2 * SLUB: A slab allocator that limits cache line use instead of queuing
3 * objects in per cpu and per node lists.
5 * The allocator synchronizes using per slab locks and only
6 * uses a centralized lock to manage a pool of partial slabs.
8 * (C) 2007 SGI, Christoph Lameter <clameter@sgi.com>
12 #include <linux/module.h>
13 #include <linux/bit_spinlock.h>
14 #include <linux/interrupt.h>
15 #include <linux/bitops.h>
16 #include <linux/slab.h>
17 #include <linux/seq_file.h>
18 #include <linux/cpu.h>
19 #include <linux/cpuset.h>
20 #include <linux/mempolicy.h>
21 #include <linux/ctype.h>
22 #include <linux/kallsyms.h>
29 * The slab_lock protects operations on the object of a particular
30 * slab and its metadata in the page struct. If the slab lock
31 * has been taken then no allocations nor frees can be performed
32 * on the objects in the slab nor can the slab be added or removed
33 * from the partial or full lists since this would mean modifying
34 * the page_struct of the slab.
36 * The list_lock protects the partial and full list on each node and
37 * the partial slab counter. If taken then no new slabs may be added or
38 * removed from the lists nor make the number of partial slabs be modified.
39 * (Note that the total number of slabs is an atomic value that may be
40 * modified without taking the list lock).
42 * The list_lock is a centralized lock and thus we avoid taking it as
43 * much as possible. As long as SLUB does not have to handle partial
44 * slabs, operations can continue without any centralized lock. F.e.
45 * allocating a long series of objects that fill up slabs does not require
48 * The lock order is sometimes inverted when we are trying to get a slab
49 * off a list. We take the list_lock and then look for a page on the list
50 * to use. While we do that objects in the slabs may be freed. We can
51 * only operate on the slab if we have also taken the slab_lock. So we use
52 * a slab_trylock() on the slab. If trylock was successful then no frees
53 * can occur anymore and we can use the slab for allocations etc. If the
54 * slab_trylock() does not succeed then frees are in progress in the slab and
55 * we must stay away from it for a while since we may cause a bouncing
56 * cacheline if we try to acquire the lock. So go onto the next slab.
57 * If all pages are busy then we may allocate a new slab instead of reusing
58 * a partial slab. A new slab has noone operating on it and thus there is
59 * no danger of cacheline contention.
61 * Interrupts are disabled during allocation and deallocation in order to
62 * make the slab allocator safe to use in the context of an irq. In addition
63 * interrupts are disabled to ensure that the processor does not change
64 * while handling per_cpu slabs, due to kernel preemption.
66 * SLUB assigns one slab for allocation to each processor.
67 * Allocations only occur from these slabs called cpu slabs.
69 * Slabs with free elements are kept on a partial list and during regular
70 * operations no list for full slabs is used. If an object in a full slab is
71 * freed then the slab will show up again on the partial lists.
72 * We track full slabs for debugging purposes though because otherwise we
73 * cannot scan all objects.
75 * Slabs are freed when they become empty. Teardown and setup is
76 * minimal so we rely on the page allocators per cpu caches for
77 * fast frees and allocs.
79 * Overloading of page flags that are otherwise used for LRU management.
81 * PageActive The slab is frozen and exempt from list processing.
82 * This means that the slab is dedicated to a purpose
83 * such as satisfying allocations for a specific
84 * processor. Objects may be freed in the slab while
85 * it is frozen but slab_free will then skip the usual
86 * list operations. It is up to the processor holding
87 * the slab to integrate the slab into the slab lists
88 * when the slab is no longer needed.
90 * One use of this flag is to mark slabs that are
91 * used for allocations. Then such a slab becomes a cpu
92 * slab. The cpu slab may be equipped with an additional
93 * freelist that allows lockless access to
94 * free objects in addition to the regular freelist
95 * that requires the slab lock.
97 * PageError Slab requires special handling due to debug
98 * options set. This moves slab handling out of
99 * the fast path and disables lockless freelists.
102 #define FROZEN (1 << PG_active)
104 #ifdef CONFIG_SLUB_DEBUG
105 #define SLABDEBUG (1 << PG_error)
110 static inline int SlabFrozen(struct page *page)
112 return page->flags & FROZEN;
115 static inline void SetSlabFrozen(struct page *page)
117 page->flags |= FROZEN;
120 static inline void ClearSlabFrozen(struct page *page)
122 page->flags &= ~FROZEN;
125 static inline int SlabDebug(struct page *page)
127 return page->flags & SLABDEBUG;
130 static inline void SetSlabDebug(struct page *page)
132 page->flags |= SLABDEBUG;
135 static inline void ClearSlabDebug(struct page *page)
137 page->flags &= ~SLABDEBUG;
141 * Issues still to be resolved:
143 * - Support PAGE_ALLOC_DEBUG. Should be easy to do.
145 * - Variable sizing of the per node arrays
148 /* Enable to test recovery from slab corruption on boot */
149 #undef SLUB_RESILIENCY_TEST
154 * Small page size. Make sure that we do not fragment memory
156 #define DEFAULT_MAX_ORDER 1
157 #define DEFAULT_MIN_OBJECTS 4
162 * Large page machines are customarily able to handle larger
165 #define DEFAULT_MAX_ORDER 2
166 #define DEFAULT_MIN_OBJECTS 8
171 * Mininum number of partial slabs. These will be left on the partial
172 * lists even if they are empty. kmem_cache_shrink may reclaim them.
174 #define MIN_PARTIAL 2
177 * Maximum number of desirable partial slabs.
178 * The existence of more partial slabs makes kmem_cache_shrink
179 * sort the partial list by the number of objects in the.
181 #define MAX_PARTIAL 10
183 #define DEBUG_DEFAULT_FLAGS (SLAB_DEBUG_FREE | SLAB_RED_ZONE | \
184 SLAB_POISON | SLAB_STORE_USER)
187 * Set of flags that will prevent slab merging
189 #define SLUB_NEVER_MERGE (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \
190 SLAB_TRACE | SLAB_DESTROY_BY_RCU)
192 #define SLUB_MERGE_SAME (SLAB_DEBUG_FREE | SLAB_RECLAIM_ACCOUNT | \
195 #ifndef ARCH_KMALLOC_MINALIGN
196 #define ARCH_KMALLOC_MINALIGN __alignof__(unsigned long long)
199 #ifndef ARCH_SLAB_MINALIGN
200 #define ARCH_SLAB_MINALIGN __alignof__(unsigned long long)
203 /* Internal SLUB flags */
204 #define __OBJECT_POISON 0x80000000 /* Poison object */
205 #define __SYSFS_ADD_DEFERRED 0x40000000 /* Not yet visible via sysfs */
207 /* Not all arches define cache_line_size */
208 #ifndef cache_line_size
209 #define cache_line_size() L1_CACHE_BYTES
212 static int kmem_size = sizeof(struct kmem_cache);
215 static struct notifier_block slab_notifier;
219 DOWN, /* No slab functionality available */
220 PARTIAL, /* kmem_cache_open() works but kmalloc does not */
221 UP, /* Everything works but does not show up in sysfs */
225 /* A list of all slab caches on the system */
226 static DECLARE_RWSEM(slub_lock);
227 static LIST_HEAD(slab_caches);
230 * Tracking user of a slab.
233 void *addr; /* Called from address */
234 int cpu; /* Was running on cpu */
235 int pid; /* Pid context */
236 unsigned long when; /* When did the operation occur */
239 enum track_item { TRACK_ALLOC, TRACK_FREE };
241 #if defined(CONFIG_SYSFS) && defined(CONFIG_SLUB_DEBUG)
242 static int sysfs_slab_add(struct kmem_cache *);
243 static int sysfs_slab_alias(struct kmem_cache *, const char *);
244 static void sysfs_slab_remove(struct kmem_cache *);
246 static inline int sysfs_slab_add(struct kmem_cache *s) { return 0; }
247 static inline int sysfs_slab_alias(struct kmem_cache *s, const char *p)
249 static inline void sysfs_slab_remove(struct kmem_cache *s) {}
252 /********************************************************************
253 * Core slab cache functions
254 *******************************************************************/
256 int slab_is_available(void)
258 return slab_state >= UP;
261 static inline struct kmem_cache_node *get_node(struct kmem_cache *s, int node)
264 return s->node[node];
266 return &s->local_node;
270 static inline struct kmem_cache_cpu *get_cpu_slab(struct kmem_cache *s, int cpu)
272 return &s->cpu_slab[cpu];
275 static inline int check_valid_pointer(struct kmem_cache *s,
276 struct page *page, const void *object)
283 base = page_address(page);
284 if (object < base || object >= base + s->objects * s->size ||
285 (object - base) % s->size) {
293 * Slow version of get and set free pointer.
295 * This version requires touching the cache lines of kmem_cache which
296 * we avoid to do in the fast alloc free paths. There we obtain the offset
297 * from the page struct.
299 static inline void *get_freepointer(struct kmem_cache *s, void *object)
301 return *(void **)(object + s->offset);
304 static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp)
306 *(void **)(object + s->offset) = fp;
309 /* Loop over all objects in a slab */
310 #define for_each_object(__p, __s, __addr) \
311 for (__p = (__addr); __p < (__addr) + (__s)->objects * (__s)->size;\
315 #define for_each_free_object(__p, __s, __free) \
316 for (__p = (__free); __p; __p = get_freepointer((__s), __p))
318 /* Determine object index from a given position */
319 static inline int slab_index(void *p, struct kmem_cache *s, void *addr)
321 return (p - addr) / s->size;
324 #ifdef CONFIG_SLUB_DEBUG
328 #ifdef CONFIG_SLUB_DEBUG_ON
329 static int slub_debug = DEBUG_DEFAULT_FLAGS;
331 static int slub_debug;
334 static char *slub_debug_slabs;
339 static void print_section(char *text, u8 *addr, unsigned int length)
347 for (i = 0; i < length; i++) {
349 printk(KERN_ERR "%8s 0x%p: ", text, addr + i);
352 printk(" %02x", addr[i]);
354 ascii[offset] = isgraph(addr[i]) ? addr[i] : '.';
356 printk(" %s\n",ascii);
367 printk(" %s\n", ascii);
371 static struct track *get_track(struct kmem_cache *s, void *object,
372 enum track_item alloc)
377 p = object + s->offset + sizeof(void *);
379 p = object + s->inuse;
384 static void set_track(struct kmem_cache *s, void *object,
385 enum track_item alloc, void *addr)
390 p = object + s->offset + sizeof(void *);
392 p = object + s->inuse;
397 p->cpu = smp_processor_id();
398 p->pid = current ? current->pid : -1;
401 memset(p, 0, sizeof(struct track));
404 static void init_tracking(struct kmem_cache *s, void *object)
406 if (!(s->flags & SLAB_STORE_USER))
409 set_track(s, object, TRACK_FREE, NULL);
410 set_track(s, object, TRACK_ALLOC, NULL);
413 static void print_track(const char *s, struct track *t)
418 printk(KERN_ERR "INFO: %s in ", s);
419 __print_symbol("%s", (unsigned long)t->addr);
420 printk(" age=%lu cpu=%u pid=%d\n", jiffies - t->when, t->cpu, t->pid);
423 static void print_tracking(struct kmem_cache *s, void *object)
425 if (!(s->flags & SLAB_STORE_USER))
428 print_track("Allocated", get_track(s, object, TRACK_ALLOC));
429 print_track("Freed", get_track(s, object, TRACK_FREE));
432 static void print_page_info(struct page *page)
434 printk(KERN_ERR "INFO: Slab 0x%p used=%u fp=0x%p flags=0x%04lx\n",
435 page, page->inuse, page->freelist, page->flags);
439 static void slab_bug(struct kmem_cache *s, char *fmt, ...)
445 vsnprintf(buf, sizeof(buf), fmt, args);
447 printk(KERN_ERR "========================================"
448 "=====================================\n");
449 printk(KERN_ERR "BUG %s: %s\n", s->name, buf);
450 printk(KERN_ERR "----------------------------------------"
451 "-------------------------------------\n\n");
454 static void slab_fix(struct kmem_cache *s, char *fmt, ...)
