1 /*
2 * Slab allocator functions that are independent of the allocator strategy
3 *
4 * (C) 2012 Christoph Lameter <cl@linux.com>
5 */
6 #include <linux/slab.h>
7
8 #include <linux/mm.h>
9 #include <linux/poison.h>
10 #include <linux/interrupt.h>
11 #include <linux/memory.h>
12 #include <linux/compiler.h>
13 #include <linux/module.h>
14 #include <linux/cpu.h>
15 #include <linux/uaccess.h>
16 #include <linux/seq_file.h>
17 #include <linux/proc_fs.h>
18 #include <asm/cacheflush.h>
19 #include <asm/tlbflush.h>
20 #include <asm/page.h>
21 #include <linux/memcontrol.h>
22
23 #define CREATE_TRACE_POINTS
24 #include <trace/events/kmem.h>
25
26 #include "slab.h"
27
28 enum slab_state slab_state;
29 LIST_HEAD(slab_caches);
30 DEFINE_MUTEX(slab_mutex);
31 struct kmem_cache *kmem_cache;
32
33 /*
34 * Set of flags that will prevent slab merging
35 */
36 #define SLAB_NEVER_MERGE (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \
37 SLAB_TRACE | SLAB_DESTROY_BY_RCU | SLAB_NOLEAKTRACE | \
38 SLAB_FAILSLAB | SLAB_KASAN)
39
40 #define SLAB_MERGE_SAME (SLAB_RECLAIM_ACCOUNT | SLAB_CACHE_DMA | \
41 SLAB_NOTRACK | SLAB_ACCOUNT)
42
43 /*
44 * Merge control. If this is set then no merging of slab caches will occur.
45 * (Could be removed. This was introduced to pacify the merge skeptics.)
46 */
47 static int slab_nomerge;
48
setup_slab_nomerge(char * str)49 static int __init setup_slab_nomerge(char *str)
50 {
51 slab_nomerge = 1;
52 return 1;
53 }
54
55 #ifdef CONFIG_SLUB
56 __setup_param("slub_nomerge", slub_nomerge, setup_slab_nomerge, 0);
57 #endif
58
59 __setup("slab_nomerge", setup_slab_nomerge);
60
61 /*
62 * Determine the size of a slab object
63 */
kmem_cache_size(struct kmem_cache * s)64 unsigned int kmem_cache_size(struct kmem_cache *s)
65 {
66 return s->object_size;
67 }
68 EXPORT_SYMBOL(kmem_cache_size);
69
70 #ifdef CONFIG_DEBUG_VM
kmem_cache_sanity_check(const char * name,size_t size)71 static int kmem_cache_sanity_check(const char *name, size_t size)
72 {
73 struct kmem_cache *s = NULL;
74
75 if (!name || in_interrupt() || size < sizeof(void *) ||
76 size > KMALLOC_MAX_SIZE) {
77 pr_err("kmem_cache_create(%s) integrity check failed\n", name);
78 return -EINVAL;
79 }
80
81 list_for_each_entry(s, &slab_caches, list) {
82 char tmp;
83 int res;
84
85 /*
86 * This happens when the module gets unloaded and doesn't
87 * destroy its slab cache and no-one else reuses the vmalloc
88 * area of the module. Print a warning.
89 */
90 res = probe_kernel_address(s->name, tmp);
91 if (res) {
92 pr_err("Slab cache with size %d has lost its name\n",
93 s->object_size);
94 continue;
95 }
96 }
97
98 WARN_ON(strchr(name, ' ')); /* It confuses parsers */
99 return 0;
100 }
101 #else
kmem_cache_sanity_check(const char * name,size_t size)102 static inline int kmem_cache_sanity_check(const char *name, size_t size)
103 {
104 return 0;
105 }
106 #endif
107
__kmem_cache_free_bulk(struct kmem_cache * s,size_t nr,void ** p)108 void __kmem_cache_free_bulk(struct kmem_cache *s, size_t nr, void **p)
109 {
110 size_t i;
111
112 for (i = 0; i < nr; i++) {
113 if (s)
114 kmem_cache_free(s, p[i]);
115 else
116 kfree(p[i]);
117 }
118 }
119
__kmem_cache_alloc_bulk(struct kmem_cache * s,gfp_t flags,size_t nr,void ** p)120 int __kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t nr,
121 void **p)
122 {
123 size_t i;
124
125 for (i = 0; i < nr; i++) {
126 void *x = p[i] = kmem_cache_alloc(s, flags);
127 if (!x) {
128 __kmem_cache_free_bulk(s, i, p);
129 return 0;
130 }
131 }
132 return i;
133 }
134
135 #if defined(CONFIG_MEMCG) && !defined(CONFIG_SLOB)
slab_init_memcg_params(struct kmem_cache * s)136 void slab_init_memcg_params(struct kmem_cache *s)
137 {
138 s->memcg_params.is_root_cache = true;
139 INIT_LIST_HEAD(&s->memcg_params.list);
140 RCU_INIT_POINTER(s->memcg_params.memcg_caches, NULL);
141 }
142
init_memcg_params(struct kmem_cache * s,struct mem_cgroup * memcg,struct kmem_cache * root_cache)143 static int init_memcg_params(struct kmem_cache *s,
144 struct mem_cgroup *memcg, struct kmem_cache *root_cache)
145 {
146 struct memcg_cache_array *arr;
147
148 if (memcg) {
149 s->memcg_params.is_root_cache = false;
150 s->memcg_params.memcg = memcg;
151 s->memcg_params.root_cache = root_cache;
152 return 0;
153 }
154
155 slab_init_memcg_params(s);
156
157 if (!memcg_nr_cache_ids)
158 return 0;
159
160 arr = kzalloc(sizeof(struct memcg_cache_array) +
161 memcg_nr_cache_ids * sizeof(void *),
162 GFP_KERNEL);
163 if (!arr)
164 return -ENOMEM;
165
166 RCU_INIT_POINTER(s->memcg_params.memcg_caches, arr);
167 return 0;
168 }
169
destroy_memcg_params(struct kmem_cache * s)170 static void destroy_memcg_params(struct kmem_cache *s)
171 {
172 if (is_root_cache(s))
173 kfree(rcu_access_pointer(s->memcg_params.memcg_caches));
174 }
175
update_memcg_params(struct kmem_cache * s,int new_array_size)176 static int update_memcg_params(struct kmem_cache *s, int new_array_size)
177 {
178 struct memcg_cache_array *old, *new;
179
180 if (!is_root_cache(s))
181 return 0;
182
183 new = kzalloc(sizeof(struct memcg_cache_array) +
184 new_array_size * sizeof(void *), GFP_KERNEL);
185 if (!new)
186 return -ENOMEM;
187
188 old = rcu_dereference_protected(s->memcg_params.memcg_caches,
189 lockdep_is_held(&slab_mutex));
190 if (old)
191 memcpy(new->entries, old->entries,
192 memcg_nr_cache_ids * sizeof(void *));
193
194 rcu_assign_pointer(s->memcg_params.memcg_caches, new);
195 if (old)
196 kfree_rcu(old, rcu);
197 return 0;
198 }
199
memcg_update_all_caches(int num_memcgs)200 int memcg_update_all_caches(int num_memcgs)
201 {
202 struct kmem_cache *s;
203 int ret = 0;
204
205 mutex_lock(&slab_mutex);
206 list_for_each_entry(s, &slab_caches, list) {
207 ret = update_memcg_params(s, num_memcgs);
208 /*
209 * Instead of freeing the memory, we'll just leave the caches
210 * up to this point in an updated state.
