xref: /freebsd/sys/vm/uma_core.c (revision 4f0a4502a1f33fef287ac558c98e5ef99a32216f)
1 /*-
2  * Copyright (c) 2002-2005, 2009, 2013 Jeffrey Roberson <jeff@FreeBSD.org>
3  * Copyright (c) 2004, 2005 Bosko Milekic <bmilekic@FreeBSD.org>
4  * Copyright (c) 2004-2006 Robert N. M. Watson
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice unmodified, this list of conditions, and the following
12  *    disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 /*
30  * uma_core.c  Implementation of the Universal Memory allocator
31  *
32  * This allocator is intended to replace the multitude of similar object caches
33  * in the standard FreeBSD kernel.  The intent is to be flexible as well as
34  * effecient.  A primary design goal is to return unused memory to the rest of
35  * the system.  This will make the system as a whole more flexible due to the
36  * ability to move memory to subsystems which most need it instead of leaving
37  * pools of reserved memory unused.
38  *
39  * The basic ideas stem from similar slab/zone based allocators whose algorithms
40  * are well known.
41  *
42  */
43 
44 /*
45  * TODO:
46  *	- Improve memory usage for large allocations
47  *	- Investigate cache size adjustments
48  */
49 
50 #include <sys/cdefs.h>
51 __FBSDID("$FreeBSD$");
52 
53 /* I should really use ktr.. */
54 /*
55 #define UMA_DEBUG 1
56 #define UMA_DEBUG_ALLOC 1
57 #define UMA_DEBUG_ALLOC_1 1
58 */
59 
60 #include "opt_ddb.h"
61 #include "opt_param.h"
62 #include "opt_vm.h"
63 
64 #include <sys/param.h>
65 #include <sys/systm.h>
66 #include <sys/bitset.h>
67 #include <sys/kernel.h>
68 #include <sys/types.h>
69 #include <sys/queue.h>
70 #include <sys/malloc.h>
71 #include <sys/ktr.h>
72 #include <sys/lock.h>
73 #include <sys/sysctl.h>
74 #include <sys/mutex.h>
75 #include <sys/proc.h>
76 #include <sys/random.h>
77 #include <sys/rwlock.h>
78 #include <sys/sbuf.h>
79 #include <sys/sched.h>
80 #include <sys/smp.h>
81 #include <sys/vmmeter.h>
82 
83 #include <vm/vm.h>
84 #include <vm/vm_object.h>
85 #include <vm/vm_page.h>
86 #include <vm/vm_pageout.h>
87 #include <vm/vm_param.h>
88 #include <vm/vm_map.h>
89 #include <vm/vm_kern.h>
90 #include <vm/vm_extern.h>
91 #include <vm/uma.h>
92 #include <vm/uma_int.h>
93 #include <vm/uma_dbg.h>
94 
95 #include <ddb/ddb.h>
96 
97 #ifdef DEBUG_MEMGUARD
98 #include <vm/memguard.h>
99 #endif
100 
101 /*
102  * This is the zone and keg from which all zones are spawned.  The idea is that
103  * even the zone & keg heads are allocated from the allocator, so we use the
104  * bss section to bootstrap us.
105  */
106 static struct uma_keg masterkeg;
107 static struct uma_zone masterzone_k;
108 static struct uma_zone masterzone_z;
109 static uma_zone_t kegs = &masterzone_k;
110 static uma_zone_t zones = &masterzone_z;
111 
112 /* This is the zone from which all of uma_slab_t's are allocated. */
113 static uma_zone_t slabzone;
114 static uma_zone_t slabrefzone;	/* With refcounters (for UMA_ZONE_REFCNT) */
115 
116 /*
117  * The initial hash tables come out of this zone so they can be allocated
118  * prior to malloc coming up.
119  */
120 static uma_zone_t hashzone;
121 
122 /* The boot-time adjusted value for cache line alignment. */
123 int uma_align_cache = 64 - 1;
124 
125 static MALLOC_DEFINE(M_UMAHASH, "UMAHash", "UMA Hash Buckets");
126 
127 /*
128  * Are we allowed to allocate buckets?