460 vsnprintf(buf, sizeof(buf), fmt, args);
462 printk(KERN_ERR "FIX %s: %s\n", s->name, buf);
465 static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p)
467 unsigned int off; /* Offset of last byte */
468 u8 *addr = page_address(page);
470 print_tracking(s, p);
472 print_page_info(page);
474 printk(KERN_ERR "INFO: Object 0x%p @offset=%tu fp=0x%p\n\n",
475 p, p - addr, get_freepointer(s, p));
478 print_section("Bytes b4", p - 16, 16);
480 print_section("Object", p, min(s->objsize, 128));
482 if (s->flags & SLAB_RED_ZONE)
483 print_section("Redzone", p + s->objsize,
484 s->inuse - s->objsize);
487 off = s->offset + sizeof(void *);
491 if (s->flags & SLAB_STORE_USER)
492 off += 2 * sizeof(struct track);
495 /* Beginning of the filler is the free pointer */
496 print_section("Padding", p + off, s->size - off);
501 static void object_err(struct kmem_cache *s, struct page *page,
502 u8 *object, char *reason)
505 print_trailer(s, page, object);
508 static void slab_err(struct kmem_cache *s, struct page *page, char *fmt, ...)
514 vsnprintf(buf, sizeof(buf), fmt, args);
517 print_page_info(page);
521 static void init_object(struct kmem_cache *s, void *object, int active)
525 if (s->flags & __OBJECT_POISON) {
526 memset(p, POISON_FREE, s->objsize - 1);
527 p[s->objsize -1] = POISON_END;
530 if (s->flags & SLAB_RED_ZONE)
531 memset(p + s->objsize,
532 active ? SLUB_RED_ACTIVE : SLUB_RED_INACTIVE,
533 s->inuse - s->objsize);
536 static u8 *check_bytes(u8 *start, unsigned int value, unsigned int bytes)
539 if (*start != (u8)value)
547 static void restore_bytes(struct kmem_cache *s, char *message, u8 data,
548 void *from, void *to)
550 slab_fix(s, "Restoring 0x%p-0x%p=0x%x\n", from, to - 1, data);
551 memset(from, data, to - from);
554 static int check_bytes_and_report(struct kmem_cache *s, struct page *page,
555 u8 *object, char *what,
556 u8* start, unsigned int value, unsigned int bytes)
561 fault = check_bytes(start, value, bytes);
566 while (end > fault && end[-1] == value)
569 slab_bug(s, "%s overwritten", what);
570 printk(KERN_ERR "INFO: 0x%p-0x%p. First byte 0x%x instead of 0x%x\n",
571 fault, end - 1, fault[0], value);
572 print_trailer(s, page, object);
574 restore_bytes(s, what, value, fault, end);
582 * Bytes of the object to be managed.
583 * If the freepointer may overlay the object then the free
584 * pointer is the first word of the object.
586 * Poisoning uses 0x6b (POISON_FREE) and the last byte is
589 * object + s->objsize
590 * Padding to reach word boundary. This is also used for Redzoning.
591 * Padding is extended by another word if Redzoning is enabled and
594 * We fill with 0xbb (RED_INACTIVE) for inactive objects and with
595 * 0xcc (RED_ACTIVE) for objects in use.
598 * Meta data starts here.
600 * A. Free pointer (if we cannot overwrite object on free)
601 * B. Tracking data for SLAB_STORE_USER
602 * C. Padding to reach required alignment boundary or at mininum
603 * one word if debuggin is on to be able to detect writes
604 * before the word boundary.
606 * Padding is done using 0x5a (POISON_INUSE)
609 * Nothing is used beyond s->size.
611 * If slabcaches are merged then the objsize and inuse boundaries are mostly
612 * ignored. And therefore no slab options that rely on these boundaries
613 * may be used with merged slabcaches.
616 static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p)
618 unsigned long off = s->inuse; /* The end of info */
621 /* Freepointer is placed after the object. */
622 off += sizeof(void *);
624 if (s->flags & SLAB_STORE_USER)
625 /* We also have user information there */
626 off += 2 * sizeof(struct track);
631 return check_bytes_and_report(s, page, p, "Object padding",
632 p + off, POISON_INUSE, s->size - off);
635 static int slab_pad_check(struct kmem_cache *s, struct page *page)
643 if (!(s->flags & SLAB_POISON))
646 start = page_address(page);
647 end = start + (PAGE_SIZE << s->order);
648 length = s->objects * s->size;
649 remainder = end - (start + length);
653 fault = check_bytes(start + length, POISON_INUSE, remainder);
656 while (end > fault && end[-1] == POISON_INUSE)
659 slab_err(s, page, "Padding overwritten. 0x%p-0x%p", fault, end - 1);
660 print_section("Padding", start, length);
662 restore_bytes(s, "slab padding", POISON_INUSE, start, end);
666 static int check_object(struct kmem_cache *s, struct page *page,
667 void *object, int active)
670 u8 *endobject = object + s->objsize;
672 if (s->flags & SLAB_RED_ZONE) {
674 active ? SLUB_RED_ACTIVE : SLUB_RED_INACTIVE;
676 if (!check_bytes_and_report(s, page, object, "Redzone",
677 endobject, red, s->inuse - s->objsize))
680 if ((s->flags & SLAB_POISON) && s->objsize < s->inuse)
681 check_bytes_and_report(s, page, p, "Alignment padding", endobject,
682 POISON_INUSE, s->inuse - s->objsize);
685 if (s->flags & SLAB_POISON) {
686 if (!active && (s->flags & __OBJECT_POISON) &&
687 (!check_bytes_and_report(s, page, p, "Poison", p,
688 POISON_FREE, s->objsize - 1) ||
689 !check_bytes_and_report(s, page, p, "Poison",
690 p + s->objsize -1, POISON_END, 1)))
693 * check_pad_bytes cleans up on its own.
695 check_pad_bytes(s, page, p);
698 if (!s->offset && active)
700 * Object and freepointer overlap. Cannot check
701 * freepointer while object is allocated.
705 /* Check free pointer validity */
706 if (!check_valid_pointer(s, page, get_freepointer(s, p))) {
707 object_err(s, page, p, "Freepointer corrupt");
709 * No choice but to zap it and thus loose the remainder
710 * of the free objects in this slab. May cause
711 * another error because the object count is now wrong.
713 set_freepointer(s, p, NULL);
719 static int check_slab(struct kmem_cache *s, struct page *page)
721 VM_BUG_ON(!irqs_disabled());
723 if (!PageSlab(page)) {
724 slab_err(s, page, "Not a valid slab page");
727 if (page->inuse > s->objects) {
728 slab_err(s, page, "inuse %u > max %u",
729 s->name, page->inuse, s->objects);
732 /* Slab_pad_check fixes things up after itself */
733 slab_pad_check(s, page);
738 * Determine if a certain object on a page is on the freelist. Must hold the
739 * slab lock to guarantee that the chains are in a consistent state.
741 static int on_freelist(struct kmem_cache *s, struct page *page, void *search)
744 void *fp = page->freelist;
747 while (fp && nr <= s->objects) {
750 if (!check_valid_pointer(s, page, fp)) {
752 object_err(s, page, object,
753 "Freechain corrupt");
754 set_freepointer(s, object, NULL);
757 slab_err(s, page, "Freepointer corrupt");
758 page->freelist = NULL;
759 page->inuse = s->objects;
760 slab_fix(s, "Freelist cleared");
766 fp = get_freepointer(s, object);
770 if (page->inuse != s->objects - nr) {
771 slab_err(s, page, "Wrong object count. Counter is %d but "
772 "counted were %d", page->inuse, s->objects - nr);
773 page->inuse = s->objects - nr;
774 slab_fix(s, "Object count adjusted.");
776 return search == NULL;
779 static void trace(struct kmem_cache *s, struct page *page, void *object, int alloc)
781 if (s->flags & SLAB_TRACE) {
782 printk(KERN_INFO "TRACE %s %s 0x%p inuse=%d fp=0x%p\n",
784 alloc ? "alloc" : "free",
789 print_section("Object", (void *)object, s->objsize);
796 * Tracking of fully allocated slabs for debugging purposes.
798 static void add_full(struct kmem_cache_node *n, struct page *page)
800 spin_lock(&n->list_lock);
801 list_add(&page->lru, &n->full);
802 spin_unlock(&n->list_lock);
805 static void remove_full(struct kmem_cache *s, struct page *page)
807 struct kmem_cache_node *n;
809 if (!(s->flags & SLAB_STORE_USER))
812 n = get_node(s, page_to_nid(page));
814 spin_lock(&n->list_lock);
815 list_del(&page->lru);
816 spin_unlock(&n->list_lock);
819 static void setup_object_debug(struct kmem_cache *s, struct page *page,
822 if (!(s->flags & (SLAB_STORE_USER|SLAB_RED_ZONE|__OBJECT_POISON)))
825 init_object(s, object, 0);
826 init_tracking(s, object);
829 static int alloc_debug_processing(struct kmem_cache *s, struct page *page,
830 void *object, void *addr)
832 if (!check_slab(s, page))
835 if (object && !on_freelist(s, page, object)) {
836 object_err(s, page, object, "Object already allocated");
840 if (!check_valid_pointer(s, page, object)) {
841 object_err(s, page, object, "Freelist Pointer check fails");
845 if (object && !check_object(s, page, object, 0))
848 /* Success perform special debug activities for allocs */
849 if (s->flags & SLAB_STORE_USER)
850 set_track(s, object, TRACK_ALLOC, addr);
851 trace(s, page, object, 1);
852 init_object(s, object, 1);
856 if (PageSlab(page)) {
858 * If this is a slab page then lets do the best we can
859 * to avoid issues in the future. Marking all objects
860 * as used avoids touching the remaining objects.
862 slab_fix(s, "Marking all objects used");
863 page->inuse = s->objects;
864 page->freelist = NULL;
869 static int free_debug_processing(struct kmem_cache *s, struct page *page,
870 void *object, void *addr)
872 if (!check_slab(s, page))
875 if (!check_valid_pointer(s, page, object)) {
876 slab_err(s, page, "Invalid object pointer 0x%p", object);
880 if (on_freelist(s, page, object)) {
881 object_err(s, page, object, "Object already free");
885 if (!check_object(s, page, object, 1))
888 if (unlikely(s != page->slab)) {
890 slab_err(s, page, "Attempt to free object(0x%p) "
891 "outside of slab", object);
895 "SLUB <none>: no slab for object 0x%p.\n",
900 object_err(s, page, object,
901 "page slab pointer corrupt.");
905 /* Special debug activities for freeing objects */
906 if (!SlabFrozen(page) && !page->freelist)
907 remove_full(s, page);
908 if (s->flags & SLAB_STORE_USER)
909 set_track(s, object, TRACK_FREE, addr);
910 trace(s, page, object, 0);
911 init_object(s, object, 0);
915 slab_fix(s, "Object at 0x%p not freed", object);
919 static int __init setup_slub_debug(char *str)
921 slub_debug = DEBUG_DEFAULT_FLAGS;
922 if (*str++ != '=' || !*str)
924 * No options specified. Switch on full debugging.
930 * No options but restriction on slabs. This means full
931 * debugging for slabs matching a pattern.
938 * Switch off all debugging measures.