211 */
212 if (ret)
213 break;
214 }
215 mutex_unlock(&slab_mutex);
216 return ret;
217 }
218 #else
init_memcg_params(struct kmem_cache * s,struct mem_cgroup * memcg,struct kmem_cache * root_cache)219 static inline int init_memcg_params(struct kmem_cache *s,
220 struct mem_cgroup *memcg, struct kmem_cache *root_cache)
221 {
222 return 0;
223 }
224
destroy_memcg_params(struct kmem_cache * s)225 static inline void destroy_memcg_params(struct kmem_cache *s)
226 {
227 }
228 #endif /* CONFIG_MEMCG && !CONFIG_SLOB */
229
230 /*
231 * Find a mergeable slab cache
232 */
slab_unmergeable(struct kmem_cache * s)233 int slab_unmergeable(struct kmem_cache *s)
234 {
235 if (slab_nomerge || (s->flags & SLAB_NEVER_MERGE))
236 return 1;
237
238 if (!is_root_cache(s))
239 return 1;
240
241 if (s->ctor)
242 return 1;
243
244 /*
245 * We may have set a slab to be unmergeable during bootstrap.
246 */
247 if (s->refcount < 0)
248 return 1;
249
250 return 0;
251 }
252
find_mergeable(size_t size,size_t align,unsigned long flags,const char * name,void (* ctor)(void *))253 struct kmem_cache *find_mergeable(size_t size, size_t align,
254 unsigned long flags, const char *name, void (*ctor)(void *))
255 {
256 struct kmem_cache *s;
257
258 if (slab_nomerge)
259 return NULL;
260
261 if (ctor)
262 return NULL;
263
264 size = ALIGN(size, sizeof(void *));
265 align = calculate_alignment(flags, align, size);
266 size = ALIGN(size, align);
267 flags = kmem_cache_flags(size, flags, name, NULL);
268
269 if (flags & SLAB_NEVER_MERGE)
270 return NULL;
271
272 list_for_each_entry_reverse(s, &slab_caches, list) {
273 if (slab_unmergeable(s))
274 continue;
275
276 if (size > s->size)
277 continue;
278
279 if ((flags & SLAB_MERGE_SAME) != (s->flags & SLAB_MERGE_SAME))
280 continue;
281 /*
282 * Check if alignment is compatible.
283 * Courtesy of Adrian Drzewiecki
284 */
285 if ((s->size & ~(align - 1)) != s->size)
286 continue;
287
288 if (s->size - size >= sizeof(void *))
289 continue;
290
291 if (IS_ENABLED(CONFIG_SLAB) && align &&
292 (align > s->align || s->align % align))
293 continue;
294
295 return s;
296 }
297 return NULL;
298 }
299
300 /*
301 * Figure out what the alignment of the objects will be given a set of
302 * flags, a user specified alignment and the size of the objects.
303 */
calculate_alignment(unsigned long flags,unsigned long align,unsigned long size)304 unsigned long calculate_alignment(unsigned long flags,
305 unsigned long align, unsigned long size)
306 {
307 /*
308 * If the user wants hardware cache aligned objects then follow that
309 * suggestion if the object is sufficiently large.
310 *
311 * The hardware cache alignment cannot override the specified
312 * alignment though. If that is greater then use it.
313 */
314 if (flags & SLAB_HWCACHE_ALIGN) {
315 unsigned long ralign = cache_line_size();
316 while (size <= ralign / 2)
317 ralign /= 2;
318 align = max(align, ralign);
319 }
320
321 if (align < ARCH_SLAB_MINALIGN)
322 align = ARCH_SLAB_MINALIGN;
323
324 return ALIGN(align, sizeof(void *));
325 }
326
create_cache(const char * name,size_t object_size,size_t size,size_t align,unsigned long flags,void (* ctor)(void *),struct mem_cgroup * memcg,struct kmem_cache * root_cache)327 static struct kmem_cache *create_cache(const char *name,
328 size_t object_size, size_t size, size_t align,
329 unsigned long flags, void (*ctor)(void *),
330 struct mem_cgroup *memcg, struct kmem_cache *root_cache)
331 {
332 struct kmem_cache *s;
333 int err;
334
335 err = -ENOMEM;
336 s = kmem_cache_zalloc(kmem_cache, GFP_KERNEL);
337 if (!s)
338 goto out;
339
340 s->name = name;
341 s->object_size = object_size;
342 s->size = size;
343 s->align = align;
344 s->ctor = ctor;
345
346 err = init_memcg_params(s, memcg, root_cache);
347 if (err)
348 goto out_free_cache;
349
350 err = __kmem_cache_create(s, flags);
351 if (err)
352 goto out_free_cache;
353
354 s->refcount = 1;
355 list_add(&s->list, &slab_caches);
356 out:
357 if (err)
358 return ERR_PTR(err);
359 return s;
360
361 out_free_cache:
362 destroy_memcg_params(s);
363 kmem_cache_free(kmem_cache, s);
364 goto out;
365 }
366
367 /*
368 * kmem_cache_create - Create a cache.