129  */
130 static int bucketdisable = 1;
131 
132 /* Linked list of all kegs in the system */
133 static LIST_HEAD(,uma_keg) uma_kegs = LIST_HEAD_INITIALIZER(uma_kegs);
134 
135 /* Linked list of all cache-only zones in the system */
136 static LIST_HEAD(,uma_zone) uma_cachezones =
137     LIST_HEAD_INITIALIZER(uma_cachezones);
138 
139 /* This RW lock protects the keg list */
140 static struct rwlock_padalign uma_rwlock;
141 
142 /* Linked list of boot time pages */
143 static LIST_HEAD(,uma_slab) uma_boot_pages =
144     LIST_HEAD_INITIALIZER(uma_boot_pages);
145 
146 /* This mutex protects the boot time pages list */
147 static struct mtx_padalign uma_boot_pages_mtx;
148 
149 static struct sx uma_drain_lock;
150 
151 /* Is the VM done starting up? */
152 static int booted = 0;
153 #define	UMA_STARTUP	1
154 #define	UMA_STARTUP2	2
155 
156 /*
157  * Only mbuf clusters use ref zones.  Just provide enough references
158  * to support the one user.  New code should not use the ref facility.
159  */
160 static const u_int uma_max_ipers_ref = PAGE_SIZE / MCLBYTES;
161 
162 /*
163  * This is the handle used to schedule events that need to happen
164  * outside of the allocation fast path.
165  */
166 static struct callout uma_callout;
167 #define	UMA_TIMEOUT	20		/* Seconds for callout interval. */
168 
169 /*
170  * This structure is passed as the zone ctor arg so that I don't have to create
171  * a special allocation function just for zones.
172  */
173 struct uma_zctor_args {
174 	const char *name;
175 	size_t size;
176 	uma_ctor ctor;
177 	uma_dtor dtor;
178 	uma_init uminit;
179 	uma_fini fini;
180 	uma_import import;
181 	uma_release release;
182 	void *arg;
183 	uma_keg_t keg;
184 	int align;
185 	uint32_t flags;
186 };
187 
188 struct uma_kctor_args {
189 	uma_zone_t zone;
190 	size_t size;
191 	uma_init uminit;
192 	uma_fini fini;
193 	int align;
194 	uint32_t flags;
195 };
196 
197 struct uma_bucket_zone {
198 	uma_zone_t	ubz_zone;
199 	char		*ubz_name;
200 	int		ubz_entries;	/* Number of items it can hold. */
201 	int		ubz_maxsize;	/* Maximum allocation size per-item. */
202 };
203 
204 /*
205  * Compute the actual number of bucket entries to pack them in power
206  * of two sizes for more efficient space utilization.
207  */
208 #define	BUCKET_SIZE(n)						\
209     (((sizeof(void *) * (n)) - sizeof(struct uma_bucket)) / sizeof(void *))
210 
211 #define	BUCKET_MAX	BUCKET_SIZE(256)
212 
213 struct uma_bucket_zone bucket_zones[] = {
214 	{ NULL, "4 Bucket", BUCKET_SIZE(4), 4096 },
215 	{ NULL, "6 Bucket", BUCKET_SIZE(6), 3072 },
216 	{ NULL, "8 Bucket", BUCKET_SIZE(8), 2048 },
217 	{ NULL, "12 Bucket", BUCKET_SIZE(12), 1536 },
218 	{ NULL, "16 Bucket", BUCKET_SIZE(16), 1024 },
219 	{ NULL, "32 Bucket", BUCKET_SIZE(32), 512 },
220 	{ NULL, "64 Bucket", BUCKET_SIZE(64), 256 },
221 	{ NULL, "128 Bucket", BUCKET_SIZE(128), 128 },
222 	{ NULL, "256 Bucket", BUCKET_SIZE(256), 64 },
223 	{ NULL, NULL, 0}
224 };
225 
226 /*
227  * Flags and enumerations to be passed to internal functions.
