1 /* 2 * Copyright (c) 1987, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)kern_malloc.c 8.3 (Berkeley) 1/4/94 34 * $FreeBSD$ 35 */ 36 37 #include "opt_vm.h" 38 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #include <sys/kernel.h> 42 #include <sys/malloc.h> 43 #include <sys/mbuf.h> 44 #include <sys/mutex.h> 45 #include <sys/vmmeter.h> 46 #include <sys/lock.h> 47 #include <sys/proc.h> 48 49 #include <vm/vm.h> 50 #include <vm/vm_param.h> 51 #include <vm/vm_kern.h> 52 #include <vm/vm_extern.h> 53 #include <vm/pmap.h> 54 #include <vm/vm_map.h> 55 56 #if defined(INVARIANTS) && defined(__i386__) 57 #include <machine/cpu.h> 58 #endif 59 60 MALLOC_DEFINE(M_CACHE, "cache", "Various Dynamically allocated caches"); 61 MALLOC_DEFINE(M_DEVBUF, "devbuf", "device driver memory"); 62 MALLOC_DEFINE(M_TEMP, "temp", "misc temporary data buffers"); 63 64 MALLOC_DEFINE(M_IP6OPT, "ip6opt", "IPv6 options"); 65 MALLOC_DEFINE(M_IP6NDP, "ip6ndp", "IPv6 Neighbor Discovery"); 66 67 static void kmeminit __P((void *)); 68 SYSINIT(kmem, SI_SUB_KMEM, SI_ORDER_FIRST, kmeminit, NULL) 69 70 static MALLOC_DEFINE(M_FREE, "free", "should be on free list"); 71 72 static struct malloc_type *kmemstatistics; 73 static struct kmembuckets bucket[MINBUCKET + 16]; 74 static struct kmemusage *kmemusage; 75 static char *kmembase; 76 static char *kmemlimit; 77 78 static struct mtx malloc_mtx; 79 80 u_int vm_kmem_size; 81 82 #ifdef INVARIANTS 83 /* 84 * This structure provides a set of masks to catch unaligned frees. 85 */ 86 static long addrmask[] = { 0, 87 0x00000001, 0x00000003, 0x00000007, 0x0000000f, 88 0x0000001f, 0x0000003f, 0x0000007f, 0x000000ff, 89 0x000001ff, 0x000003ff, 0x000007ff, 0x00000fff, 90 0x00001fff, 0x00003fff, 0x00007fff, 0x0000ffff, 91 }; 92 93 /* 94 * The WEIRD_ADDR is used as known text to copy into free objects so 95 * that modifications after frees can be detected. 96 */ 97 #define WEIRD_ADDR 0xdeadc0de 98 #define MAX_COPY 64 99 100 /* 101 * Normally the first word of the structure is used to hold the list 102 * pointer for free objects. However, when running with diagnostics, 103 * we use the third and fourth fields, so as to catch modifications 104 * in the most commonly trashed first two words. 105 */ 106 struct freelist { 107 long spare0; 108 struct malloc_type *type; 109 long spare1; 110 caddr_t next; 111 }; 112 #else /* !INVARIANTS */ 113 struct freelist { 114 caddr_t next; 115 }; 116 #endif /* INVARIANTS */ 117 118 /* 119 * malloc: 120 * 121 * Allocate a block of memory. 122 * 123 * If M_NOWAIT is set, this routine will not block and return NULL if 124 * the allocation fails. 125 * 126 * If M_ASLEEP is set (M_NOWAIT must also be set), this routine 127 * will have the side effect of calling asleep() if it returns NULL, 128 * allowing the parent to await() at some future time. 129 */ 130 void * 131 malloc(size, type, flags) 132 unsigned long size; 133 struct malloc_type *type; 134 int flags; 135 { 136 register struct kmembuckets *kbp; 137 register struct kmemusage *kup; 138 register struct freelist *freep; 139 long indx, npg, allocsize; 140 int s; 141 caddr_t va, cp, savedlist; 142 #ifdef INVARIANTS 143 long *end, *lp; 144 int copysize; 145 const char *savedtype; 146 #endif 147 register struct malloc_type *ksp = type; 148 149 #if defined(INVARIANTS) && defined(__i386__) 150 if (flags == M_WAITOK) 151 KASSERT(curproc->p_intr_nesting_level == 0, 152 ("malloc(M_WAITOK) in interrupt context")); 153 #endif 154 indx = BUCKETINDX(size); 155 kbp = &bucket[indx]; 156 s = splmem(); 157 mtx_enter(&malloc_mtx, MTX_DEF); 158 while (ksp->ks_memuse >= ksp->ks_limit) { 159 if (flags & M_ASLEEP) { 160 if (ksp->ks_limblocks < 65535) 161 ksp->ks_limblocks++; 162 asleep((caddr_t)ksp, PSWP+2, type->ks_shortdesc, 0); 163 } 164 if (flags & M_NOWAIT) { 165 splx(s); 166 mtx_exit(&malloc_mtx, MTX_DEF); 167 return ((void *) NULL); 168 } 169 if (ksp->ks_limblocks < 65535) 170 ksp->ks_limblocks++; 171 msleep((caddr_t)ksp, &malloc_mtx, PSWP+2, type->ks_shortdesc, 172 0); 173 } 174 ksp->ks_size |= 1 << indx; 175 #ifdef INVARIANTS 176 copysize = 1 << indx < MAX_COPY ? 1 << indx : MAX_COPY; 177 #endif 178 if (kbp->kb_next == NULL) { 179 kbp->kb_last = NULL; 180 if (size > MAXALLOCSAVE) 181 allocsize = roundup(size, PAGE_SIZE); 182 else 183 allocsize = 1 << indx; 184 npg = btoc(allocsize); 185 186 mtx_exit(&malloc_mtx, MTX_DEF); 187 mtx_enter(&Giant, MTX_DEF); 188 va = (caddr_t) kmem_malloc(kmem_map, (vm_size_t)ctob(npg), flags); 189 mtx_exit(&Giant, MTX_DEF); 190 191 if (va == NULL) { 192 splx(s); 193 return ((void *) NULL); 194 } 195 /* 196 * Enter malloc_mtx after the error check to avoid having to 197 * immediately exit it again if there is an error. 198 */ 199 mtx_enter(&malloc_mtx, MTX_DEF); 200 201 kbp->kb_total += kbp->kb_elmpercl; 202 kup = btokup(va); 203 kup->ku_indx = indx; 204 if (allocsize > MAXALLOCSAVE) { 205 if (npg > 65535) 206 panic("malloc: allocation too large"); 207 kup->ku_pagecnt = npg; 208 ksp->ks_memuse += allocsize; 209 goto out; 210 } 211 kup->ku_freecnt = kbp->kb_elmpercl; 212 kbp->kb_totalfree += kbp->kb_elmpercl; 213 /* 214 * Just in case we blocked while allocating memory, 215 * and someone else also allocated memory for this 216 * bucket, don't assume the list is still empty. 217 */ 218 savedlist = kbp->kb_next; 219 kbp->kb_next = cp = va + (npg * PAGE_SIZE) - allocsize; 220 for (;;) { 221 freep = (struct freelist *)cp; 222 #ifdef INVARIANTS 223 /* 224 * Copy in known text to detect modification 225 * after freeing. 226 */ 227 end = (long *)&cp[copysize]; 228 for (lp = (long *)cp; lp < end; lp++) 229 *lp = WEIRD_ADDR; 230 freep->type = M_FREE; 231 #endif /* INVARIANTS */ 232 if (cp <= va) 233 break; 234 cp -= allocsize; 235 freep->next = cp; 236 } 237 freep->next = savedlist; 238 if (kbp->kb_last == NULL) 239 kbp->kb_last = (caddr_t)freep; 240 } 241 va = kbp->kb_next; 242 kbp->kb_next = ((struct freelist *)va)->next; 243 #ifdef INVARIANTS 244 freep = (struct freelist *)va; 245 savedtype = (const char *) freep->type->ks_shortdesc; 246 #if BYTE_ORDER == BIG_ENDIAN 247 freep->type = (struct malloc_type *)WEIRD_ADDR >> 16; 248 #endif 249 #if BYTE_ORDER == LITTLE_ENDIAN 250 freep->type = (struct malloc_type *)WEIRD_ADDR; 251 #endif 252 if ((intptr_t)(void *)&freep->next & 0x2) 253 freep->next = (caddr_t)((WEIRD_ADDR >> 16)|(WEIRD_ADDR << 16)); 254 else 255 freep->next = (caddr_t)WEIRD_ADDR; 256 end = (long *)&va[copysize]; 257 for (lp = (long *)va; lp < end; lp++) { 258 if (*lp == WEIRD_ADDR) 259 continue; 260 printf("%s %ld of object %p size %lu %s %s (0x%lx != 0x%lx)\n", 261 "Data modified on freelist: word", 262 (long)(lp - (long *)va), (void *)va, size, 263 "previous type", savedtype, *lp, (u_long)WEIRD_ADDR); 264 break; 265 } 266 freep->spare0 = 0; 267 #endif /* INVARIANTS */ 268 kup = btokup(va); 269 if (kup->ku_indx != indx) 270 panic("malloc: wrong bucket"); 271 if (kup->ku_freecnt == 0) 272 panic("malloc: lost data"); 273 kup->ku_freecnt--; 274 kbp->kb_totalfree--; 275 ksp->ks_memuse += 1 << indx; 276 out: 277 kbp->kb_calls++; 278 ksp->ks_inuse++; 279 ksp->ks_calls++; 280 if (ksp->ks_memuse > ksp->ks_maxused) 281 ksp->ks_maxused = ksp->ks_memuse; 282 splx(s); 283 mtx_exit(&malloc_mtx, MTX_DEF); 284 /* XXX: Do idle pre-zeroing. */ 285 if (va != NULL && (flags & M_ZERO)) 286 bzero(va, size); 287 return ((void *) va); 288 } 289 290 /* 291 * free: 292 * 293 * Free a block of memory allocated by malloc. 294 * 295 * This routine may not block. 296 */ 297 void 298 free(addr, type) 299 void *addr; 300 struct malloc_type *type; 301 { 302 register struct kmembuckets *kbp; 303 register struct kmemusage *kup; 304 register struct freelist *freep; 305 long size; 306 int s; 307 #ifdef INVARIANTS 308 struct freelist *fp; 309 long *end, *lp, alloc, copysize; 310 #endif 311 register struct malloc_type *ksp = type; 312 313 KASSERT(kmembase <= (char *)addr && (char *)addr < kmemlimit, 314 ("free: address %p out of range", (void *)addr)); 315 kup = btokup(addr); 316 size = 1 << kup->ku_indx; 317 kbp = &bucket[kup->ku_indx]; 318 s = splmem(); 319 mtx_enter(&malloc_mtx, MTX_DEF); 320 #ifdef INVARIANTS 321 /* 322 * Check for returns of data that do not point to the 323 * beginning of the allocation. 324 */ 325 if (size > PAGE_SIZE) 326 alloc = addrmask[BUCKETINDX(PAGE_SIZE)]; 327 else 328 alloc = addrmask[kup->ku_indx]; 329 if (((uintptr_t)(void *)addr & alloc) != 0) 330 panic("free: unaligned addr %p, size %ld, type %s, mask %ld", 331 (void *)addr, size, type->ks_shortdesc, alloc); 332 #endif /* INVARIANTS */ 333 if (size > MAXALLOCSAVE) { 334 mtx_exit(&malloc_mtx, MTX_DEF); 335 mtx_enter(&Giant, MTX_DEF); 336 kmem_free(kmem_map, (vm_offset_t)addr, ctob(kup->ku_pagecnt)); 337 mtx_exit(&Giant, MTX_DEF); 338 mtx_enter(&malloc_mtx, MTX_DEF); 339 340 size = kup->ku_pagecnt << PAGE_SHIFT; 341 ksp->ks_memuse -= size; 342 kup->ku_indx = 0; 343 kup->ku_pagecnt = 0; 344 if (ksp->ks_memuse + size >= ksp->ks_limit && 345 ksp->ks_memuse < ksp->ks_limit) 346 wakeup((caddr_t)ksp); 347 ksp->ks_inuse--; 348 kbp->kb_total -= 1; 349 splx(s); 350 mtx_exit(&malloc_mtx, MTX_DEF); 351 return; 352 } 353 freep = (struct freelist *)addr; 354 #ifdef INVARIANTS 355 /* 356 * Check for multiple frees. Use a quick check to see if 357 * it looks free before laboriously searching the freelist. 