369 * @name: A string which is used in /proc/slabinfo to identify this cache.
370 * @size: The size of objects to be created in this cache.
371 * @align: The required alignment for the objects.
372 * @flags: SLAB flags
373 * @ctor: A constructor for the objects.
374 *
375 * Returns a ptr to the cache on success, NULL on failure.
376 * Cannot be called within a interrupt, but can be interrupted.
377 * The @ctor is run when new pages are allocated by the cache.
378 *
379 * The flags are
380 *
381 * %SLAB_POISON - Poison the slab with a known test pattern (a5a5a5a5)
382 * to catch references to uninitialised memory.
383 *
384 * %SLAB_RED_ZONE - Insert `Red' zones around the allocated memory to check
385 * for buffer overruns.
386 *
387 * %SLAB_HWCACHE_ALIGN - Align the objects in this cache to a hardware
388 * cacheline. This can be beneficial if you're counting cycles as closely
389 * as davem.
390 */
391 struct kmem_cache *
kmem_cache_create(const char * name,size_t size,size_t align,unsigned long flags,void (* ctor)(void *))392 kmem_cache_create(const char *name, size_t size, size_t align,
393 unsigned long flags, void (*ctor)(void *))
394 {
395 struct kmem_cache *s = NULL;
396 const char *cache_name;
397 int err;
398
399 get_online_cpus();
400 get_online_mems();
401 memcg_get_cache_ids();
402
403 mutex_lock(&slab_mutex);
404
405 err = kmem_cache_sanity_check(name, size);
406 if (err) {
407 goto out_unlock;
408 }
409
410 /*
411 * Some allocators will constraint the set of valid flags to a subset
412 * of all flags. We expect them to define CACHE_CREATE_MASK in this
413 * case, and we'll just provide them with a sanitized version of the
414 * passed flags.
415 */
416 flags &= CACHE_CREATE_MASK;
417
418 s = __kmem_cache_alias(name, size, align, flags, ctor);
419 if (s)
420 goto out_unlock;
421
422 cache_name = kstrdup_const(name, GFP_KERNEL);
423 if (!cache_name) {
424 err = -ENOMEM;
425 goto out_unlock;
426 }
427
428 s = create_cache(cache_name, size, size,
429 calculate_alignment(flags, align, size),
430 flags, ctor, NULL, NULL);
431 if (IS_ERR(s)) {
432 err = PTR_ERR(s);
433 kfree_const(cache_name);
434 }
435
436 out_unlock:
437 mutex_unlock(&slab_mutex);
438
439 memcg_put_cache_ids();
440 put_online_mems();
441 put_online_cpus();
442
443 if (err) {
444 if (flags & SLAB_PANIC)
445 panic("kmem_cache_create: Failed to create slab '%s'. Error %d\n",
446 name, err);
447 else {
448 pr_warn("kmem_cache_create(%s) failed with error %d\n",
449 name, err);
450 dump_stack();
451 }
452 return NULL;
453 }
454 return s;
455 }
456 EXPORT_SYMBOL(kmem_cache_create);
457
shutdown_cache(struct kmem_cache * s,struct list_head * release,bool * need_rcu_barrier)458 static int shutdown_cache(struct kmem_cache *s,
459 struct list_head *release, bool *need_rcu_barrier)
460 {
461 /* free asan quarantined objects */
462 kasan_cache_shutdown(s);
463
464 if (__kmem_cache_shutdown(s) != 0)
465 return -EBUSY;
466
467 if (s->flags & SLAB_DESTROY_BY_RCU)
468 *need_rcu_barrier = true;
469
470 list_move(&s->list, release);
471 return 0;
472 }
473
release_caches(struct list_head * release,bool need_rcu_barrier)474 static void release_caches(struct list_head *release, bool need_rcu_barrier)
475 {
476 struct kmem_cache *s, *s2;
477
478 if (need_rcu_barrier)
479 rcu_barrier();
480
481 list_for_each_entry_safe(s, s2, release, list) {
482 #ifdef SLAB_SUPPORTS_SYSFS
483 sysfs_slab_remove(s);
484 #else
485 slab_kmem_cache_release(s);
486 #endif
487 }
488 }
489
490 #if defined(CONFIG_MEMCG) && !defined(CONFIG_SLOB)
491 /*
492 * memcg_create_kmem_cache - Create a cache for a memory cgroup.
493 * @memcg: The memory cgroup the new cache is for.
494 * @root_cache: The parent of the new cache.
495 *
496 * This function attempts to create a kmem cache that will serve allocation
497 * requests going from @memcg to @root_cache. The new cache inherits properties
498 * from its parent.
499 */
memcg_create_kmem_cache(struct mem_cgroup * memcg,struct kmem_cache * root_cache)500 void memcg_create_kmem_cache(struct mem_cgroup *memcg,
501 struct kmem_cache *root_cache)
502 {
503 static char memcg_name_buf[NAME_MAX + 1]; /* protected by slab_mutex */
504 struct cgroup_subsys_state *css = &memcg->css;
505 struct memcg_cache_array *arr;
506 struct kmem_cache *s = NULL;
507 char *cache_name;
508 int idx;
509
510 get_online_cpus();
511 get_online_mems();
512
513 mutex_lock(&slab_mutex);
514
515 /*
516 * The memory cgroup could have been offlined while the cache
517 * creation work was pending.
518 */
519 if (memcg->kmem_state != KMEM_ONLINE)
520 goto out_unlock;
521
522 idx = memcg_cache_id(memcg);
523 arr = rcu_dereference_protected(root_cache->memcg_params.memcg_caches,
524 lockdep_is_held(&slab_mutex));
525
526 /*
527 * Since per-memcg caches are created asynchronously on first
528 * allocation (see memcg_kmem_get_cache()), several threads can try to
529 * create the same cache, but only one of them may succeed.