228  */
229 enum zfreeskip { SKIP_NONE = 0, SKIP_DTOR, SKIP_FINI };
230 
231 /* Prototypes.. */
232 
233 static void *noobj_alloc(uma_zone_t, vm_size_t, uint8_t *, int);
234 static void *page_alloc(uma_zone_t, vm_size_t, uint8_t *, int);
235 static void *startup_alloc(uma_zone_t, vm_size_t, uint8_t *, int);
236 static void page_free(void *, vm_size_t, uint8_t);
237 static uma_slab_t keg_alloc_slab(uma_keg_t, uma_zone_t, int);
238 static void cache_drain(uma_zone_t);
239 static void bucket_drain(uma_zone_t, uma_bucket_t);
240 static void bucket_cache_drain(uma_zone_t zone);
241 static int keg_ctor(void *, int, void *, int);
242 static void keg_dtor(void *, int, void *);
243 static int zone_ctor(void *, int, void *, int);
244 static void zone_dtor(void *, int, void *);
245 static int zero_init(void *, int, int);
246 static void keg_small_init(uma_keg_t keg);
247 static void keg_large_init(uma_keg_t keg);
248 static void zone_foreach(void (*zfunc)(uma_zone_t));
249 static void zone_timeout(uma_zone_t zone);
250 static int hash_alloc(struct uma_hash *);
251 static int hash_expand(struct uma_hash *, struct uma_hash *);
252 static void hash_free(struct uma_hash *hash);
253 static void uma_timeout(void *);
254 static void uma_startup3(void);
255 static void *zone_alloc_item(uma_zone_t, void *, int);
256 static void zone_free_item(uma_zone_t, void *, void *, enum zfreeskip);
257 static void bucket_enable(void);
258 static void bucket_init(void);
259 static uma_bucket_t bucket_alloc(uma_zone_t zone, void *, int);
260 static void bucket_free(uma_zone_t zone, uma_bucket_t, void *);
261 static void bucket_zone_drain(void);
262 static uma_bucket_t zone_alloc_bucket(uma_zone_t zone, void *, int flags);
263 static uma_slab_t zone_fetch_slab(uma_zone_t zone, uma_keg_t last, int flags);
264 static uma_slab_t zone_fetch_slab_multi(uma_zone_t zone, uma_keg_t last, int flags);
265 static void *slab_alloc_item(uma_keg_t keg, uma_slab_t slab);
266 static void slab_free_item(uma_keg_t keg, uma_slab_t slab, void *item);
267 static uma_keg_t uma_kcreate(uma_zone_t zone, size_t size, uma_init uminit,
268     uma_fini fini, int align, uint32_t flags);
269 static int zone_import(uma_zone_t zone, void **bucket, int max, int flags);
270 static void zone_release(uma_zone_t zone, void **bucket, int cnt);
271 static void uma_zero_item(void *item, uma_zone_t zone);
272 
273 void uma_print_zone(uma_zone_t);
274 void uma_print_stats(void);
275 static int sysctl_vm_zone_count(SYSCTL_HANDLER_ARGS);
276 static int sysctl_vm_zone_stats(SYSCTL_HANDLER_ARGS);
277 
278 SYSINIT(uma_startup3, SI_SUB_VM_CONF, SI_ORDER_SECOND, uma_startup3, NULL);
279 
280 SYSCTL_PROC(_vm, OID_AUTO, zone_count, CTLFLAG_RD|CTLTYPE_INT,
281     0, 0, sysctl_vm_zone_count, "I", "Number of UMA zones");
282 
283 SYSCTL_PROC(_vm, OID_AUTO, zone_stats, CTLFLAG_RD|CTLTYPE_STRUCT,
284     0, 0, sysctl_vm_zone_stats, "s,struct uma_type_header", "Zone Stats");
285 
286 static int zone_warnings = 1;
287 SYSCTL_INT(_vm, OID_AUTO, zone_warnings, CTLFLAG_RWTUN, &zone_warnings, 0,
288     "Warn when UMA zones becomes full");
289 
290 /*
291  * This routine checks to see whether or not it's safe to enable buckets.
