *might* have enough contiguous
1989 * pages.
1990 */
1994 {
1995 /*
1996 * The minimum contiguous size that any segment in this bin should
1997 * have. We'll re-bin if we see segments with fewer.
1998 */
2000 dsa_segment_index segment_index;
2002 /* Search this bin for a segment with enough contiguous space. */
2005 {
2007 dsa_segment_index next_segment_index;
2014 /* Not enough for the request, still enough for this bin. */
2016 {
2019 }
2021 /* Re-bin it if it's no longer in the appropriate bin. */
2023 {
2028 /* Remove it from its current bin. */
2031 /* Push it onto the front of its new bin. */
2038 {
2045 }
2047 /*
2048 * But fall through to see if it's enough to satisfy this
2049 * request anyway....
2050 */
2051 }
2053 /* Check if we are done. */
2057 /* Continue searching the same bin. */
2059 }
2060 }
2062 /* Not found. */
2064 }
2066 /*
2067 * Create a new segment that can handle at least requested_pages. Returns
2068 * NULL if the requested total size limit or maximum allowed number of
2069 * segments would be exceeded.
2070 */
2073 {
2074 dsa_segment_index new_index;
2084 /* Find a segment slot that is not in use (linearly for now). */
2086 {
2089 }
2093 /*
2094 * If the total size limit is already exceeded, then we exit early and
2095 * avoid arithmetic wraparound in the unsigned expressions below.
2096 */
2101 /*
2102 * The size should be at least as big as requested, and at least big
2103 * enough to follow a geometric series that approximately doubles the
2104 * total storage each time we create a new segment. We use geometric
2105 * growth because the underlying DSM system isn't designed for large
2106 * numbers of segments (otherwise we might even consider just using one
2107 * DSM segment for each large allocation and for each superblock, and then
2108 * we wouldn't need to use FreePageManager).
2109 *
2110 * We decide on a total segment size first, so that we produce tidy
2111 * power-of-two sized segments. This is a good property to have if we
2112 * move to huge pages in the future. Then we work back to the number of
2113 * pages we can fit.
2114 */
2123 metadata_bytes =
2128 /* Add padding up to next page boundary. */
2136 /* See if that is enough... */
2138 {
2139 /*
2140 * We'll make an odd-sized segment, working forward from the requested
2141 * number of pages.
2142 */
2144 metadata_bytes =
2149 /* Add padding up to next page boundary. */
2154 /* Is that too large for dsa_pointer's addressing scheme? */
2158 /* Would that exceed the limit? */
2162 }
2164 /* Create the segment. */
2172 /* Store the handle in shared memory to be found by index. */
2175 /* Track the highest segment index in the history of the area. */
2178 /* Track the highest segment index this backend has ever mapped. */
2181 /* Track total size of all segments. */
2186 /* Build a segment map for this segment in this backend. */
2199 /* Set up the free page map. */
2202 usable_pages);
2204 /* Set up the segment header and put it in the appropriate bin. */
2216 {
2222 }
2225 }
2227 /*
2228 * Check if any segments have been freed by destroy_superblock, so we can
2229 * detach from them in this backend. This function is called by
2230 * dsa_get_address and dsa_free to make sure that a dsa_pointer they have
2231 * received can be resolved to the correct segment.
2232 *
2233 * The danger we want to defend against is that there could be an old segment
2234 * mapped into a given slot in this backend, and the dsa_pointer they have
2235 * might refer to some new segment in the same slot. So those functions must
2236 * be sure to process all instructions to detach from a freed segment that had
2237 * been generated by the time this process received the dsa_pointer, before
2238 * they call get_segment_by_index.
2239 */
2240 static void
2242 {
2245 /*
2246 * Any other process that has freed a segment has incremented
2247 * freed_segment_counter while holding an LWLock, and that must precede
2248 * any backend creating a new segment in the same slot while holding an
2249 * LWLock, and that must precede the creation of any dsa_pointer pointing
2250 * into the new segment which might reach us here, and the caller must
2251 * have sent the dsa_pointer to this process using appropriate memory
2252 * synchronization (some kind of locking or atomic primitive or system
2253 * call). So all we need to do on the reading side is ask for the load of
2254 * freed_segment_counter to follow the caller's load of the dsa_pointer it
2255 * has, and we can be sure to detect any segments that had been freed as
2256 * of the time that the dsa_pointer reached this process.
2257 */
2261 {
2262 /* Check all currently mapped segments to find what's been freed. */
2266 }
2267 }
2269 /*
2270 * Workhorse for check_for_freed_segments(), and also used directly in path
2271 * where the area lock is already held. This should be called after acquiring
2272 * the lock but before looking up any segment by index number, to make sure we
2273 * unmap any stale segments that might have previously had the same index as a
2274 * current segment.
2275 */
2276 static void
2278 {
2285 {
2287 {
2290 {
2295 }
2296 }
2298 }
2299 }