530 */
531 if (arr->entries[idx])
532 goto out_unlock;
533
534 cgroup_name(css->cgroup, memcg_name_buf, sizeof(memcg_name_buf));
535 cache_name = kasprintf(GFP_KERNEL, "%s(%llu:%s)", root_cache->name,
536 css->serial_nr, memcg_name_buf);
537 if (!cache_name)
538 goto out_unlock;
539
540 s = create_cache(cache_name, root_cache->object_size,
541 root_cache->size, root_cache->align,
542 root_cache->flags & CACHE_CREATE_MASK,
543 root_cache->ctor, memcg, root_cache);
544 /*
545 * If we could not create a memcg cache, do not complain, because
546 * that's not critical at all as we can always proceed with the root
547 * cache.
548 */
549 if (IS_ERR(s)) {
550 kfree(cache_name);
551 goto out_unlock;
552 }
553
554 list_add(&s->memcg_params.list, &root_cache->memcg_params.list);
555
556 /*
557 * Since readers won't lock (see cache_from_memcg_idx()), we need a
558 * barrier here to ensure nobody will see the kmem_cache partially
559 * initialized.
560 */
561 smp_wmb();
562 arr->entries[idx] = s;
563
564 out_unlock:
565 mutex_unlock(&slab_mutex);
566
567 put_online_mems();
568 put_online_cpus();
569 }
570
memcg_deactivate_kmem_caches(struct mem_cgroup * memcg)571 void memcg_deactivate_kmem_caches(struct mem_cgroup *memcg)
572 {
573 int idx;
574 struct memcg_cache_array *arr;
575 struct kmem_cache *s, *c;
576
577 idx = memcg_cache_id(memcg);
578
579 get_online_cpus();
580 get_online_mems();
581
582 #ifdef CONFIG_SLUB
583 /*
584 * In case of SLUB, we need to disable empty slab caching to
585 * avoid pinning the offline memory cgroup by freeable kmem
586 * pages charged to it. SLAB doesn't need this, as it
587 * periodically purges unused slabs.
588 */
589 mutex_lock(&slab_mutex);
590 list_for_each_entry(s, &slab_caches, list) {
591 c = is_root_cache(s) ? cache_from_memcg_idx(s, idx) : NULL;
592 if (c) {
593 c->cpu_partial = 0;
594 c->min_partial = 0;
595 }
596 }
597 mutex_unlock(&slab_mutex);
598 /*
599 * kmem_cache->cpu_partial is checked locklessly (see
600 * put_cpu_partial()). Make sure the change is visible.
601 */
602 synchronize_sched();
603 #endif
604
605 mutex_lock(&slab_mutex);
606 list_for_each_entry(s, &slab_caches, list) {
607 if (!is_root_cache(s))
608 continue;
609
610 arr = rcu_dereference_protected(s->memcg_params.memcg_caches,
611 lockdep_is_held(&slab_mutex));
612 c = arr->entries[idx];
613 if (!c)
614 continue;
615
616 __kmem_cache_shrink(c);
617 arr->entries[idx] = NULL;
618 }
619 mutex_unlock(&slab_mutex);
620
621 put_online_mems();
622 put_online_cpus();
623 }
624
__shutdown_memcg_cache(struct kmem_cache * s,struct list_head * release,bool * need_rcu_barrier)625 static int __shutdown_memcg_cache(struct kmem_cache *s,
626 struct list_head *release, bool *need_rcu_barrier)
627 {
628 BUG_ON(is_root_cache(s));
629
630 if (shutdown_cache(s, release, need_rcu_barrier))
631 return -EBUSY;
632
633 list_del(&s->memcg_params.list);
634 return 0;
635 }
636
memcg_destroy_kmem_caches(struct mem_cgroup * memcg)637 void memcg_destroy_kmem_caches(struct mem_cgroup *memcg)
638 {
639 LIST_HEAD(release);
640 bool need_rcu_barrier = false;
641 struct kmem_cache *s, *s2;
642
643 get_online_cpus();
644 get_online_mems();
645
646 mutex_lock(&slab_mutex);
647 list_for_each_entry_safe(s, s2, &slab_caches, list) {
648 if (is_root_cache(s) || s->memcg_params.memcg != memcg)
649 continue;
650 /*
651 * The cgroup is about to be freed and therefore has no charges
652 * left. Hence, all its caches must be empty by now.
653 */
654 BUG_ON(__shutdown_memcg_cache(s, &release, &need_rcu_barrier));
655 }
656 mutex_unlock(&slab_mutex);
657
658 put_online_mems();
659 put_online_cpus();
660
661 release_caches(&release, need_rcu_barrier);
662 }
663
shutdown_memcg_caches(struct kmem_cache * s,struct list_head * release,bool * need_rcu_barrier)664 static int shutdown_memcg_caches(struct kmem_cache *s,
665 struct list_head *release, bool *need_rcu_barrier)
666 {
667 struct memcg_cache_array *arr;
668 struct kmem_cache *c, *c2;
669 LIST_HEAD(busy);
670 int i;
671
672 BUG_ON(!is_root_cache(s));
673
674 /*
675 * First, shutdown active caches, i.e. caches that belong to online
676 * memory cgroups.
677 */
678 arr = rcu_dereference_protected(s->memcg_params.memcg_caches,
679 lockdep_is_held(&slab_mutex));
680 for_each_memcg_cache_index(i) {
681 c = arr->entries[i];
682 if (!c)
683 continue;
684 if (__shutdown_memcg_cache(c, release, need_rcu_barrier))
685 /*
686 * The cache still has objects. Move it to a temporary
687 * list so as not to try to destroy it for a second
688 * time while iterating over inactive caches below.
689 */
690 list_move(&c->memcg_params.list, &busy);
691 else
692 /*
693 * The cache is empty and will be destroyed soon. Clear
694 * the pointer to it in the memcg_caches array so that
695 * it will never be accessed even if the root cache
696 * stays alive.
697 */
698 arr->entries[i] = NULL;
699 }
700
701 /*
702 * Second, shutdown all caches left from memory cgroups that are now
703 * offline.
704 */
705 list_for_each_entry_safe(c, c2, &s->memcg_params.list,
706 memcg_params.list)
707 __shutdown_memcg_cache(c, release, need_rcu_barrier);
708
709 list_splice(&busy, &s->memcg_params.list);
710
711 /*
712 * A cache being destroyed must be empty. In particular, this means
713 * that all per memcg caches attached to it must be empty too.