358 */ 359 if (freep->spare0 == WEIRD_ADDR) { 360 fp = (struct freelist *)kbp->kb_next; 361 while (fp) { 362 if (fp->spare0 != WEIRD_ADDR) 363 panic("free: free item %p modified", fp); 364 else if (addr == (caddr_t)fp) 365 panic("free: multiple freed item %p", addr); 366 fp = (struct freelist *)fp->next; 367 } 368 } 369 /* 370 * Copy in known text to detect modification after freeing 371 * and to make it look free. Also, save the type being freed 372 * so we can list likely culprit if modification is detected 373 * when the object is reallocated. 374 */ 375 copysize = size < MAX_COPY ? size : MAX_COPY; 376 end = (long *)&((caddr_t)addr)[copysize]; 377 for (lp = (long *)addr; lp < end; lp++) 378 *lp = WEIRD_ADDR; 379 freep->type = type; 380 #endif /* INVARIANTS */ 381 kup->ku_freecnt++; 382 if (kup->ku_freecnt >= kbp->kb_elmpercl) { 383 if (kup->ku_freecnt > kbp->kb_elmpercl) 384 panic("free: multiple frees"); 385 else if (kbp->kb_totalfree > kbp->kb_highwat) 386 kbp->kb_couldfree++; 387 } 388 kbp->kb_totalfree++; 389 ksp->ks_memuse -= size; 390 if (ksp->ks_memuse + size >= ksp->ks_limit && 391 ksp->ks_memuse < ksp->ks_limit) 392 wakeup((caddr_t)ksp); 393 ksp->ks_inuse--; 394 #ifdef OLD_MALLOC_MEMORY_POLICY 395 if (kbp->kb_next == NULL) 396 kbp->kb_next = addr; 397 else 398 ((struct freelist *)kbp->kb_last)->next = addr; 399 freep->next = NULL; 400 kbp->kb_last = addr; 401 #else 402 /* 403 * Return memory to the head of the queue for quick reuse. This 404 * can improve performance by improving the probability of the 405 * item being in the cache when it is reused. 406 */ 407 if (kbp->kb_next == NULL) { 408 kbp->kb_next = addr; 409 kbp->kb_last = addr; 410 freep->next = NULL; 411 } else { 412 freep->next = kbp->kb_next; 413 kbp->kb_next = addr; 414 } 415 #endif 416 splx(s); 417 mtx_exit(&malloc_mtx, MTX_DEF); 418 } 419 420 /* 421 * Initialize the kernel memory allocator 422 */ 423 /* ARGSUSED*/ 424 static void 425 kmeminit(dummy) 426 void *dummy; 427 { 428 register long indx; 429 u_long npg; 430 u_long mem_size; 431 u_long xvm_kmem_size; 432 433 #if ((MAXALLOCSAVE & (MAXALLOCSAVE - 1)) != 0) 434 #error "kmeminit: MAXALLOCSAVE not power of 2" 435 #endif 436 #if (MAXALLOCSAVE > MINALLOCSIZE * 32768) 437 #error "kmeminit: MAXALLOCSAVE too big" 438 #endif 439 #if (MAXALLOCSAVE < PAGE_SIZE) 440 #error "kmeminit: MAXALLOCSAVE too small" 441 #endif 442 443 mtx_init(&malloc_mtx, "malloc", MTX_DEF); 444 445 /* 446 * Try to auto-tune the kernel memory size, so that it is 447 * more applicable for a wider range of machine sizes. 448 * On an X86, a VM_KMEM_SIZE_SCALE value of 4 is good, while 449 * a VM_KMEM_SIZE of 12MB is a fair compromise. The 450 * VM_KMEM_SIZE_MAX is dependent on the maximum KVA space 451 * available, and on an X86 with a total KVA space of 256MB, 452 * try to keep VM_KMEM_SIZE_MAX at 80MB or below. 453 * 454 * Note that the kmem_map is also used by the zone allocator, 455 * so make sure that there is enough space. 