943 * Determine which debug features should be switched on
945 for ( ;*str && *str != ','; str++) {
946 switch (tolower(*str)) {
948 slub_debug |= SLAB_DEBUG_FREE;
951 slub_debug |= SLAB_RED_ZONE;
954 slub_debug |= SLAB_POISON;
957 slub_debug |= SLAB_STORE_USER;
960 slub_debug |= SLAB_TRACE;
963 printk(KERN_ERR "slub_debug option '%c' "
964 "unknown. skipped\n",*str);
970 slub_debug_slabs = str + 1;
975 __setup("slub_debug", setup_slub_debug);
977 static unsigned long kmem_cache_flags(unsigned long objsize,
978 unsigned long flags, const char *name,
979 void (*ctor)(void *, struct kmem_cache *, unsigned long))
982 * The page->offset field is only 16 bit wide. This is an offset
983 * in units of words from the beginning of an object. If the slab
984 * size is bigger then we cannot move the free pointer behind the
987 * On 32 bit platforms the limit is 256k. On 64bit platforms
990 * Debugging or ctor may create a need to move the free
991 * pointer. Fail if this happens.
993 if (objsize >= 65535 * sizeof(void *)) {
994 BUG_ON(flags & (SLAB_RED_ZONE | SLAB_POISON |
995 SLAB_STORE_USER | SLAB_DESTROY_BY_RCU));
999 * Enable debugging if selected on the kernel commandline.
1001 if (slub_debug && (!slub_debug_slabs ||
1002 strncmp(slub_debug_slabs, name,
1003 strlen(slub_debug_slabs)) == 0))
1004 flags |= slub_debug;
1010 static inline void setup_object_debug(struct kmem_cache *s,
1011 struct page *page, void *object) {}
1013 static inline int alloc_debug_processing(struct kmem_cache *s,
1014 struct page *page, void *object, void *addr) { return 0; }
1016 static inline int free_debug_processing(struct kmem_cache *s,
1017 struct page *page, void *object, void *addr) { return 0; }
1019 static inline int slab_pad_check(struct kmem_cache *s, struct page *page)
1021 static inline int check_object(struct kmem_cache *s, struct page *page,
1022 void *object, int active) { return 1; }
1023 static inline void add_full(struct kmem_cache_node *n, struct page *page) {}
1024 static inline unsigned long kmem_cache_flags(unsigned long objsize,
1025 unsigned long flags, const char *name,
1026 void (*ctor)(void *, struct kmem_cache *, unsigned long))
1030 #define slub_debug 0
1033 * Slab allocation and freeing
1035 static struct page *allocate_slab(struct kmem_cache *s, gfp_t flags, int node)
1038 int pages = 1 << s->order;
1041 flags |= __GFP_COMP;
1043 if (s->flags & SLAB_CACHE_DMA)
1046 if (s->flags & SLAB_RECLAIM_ACCOUNT)
1047 flags |= __GFP_RECLAIMABLE;
1050 page = alloc_pages(flags, s->order);
1052 page = alloc_pages_node(node, flags, s->order);
1057 mod_zone_page_state(page_zone(page),
1058 (s->flags & SLAB_RECLAIM_ACCOUNT) ?
1059 NR_SLAB_RECLAIMABLE : NR_SLAB_UNRECLAIMABLE,
1065 static void setup_object(struct kmem_cache *s, struct page *page,
1068 setup_object_debug(s, page, object);
1069 if (unlikely(s->ctor))
1070 s->ctor(object, s, 0);
1073 static struct page *new_slab(struct kmem_cache *s, gfp_t flags, int node)
1076 struct kmem_cache_node *n;
1082 BUG_ON(flags & GFP_SLAB_BUG_MASK);
1084 if (flags & __GFP_WAIT)
1087 page = allocate_slab(s,
1088 flags & (GFP_RECLAIM_MASK | GFP_CONSTRAINT_MASK), node);
1092 n = get_node(s, page_to_nid(page));
1094 atomic_long_inc(&n->nr_slabs);
1096 page->flags |= 1 << PG_slab;
1097 if (s->flags & (SLAB_DEBUG_FREE | SLAB_RED_ZONE | SLAB_POISON |
1098 SLAB_STORE_USER | SLAB_TRACE))
1101 start = page_address(page);
1102 end = start + s->objects * s->size;
1104 if (unlikely(s->flags & SLAB_POISON))
1105 memset(start, POISON_INUSE, PAGE_SIZE << s->order);
1108 for_each_object(p, s, start) {
1109 setup_object(s, page, last);
1110 set_freepointer(s, last, p);
1113 setup_object(s, page, last);
1114 set_freepointer(s, last, NULL);
1116 page->freelist = start;
1119 if (flags & __GFP_WAIT)
1120 local_irq_disable();
1124 static void __free_slab(struct kmem_cache *s, struct page *page)
1126 int pages = 1 << s->order;
1128 if (unlikely(SlabDebug(page))) {
1131 slab_pad_check(s, page);
1132 for_each_object(p, s, page_address(page))
1133 check_object(s, page, p, 0);
1134 ClearSlabDebug(page);
1137 mod_zone_page_state(page_zone(page),
1138 (s->flags & SLAB_RECLAIM_ACCOUNT) ?
1139 NR_SLAB_RECLAIMABLE : NR_SLAB_UNRECLAIMABLE,
1142 __free_pages(page, s->order);
1145 static void rcu_free_slab(struct rcu_head *h)
1149 page = container_of((struct list_head *)h, struct page, lru);
1150 __free_slab(page->slab, page);
1153 static void free_slab(struct kmem_cache *s, struct page *page)
1155 if (unlikely(s->flags & SLAB_DESTROY_BY_RCU)) {
1157 * RCU free overloads the RCU head over the LRU
1159 struct rcu_head *head = (void *)&page->lru;
1161 call_rcu(head, rcu_free_slab);
1163 __free_slab(s, page);
1166 static void discard_slab(struct kmem_cache *s, struct page *page)
1168 struct kmem_cache_node *n = get_node(s, page_to_nid(page));
1170 atomic_long_dec(&n->nr_slabs);
1171 reset_page_mapcount(page);
1172 __ClearPageSlab(page);
1177 * Per slab locking using the pagelock
1179 static __always_inline void slab_lock(struct page *page)
1181 bit_spin_lock(PG_locked, &page->flags);
1184 static __always_inline void slab_unlock(struct page *page)
1186 bit_spin_unlock(PG_locked, &page->flags);
1189 static __always_inline int slab_trylock(struct page *page)
1193 rc = bit_spin_trylock(PG_locked, &page->flags);
1198 * Management of partially allocated slabs
1200 static void add_partial_tail(struct kmem_cache_node *n, struct page *page)
1202 spin_lock(&n->list_lock);
1204 list_add_tail(&page->lru, &n->partial);
1205 spin_unlock(&n->list_lock);
1208 static void add_partial(struct kmem_cache_node *n, struct page *page)
1210 spin_lock(&n->list_lock);
1212 list_add(&page->lru, &n->partial);
1213 spin_unlock(&n->list_lock);
1216 static void remove_partial(struct kmem_cache *s,
1219 struct kmem_cache_node *n = get_node(s, page_to_nid(page));
1221 spin_lock(&n->list_lock);
1222 list_del(&page->lru);
1224 spin_unlock(&n->list_lock);
1228 * Lock slab and remove from the partial list.
1230 * Must hold list_lock.
1232 static inline int lock_and_freeze_slab(struct kmem_cache_node *n, struct page *page)
1234 if (slab_trylock(page)) {
1235 list_del(&page->lru);
1237 SetSlabFrozen(page);
1244 * Try to allocate a partial slab from a specific node.
1246 static struct page *get_partial_node(struct kmem_cache_node *n)
1251 * Racy check. If we mistakenly see no partial slabs then we
1252 * just allocate an empty slab. If we mistakenly try to get a
1253 * partial slab and there is none available then get_partials()
1256 if (!n || !n->nr_partial)
1259 spin_lock(&n->list_lock);
1260 list_for_each_entry(page, &n->partial, lru)
1261 if (lock_and_freeze_slab(n, page))
1265 spin_unlock(&n->list_lock);
1270 * Get a page from somewhere. Search in increasing NUMA distances.
1272 static struct page *get_any_partial(struct kmem_cache *s, gfp_t flags)
1275 struct zonelist *zonelist;
1280 * The defrag ratio allows a configuration of the tradeoffs between
1281 * inter node defragmentation and node local allocations. A lower
1282 * defrag_ratio increases the tendency to do local allocations
1283 * instead of attempting to obtain partial slabs from other nodes.
1285 * If the defrag_ratio is set to 0 then kmalloc() always
1286 * returns node local objects. If the ratio is higher then kmalloc()
1287 * may return off node objects because partial slabs are obtained
1288 * from other nodes and filled up.
1290 * If /sys/slab/xx/defrag_ratio is set to 100 (which makes
1291 * defrag_ratio = 1000) then every (well almost) allocation will
1292 * first attempt to defrag slab caches on other nodes. This means
1293 * scanning over all nodes to look for partial slabs which may be
1294 * expensive if we do it every time we are trying to find a slab
1295 * with available objects.
1297 if (!s->defrag_ratio || get_cycles() % 1024 > s->defrag_ratio)
1300 zonelist = &NODE_DATA(slab_node(current->mempolicy))
1301 ->node_zonelists[gfp_zone(flags)];
1302 for (z = zonelist->zones; *z; z++) {
1303 struct kmem_cache_node *n;
1305 n = get_node(s, zone_to_nid(*z));
1307 if (n && cpuset_zone_allowed_hardwall(*z, flags) &&
1308 n->nr_partial > MIN_PARTIAL) {
1309 page = get_partial_node(n);
1319 * Get a partial page, lock it and return it.
1321 static struct page *get_partial(struct kmem_cache *s, gfp_t flags, int node)
1324 int searchnode = (node == -1) ? numa_node_id() : node;
1326 page = get_partial_node(get_node(s, searchnode));
1327 if (page || (flags & __GFP_THISNODE))
1330 return get_any_partial(s, flags);
1334 * Move a page back to the lists.
1336 * Must be called with the slab lock held.
1338 * On exit the slab lock will have been dropped.
1340 static void unfreeze_slab(struct kmem_cache *s, struct page *page)
1342 struct kmem_cache_node *n = get_node(s, page_to_nid(page));
1344 ClearSlabFrozen(page);
1348 add_partial(n, page);
1349 else if (SlabDebug(page) && (s->flags & SLAB_STORE_USER))
1354 if (n->nr_partial < MIN_PARTIAL) {
1356 * Adding an empty slab to the partial slabs in order
1357 * to avoid page allocator overhead. This slab needs
1358 * to come after the other slabs with objects in
1359 * order to fill them up. That way the size of the
1360 * partial list stays small. kmem_cache_shrink can
1361 * reclaim empty slabs from the partial list.
1363 add_partial_tail(n, page);
1367 discard_slab(s, page);
1373 * Remove the cpu slab
1375 static void deactivate_slab(struct kmem_cache *s, struct kmem_cache_cpu *c)
1377 struct page *page = c->page;
1379 * Merge cpu freelist into freelist. Typically we get here
1380 * because both freelists are empty. So this is unlikely
1383 while (unlikely(c->freelist)) {
1386 /* Retrieve object from cpu_freelist */
1387 object = c->freelist;
1388 c->freelist = c->freelist[c->offset];
1390 /* And put onto the regular freelist */
1391 object[c->offset] = page->freelist;
1392 page->freelist = object;
1396 unfreeze_slab(s, page);
1399 static inline void flush_slab(struct kmem_cache *s, struct kmem_cache_cpu *c)
1402 deactivate_slab(s, c);
1407 * Called from IPI handler with interrupts disabled.
1409 static inline void __flush_cpu_slab(struct kmem_cache *s, int cpu)
1411 struct kmem_cache_cpu *c = get_cpu_slab(s, cpu);
1413 if (likely(c && c->page))
1417 static void flush_cpu_slab(void *d)
1419 struct kmem_cache *s = d;
1421 __flush_cpu_slab(s, smp_processor_id());
1424 static void flush_all(struct kmem_cache *s)
1427 on_each_cpu(flush_cpu_slab, s, 1, 1);
1429 unsigned long flags;
1431 local_irq_save(flags);
1433 local_irq_restore(flags);
1438 * Check if the objects in a per cpu structure fit numa
1439 * locality expectations.
1441 static inline int node_match(struct kmem_cache_cpu *c, int node)
1444 if (node != -1 && c->node != node)
1451 * Slow path. The lockless freelist is empty or we need to perform
1454 * Interrupts are disabled.