714 */
715 if (!list_empty(&s->memcg_params.list))
716 return -EBUSY;
717 return 0;
718 }
719 #else
shutdown_memcg_caches(struct kmem_cache * s,struct list_head * release,bool * need_rcu_barrier)720 static inline int shutdown_memcg_caches(struct kmem_cache *s,
721 struct list_head *release, bool *need_rcu_barrier)
722 {
723 return 0;
724 }
725 #endif /* CONFIG_MEMCG && !CONFIG_SLOB */
726
slab_kmem_cache_release(struct kmem_cache * s)727 void slab_kmem_cache_release(struct kmem_cache *s)
728 {
729 __kmem_cache_release(s);
730 destroy_memcg_params(s);
731 kfree_const(s->name);
732 kmem_cache_free(kmem_cache, s);
733 }
734
kmem_cache_destroy(struct kmem_cache * s)735 void kmem_cache_destroy(struct kmem_cache *s)
736 {
737 LIST_HEAD(release);
738 bool need_rcu_barrier = false;
739 int err;
740
741 if (unlikely(!s))
742 return;
743
744 get_online_cpus();
745 get_online_mems();
746
747 mutex_lock(&slab_mutex);
748
749 s->refcount--;
750 if (s->refcount)
751 goto out_unlock;
752
753 err = shutdown_memcg_caches(s, &release, &need_rcu_barrier);
754 if (!err)
755 err = shutdown_cache(s, &release, &need_rcu_barrier);
756
757 if (err) {
758 pr_err("kmem_cache_destroy %s: Slab cache still has objects\n",
759 s->name);
760 dump_stack();
761 }
762 out_unlock:
763 mutex_unlock(&slab_mutex);
764
765 put_online_mems();
766 put_online_cpus();
767
768 release_caches(&release, need_rcu_barrier);
769 }
770 EXPORT_SYMBOL(kmem_cache_destroy);
771
772 /**
773 * kmem_cache_shrink - Shrink a cache.
774 * @cachep: The cache to shrink.
775 *
776 * Releases as many slabs as possible for a cache.
777 * To help debugging, a zero exit status indicates all slabs were released.
778 */
kmem_cache_shrink(struct kmem_cache * cachep)779 int kmem_cache_shrink(struct kmem_cache *cachep)
780 {
781 int ret;
782
783 get_online_cpus();
784 get_online_mems();
785 kasan_cache_shrink(cachep);
786 ret = __kmem_cache_shrink(cachep);
787 put_online_mems();
788 put_online_cpus();
789 return ret;
790 }
791 EXPORT_SYMBOL(kmem_cache_shrink);
792
slab_is_available(void)793 bool slab_is_available(void)
794 {
795 return slab_state >= UP;
796 }
797
798 #ifndef CONFIG_SLOB
799 /* Create a cache during boot when no slab services are available yet */
create_boot_cache(struct kmem_cache * s,const char * name,size_t size,unsigned long flags)800 void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t size,
801 unsigned long flags)
802 {
803 int err;
804
805 s->name = name;
806 s->size = s->object_size = size;
807 s->align = calculate_alignment(flags, ARCH_KMALLOC_MINALIGN, size);
808
809 slab_init_memcg_params(s);
810
811 err = __kmem_cache_create(s, flags);
812
813 if (err)
814 panic("Creation of kmalloc slab %s size=%zu failed. Reason %d\n",
815 name, size, err);
816
817 s->refcount = -1; /* Exempt from merging for now */
818 }
819
create_kmalloc_cache(const char * name,size_t size,unsigned long flags)820 struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
821 unsigned long flags)
822 {
823 struct kmem_cache *s = kmem_cache_zalloc(kmem_cache, GFP_NOWAIT);
824
825 if (!s)
826 panic("Out of memory when creating slab %s\n", name);
827
828 create_boot_cache(s, name, size, flags);
829 list_add(&s->list, &slab_caches);
830 s->refcount = 1;
831 return s;
832 }
833
834 struct kmem_cache *kmalloc_caches[KMALLOC_SHIFT_HIGH + 1];
835 EXPORT_SYMBOL(kmalloc_caches);
836
837 #ifdef CONFIG_ZONE_DMA
838 struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
839 EXPORT_SYMBOL(kmalloc_dma_caches);
840 #endif
841
842 /*
843 * Conversion table for small slabs sizes / 8 to the index in the
844 * kmalloc array. This is necessary for slabs < 192 since we have non power
845 * of two cache sizes there. The size of larger slabs can be determined using
846 * fls.
847 */
848 static s8 size_index[24] = {
849 3, /* 8 */
850 4, /* 16 */
851 5, /* 24 */
852 5, /* 32 */
853 6, /* 40 */
854 6, /* 48 */
855 6, /* 56 */
856 6, /* 64 */
857 1, /* 72 */
858 1, /* 80 */
859 1, /* 88 */
860 1, /* 96 */
861 7, /* 104 */
862 7, /* 112 */
863 7, /* 120 */
864 7, /* 128 */
865 2, /* 136 */
866 2, /* 144 */
867 2, /* 152 */
868 2, /* 160 */
869 2, /* 168 */
870 2, /* 176 */
871 2, /* 184 */
872 2 /* 192 */
873 };
874
size_index_elem(size_t bytes)875 static inline int size_index_elem(size_t bytes)
876 {
877 return (bytes - 1) / 8;
878 }
879
880 /*
881 * Find the kmem_cache structure that serves a given size of
882 * allocation
883 */
kmalloc_slab(size_t size,gfp_t flags)884 struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)
885 {
886 int index;
887
888 if (unlikely(size > KMALLOC_MAX_SIZE)) {
889 WARN_ON_ONCE(!(flags & __GFP_NOWARN));
890 return NULL;
891 }
892
893 if (size <= 192) {
894 if (!size)
895 return ZERO_SIZE_PTR;
896
897 index = size_index[size_index_elem(size)];
898 } else
899 index = fls(size - 1);
900
901 #ifdef CONFIG_ZONE_DMA
902 if (unlikely((flags & GFP_DMA)))
903 return kmalloc_dma_caches[index];
904
905 #endif
906 return kmalloc_caches[index];
907 }
908
909 /*
910 * kmalloc_info[] is to make slub_debug=,kmalloc-xx option work at boot time.