292  */
293 static void
294 bucket_enable(void)
295 {
296 	bucketdisable = vm_page_count_min();
297 }
298 
299 /*
300  * Initialize bucket_zones, the array of zones of buckets of various sizes.
301  *
302  * For each zone, calculate the memory required for each bucket, consisting
303  * of the header and an array of pointers.
304  */
305 static void
306 bucket_init(void)
307 {
308 	struct uma_bucket_zone *ubz;
309 	int size;
310 
311 	for (ubz = &bucket_zones[0]; ubz->ubz_entries != 0; ubz++) {
312 		size = roundup(sizeof(struct uma_bucket), sizeof(void *));
313 		size += sizeof(void *) * ubz->ubz_entries;
314 		ubz->ubz_zone = uma_zcreate(ubz->ubz_name, size,
315 		    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR,
316 		    UMA_ZONE_MTXCLASS | UMA_ZFLAG_BUCKET);
317 	}
318 }
319 
320 /*
321  * Given a desired number of entries for a bucket, return the zone from which
322  * to allocate the bucket.
323  */
324 static struct uma_bucket_zone *
325 bucket_zone_lookup(int entries)
326 {
327 	struct uma_bucket_zone *ubz;
328 
329 	for (ubz = &bucket_zones[0]; ubz->ubz_entries != 0; ubz++)
330 		if (ubz->ubz_entries >= entries)
331 			return (ubz);
332 	ubz--;
333 	return (ubz);
334 }
335 
336 static int
337 bucket_select(int size)
338 {
339 	struct uma_bucket_zone *ubz;
340 
341 	ubz = &bucket_zones[0];
342 	if (size > ubz->ubz_maxsize)
343 		return MAX((ubz->ubz_maxsize * ubz->ubz_entries) / size, 1);
344 
345 	for (; ubz->ubz_entries != 0; ubz++)
346 		if (ubz->ubz_maxsize < size)
347 			break;
348 	ubz--;
349 	return (ubz->ubz_entries);
350 }
351 
352 static uma_bucket_t
353 bucket_alloc(uma_zone_t zone, void *udata, int flags)
354 {
355 	struct uma_bucket_zone *ubz;
356 	uma_bucket_t bucket;
357 
358 	/*
359 	 * This is to stop us from allocating per cpu buckets while we're
360 	 * running out of vm.boot_pages.  Otherwise, we would exhaust the
361 	 * boot pages.  This also prevents us from allocating buckets in
362 	 * low memory situations.
363 	 */
364 	if (bucketdisable)
365 		return (NULL);
366 	/*
367 	 * To limit bucket recursion we store the original zone flags
368 	 * in a cookie passed via zalloc_arg/zfree_arg.  This allows the
369 	 * NOVM flag to persist even through deep recursions.  We also
370 	 * store ZFLAG_BUCKET once we have recursed attempting to allocate
371 	 * a bucket for a bucket zone so we do not allow infinite bucket
372 	 * recursion.  This cookie will even persist to frees of unused
373 	 * buckets via the allocation path or bucket allocations in the
374 	 * free path.