1456 * Processing is still very fast if new objects have been freed to the
1457 * regular freelist. In that case we simply take over the regular freelist
1458 * as the lockless freelist and zap the regular freelist.
1460 * If that is not working then we fall back to the partial lists. We take the
1461 * first element of the freelist as the object to allocate now and move the
1462 * rest of the freelist to the lockless freelist.
1464 * And if we were unable to get a new slab from the partial slab lists then
1465 * we need to allocate a new slab. This is slowest path since we may sleep.
1467 static void *__slab_alloc(struct kmem_cache *s,
1468 gfp_t gfpflags, int node, void *addr, struct kmem_cache_cpu *c)
1477 if (unlikely(!node_match(c, node)))
1480 object = c->page->freelist;
1481 if (unlikely(!object))
1483 if (unlikely(SlabDebug(c->page)))
1486 object = c->page->freelist;
1487 c->freelist = object[c->offset];
1488 c->page->inuse = s->objects;
1489 c->page->freelist = NULL;
1490 c->node = page_to_nid(c->page);
1491 slab_unlock(c->page);
1495 deactivate_slab(s, c);
1498 new = get_partial(s, gfpflags, node);
1504 new = new_slab(s, gfpflags, node);
1506 c = get_cpu_slab(s, smp_processor_id());
1509 * Someone else populated the cpu_slab while we
1510 * enabled interrupts, or we have gotten scheduled
1511 * on another cpu. The page may not be on the
1512 * requested node even if __GFP_THISNODE was
1513 * specified. So we need to recheck.
1515 if (node_match(c, node)) {
1517 * Current cpuslab is acceptable and we
1518 * want the current one since its cache hot
1520 discard_slab(s, new);
1524 /* New slab does not fit our expectations */
1534 object = c->page->freelist;
1535 if (!alloc_debug_processing(s, c->page, object, addr))
1539 c->page->freelist = object[c->offset];
1541 slab_unlock(c->page);
1546 * Inlined fastpath so that allocation functions (kmalloc, kmem_cache_alloc)
1547 * have the fastpath folded into their functions. So no function call
1548 * overhead for requests that can be satisfied on the fastpath.
1550 * The fastpath works by first checking if the lockless freelist can be used.
1551 * If not then __slab_alloc is called for slow processing.
1553 * Otherwise we can simply pick the next object from the lockless free list.
1555 static void __always_inline *slab_alloc(struct kmem_cache *s,
1556 gfp_t gfpflags, int node, void *addr)
1559 unsigned long flags;
1560 struct kmem_cache_cpu *c;
1562 local_irq_save(flags);
1563 c = get_cpu_slab(s, smp_processor_id());
1564 if (unlikely(!c->freelist || !node_match(c, node)))
1566 object = __slab_alloc(s, gfpflags, node, addr, c);
1569 object = c->freelist;
1570 c->freelist = object[c->offset];
1572 local_irq_restore(flags);
1574 if (unlikely((gfpflags & __GFP_ZERO) && object))
1575 memset(object, 0, s->objsize);
1580 void *kmem_cache_alloc(struct kmem_cache *s, gfp_t gfpflags)
1582 return slab_alloc(s, gfpflags, -1, __builtin_return_address(0));
1584 EXPORT_SYMBOL(kmem_cache_alloc);
1587 void *kmem_cache_alloc_node(struct kmem_cache *s, gfp_t gfpflags, int node)
1589 return slab_alloc(s, gfpflags, node, __builtin_return_address(0));
1591 EXPORT_SYMBOL(kmem_cache_alloc_node);
1595 * Slow patch handling. This may still be called frequently since objects
1596 * have a longer lifetime than the cpu slabs in most processing loads.
1598 * So we still attempt to reduce cache line usage. Just take the slab
1599 * lock and free the item. If there is no additional partial page
1600 * handling required then we can return immediately.
1602 static void __slab_free(struct kmem_cache *s, struct page *page,
1603 void *x, void *addr, unsigned int offset)
1606 void **object = (void *)x;
1610 if (unlikely(SlabDebug(page)))
1613 prior = object[offset] = page->freelist;
1614 page->freelist = object;
1617 if (unlikely(SlabFrozen(page)))
1620 if (unlikely(!page->inuse))
1624 * Objects left in the slab. If it
1625 * was not on the partial list before
1628 if (unlikely(!prior))
1629 add_partial(get_node(s, page_to_nid(page)), page);
1638 * Slab still on the partial list.
1640 remove_partial(s, page);
1643 discard_slab(s, page);
1647 if (!free_debug_processing(s, page, x, addr))
1653 * Fastpath with forced inlining to produce a kfree and kmem_cache_free that
1654 * can perform fastpath freeing without additional function calls.
1656 * The fastpath is only possible if we are freeing to the current cpu slab
1657 * of this processor. This typically the case if we have just allocated
1660 * If fastpath is not possible then fall back to __slab_free where we deal
1661 * with all sorts of special processing.
1663 static void __always_inline slab_free(struct kmem_cache *s,
1664 struct page *page, void *x, void *addr)
1666 void **object = (void *)x;
1667 unsigned long flags;
1668 struct kmem_cache_cpu *c;
1670 local_irq_save(flags);
1671 debug_check_no_locks_freed(object, s->objsize);
1672 c = get_cpu_slab(s, smp_processor_id());
1673 if (likely(page == c->page && c->node >= 0)) {
1674 object[c->offset] = c->freelist;
1675 c->freelist = object;
1677 __slab_free(s, page, x, addr, c->offset);
1679 local_irq_restore(flags);
1682 void kmem_cache_free(struct kmem_cache *s, void *x)
1686 page = virt_to_head_page(x);
1688 slab_free(s, page, x, __builtin_return_address(0));
1690 EXPORT_SYMBOL(kmem_cache_free);
1692 /* Figure out on which slab object the object resides */
1693 static struct page *get_object_page(const void *x)
1695 struct page *page = virt_to_head_page(x);
1697 if (!PageSlab(page))
1704 * Object placement in a slab is made very easy because we always start at
1705 * offset 0. If we tune the size of the object to the alignment then we can
1706 * get the required alignment by putting one properly sized object after
1709 * Notice that the allocation order determines the sizes of the per cpu
1710 * caches. Each processor has always one slab available for allocations.
1711 * Increasing the allocation order reduces the number of times that slabs
1712 * must be moved on and off the partial lists and is therefore a factor in
1717 * Mininum / Maximum order of slab pages. This influences locking overhead
1718 * and slab fragmentation. A higher order reduces the number of partial slabs
1719 * and increases the number of allocations possible without having to
1720 * take the list_lock.
1722 static int slub_min_order;
1723 static int slub_max_order = DEFAULT_MAX_ORDER;
1724 static int slub_min_objects = DEFAULT_MIN_OBJECTS;
1727 * Merge control. If this is set then no merging of slab caches will occur.
1728 * (Could be removed. This was introduced to pacify the merge skeptics.)
1730 static int slub_nomerge;
1733 * Calculate the order of allocation given an slab object size.
1735 * The order of allocation has significant impact on performance and other
1736 * system components. Generally order 0 allocations should be preferred since
1737 * order 0 does not cause fragmentation in the page allocator. Larger objects
1738 * be problematic to put into order 0 slabs because there may be too much
1739 * unused space left. We go to a higher order if more than 1/8th of the slab
1742 * In order to reach satisfactory performance we must ensure that a minimum
1743 * number of objects is in one slab. Otherwise we may generate too much
1744 * activity on the partial lists which requires taking the list_lock. This is
1745 * less a concern for large slabs though which are rarely used.
1747 * slub_max_order specifies the order where we begin to stop considering the
1748 * number of objects in a slab as critical. If we reach slub_max_order then
1749 * we try to keep the page order as low as possible. So we accept more waste
1750 * of space in favor of a small page order.
1752 * Higher order allocations also allow the placement of more objects in a
1753 * slab and thereby reduce object handling overhead. If the user has
1754 * requested a higher mininum order then we start with that one instead of
1755 * the smallest order which will fit the object.
1757 static inline int slab_order(int size, int min_objects,
1758 int max_order, int fract_leftover)
1762 int min_order = slub_min_order;
1764 for (order = max(min_order,
1765 fls(min_objects * size - 1) - PAGE_SHIFT);
1766 order <= max_order; order++) {
1768 unsigned long slab_size = PAGE_SIZE << order;
1770 if (slab_size < min_objects * size)
1773 rem = slab_size % size;
1775 if (rem <= slab_size / fract_leftover)
1783 static inline int calculate_order(int size)
1790 * Attempt to find best configuration for a slab. This
1791 * works by first attempting to generate a layout with
1792 * the best configuration and backing off gradually.
1794 * First we reduce the acceptable waste in a slab. Then
1795 * we reduce the minimum objects required in a slab.
1797 min_objects = slub_min_objects;
1798 while (min_objects > 1) {
1800 while (fraction >= 4) {
1801 order = slab_order(size, min_objects,
1802 slub_max_order, fraction);
1803 if (order <= slub_max_order)
1811 * We were unable to place multiple objects in a slab. Now
1812 * lets see if we can place a single object there.
1814 order = slab_order(size, 1, slub_max_order, 1);
1815 if (order <= slub_max_order)
1819 * Doh this slab cannot be placed using slub_max_order.
1821 order = slab_order(size, 1, MAX_ORDER, 1);
1822 if (order <= MAX_ORDER)
1828 * Figure out what the alignment of the objects will be.
1830 static unsigned long calculate_alignment(unsigned long flags,
1831 unsigned long align, unsigned long size)
1834 * If the user wants hardware cache aligned objects then
1835 * follow that suggestion if the object is sufficiently
1838 * The hardware cache alignment cannot override the
1839 * specified alignment though. If that is greater
1842 if ((flags & SLAB_HWCACHE_ALIGN) &&
1843 size > cache_line_size() / 2)
1844 return max_t(unsigned long, align, cache_line_size());
1846 if (align < ARCH_SLAB_MINALIGN)
1847 return ARCH_SLAB_MINALIGN;
1849 return ALIGN(align, sizeof(void *));
1852 static void init_kmem_cache_cpu(struct kmem_cache *s,
1853 struct kmem_cache_cpu *c)
1857 c->offset = s->offset / sizeof(void *);
1861 static inline int alloc_kmem_cache_cpus(struct kmem_cache *s, gfp_t flags)
1865 for_each_possible_cpu(cpu)
1866 init_kmem_cache_cpu(s, get_cpu_slab(s, cpu));
1871 static void init_kmem_cache_node(struct kmem_cache_node *n)
1874 atomic_long_set(&n->nr_slabs, 0);
1875 spin_lock_init(&n->list_lock);
1876 INIT_LIST_HEAD(&n->partial);
1877 #ifdef CONFIG_SLUB_DEBUG
1878 INIT_LIST_HEAD(&n->full);
1884 * No kmalloc_node yet so do it by hand. We know that this is the first
1885 * slab on the node for this slabcache. There are no concurrent accesses
1888 * Note that this function only works on the kmalloc_node_cache
1889 * when allocating for the kmalloc_node_cache.
1891 static struct kmem_cache_node *early_kmem_cache_node_alloc(gfp_t gfpflags,
1895 struct kmem_cache_node *n;
1897 BUG_ON(kmalloc_caches->size < sizeof(struct kmem_cache_node));
1899 page = new_slab(kmalloc_caches, gfpflags, node);
1902 if (page_to_nid(page) != node) {
1903 printk(KERN_ERR "SLUB: Unable to allocate memory from "
1905 printk(KERN_ERR "SLUB: Allocating a useless per node structure "
1906 "in order to be able to continue\n");
1911 page->freelist = get_freepointer(kmalloc_caches, n);
1913 kmalloc_caches->node[node] = n;
1914 #ifdef CONFIG_SLUB_DEBUG
1915 init_object(kmalloc_caches, n, 1);
1916 init_tracking(kmalloc_caches, n);
1918 init_kmem_cache_node(n);
1919 atomic_long_inc(&n->nr_slabs);
1920 add_partial(n, page);
1923 * new_slab() disables interupts. If we do not reenable interrupts here
1924 * then bootup would continue with interrupts disabled.