911 * kmalloc_index() supports up to 2^26=64MB, so the final entry of the table is
912 * kmalloc-67108864.
913 */
914 static struct {
915 const char *name;
916 unsigned long size;
917 } const kmalloc_info[] __initconst = {
918 {NULL, 0}, {"kmalloc-96", 96},
919 {"kmalloc-192", 192}, {"kmalloc-8", 8},
920 {"kmalloc-16", 16}, {"kmalloc-32", 32},
921 {"kmalloc-64", 64}, {"kmalloc-128", 128},
922 {"kmalloc-256", 256}, {"kmalloc-512", 512},
923 {"kmalloc-1024", 1024}, {"kmalloc-2048", 2048},
924 {"kmalloc-4096", 4096}, {"kmalloc-8192", 8192},
925 {"kmalloc-16384", 16384}, {"kmalloc-32768", 32768},
926 {"kmalloc-65536", 65536}, {"kmalloc-131072", 131072},
927 {"kmalloc-262144", 262144}, {"kmalloc-524288", 524288},
928 {"kmalloc-1048576", 1048576}, {"kmalloc-2097152", 2097152},
929 {"kmalloc-4194304", 4194304}, {"kmalloc-8388608", 8388608},
930 {"kmalloc-16777216", 16777216}, {"kmalloc-33554432", 33554432},
931 {"kmalloc-67108864", 67108864}
932 };
933
934 /*
935 * Patch up the size_index table if we have strange large alignment
936 * requirements for the kmalloc array. This is only the case for
937 * MIPS it seems. The standard arches will not generate any code here.
938 *
939 * Largest permitted alignment is 256 bytes due to the way we
940 * handle the index determination for the smaller caches.
941 *
942 * Make sure that nothing crazy happens if someone starts tinkering
943 * around with ARCH_KMALLOC_MINALIGN
944 */
setup_kmalloc_cache_index_table(void)945 void __init setup_kmalloc_cache_index_table(void)
946 {
947 int i;
948
949 BUILD_BUG_ON(KMALLOC_MIN_SIZE > 256 ||
950 (KMALLOC_MIN_SIZE & (KMALLOC_MIN_SIZE - 1)));
951
952 for (i = 8; i < KMALLOC_MIN_SIZE; i += 8) {
953 int elem = size_index_elem(i);
954
955 if (elem >= ARRAY_SIZE(size_index))
956 break;
957 size_index[elem] = KMALLOC_SHIFT_LOW;
958 }
959
960 if (KMALLOC_MIN_SIZE >= 64) {
961 /*
962 * The 96 byte size cache is not used if the alignment
963 * is 64 byte.
964 */
965 for (i = 64 + 8; i <= 96; i += 8)
966 size_index[size_index_elem(i)] = 7;
967
968 }
969
970 if (KMALLOC_MIN_SIZE >= 128) {
971 /*
972 * The 192 byte sized cache is not used if the alignment
973 * is 128 byte. Redirect kmalloc to use the 256 byte cache
974 * instead.
975 */
976 for (i = 128 + 8; i <= 192; i += 8)
977 size_index[size_index_elem(i)] = 8;
978 }
979 }
980
new_kmalloc_cache(int idx,unsigned long flags)981 static void __init new_kmalloc_cache(int idx, unsigned long flags)
982 {
983 kmalloc_caches[idx] = create_kmalloc_cache(kmalloc_info[idx].name,
984 kmalloc_info[idx].size, flags);
985 }
986
987 /*
988 * Create the kmalloc array. Some of the regular kmalloc arrays
989 * may already have been created because they were needed to
990 * enable allocations for slab creation.
991 */
create_kmalloc_caches(unsigned long flags)992 void __init create_kmalloc_caches(unsigned long flags)
993 {
994 int i;
995
996 for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) {
997 if (!kmalloc_caches[i])
998 new_kmalloc_cache(i, flags);
999
1000 /*
1001 * Caches that are not of the two-to-the-power-of size.
1002 * These have to be created immediately after the
1003 * earlier power of two caches
1004 */
1005 if (KMALLOC_MIN_SIZE <= 32 && !kmalloc_caches[1] && i == 6)
1006 new_kmalloc_cache(1, flags);
1007 if (KMALLOC_MIN_SIZE <= 64 && !kmalloc_caches[2] && i == 7)
1008 new_kmalloc_cache(2, flags);
1009 }
1010
1011 /* Kmalloc array is now usable */
1012 slab_state = UP;
1013
1014 #ifdef CONFIG_ZONE_DMA
1015 for (i = 0; i <= KMALLOC_SHIFT_HIGH; i++) {
1016 struct kmem_cache *s = kmalloc_caches[i];
1017
1018 if (s) {
1019 int size = kmalloc_size(i);
1020 char *n = kasprintf(GFP_NOWAIT,
1021 "dma-kmalloc-%d", size);
1022
1023 BUG_ON(!n);
1024 kmalloc_dma_caches[i] = create_kmalloc_cache(n,
1025 size, SLAB_CACHE_DMA | flags);
1026 }
1027 }
1028 #endif
1029 }
1030 #endif /* !CONFIG_SLOB */
1031
1032 /*
1033 * To avoid unnecessary overhead, we pass through large allocation requests
1034 * directly to the page allocator. We use __GFP_COMP, because we will need to
1035 * know the allocation order to free the pages properly in kfree.