375 	 */
376 	if ((zone->uz_flags & UMA_ZFLAG_BUCKET) == 0)
377 		udata = (void *)(uintptr_t)zone->uz_flags;
378 	else {
379 		if ((uintptr_t)udata & UMA_ZFLAG_BUCKET)
380 			return (NULL);
381 		udata = (void *)((uintptr_t)udata | UMA_ZFLAG_BUCKET);
382 	}
383 	if ((uintptr_t)udata & UMA_ZFLAG_CACHEONLY)
384 		flags |= M_NOVM;
385 	ubz = bucket_zone_lookup(zone->uz_count);
386 	if (ubz->ubz_zone == zone && (ubz + 1)->ubz_entries != 0)
387 		ubz++;
388 	bucket = uma_zalloc_arg(ubz->ubz_zone, udata, flags);
389 	if (bucket) {
390 #ifdef INVARIANTS
391 		bzero(bucket->ub_bucket, sizeof(void *) * ubz->ubz_entries);
392 #endif
393 		bucket->ub_cnt = 0;
394 		bucket->ub_entries = ubz->ubz_entries;
395 	}
396 
397 	return (bucket);
398 }
399 
400 static void
401 bucket_free(uma_zone_t zone, uma_bucket_t bucket, void *udata)
402 {
403 	struct uma_bucket_zone *ubz;
404 
405 	KASSERT(bucket->ub_cnt == 0,
406 	    ("bucket_free: Freeing a non free bucket."));
407 	if ((zone->uz_flags & UMA_ZFLAG_BUCKET) == 0)
408 		udata = (void *)(uintptr_t)zone->uz_flags;
409 	ubz = bucket_zone_lookup(bucket->ub_entries);
410 	uma_zfree_arg(ubz->ubz_zone, bucket, udata);
411 }
412 
413 static void
414 bucket_zone_drain(void)
415 {
416 	struct uma_bucket_zone *ubz;
417 
418 	for (ubz = &bucket_zones[0]; ubz->ubz_entries != 0; ubz++)
419 		zone_drain(ubz->ubz_zone);
420 }
421 
422 static void
423 zone_log_warning(uma_zone_t zone)
424 {
425 	static const struct timeval warninterval = { 300, 0 };
426 
427 	if (!zone_warnings || zone->uz_warning == NULL)
428 		return;
429 
430 	if (ratecheck(&zone->uz_ratecheck, &warninterval))
431 		printf("[zone: %s] %s\n", zone->uz_name, zone->uz_warning);
432 }
433 
434 static inline void
435 zone_maxaction(uma_zone_t zone)
436 {
437 	if (zone->uz_maxaction)
438 		(*zone->uz_maxaction)(zone);
439 }
440 
441 static void
442 zone_foreach_keg(uma_zone_t zone, void (*kegfn)(uma_keg_t))
443 {
444 	uma_klink_t klink;
445 
446 	LIST_FOREACH(klink, &zone->uz_kegs, kl_link)
447 		kegfn(klink->kl_keg);
448 }
449 
450 /*
451  * Routine called by timeout which is used to fire off some time interval
452  * based calculations.  (stats, hash size, etc.)
453  *
454  * Arguments:
455  *	arg   Unused
456  *
457  * Returns:
458  *	Nothing
459  */
460 static void
461 uma_timeout(void *unused)
462 {
463 	bucket_enable();
464 	zone_foreach(zone_timeout);
465 
466 	/* Reschedule this event */
467 	callout_reset(&uma_callout, UMA_TIMEOUT * hz, uma_timeout, NULL);
468 }
469 
470 /*
471  * Routine to perform timeout driven calculations.  This expands the
472  * hashes and does per cpu statistics aggregation.
473  *
474  *  Returns nothing.
475  */
476 static void
477 keg_timeout(uma_keg_t keg)
478 {
479 
480 	KEG_LOCK(keg);
481 	/*
482 	 * Expand the keg hash table.
483 	 *
484 	 * This is done if the number of slabs is larger than the hash size.
485 	 * What I'm trying to do here is completely reduce collisions.  This
486 	 * may be a little aggressive.  Should I allow for two collisions max?
487 	 */
488 	if (keg->uk_flags & UMA_ZONE_HASH &&
489 	    keg->uk_pages / keg->uk_ppera >= keg->uk_hash.uh_hashsize) {
490 		struct uma_hash newhash;
491 		struct uma_hash oldhash;
492 		int ret;
493 
494 		/*
495 		 * This is so involved because allocating and freeing
496 		 * while the keg lock is held will lead to deadlock.
497 		 * I have to do everything in stages and check for
498 		 * races.