456 */ 457 xvm_kmem_size = VM_KMEM_SIZE; 458 mem_size = cnt.v_page_count * PAGE_SIZE; 459 460 #if defined(VM_KMEM_SIZE_SCALE) 461 if ((mem_size / VM_KMEM_SIZE_SCALE) > xvm_kmem_size) 462 xvm_kmem_size = mem_size / VM_KMEM_SIZE_SCALE; 463 #endif 464 465 #if defined(VM_KMEM_SIZE_MAX) 466 if (xvm_kmem_size >= VM_KMEM_SIZE_MAX) 467 xvm_kmem_size = VM_KMEM_SIZE_MAX; 468 #endif 469 470 /* Allow final override from the kernel environment */ 471 TUNABLE_INT_FETCH("kern.vm.kmem.size", xvm_kmem_size, vm_kmem_size); 472 473 /* 474 * Limit kmem virtual size to twice the physical memory. 475 * This allows for kmem map sparseness, but limits the size 476 * to something sane. Be careful to not overflow the 32bit 477 * ints while doing the check. 478 */ 479 if ((vm_kmem_size / 2) > (cnt.v_page_count * PAGE_SIZE)) 480 vm_kmem_size = 2 * cnt.v_page_count * PAGE_SIZE; 481 482 npg = (nmbufs * MSIZE + nmbclusters * MCLBYTES + vm_kmem_size) 483 / PAGE_SIZE; 484 485 kmemusage = (struct kmemusage *) kmem_alloc(kernel_map, 486 (vm_size_t)(npg * sizeof(struct kmemusage))); 487 kmem_map = kmem_suballoc(kernel_map, (vm_offset_t *)&kmembase, 488 (vm_offset_t *)&kmemlimit, (vm_size_t)(npg * PAGE_SIZE)); 489 kmem_map->system_map = 1; 490 for (indx = 0; indx < MINBUCKET + 16; indx++) { 491 if (1 << indx >= PAGE_SIZE) 492 bucket[indx].kb_elmpercl = 1; 493 else 494 bucket[indx].kb_elmpercl = PAGE_SIZE / (1 << indx); 495 bucket[indx].kb_highwat = 5 * bucket[indx].kb_elmpercl; 496 } 497 } 498 499 void 500 malloc_init(data) 501 void *data; 502 { 503 struct malloc_type *type = (struct malloc_type *)data; 504 505 if (type->ks_magic != M_MAGIC) 506 panic("malloc type lacks magic"); 507 508 if (type->ks_limit != 0) 509 return; 510 511 if (cnt.v_page_count == 0) 512 panic("malloc_init not allowed before vm init"); 513 514 /* 515 * The default limits for each malloc region is 1/2 of the 516 * malloc portion of the kmem map size. 517 */ 518 type->ks_limit = vm_kmem_size / 2; 519 type->ks_next = kmemstatistics; 520 kmemstatistics = type; 521 } 522 523 void 524 malloc_uninit(data) 525 void *data; 526 { 527 struct malloc_type *type = (struct malloc_type *)data; 528 struct malloc_type *t; 529 #ifdef INVARIANTS 530 struct kmembuckets *kbp; 531 struct freelist *freep; 532 long indx; 533 int s; 534 #endif 535 536 if (type->ks_magic != M_MAGIC) 537 panic("malloc type lacks magic"); 538 539 if (cnt.v_page_count == 0) 540 panic("malloc_uninit not allowed before vm init"); 541 542 if (type->ks_limit == 0) 543 panic("malloc_uninit on uninitialized type"); 544 545 #ifdef INVARIANTS 546 s = splmem(); 547 mtx_enter(&malloc_mtx, MTX_DEF); 548 for (indx = 0; indx < MINBUCKET + 16; indx++) { 549 kbp = bucket + indx; 550 freep = (struct freelist*)kbp->kb_next; 551 while (freep) { 552 if (freep->type == type) 553 freep->type = M_FREE; 554 freep = (struct freelist*)freep->next; 555 } 556 } 557 splx(s); 558 mtx_exit(&malloc_mtx, MTX_DEF); 559 560 if (type->ks_memuse != 0) 561 printf("malloc_uninit: %ld bytes of '%s' still allocated\n", 562 type->ks_memuse, type->ks_shortdesc); 563 #endif 564 565 if (type == kmemstatistics) 566 kmemstatistics = type->ks_next; 567 else { 568 for (t = kmemstatistics; t->ks_next != NULL; t = t->ks_next) { 569 if (t->ks_next == type) { 570 t->ks_next = type->ks_next; 571 break; 572 } 573 } 574 } 575 type->ks_next = NULL; 576 type->ks_limit = 0; 577 } 578