1036 */
kmalloc_order(size_t size,gfp_t flags,unsigned int order)1037 void *kmalloc_order(size_t size, gfp_t flags, unsigned int order)
1038 {
1039 void *ret;
1040 struct page *page;
1041
1042 flags |= __GFP_COMP;
1043 page = alloc_pages(flags, order);
1044 ret = page ? page_address(page) : NULL;
1045 kmemleak_alloc(ret, size, 1, flags);
1046 kasan_kmalloc_large(ret, size, flags);
1047 return ret;
1048 }
1049 EXPORT_SYMBOL(kmalloc_order);
1050
1051 #ifdef CONFIG_TRACING
kmalloc_order_trace(size_t size,gfp_t flags,unsigned int order)1052 void *kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order)
1053 {
1054 void *ret = kmalloc_order(size, flags, order);
1055 trace_kmalloc(_RET_IP_, ret, size, PAGE_SIZE << order, flags);
1056 return ret;
1057 }
1058 EXPORT_SYMBOL(kmalloc_order_trace);
1059 #endif
1060
1061 #ifdef CONFIG_SLAB_FREELIST_RANDOM
1062 /* Randomize a generic freelist */
freelist_randomize(struct rnd_state * state,unsigned int * list,size_t count)1063 static void freelist_randomize(struct rnd_state *state, unsigned int *list,
1064 size_t count)
1065 {
1066 size_t i;
1067 unsigned int rand;
1068
1069 for (i = 0; i < count; i++)
1070 list[i] = i;
1071
1072 /* Fisher-Yates shuffle */
1073 for (i = count - 1; i > 0; i--) {
1074 rand = prandom_u32_state(state);
1075 rand %= (i + 1);
1076 swap(list[i], list[rand]);
1077 }
1078 }
1079
1080 /* Create a random sequence per cache */
cache_random_seq_create(struct kmem_cache * cachep,unsigned int count,gfp_t gfp)1081 int cache_random_seq_create(struct kmem_cache *cachep, unsigned int count,
1082 gfp_t gfp)
1083 {
1084 struct rnd_state state;
1085
1086 if (count < 2 || cachep->random_seq)
1087 return 0;
1088
1089 cachep->random_seq = kcalloc(count, sizeof(unsigned int), gfp);
1090 if (!cachep->random_seq)
1091 return -ENOMEM;
1092
1093 /* Get best entropy at this stage of boot */
1094 prandom_seed_state(&state, get_random_long());
1095
1096 freelist_randomize(&state, cachep->random_seq, count);
1097 return 0;
1098 }
1099
1100 /* Destroy the per-cache random freelist sequence */
cache_random_seq_destroy(struct kmem_cache * cachep)1101 void cache_random_seq_destroy(struct kmem_cache *cachep)
1102 {
1103 kfree(cachep->random_seq);
1104 cachep->random_seq = NULL;
1105 }
1106 #endif /* CONFIG_SLAB_FREELIST_RANDOM */
1107
1108 #ifdef CONFIG_SLABINFO
1109
1110 #ifdef CONFIG_SLAB
1111 #define SLABINFO_RIGHTS (S_IWUSR | S_IRUSR)
1112 #else
1113 #define SLABINFO_RIGHTS S_IRUSR
1114 #endif
1115
print_slabinfo_header(struct seq_file * m)1116 static void print_slabinfo_header(struct seq_file *m)
1117 {
1118 /*
1119 * Output format version, so at least we can change it
1120 * without _too_ many complaints.
1121 */
1122 #ifdef CONFIG_DEBUG_SLAB
1123 seq_puts(m, "slabinfo - version: 2.1 (statistics)\n");
1124 #else
1125 seq_puts(m, "slabinfo - version: 2.1\n");
1126 #endif
1127 seq_puts(m, "# name <active_objs> <num_objs> <objsize> <objperslab> <pagesperslab>");
1128 seq_puts(m, " : tunables <limit> <batchcount> <sharedfactor>");
1129 seq_puts(m, " : slabdata <active_slabs> <num_slabs> <sharedavail>");
1130 #ifdef CONFIG_DEBUG_SLAB
1131 seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> <error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>");
1132 seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>");
1133 #endif
1134 seq_putc(m, '\n');
1135 }
1136
slab_start(struct seq_file * m,loff_t * pos)1137 void *slab_start(struct seq_file *m, loff_t *pos)
1138 {
1139 mutex_lock(&slab_mutex);
1140 return seq_list_start(&slab_caches, *pos);
1141 }
1142
slab_next(struct seq_file * m,void * p,loff_t * pos)1143 void *slab_next(struct seq_file *m, void *p, loff_t *pos)
1144 {
1145 return seq_list_next(p, &slab_caches, pos);
1146 }
1147
slab_stop(struct seq_file * m,void * p)1148 void slab_stop(struct seq_file *m, void *p)
1149 {
1150 mutex_unlock(&slab_mutex);
1151 }
1152
1153 static void
memcg_accumulate_slabinfo(struct kmem_cache * s,struct slabinfo * info)1154 memcg_accumulate_slabinfo(struct kmem_cache *s, struct slabinfo *info)
1155 {
1156 struct kmem_cache *c;
1157 struct slabinfo sinfo;
1158
1159 if (!is_root_cache(s))
1160 return;
1161
1162 for_each_memcg_cache(c, s) {
1163 memset(&sinfo, 0, sizeof(sinfo));
1164 get_slabinfo(c, &sinfo);
1165
1166 info->active_slabs += sinfo.active_slabs;
1167 info->num_slabs += sinfo.num_slabs;
1168 info->shared_avail += sinfo.shared_avail;
1169 info->active_objs += sinfo.active_objs;
1170 info->num_objs += sinfo.num_objs;
1171 }
1172 }
1173
cache_show(struct kmem_cache * s,struct seq_file * m)1174 static void cache_show(struct kmem_cache *s, struct seq_file *m)
1175 {
1176 struct slabinfo sinfo;
1177
1178 memset(&sinfo, 0, sizeof(sinfo));
1179 get_slabinfo(s, &sinfo);
1180
1181 memcg_accumulate_slabinfo(s, &sinfo);
1182
1183 seq_printf(m, "%-17s %6lu %6lu %6u %4u %4d",
1184 cache_name(s), sinfo.active_objs, sinfo.num_objs, s->size,
1185 sinfo.objects_per_slab, (1 << sinfo.cache_order));
1186
1187 seq_printf(m, " : tunables %4u %4u %4u",
1188 sinfo.limit, sinfo.batchcount, sinfo.shared);
1189 seq_printf(m, " : slabdata %6lu %6lu %6lu",
1190 sinfo.active_slabs, sinfo.num_slabs, sinfo.shared_avail);