1930 static void free_kmem_cache_nodes(struct kmem_cache *s)
1934 for_each_node_state(node, N_NORMAL_MEMORY) {
1935 struct kmem_cache_node *n = s->node[node];
1936 if (n && n != &s->local_node)
1937 kmem_cache_free(kmalloc_caches, n);
1938 s->node[node] = NULL;
1942 static int init_kmem_cache_nodes(struct kmem_cache *s, gfp_t gfpflags)
1947 if (slab_state >= UP)
1948 local_node = page_to_nid(virt_to_page(s));
1952 for_each_node_state(node, N_NORMAL_MEMORY) {
1953 struct kmem_cache_node *n;
1955 if (local_node == node)
1958 if (slab_state == DOWN) {
1959 n = early_kmem_cache_node_alloc(gfpflags,
1963 n = kmem_cache_alloc_node(kmalloc_caches,
1967 free_kmem_cache_nodes(s);
1973 init_kmem_cache_node(n);
1978 static void free_kmem_cache_nodes(struct kmem_cache *s)
1982 static int init_kmem_cache_nodes(struct kmem_cache *s, gfp_t gfpflags)
1984 init_kmem_cache_node(&s->local_node);
1990 * calculate_sizes() determines the order and the distribution of data within
1993 static int calculate_sizes(struct kmem_cache *s)
1995 unsigned long flags = s->flags;
1996 unsigned long size = s->objsize;
1997 unsigned long align = s->align;
2000 * Determine if we can poison the object itself. If the user of
2001 * the slab may touch the object after free or before allocation
2002 * then we should never poison the object itself.
2004 if ((flags & SLAB_POISON) && !(flags & SLAB_DESTROY_BY_RCU) &&
2006 s->flags |= __OBJECT_POISON;
2008 s->flags &= ~__OBJECT_POISON;
2011 * Round up object size to the next word boundary. We can only
2012 * place the free pointer at word boundaries and this determines
2013 * the possible location of the free pointer.
2015 size = ALIGN(size, sizeof(void *));
2017 #ifdef CONFIG_SLUB_DEBUG
2019 * If we are Redzoning then check if there is some space between the
2020 * end of the object and the free pointer. If not then add an
2021 * additional word to have some bytes to store Redzone information.
2023 if ((flags & SLAB_RED_ZONE) && size == s->objsize)
2024 size += sizeof(void *);
2028 * With that we have determined the number of bytes in actual use
2029 * by the object. This is the potential offset to the free pointer.
2033 if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) ||
2036 * Relocate free pointer after the object if it is not
2037 * permitted to overwrite the first word of the object on
2040 * This is the case if we do RCU, have a constructor or
2041 * destructor or are poisoning the objects.
2044 size += sizeof(void *);
2047 #ifdef CONFIG_SLUB_DEBUG
2048 if (flags & SLAB_STORE_USER)
2050 * Need to store information about allocs and frees after
2053 size += 2 * sizeof(struct track);
2055 if (flags & SLAB_RED_ZONE)
2057 * Add some empty padding so that we can catch
2058 * overwrites from earlier objects rather than let
2059 * tracking information or the free pointer be
2060 * corrupted if an user writes before the start
2063 size += sizeof(void *);
2067 * Determine the alignment based on various parameters that the
2068 * user specified and the dynamic determination of cache line size
2071 align = calculate_alignment(flags, align, s->objsize);
2074 * SLUB stores one object immediately after another beginning from
2075 * offset 0. In order to align the objects we have to simply size
2076 * each object to conform to the alignment.
2078 size = ALIGN(size, align);
2081 s->order = calculate_order(size);
2086 * Determine the number of objects per slab
2088 s->objects = (PAGE_SIZE << s->order) / size;
2090 return !!s->objects;
2094 static int kmem_cache_open(struct kmem_cache *s, gfp_t gfpflags,
2095 const char *name, size_t size,
2096 size_t align, unsigned long flags,
2097 void (*ctor)(void *, struct kmem_cache *, unsigned long))
2099 memset(s, 0, kmem_size);
2104 s->flags = kmem_cache_flags(size, flags, name, ctor);
2106 if (!calculate_sizes(s))
2111 s->defrag_ratio = 100;
2113 if (!init_kmem_cache_nodes(s, gfpflags & ~SLUB_DMA))
2116 if (alloc_kmem_cache_cpus(s, gfpflags & ~SLUB_DMA))
2119 if (flags & SLAB_PANIC)
2120 panic("Cannot create slab %s size=%lu realsize=%u "
2121 "order=%u offset=%u flags=%lx\n",
2122 s->name, (unsigned long)size, s->size, s->order,
2128 * Check if a given pointer is valid
2130 int kmem_ptr_validate(struct kmem_cache *s, const void *object)
2134 page = get_object_page(object);
2136 if (!page || s != page->slab)
2137 /* No slab or wrong slab */
2140 if (!check_valid_pointer(s, page, object))
2144 * We could also check if the object is on the slabs freelist.
2145 * But this would be too expensive and it seems that the main
2146 * purpose of kmem_ptr_valid is to check if the object belongs
2147 * to a certain slab.
2151 EXPORT_SYMBOL(kmem_ptr_validate);
2154 * Determine the size of a slab object
2156 unsigned int kmem_cache_size(struct kmem_cache *s)
2160 EXPORT_SYMBOL(kmem_cache_size);
2162 const char *kmem_cache_name(struct kmem_cache *s)
2166 EXPORT_SYMBOL(kmem_cache_name);
2169 * Attempt to free all slabs on a node. Return the number of slabs we
2170 * were unable to free.
2172 static int free_list(struct kmem_cache *s, struct kmem_cache_node *n,
2173 struct list_head *list)
2175 int slabs_inuse = 0;
2176 unsigned long flags;
2177 struct page *page, *h;
2179 spin_lock_irqsave(&n->list_lock, flags);
2180 list_for_each_entry_safe(page, h, list, lru)
2182 list_del(&page->lru);
2183 discard_slab(s, page);
2186 spin_unlock_irqrestore(&n->list_lock, flags);
2191 * Release all resources used by a slab cache.
2193 static inline int kmem_cache_close(struct kmem_cache *s)
2199 /* Attempt to free all objects */
2200 for_each_node_state(node, N_NORMAL_MEMORY) {
2201 struct kmem_cache_node *n = get_node(s, node);
2203 n->nr_partial -= free_list(s, n, &n->partial);
2204 if (atomic_long_read(&n->nr_slabs))
2207 free_kmem_cache_nodes(s);
2212 * Close a cache and release the kmem_cache structure
2213 * (must be used for caches created using kmem_cache_create)
2215 void kmem_cache_destroy(struct kmem_cache *s)
2217 down_write(&slub_lock);
2221 up_write(&slub_lock);
2222 if (kmem_cache_close(s))
2224 sysfs_slab_remove(s);
2227 up_write(&slub_lock);
2229 EXPORT_SYMBOL(kmem_cache_destroy);
2231 /********************************************************************
2233 *******************************************************************/
2235 struct kmem_cache kmalloc_caches[PAGE_SHIFT] __cacheline_aligned;
2236 EXPORT_SYMBOL(kmalloc_caches);
2238 #ifdef CONFIG_ZONE_DMA
2239 static struct kmem_cache *kmalloc_caches_dma[PAGE_SHIFT];
2242 static int __init setup_slub_min_order(char *str)
2244 get_option (&str, &slub_min_order);
2249 __setup("slub_min_order=", setup_slub_min_order);
2251 static int __init setup_slub_max_order(char *str)
2253 get_option (&str, &slub_max_order);
2258 __setup("slub_max_order=", setup_slub_max_order);
2260 static int __init setup_slub_min_objects(char *str)
2262 get_option (&str, &slub_min_objects);
2267 __setup("slub_min_objects=", setup_slub_min_objects);
2269 static int __init setup_slub_nomerge(char *str)
2275 __setup("slub_nomerge", setup_slub_nomerge);
2277 static struct kmem_cache *create_kmalloc_cache(struct kmem_cache *s,
2278 const char *name, int size, gfp_t gfp_flags)
2280 unsigned int flags = 0;
2282 if (gfp_flags & SLUB_DMA)
2283 flags = SLAB_CACHE_DMA;
2285 down_write(&slub_lock);
2286 if (!kmem_cache_open(s, gfp_flags, name, size, ARCH_KMALLOC_MINALIGN,
2290 list_add(&s->list, &slab_caches);
2291 up_write(&slub_lock);
2292 if (sysfs_slab_add(s))
2297 panic("Creation of kmalloc slab %s size=%d failed.\n", name, size);
2300 #ifdef CONFIG_ZONE_DMA
2302 static void sysfs_add_func(struct work_struct *w)
2304 struct kmem_cache *s;
2306 down_write(&slub_lock);
2307 list_for_each_entry(s, &slab_caches, list) {
2308 if (s->flags & __SYSFS_ADD_DEFERRED) {
2309 s->flags &= ~__SYSFS_ADD_DEFERRED;
2313 up_write(&slub_lock);
2316 static DECLARE_WORK(sysfs_add_work, sysfs_add_func);
2318 static noinline struct kmem_cache *dma_kmalloc_cache(int index, gfp_t flags)
2320 struct kmem_cache *s;
2324 s = kmalloc_caches_dma[index];
2328 /* Dynamically create dma cache */
2329 if (flags & __GFP_WAIT)
2330 down_write(&slub_lock);
2332 if (!down_write_trylock(&slub_lock))
2336 if (kmalloc_caches_dma[index])
2339 realsize = kmalloc_caches[index].objsize;
2340 text = kasprintf(flags & ~SLUB_DMA, "kmalloc_dma-%d", (unsigned int)realsize),
2341 s = kmalloc(kmem_size, flags & ~SLUB_DMA);
2343 if (!s || !text || !kmem_cache_open(s, flags, text,
2344 realsize, ARCH_KMALLOC_MINALIGN,
2345 SLAB_CACHE_DMA|__SYSFS_ADD_DEFERRED, NULL)) {
2351 list_add(&s->list, &slab_caches);
2352 kmalloc_caches_dma[index] = s;
2354 schedule_work(&sysfs_add_work);
2357 up_write(&slub_lock);
2359 return kmalloc_caches_dma[index];
2364 * Conversion table for small slabs sizes / 8 to the index in the
2365 * kmalloc array. This is necessary for slabs < 192 since we have non power
2366 * of two cache sizes there. The size of larger slabs can be determined using
2369 static s8 size_index[24] = {
2396 static struct kmem_cache *get_slab(size_t size, gfp_t flags)
2402 return ZERO_SIZE_PTR;
2404 index = size_index[(size - 1) / 8];
2406 index = fls(size - 1);
2408 #ifdef CONFIG_ZONE_DMA
2409 if (unlikely((flags & SLUB_DMA)))
2410 return dma_kmalloc_cache(index, flags);
2413 return &kmalloc_caches[index];
2416 void *__kmalloc(size_t size, gfp_t flags)
2418 struct kmem_cache *s;
2420 if (unlikely(size > PAGE_SIZE / 2))
2421 return (void *)__get_free_pages(flags | __GFP_COMP,
2424 s = get_slab(size, flags);
2426 if (unlikely(ZERO_OR_NULL_PTR(s)))
2429 return slab_alloc(s, flags, -1, __builtin_return_address(0));
2431 EXPORT_SYMBOL(__kmalloc);
2434 void *__kmalloc_node(size_t size, gfp_t flags, int node)
2436 struct kmem_cache *s;
2438 if (unlikely(size > PAGE_SIZE / 2))
2439 return (void *)__get_free_pages(flags | __GFP_COMP,
2442 s = get_slab(size, flags);
2444 if (unlikely(ZERO_OR_NULL_PTR(s)))
2447 return slab_alloc(s, flags, node, __builtin_return_address(0));
2449 EXPORT_SYMBOL(__kmalloc_node);
2452 size_t ksize(const void *object)
2455 struct kmem_cache *s;
2458 if (unlikely(object == ZERO_SIZE_PTR))
2461 page = get_object_page(object);
2467 * Debugging requires use of the padding between object
2468 * and whatever may come after it.