499 		 */
500 		newhash = keg->uk_hash;
501 		KEG_UNLOCK(keg);
502 		ret = hash_alloc(&newhash);
503 		KEG_LOCK(keg);
504 		if (ret) {
505 			if (hash_expand(&keg->uk_hash, &newhash)) {
506 				oldhash = keg->uk_hash;
507 				keg->uk_hash = newhash;
508 			} else
509 				oldhash = newhash;
510 
511 			KEG_UNLOCK(keg);
512 			hash_free(&oldhash);
513 			return;
514 		}
515 	}
516 	KEG_UNLOCK(keg);
517 }
518 
519 static void
520 zone_timeout(uma_zone_t zone)
521 {
522 
523 	zone_foreach_keg(zone, &keg_timeout);
524 }
525 
526 /*
527  * Allocate and zero fill the next sized hash table from the appropriate
528  * backing store.
529  *
530  * Arguments:
531  *	hash  A new hash structure with the old hash size in uh_hashsize
532  *
533  * Returns:
534  *	1 on sucess and 0 on failure.
535  */
536 static int
537 hash_alloc(struct uma_hash *hash)
538 {
539 	int oldsize;
540 	int alloc;
541 
542 	oldsize = hash->uh_hashsize;
543 
544 	/* We're just going to go to a power of two greater */
545 	if (oldsize)  {
546 		hash->uh_hashsize = oldsize * 2;
547 		alloc = sizeof(hash->uh_slab_hash[0]) * hash->uh_hashsize;
548 		hash->uh_slab_hash = (struct slabhead *)malloc(alloc,
549 		    M_UMAHASH, M_NOWAIT);
550 	} else {
551 		alloc = sizeof(hash->uh_slab_hash[0]) * UMA_HASH_SIZE_INIT;
552 		hash->uh_slab_hash = zone_alloc_item(hashzone, NULL,
553 		    M_WAITOK);
554 		hash->uh_hashsize = UMA_HASH_SIZE_INIT;
555 	}
556 	if (hash->uh_slab_hash) {
557 		bzero(hash->uh_slab_hash, alloc);
558 		hash->uh_hashmask = hash->uh_hashsize - 1;
559 		return (1);
560 	}
561 
562 	return (0);
563 }
564 
565 /*
566  * Expands the hash table for HASH zones.  This is done from zone_timeout
567  * to reduce collisions.  This must not be done in the regular allocation
568  * path, otherwise, we can recurse on the vm while allocating pages.
569  *
570  * Arguments:
571  *	oldhash  The hash you want to expand
572  *	newhash  The hash structure for the new table
573  *
574  * Returns:
575  *	Nothing
576  *
577  * Discussion:
578  */
579 static int
580 hash_expand(struct uma_hash *oldhash, struct uma_hash *newhash)
581 {
582 	uma_slab_t slab;
583 	int hval;
584 	int i;
585 
586 	if (!newhash->uh_slab_hash)
587 		return (0);
588 
589 	if (oldhash->uh_hashsize >= newhash->uh_hashsize)
590 		return (0);
591 
592 	/*
593 	 * I need to investigate hash algorithms for resizing without a
594 	 * full rehash.
595 	 */
596 
597 	for (i = 0; i < oldhash->uh_hashsize; i++)
598 		while (!SLIST_EMPTY(&oldhash->uh_slab_hash[i])) {
599 			slab = SLIST_FIRST(&oldhash->uh_slab_hash[i]);
600 			SLIST_REMOVE_HEAD(&oldhash->uh_slab_hash[i], us_hlink);
601 			hval = UMA_HASH(newhash, slab->us_data);
602 			SLIST_INSERT_HEAD(&newhash->uh_slab_hash[hval],
603 			    slab, us_hlink);
604 		}
605 
606 	return (1);
607 }
608 
609 /*
610  * Free the hash bucket to the appropriate backing store.