1191 slabinfo_show_stats(m, s);
1192 seq_putc(m, '\n');
1193 }
1194
slab_show(struct seq_file * m,void * p)1195 static int slab_show(struct seq_file *m, void *p)
1196 {
1197 struct kmem_cache *s = list_entry(p, struct kmem_cache, list);
1198
1199 if (p == slab_caches.next)
1200 print_slabinfo_header(m);
1201 if (is_root_cache(s))
1202 cache_show(s, m);
1203 return 0;
1204 }
1205
1206 #if defined(CONFIG_MEMCG) && !defined(CONFIG_SLOB)
memcg_slab_show(struct seq_file * m,void * p)1207 int memcg_slab_show(struct seq_file *m, void *p)
1208 {
1209 struct kmem_cache *s = list_entry(p, struct kmem_cache, list);
1210 struct mem_cgroup *memcg = mem_cgroup_from_css(seq_css(m));
1211
1212 if (p == slab_caches.next)
1213 print_slabinfo_header(m);
1214 if (!is_root_cache(s) && s->memcg_params.memcg == memcg)
1215 cache_show(s, m);
1216 return 0;
1217 }
1218 #endif
1219
1220 /*
1221 * slabinfo_op - iterator that generates /proc/slabinfo
1222 *
1223 * Output layout:
1224 * cache-name
1225 * num-active-objs
1226 * total-objs
1227 * object size
1228 * num-active-slabs
1229 * total-slabs
1230 * num-pages-per-slab
1231 * + further values on SMP and with statistics enabled
1232 */
1233 static const struct seq_operations slabinfo_op = {
1234 .start = slab_start,
1235 .next = slab_next,
1236 .stop = slab_stop,
1237 .show = slab_show,
1238 };
1239
slabinfo_open(struct inode * inode,struct file * file)1240 static int slabinfo_open(struct inode *inode, struct file *file)
1241 {
1242 return seq_open(file, &slabinfo_op);
1243 }
1244
1245 static const struct file_operations proc_slabinfo_operations = {
1246 .open = slabinfo_open,
1247 .read = seq_read,
1248 .write = slabinfo_write,
1249 .llseek = seq_lseek,
1250 .release = seq_release,
1251 };
1252
slab_proc_init(void)1253 static int __init slab_proc_init(void)
1254 {
1255 proc_create("slabinfo", SLABINFO_RIGHTS, NULL,
1256 &proc_slabinfo_operations);
1257 return 0;
1258 }
1259 module_init(slab_proc_init);
1260 #endif /* CONFIG_SLABINFO */
1261
__do_krealloc(const void * p,size_t new_size,gfp_t flags)1262 static __always_inline void *__do_krealloc(const void *p, size_t new_size,
1263 gfp_t flags)
1264 {
1265 void *ret;
1266 size_t ks = 0;
1267
1268 if (p)
1269 ks = ksize(p);
1270
1271 if (ks >= new_size) {
1272 kasan_krealloc((void *)p, new_size, flags);
1273 return (void *)p;
1274 }
1275
1276 ret = kmalloc_track_caller(new_size, flags);
1277 if (ret && p)
1278 memcpy(ret, p, ks);
1279
1280 return ret;
1281 }
1282
1283 /**
1284 * __krealloc - like krealloc() but don't free @p.
1285 * @p: object to reallocate memory for.
1286 * @new_size: how many bytes of memory are required.
1287 * @flags: the type of memory to allocate.
1288 *
1289 * This function is like krealloc() except it never frees the originally
1290 * allocated buffer. Use this if you don't want to free the buffer immediately
1291 * like, for example, with RCU.
1292 */
__krealloc(const void * p,size_t new_size,gfp_t flags)1293 void *__krealloc(const void *p, size_t new_size, gfp_t flags)
1294 {
1295 if (unlikely(!new_size))
1296 return ZERO_SIZE_PTR;
1297
1298 return __do_krealloc(p, new_size, flags);
1299
1300 }
1301 EXPORT_SYMBOL(__krealloc);
1302
1303 /**
1304 * krealloc - reallocate memory. The contents will remain unchanged.
1305 * @p: object to reallocate memory for.
1306 * @new_size: how many bytes of memory are required.
1307 * @flags: the type of memory to allocate.
1308 *
1309 * The contents of the object pointed to are preserved up to the
1310 * lesser of the new and old sizes. If @p is %NULL, krealloc()
1311 * behaves exactly like kmalloc(). If @new_size is 0 and @p is not a
1312 * %NULL pointer, the object pointed to is freed.
1313 */
krealloc(const void * p,size_t new_size,gfp_t flags)1314 void *krealloc(const void *p, size_t new_size, gfp_t flags)
1315 {
1316 void *ret;
1317
1318 if (unlikely(!new_size)) {
1319 kfree(p);
1320 return ZERO_SIZE_PTR;
1321 }
1322
1323 ret = __do_krealloc(p, new_size, flags);
1324 if (ret && p != ret)
1325 kfree(p);
1326
1327 return ret;
1328 }
1329 EXPORT_SYMBOL(krealloc);
1330
1331 /**
1332 * kzfree - like kfree but zero memory
1333 * @p: object to free memory of
1334 *
1335 * The memory of the object @p points to is zeroed before freed.
1336 * If @p is %NULL, kzfree() does nothing.
1337 *
1338 * Note: this function zeroes the whole allocated buffer which can be a good
1339 * deal bigger than the requested buffer size passed to kmalloc(). So be
1340 * careful when using this function in performance sensitive code.
1341 */
kzfree(const void * p)1342 void kzfree(const void *p)
1343 {
1344 size_t ks;
1345 void *mem = (void *)p;
1346
1347 if (unlikely(ZERO_OR_NULL_PTR(mem)))
1348 return;
1349 ks = ksize(mem);
1350 memset(mem, 0, ks);
1351 kfree(mem);
1352 }
1353 EXPORT_SYMBOL(kzfree);
1354
1355 /* Tracepoints definitions. */
1356 EXPORT_TRACEPOINT_SYMBOL(kmalloc);
1357 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_alloc);
1358 EXPORT_TRACEPOINT_SYMBOL(kmalloc_node);
1359 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_alloc_node);
1360 EXPORT_TRACEPOINT_SYMBOL(kfree);
1361 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_free);
1362