2470 if (s->flags & (SLAB_RED_ZONE | SLAB_POISON))
2474 * If we have the need to store the freelist pointer
2475 * back there or track user information then we can
2476 * only use the space before that information.
2478 if (s->flags & (SLAB_DESTROY_BY_RCU | SLAB_STORE_USER))
2482 * Else we can use all the padding etc for the allocation
2486 EXPORT_SYMBOL(ksize);
2488 void kfree(const void *x)
2492 if (unlikely(ZERO_OR_NULL_PTR(x)))
2495 page = virt_to_head_page(x);
2496 if (unlikely(!PageSlab(page))) {
2500 slab_free(page->slab, page, (void *)x, __builtin_return_address(0));
2502 EXPORT_SYMBOL(kfree);
2505 * kmem_cache_shrink removes empty slabs from the partial lists and sorts
2506 * the remaining slabs by the number of items in use. The slabs with the
2507 * most items in use come first. New allocations will then fill those up
2508 * and thus they can be removed from the partial lists.
2510 * The slabs with the least items are placed last. This results in them
2511 * being allocated from last increasing the chance that the last objects
2512 * are freed in them.
2514 int kmem_cache_shrink(struct kmem_cache *s)
2518 struct kmem_cache_node *n;
2521 struct list_head *slabs_by_inuse =
2522 kmalloc(sizeof(struct list_head) * s->objects, GFP_KERNEL);
2523 unsigned long flags;
2525 if (!slabs_by_inuse)
2529 for_each_node_state(node, N_NORMAL_MEMORY) {
2530 n = get_node(s, node);
2535 for (i = 0; i < s->objects; i++)
2536 INIT_LIST_HEAD(slabs_by_inuse + i);
2538 spin_lock_irqsave(&n->list_lock, flags);
2541 * Build lists indexed by the items in use in each slab.
2543 * Note that concurrent frees may occur while we hold the
2544 * list_lock. page->inuse here is the upper limit.
2546 list_for_each_entry_safe(page, t, &n->partial, lru) {
2547 if (!page->inuse && slab_trylock(page)) {
2549 * Must hold slab lock here because slab_free
2550 * may have freed the last object and be
2551 * waiting to release the slab.
2553 list_del(&page->lru);
2556 discard_slab(s, page);
2558 list_move(&page->lru,
2559 slabs_by_inuse + page->inuse);
2564 * Rebuild the partial list with the slabs filled up most
2565 * first and the least used slabs at the end.
2567 for (i = s->objects - 1; i >= 0; i--)
2568 list_splice(slabs_by_inuse + i, n->partial.prev);
2570 spin_unlock_irqrestore(&n->list_lock, flags);
2573 kfree(slabs_by_inuse);
2576 EXPORT_SYMBOL(kmem_cache_shrink);
2578 /********************************************************************
2579 * Basic setup of slabs
2580 *******************************************************************/
2582 void __init kmem_cache_init(void)
2589 * Must first have the slab cache available for the allocations of the
2590 * struct kmem_cache_node's. There is special bootstrap code in
2591 * kmem_cache_open for slab_state == DOWN.
2593 create_kmalloc_cache(&kmalloc_caches[0], "kmem_cache_node",
2594 sizeof(struct kmem_cache_node), GFP_KERNEL);
2595 kmalloc_caches[0].refcount = -1;
2599 /* Able to allocate the per node structures */
2600 slab_state = PARTIAL;
2602 /* Caches that are not of the two-to-the-power-of size */
2603 if (KMALLOC_MIN_SIZE <= 64) {
2604 create_kmalloc_cache(&kmalloc_caches[1],
2605 "kmalloc-96", 96, GFP_KERNEL);
2608 if (KMALLOC_MIN_SIZE <= 128) {
2609 create_kmalloc_cache(&kmalloc_caches[2],
2610 "kmalloc-192", 192, GFP_KERNEL);
2614 for (i = KMALLOC_SHIFT_LOW; i < PAGE_SHIFT; i++) {
2615 create_kmalloc_cache(&kmalloc_caches[i],
2616 "kmalloc", 1 << i, GFP_KERNEL);
2622 * Patch up the size_index table if we have strange large alignment
2623 * requirements for the kmalloc array. This is only the case for
2624 * mips it seems. The standard arches will not generate any code here.
2626 * Largest permitted alignment is 256 bytes due to the way we
2627 * handle the index determination for the smaller caches.
2629 * Make sure that nothing crazy happens if someone starts tinkering
2630 * around with ARCH_KMALLOC_MINALIGN
2632 BUILD_BUG_ON(KMALLOC_MIN_SIZE > 256 ||
2633 (KMALLOC_MIN_SIZE & (KMALLOC_MIN_SIZE - 1)));
2635 for (i = 8; i < KMALLOC_MIN_SIZE; i += 8)
2636 size_index[(i - 1) / 8] = KMALLOC_SHIFT_LOW;
2640 /* Provide the correct kmalloc names now that the caches are up */
2641 for (i = KMALLOC_SHIFT_LOW; i < PAGE_SHIFT; i++)
2642 kmalloc_caches[i]. name =
2643 kasprintf(GFP_KERNEL, "kmalloc-%d", 1 << i);
2646 register_cpu_notifier(&slab_notifier);
2649 kmem_size = offsetof(struct kmem_cache, cpu_slab) +
2650 nr_cpu_ids * sizeof(struct kmem_cache_cpu);
2652 printk(KERN_INFO "SLUB: Genslabs=%d, HWalign=%d, Order=%d-%d, MinObjects=%d,"
2653 " CPUs=%d, Nodes=%d\n",
2654 caches, cache_line_size(),
2655 slub_min_order, slub_max_order, slub_min_objects,
2656 nr_cpu_ids, nr_node_ids);
2660 * Find a mergeable slab cache
2662 static int slab_unmergeable(struct kmem_cache *s)
2664 if (slub_nomerge || (s->flags & SLUB_NEVER_MERGE))
2671 * We may have set a slab to be unmergeable during bootstrap.
2673 if (s->refcount < 0)
2679 static struct kmem_cache *find_mergeable(size_t size,
2680 size_t align, unsigned long flags, const char *name,
2681 void (*ctor)(void *, struct kmem_cache *, unsigned long))
2683 struct kmem_cache *s;
2685 if (slub_nomerge || (flags & SLUB_NEVER_MERGE))
2691 size = ALIGN(size, sizeof(void *));
2692 align = calculate_alignment(flags, align, size);
2693 size = ALIGN(size, align);
2694 flags = kmem_cache_flags(size, flags, name, NULL);
2696 list_for_each_entry(s, &slab_caches, list) {
2697 if (slab_unmergeable(s))
2703 if ((flags & SLUB_MERGE_SAME) != (s->flags & SLUB_MERGE_SAME))
2706 * Check if alignment is compatible.
2707 * Courtesy of Adrian Drzewiecki
2709 if ((s->size & ~(align -1)) != s->size)
2712 if (s->size - size >= sizeof(void *))
2720 struct kmem_cache *kmem_cache_create(const char *name, size_t size,
2721 size_t align, unsigned long flags,
2722 void (*ctor)(void *, struct kmem_cache *, unsigned long))
2724 struct kmem_cache *s;
2726 down_write(&slub_lock);
2727 s = find_mergeable(size, align, flags, name, ctor);
2731 * Adjust the object sizes so that we clear
2732 * the complete object on kzalloc.
2734 s->objsize = max(s->objsize, (int)size);
2735 s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *)));
2736 up_write(&slub_lock);
2737 if (sysfs_slab_alias(s, name))
2741 s = kmalloc(kmem_size, GFP_KERNEL);
2743 if (kmem_cache_open(s, GFP_KERNEL, name,
2744 size, align, flags, ctor)) {
2745 list_add(&s->list, &slab_caches);
2746 up_write(&slub_lock);
2747 if (sysfs_slab_add(s))
2753 up_write(&slub_lock);
2756 if (flags & SLAB_PANIC)
2757 panic("Cannot create slabcache %s\n", name);
2762 EXPORT_SYMBOL(kmem_cache_create);
2766 * Use the cpu notifier to insure that the cpu slabs are flushed when
2769 static int __cpuinit slab_cpuup_callback(struct notifier_block *nfb,
2770 unsigned long action, void *hcpu)
2772 long cpu = (long)hcpu;
2773 struct kmem_cache *s;
2774 unsigned long flags;
2777 case CPU_UP_CANCELED:
2778 case CPU_UP_CANCELED_FROZEN:
2780 case CPU_DEAD_FROZEN:
2781 down_read(&slub_lock);
2782 list_for_each_entry(s, &slab_caches, list) {
2783 local_irq_save(flags);
2784 __flush_cpu_slab(s, cpu);
2785 local_irq_restore(flags);
2787 up_read(&slub_lock);
2795 static struct notifier_block __cpuinitdata slab_notifier =
2796 { &slab_cpuup_callback, NULL, 0 };
2800 void *__kmalloc_track_caller(size_t size, gfp_t gfpflags, void *caller)
2802 struct kmem_cache *s;
2804 if (unlikely(size > PAGE_SIZE / 2))
2805 return (void *)__get_free_pages(gfpflags | __GFP_COMP,
2807 s = get_slab(size, gfpflags);
2809 if (unlikely(ZERO_OR_NULL_PTR(s)))
2812 return slab_alloc(s, gfpflags, -1, caller);
2815 void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
2816 int node, void *caller)
2818 struct kmem_cache *s;
2820 if (unlikely(size > PAGE_SIZE / 2))
2821 return (void *)__get_free_pages(gfpflags | __GFP_COMP,
2823 s = get_slab(size, gfpflags);
2825 if (unlikely(ZERO_OR_NULL_PTR(s)))
2828 return slab_alloc(s, gfpflags, node, caller);
2831 #if defined(CONFIG_SYSFS) && defined(CONFIG_SLUB_DEBUG)
2832 static int validate_slab(struct kmem_cache *s, struct page *page,
2836 void *addr = page_address(page);
2838 if (!check_slab(s, page) ||
2839 !on_freelist(s, page, NULL))
2842 /* Now we know that a valid freelist exists */
2843 bitmap_zero(map, s->objects);
2845 for_each_free_object(p, s, page->freelist) {
2846 set_bit(slab_index(p, s, addr), map);
2847 if (!check_object(s, page, p, 0))
2851 for_each_object(p, s, addr)
2852 if (!test_bit(slab_index(p, s, addr), map))
2853 if (!check_object(s, page, p, 1))
2858 static void validate_slab_slab(struct kmem_cache *s, struct page *page,
2861 if (slab_trylock(page)) {
2862 validate_slab(s, page, map);
2865 printk(KERN_INFO "SLUB %s: Skipped busy slab 0x%p\n",
2868 if (s->flags & DEBUG_DEFAULT_FLAGS) {
2869 if (!SlabDebug(page))
2870 printk(KERN_ERR "SLUB %s: SlabDebug not set "
2871 "on slab 0x%p\n", s->name, page);
2873 if (SlabDebug(page))
2874 printk(KERN_ERR "SLUB %s: SlabDebug set on "
2875 "slab 0x%p\n", s->name, page);
2879 static int validate_slab_node(struct kmem_cache *s,
2880 struct kmem_cache_node *n, unsigned long *map)
2882 unsigned long count = 0;
2884 unsigned long flags;
2886 spin_lock_irqsave(&n->list_lock, flags);