611  *
612  * Arguments:
613  *	slab_hash  The hash bucket we're freeing
614  *	hashsize   The number of entries in that hash bucket
615  *
616  * Returns:
617  *	Nothing
618  */
619 static void
620 hash_free(struct uma_hash *hash)
621 {
622 	if (hash->uh_slab_hash == NULL)
623 		return;
624 	if (hash->uh_hashsize == UMA_HASH_SIZE_INIT)
625 		zone_free_item(hashzone, hash->uh_slab_hash, NULL, SKIP_NONE);
626 	else
627 		free(hash->uh_slab_hash, M_UMAHASH);
628 }
629 
630 /*
631  * Frees all outstanding items in a bucket
632  *
633  * Arguments:
634  *	zone   The zone to free to, must be unlocked.
635  *	bucket The free/alloc bucket with items, cpu queue must be locked.
636  *
637  * Returns:
638  *	Nothing
639  */
640 
641 static void
642 bucket_drain(uma_zone_t zone, uma_bucket_t bucket)
643 {
644 	int i;
645 
646 	if (bucket == NULL)
647 		return;
648 
649 	if (zone->uz_fini)
650 		for (i = 0; i < bucket->ub_cnt; i++)
651 			zone->uz_fini(bucket->ub_bucket[i], zone->uz_size);
652 	zone->uz_release(zone->uz_arg, bucket->ub_bucket, bucket->ub_cnt);
653 	bucket->ub_cnt = 0;
654 }
655 
656 /*
657  * Drains the per cpu caches for a zone.
658  *
659  * NOTE: This may only be called while the zone is being turn down, and not
660  * during normal operation.  This is necessary in order that we do not have
661  * to migrate CPUs to drain the per-CPU caches.
662  *
663  * Arguments:
664  *	zone     The zone to drain, must be unlocked.
665  *
666  * Returns:
667  *	Nothing
668  */
669 static void
670 cache_drain(uma_zone_t zone)
671 {
672 	uma_cache_t cache;
673 	int cpu;
674 
675 	/*
676 	 * XXX: It is safe to not lock the per-CPU caches, because we're
677 	 * tearing down the zone anyway.  I.e., there will be no further use
678 	 * of the caches at this point.
679 	 *
680 	 * XXX: It would good to be able to assert that the zone is being
681 	 * torn down to prevent improper use of cache_drain().
682 	 *
683 	 * XXX: We lock the zone before passing into bucket_cache_drain() as
684 	 * it is used elsewhere.  Should the tear-down path be made special
685 	 * there in some form?
686 	 */
687 	CPU_FOREACH(cpu) {
688 		cache = &zone->uz_cpu[cpu];
689 		bucket_drain(zone, cache->uc_allocbucket);
690 		bucket_drain(zone, cache->uc_freebucket);
691 		if (cache->uc_allocbucket != NULL)
692 			bucket_free(zone, cache->uc_allocbucket, NULL);
693 		if (cache->uc_freebucket != NULL)
694 			bucket_free(zone, cache->uc_freebucket, NULL);
695 		cache->uc_allocbucket = cache->uc_freebucket = NULL;
696 	}
697 	ZONE_LOCK(zone);
698 	bucket_cache_drain(zone);
699 	ZONE_UNLOCK(zone);
700 }
701 
702 static void
703 cache_shrink(uma_zone_t zone)
704 {
705 
706 	if (zone->uz_flags & UMA_ZFLAG_INTERNAL)
707 		return;
708 
709 	ZONE_LOCK(zone);
710 	zone->uz_count = (zone->uz_count_min + zone->uz_count) / 2;
711 	ZONE_UNLOCK(zone);
712 }
713 
714 static void
715 cache_drain_safe_cpu(uma_zone_t zone)
716 {
717 	uma_cache_t cache;
718 	uma_bucket_t b1, b2;
719 
720 	if (zone->uz_flags & UMA_ZFLAG_INTERNAL)
721 		return;
722 
723 	b1 = b2 = NULL;
724 	ZONE_LOCK(zone);
725 	critical_enter();
726 	cache = &zone->uz_cpu[curcpu];
727 	if (cache->uc_allocbucket) {
728 		if (cache->uc_allocbucket->ub_cnt != 0)
729 			LIST_INSERT_HEAD(&zone->uz_buckets,
730 			    cache->uc_allocbucket, ub_link);
731 		else
732 			b1 = cache->uc_allocbucket;
733 		cache->uc_allocbucket = NULL;
734 	}
735 	if (cache->uc_freebucket) {
736 		if (cache->uc_freebucket->ub_cnt != 0)
737 			LIST_INSERT_HEAD(&zone->uz_buckets,
738 			    cache->uc_freebucket, ub_link);
739 		else
740 			b2 = cache->uc_freebucket;
741 		cache->uc_freebucket = NULL;
742 	}
743 	critical_exit();
744 	ZONE_UNLOCK(zone);
745 	if (b1)
746 		bucket_free(zone, b1, NULL);
747 	if (b2)
748 		bucket_free(zone, b2, NULL);
749 }
750 
751 /*
752  * Safely drain per-CPU caches of a zone(s) to alloc bucket.