2888 list_for_each_entry(page, &n->partial, lru) {
2889 validate_slab_slab(s, page, map);
2892 if (count != n->nr_partial)
2893 printk(KERN_ERR "SLUB %s: %ld partial slabs counted but "
2894 "counter=%ld\n", s->name, count, n->nr_partial);
2896 if (!(s->flags & SLAB_STORE_USER))
2899 list_for_each_entry(page, &n->full, lru) {
2900 validate_slab_slab(s, page, map);
2903 if (count != atomic_long_read(&n->nr_slabs))
2904 printk(KERN_ERR "SLUB: %s %ld slabs counted but "
2905 "counter=%ld\n", s->name, count,
2906 atomic_long_read(&n->nr_slabs));
2909 spin_unlock_irqrestore(&n->list_lock, flags);
2913 static long validate_slab_cache(struct kmem_cache *s)
2916 unsigned long count = 0;
2917 unsigned long *map = kmalloc(BITS_TO_LONGS(s->objects) *
2918 sizeof(unsigned long), GFP_KERNEL);
2924 for_each_node_state(node, N_NORMAL_MEMORY) {
2925 struct kmem_cache_node *n = get_node(s, node);
2927 count += validate_slab_node(s, n, map);
2933 #ifdef SLUB_RESILIENCY_TEST
2934 static void resiliency_test(void)
2938 printk(KERN_ERR "SLUB resiliency testing\n");
2939 printk(KERN_ERR "-----------------------\n");
2940 printk(KERN_ERR "A. Corruption after allocation\n");
2942 p = kzalloc(16, GFP_KERNEL);
2944 printk(KERN_ERR "\n1. kmalloc-16: Clobber Redzone/next pointer"
2945 " 0x12->0x%p\n\n", p + 16);
2947 validate_slab_cache(kmalloc_caches + 4);
2949 /* Hmmm... The next two are dangerous */
2950 p = kzalloc(32, GFP_KERNEL);
2951 p[32 + sizeof(void *)] = 0x34;
2952 printk(KERN_ERR "\n2. kmalloc-32: Clobber next pointer/next slab"
2953 " 0x34 -> -0x%p\n", p);
2954 printk(KERN_ERR "If allocated object is overwritten then not detectable\n\n");
2956 validate_slab_cache(kmalloc_caches + 5);
2957 p = kzalloc(64, GFP_KERNEL);
2958 p += 64 + (get_cycles() & 0xff) * sizeof(void *);
2960 printk(KERN_ERR "\n3. kmalloc-64: corrupting random byte 0x56->0x%p\n",
2962 printk(KERN_ERR "If allocated object is overwritten then not detectable\n\n");
2963 validate_slab_cache(kmalloc_caches + 6);
2965 printk(KERN_ERR "\nB. Corruption after free\n");
2966 p = kzalloc(128, GFP_KERNEL);
2969 printk(KERN_ERR "1. kmalloc-128: Clobber first word 0x78->0x%p\n\n", p);
2970 validate_slab_cache(kmalloc_caches + 7);
2972 p = kzalloc(256, GFP_KERNEL);
2975 printk(KERN_ERR "\n2. kmalloc-256: Clobber 50th byte 0x9a->0x%p\n\n", p);
2976 validate_slab_cache(kmalloc_caches + 8);
2978 p = kzalloc(512, GFP_KERNEL);
2981 printk(KERN_ERR "\n3. kmalloc-512: Clobber redzone 0xab->0x%p\n\n", p);
2982 validate_slab_cache(kmalloc_caches + 9);
2985 static void resiliency_test(void) {};
2989 * Generate lists of code addresses where slabcache objects are allocated
2994 unsigned long count;
3007 unsigned long count;
3008 struct location *loc;
3011 static void free_loc_track(struct loc_track *t)
3014 free_pages((unsigned long)t->loc,
3015 get_order(sizeof(struct location) * t->max));
3018 static int alloc_loc_track(struct loc_track *t, unsigned long max, gfp_t flags)
3023 order = get_order(sizeof(struct location) * max);
3025 l = (void *)__get_free_pages(flags, order);
3030 memcpy(l, t->loc, sizeof(struct location) * t->count);
3038 static int add_location(struct loc_track *t, struct kmem_cache *s,
3039 const struct track *track)
3041 long start, end, pos;
3044 unsigned long age = jiffies - track->when;
3050 pos = start + (end - start + 1) / 2;
3053 * There is nothing at "end". If we end up there
3054 * we need to add something to before end.
3059 caddr = t->loc[pos].addr;
3060 if (track->addr == caddr) {
3066 if (age < l->min_time)
3068 if (age > l->max_time)
3071 if (track->pid < l->min_pid)
3072 l->min_pid = track->pid;
3073 if (track->pid > l->max_pid)
3074 l->max_pid = track->pid;
3076 cpu_set(track->cpu, l->cpus);
3078 node_set(page_to_nid(virt_to_page(track)), l->nodes);
3082 if (track->addr < caddr)
3089 * Not found. Insert new tracking element.
3091 if (t->count >= t->max && !alloc_loc_track(t, 2 * t->max, GFP_ATOMIC))
3097 (t->count - pos) * sizeof(struct location));
3100 l->addr = track->addr;
3104 l->min_pid = track->pid;
3105 l->max_pid = track->pid;
3106 cpus_clear(l->cpus);
3107 cpu_set(track->cpu, l->cpus);
3108 nodes_clear(l->nodes);
3109 node_set(page_to_nid(virt_to_page(track)), l->nodes);
3113 static void process_slab(struct loc_track *t, struct kmem_cache *s,
3114 struct page *page, enum track_item alloc)
3116 void *addr = page_address(page);
3117 DECLARE_BITMAP(map, s->objects);
3120 bitmap_zero(map, s->objects);
3121 for_each_free_object(p, s, page->freelist)
3122 set_bit(slab_index(p, s, addr), map);
3124 for_each_object(p, s, addr)
3125 if (!test_bit(slab_index(p, s, addr), map))
3126 add_location(t, s, get_track(s, p, alloc));
3129 static int list_locations(struct kmem_cache *s, char *buf,
3130 enum track_item alloc)
3134 struct loc_track t = { 0, 0, NULL };
3137 if (!alloc_loc_track(&t, PAGE_SIZE / sizeof(struct location),
3139 return sprintf(buf, "Out of memory\n");
3141 /* Push back cpu slabs */
3144 for_each_node_state(node, N_NORMAL_MEMORY) {
3145 struct kmem_cache_node *n = get_node(s, node);
3146 unsigned long flags;
3149 if (!atomic_long_read(&n->nr_slabs))
3152 spin_lock_irqsave(&n->list_lock, flags);
3153 list_for_each_entry(page, &n->partial, lru)
3154 process_slab(&t, s, page, alloc);
3155 list_for_each_entry(page, &n->full, lru)
3156 process_slab(&t, s, page, alloc);
3157 spin_unlock_irqrestore(&n->list_lock, flags);
3160 for (i = 0; i < t.count; i++) {
3161 struct location *l = &t.loc[i];
3163 if (n > PAGE_SIZE - 100)
3165 n += sprintf(buf + n, "%7ld ", l->count);
3168 n += sprint_symbol(buf + n, (unsigned long)l->addr);
3170 n += sprintf(buf + n, "<not-available>");
3172 if (l->sum_time != l->min_time) {
3173 unsigned long remainder;
3175 n += sprintf(buf + n, " age=%ld/%ld/%ld",
3177 div_long_long_rem(l->sum_time, l->count, &remainder),
3180 n += sprintf(buf + n, " age=%ld",
3183 if (l->min_pid != l->max_pid)
3184 n += sprintf(buf + n, " pid=%ld-%ld",
3185 l->min_pid, l->max_pid);
3187 n += sprintf(buf + n, " pid=%ld",
3190 if (num_online_cpus() > 1 && !cpus_empty(l->cpus) &&
3191 n < PAGE_SIZE - 60) {
3192 n += sprintf(buf + n, " cpus=");
3193 n += cpulist_scnprintf(buf + n, PAGE_SIZE - n - 50,
3197 if (num_online_nodes() > 1 && !nodes_empty(l->nodes) &&
3198 n < PAGE_SIZE - 60) {
3199 n += sprintf(buf + n, " nodes=");
3200 n += nodelist_scnprintf(buf + n, PAGE_SIZE - n - 50,
3204 n += sprintf(buf + n, "\n");
3209 n += sprintf(buf, "No data\n");
3213 static unsigned long count_partial(struct kmem_cache_node *n)
3215 unsigned long flags;
3216 unsigned long x = 0;
3219 spin_lock_irqsave(&n->list_lock, flags);
3220 list_for_each_entry(page, &n->partial, lru)
3222 spin_unlock_irqrestore(&n->list_lock, flags);
3226 enum slab_stat_type {
3233 #define SO_FULL (1 << SL_FULL)
3234 #define SO_PARTIAL (1 << SL_PARTIAL)
3235 #define SO_CPU (1 << SL_CPU)
3236 #define SO_OBJECTS (1 << SL_OBJECTS)
3238 static unsigned long slab_objects(struct kmem_cache *s,
3239 char *buf, unsigned long flags)
3241 unsigned long total = 0;
3245 unsigned long *nodes;
3246 unsigned long *per_cpu;
3248 nodes = kzalloc(2 * sizeof(unsigned long) * nr_node_ids, GFP_KERNEL);
3249 per_cpu = nodes + nr_node_ids;
3251 for_each_possible_cpu(cpu) {
3254 struct kmem_cache_cpu *c = get_cpu_slab(s, cpu);
3264 if (flags & SO_CPU) {
3267 if (flags & SO_OBJECTS)
3278 for_each_node_state(node, N_NORMAL_MEMORY) {
3279 struct kmem_cache_node *n = get_node(s, node);
3281 if (flags & SO_PARTIAL) {
3282 if (flags & SO_OBJECTS)
3283 x = count_partial(n);
3290 if (flags & SO_FULL) {
3291 int full_slabs = atomic_long_read(&n->nr_slabs)
3295 if (flags & SO_OBJECTS)
3296 x = full_slabs * s->objects;
3304 x = sprintf(buf, "%lu", total);
3306 for_each_node_state(node, N_NORMAL_MEMORY)
3308 x += sprintf(buf + x, " N%d=%lu",
3312 return x + sprintf(buf + x, "\n");
3315 static int any_slab_objects(struct kmem_cache *s)
3320 for_each_possible_cpu(cpu) {
3321 struct kmem_cache_cpu *c = get_cpu_slab(s, cpu);
3327 for_each_online_node(node) {
3328 struct kmem_cache_node *n = get_node(s, node);
3333 if (n->nr_partial || atomic_long_read(&n->nr_slabs))
3339 #define to_slab_attr(n) container_of(n, struct slab_attribute, attr)
3340 #define to_slab(n) container_of(n, struct kmem_cache, kobj);
3342 struct slab_attribute {
3343 struct attribute attr;
3344 ssize_t (*show)(struct kmem_cache *s, char *buf);
3345 ssize_t (*store)(struct kmem_cache *s, const char *x, size_t count);
3348 #define SLAB_ATTR_RO(_name) \
3349 static struct slab_attribute _name##_attr = __ATTR_RO(_name)
3351 #define SLAB_ATTR(_name) \
3352 static struct slab_attribute _name##_attr = \
3353 __ATTR(_name, 0644, _name##_show, _name##_store)
3355 static ssize_t slab_size_show(struct kmem_cache *s, char *buf)
3357 return sprintf(buf, "%d\n", s->size);
3359 SLAB_ATTR_RO(slab_size);
3361 static ssize_t align_show(struct kmem_cache *s, char *buf)
3363 return sprintf(buf, "%d\n", s->align);
3365 SLAB_ATTR_RO(align);
3367 static ssize_t object_size_show(struct kmem_cache *s, char *buf)
3369 return sprintf(buf, "%d\n", s->objsize);
3371 SLAB_ATTR_RO(object_size);
3373 static ssize_t objs_per_slab_show(struct kmem_cache *s, char *buf)
3375 return sprintf(buf, "%d\n", s->objects);
3377 SLAB_ATTR_RO(objs_per_slab);
3379 static ssize_t order_show(struct kmem_cache *s, char *buf)
3381 return sprintf(buf, "%d\n", s->order);
3383 SLAB_ATTR_RO(order);
3385 static ssize_t ctor_show(struct kmem_cache *s, char *buf)
3388 int n = sprint_symbol(buf, (unsigned long)s->ctor);
3390 return n + sprintf(buf + n, "\n");
3396 static ssize_t aliases_show(struct kmem_cache *s, char *buf)
3398 return sprintf(buf, "%d\n", s->refcount - 1);
3400 SLAB_ATTR_RO(aliases);
3402 static ssize_t slabs_show(struct kmem_cache *s, char *buf)
3404 return slab_objects(s, buf, SO_FULL|SO_PARTIAL|SO_CPU);
3406 SLAB_ATTR_RO(slabs);
3408 static ssize_t partial_show(struct kmem_cache *s, char *buf)
3410 return slab_objects(s, buf, SO_PARTIAL);
3412 SLAB_ATTR_RO(partial);
3414 static ssize_t cpu_slabs_show(struct kmem_cache *s, char *buf)
3416 return slab_objects(s, buf, SO_CPU);
3418 SLAB_ATTR_RO(cpu_slabs);
3420 static ssize_t objects_show(struct kmem_cache *s, char *buf)
3422 return slab_objects(s, buf, SO_FULL|SO_PARTIAL|SO_CPU|SO_OBJECTS);
3424 SLAB_ATTR_RO(objects);
3426 static ssize_t sanity_checks_show(struct kmem_cache *s, char *buf)
3428 return sprintf(buf, "%d\n", !!(s->flags & SLAB_DEBUG_FREE));
3431 static ssize_t sanity_checks_store(struct kmem_cache *s,
3432 const char *buf, size_t length)
3434 s->flags &= ~SLAB_DEBUG_FREE;
3436 s->flags |= SLAB_DEBUG_FREE;
3439 SLAB_ATTR(sanity_checks);
3441 static ssize_t trace_show(struct kmem_cache *s, char *buf)
3443 return sprintf(buf, "%d\n", !!(s->flags & SLAB_TRACE));
3446 static ssize_t trace_store(struct kmem_cache *s, const char *buf,
3449 s->flags &= ~SLAB_TRACE;
3451 s->flags |= SLAB_TRACE;
3456 static ssize_t reclaim_account_show(struct kmem_cache *s, char *buf)
3458 return sprintf(buf, "%d\n", !!(s->flags & SLAB_RECLAIM_ACCOUNT));
3461 static ssize_t reclaim_account_store(struct kmem_cache *s,
3462 const char *buf, size_t length)
3464 s->flags &= ~SLAB_RECLAIM_ACCOUNT;
3466 s->flags |= SLAB_RECLAIM_ACCOUNT;
3469 SLAB_ATTR(reclaim_account);
3471 static ssize_t hwcache_align_show(struct kmem_cache *s, char *buf)
3473 return sprintf(buf, "%d\n", !!(s->flags & SLAB_HWCACHE_ALIGN));
3475 SLAB_ATTR_RO(hwcache_align);
3477 #ifdef CONFIG_ZONE_DMA
3478 static ssize_t cache_dma_show(struct kmem_cache *s, char *buf)
3480 return sprintf(buf, "%d\n", !!(s->flags & SLAB_CACHE_DMA));
3482 SLAB_ATTR_RO(cache_dma);
3485 static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf)
3487 return sprintf(buf, "%d\n", !!(s->flags & SLAB_DESTROY_BY_RCU));
3489 SLAB_ATTR_RO(destroy_by_rcu);
3491 static ssize_t red_zone_show(struct kmem_cache *s, char *buf)
3493 return sprintf(buf, "%d\n", !!(s->flags & SLAB_RED_ZONE));
3496 static ssize_t red_zone_store(struct kmem_cache *s,
3497 const char *buf, size_t length)
3499 if (any_slab_objects(s))
3502 s->flags &= ~SLAB_RED_ZONE;
3504 s->flags |= SLAB_RED_ZONE;
3508 SLAB_ATTR(red_zone);
3510 static ssize_t poison_show(struct kmem_cache *s, char *buf)
3512 return sprintf(buf, "%d\n", !!(s->flags & SLAB_POISON));
3515 static ssize_t poison_store(struct kmem_cache *s,
3516 const char *buf, size_t length)
3518 if (any_slab_objects(s))
3521 s->flags &= ~SLAB_POISON;
3523 s->flags |= SLAB_POISON;
3529 static ssize_t store_user_show(struct kmem_cache *s, char *buf)
3531 return sprintf(buf, "%d\n", !!(s->flags & SLAB_STORE_USER));
3534 static ssize_t store_user_store(struct kmem_cache *s,
3535 const char *buf, size_t length)
3537 if (any_slab_objects(s))
3540 s->flags &= ~SLAB_STORE_USER;
3542 s->flags |= SLAB_STORE_USER;
3546 SLAB_ATTR(store_user);
3548 static ssize_t validate_show(struct kmem_cache *s, char *buf)
3553 static ssize_t validate_store(struct kmem_cache *s,
3554 const char *buf, size_t length)
3558 if (buf[0] == '1') {
3559 ret = validate_slab_cache(s);
3565 SLAB_ATTR(validate);
3567 static ssize_t shrink_show(struct kmem_cache *s, char *buf)
3572 static ssize_t shrink_store(struct kmem_cache *s,
3573 const char *buf, size_t length)
3575 if (buf[0] == '1') {
3576 int rc = kmem_cache_shrink(s);
3586 static ssize_t alloc_calls_show(struct kmem_cache *s, char *buf)
3588 if (!(s->flags & SLAB_STORE_USER))
3590 return list_locations(s, buf, TRACK_ALLOC);
3592 SLAB_ATTR_RO(alloc_calls);
3594 static ssize_t free_calls_show(struct kmem_cache *s, char *buf)
3596 if (!(s->flags & SLAB_STORE_USER))
3598 return list_locations(s, buf, TRACK_FREE);
3600 SLAB_ATTR_RO(free_calls);
3603 static ssize_t defrag_ratio_show(struct kmem_cache *s, char *buf)
3605 return sprintf(buf, "%d\n", s->defrag_ratio / 10);
3608 static ssize_t defrag_ratio_store(struct kmem_cache *s,
3609 const char *buf, size_t length)
3611 int n = simple_strtoul(buf, NULL, 10);
3614 s->defrag_ratio = n * 10;
3617 SLAB_ATTR(defrag_ratio);
3620 static struct attribute * slab_attrs[] = {
3621 &slab_size_attr.attr,
3622 &object_size_attr.attr,
3623 &objs_per_slab_attr.attr,
3628 &cpu_slabs_attr.attr,
3632 &sanity_checks_attr.attr,
3634 &hwcache_align_attr.attr,
3635 &reclaim_account_attr.attr,
3636 &destroy_by_rcu_attr.attr,
3637 &red_zone_attr.attr,
3639 &store_user_attr.attr,
3640 &validate_attr.attr,
3642 &alloc_calls_attr.attr,
3643 &free_calls_attr.attr,
3644 #ifdef CONFIG_ZONE_DMA
3645 &cache_dma_attr.attr,
3648 &defrag_ratio_attr.attr,
3653 static struct attribute_group slab_attr_group = {
3654 .attrs = slab_attrs,
3657 static ssize_t slab_attr_show(struct kobject *kobj,
3658 struct attribute *attr,
3661 struct slab_attribute *attribute;
3662 struct kmem_cache *s;
3665 attribute = to_slab_attr(attr);
3668 if (!attribute->show)
3671 err = attribute->show(s, buf);
3676 static ssize_t slab_attr_store(struct kobject *kobj,
3677 struct attribute *attr,
3678 const char *buf, size_t len)
3680 struct slab_attribute *attribute;
3681 struct kmem_cache *s;
3684 attribute = to_slab_attr(attr);
3687 if (!attribute->store)
3690 err = attribute->store(s, buf, len);
3695 static struct sysfs_ops slab_sysfs_ops = {
3696 .show = slab_attr_show,
3697 .store = slab_attr_store,
3700 static struct kobj_type slab_ktype = {
3701 .sysfs_ops = &slab_sysfs_ops,
3704 static int uevent_filter(struct kset *kset, struct kobject *kobj)
3706 struct kobj_type *ktype = get_ktype(kobj);
3708 if (ktype == &slab_ktype)
3713 static struct kset_uevent_ops slab_uevent_ops = {
3714 .filter = uevent_filter,
3717 static decl_subsys(slab, &slab_ktype, &slab_uevent_ops);
3719 #define ID_STR_LENGTH 64
3721 /* Create a unique string id for a slab cache:
3723 * :[flags-]size:[memory address of kmemcache]
3725 static char *create_unique_id(struct kmem_cache *s)
3727 char *name = kmalloc(ID_STR_LENGTH, GFP_KERNEL);
3734 * First flags affecting slabcache operations. We will only
3735 * get here for aliasable slabs so we do not need to support
3736 * too many flags. The flags here must cover all flags that
3737 * are matched during merging to guarantee that the id is
3740 if (s->flags & SLAB_CACHE_DMA)
3742 if (s->flags & SLAB_RECLAIM_ACCOUNT)
3744 if (s->flags & SLAB_DEBUG_FREE)
3748 p += sprintf(p, "%07d", s->size);
3749 BUG_ON(p > name + ID_STR_LENGTH - 1);
3753 static int sysfs_slab_add(struct kmem_cache *s)
3759 if (slab_state < SYSFS)
3760 /* Defer until later */
3763 unmergeable = slab_unmergeable(s);
3766 * Slabcache can never be merged so we can use the name proper.
3767 * This is typically the case for debug situations. In that
3768 * case we can catch duplicate names easily.
3770 sysfs_remove_link(&slab_subsys.kobj, s->name);
3774 * Create a unique name for the slab as a target
3777 name = create_unique_id(s);
3780 kobj_set_kset_s(s, slab_subsys);
3781 kobject_set_name(&s->kobj, name);
3782 kobject_init(&s->kobj);
3783 err = kobject_add(&s->kobj);
3787 err = sysfs_create_group(&s->kobj, &slab_attr_group);
3790 kobject_uevent(&s->kobj, KOBJ_ADD);
3792 /* Setup first alias */
3793 sysfs_slab_alias(s, s->name);
3799 static void sysfs_slab_remove(struct kmem_cache *s)
3801 kobject_uevent(&s->kobj, KOBJ_REMOVE);
3802 kobject_del(&s->kobj);
3806 * Need to buffer aliases during bootup until sysfs becomes
3807 * available lest we loose that information.
3809 struct saved_alias {
3810 struct kmem_cache *s;
3812 struct saved_alias *next;
3815 static struct saved_alias *alias_list;
3817 static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
3819 struct saved_alias *al;
3821 if (slab_state == SYSFS) {
3823 * If we have a leftover link then remove it.
3825 sysfs_remove_link(&slab_subsys.kobj, name);
3826 return sysfs_create_link(&slab_subsys.kobj,
3830 al = kmalloc(sizeof(struct saved_alias), GFP_KERNEL);
3836 al->next = alias_list;
3841 static int __init slab_sysfs_init(void)
3843 struct kmem_cache *s;
3846 err = subsystem_register(&slab_subsys);
3848 printk(KERN_ERR "Cannot register slab subsystem.\n");
3854 list_for_each_entry(s, &slab_caches, list) {
3855 err = sysfs_slab_add(s);
3857 printk(KERN_ERR "SLUB: Unable to add boot slab %s"
3858 " to sysfs\n", s->name);
3861 while (alias_list) {
3862 struct saved_alias *al = alias_list;
3864 alias_list = alias_list->next;
3865 err = sysfs_slab_alias(al->s, al->name);
3867 printk(KERN_ERR "SLUB: Unable to add boot slab alias"
3868 " %s to sysfs\n", s->name);
3876 __initcall(slab_sysfs_init);
projects / linux-2.6-omap-h63xx.git / blob