753  * This is an expensive call because it needs to bind to all CPUs
754  * one by one and enter a critical section on each of them in order
755  * to safely access their cache buckets.
756  * Zone lock must not be held on call this function.
757  */
758 static void
759 cache_drain_safe(uma_zone_t zone)
760 {
761 	int cpu;
762 
763 	/*
764 	 * Polite bucket sizes shrinking was not enouth, shrink aggressively.
765 	 */
766 	if (zone)
767 		cache_shrink(zone);
768 	else
769 		zone_foreach(cache_shrink);
770 
771 	CPU_FOREACH(cpu) {
772 		thread_lock(curthread);
773 		sched_bind(curthread, cpu);
774 		thread_unlock(curthread);
775 
776 		if (zone)
777 			cache_drain_safe_cpu(zone);
778 		else
779 			zone_foreach(cache_drain_safe_cpu);
780 	}
781 	thread_lock(curthread);
782 	sched_unbind(curthread);
783 	thread_unlock(curthread);
784 }
785 
786 /*
787  * Drain the cached buckets from a zone.  Expects a locked zone on entry.
788  */
789 static void
790 bucket_cache_drain(uma_zone_t zone)
791 {
792 	uma_bucket_t bucket;
793 
794 	/*
795 	 * Drain the bucket queues and free the buckets, we just keep two per
796 	 * cpu (alloc/free).
797 	 */
798 	while ((bucket = LIST_FIRST(&zone->uz_buckets)) != NULL) {
799 		LIST_REMOVE(bucket, ub_link);
800 		ZONE_UNLOCK(zone);
801 		bucket_drain(zone, bucket);
802 		bucket_free(zone, bucket, NULL);
803 		ZONE_LOCK(zone);
804 	}
805 
806 	/*
807 	 * Shrink further bucket sizes.  Price of single zone lock collision
808 	 * is probably lower then price of global cache drain.
809 	 */
810 	if (zone->uz_count > zone->uz_count_min)
811 		zone->uz_count--;
812 }
813 
814 static void
815 keg_free_slab(uma_keg_t keg, uma_slab_t slab, int start)
816 {
817 	uint8_t *mem;
818 	int i;
819 	uint8_t flags;
820 
821 	mem = slab->us_data;
822 	flags = slab->us_flags;
823 	i = start;
824 	if (keg->uk_fini != NULL) {
825 		for (i--; i > -1; i--)
826 			keg->uk_fini(slab->us_data + (keg->uk_rsize * i),
827 			    keg->uk_size);
828 	}
829 	if (keg->uk_flags & UMA_ZONE_OFFPAGE)
830 		zone_free_item(keg->uk_slabzone, slab, NULL, SKIP_NONE);
831 #ifdef UMA_DEBUG
832 	printf("%s: Returning %d bytes.\n", keg->uk_name,
833 	    PAGE_SIZE * keg->uk_ppera);
834 #endif
835 	keg->uk_freef(mem, PAGE_SIZE * keg->uk_ppera, flags);
836 }
837 
838 /*
839  * Frees pages from a keg back to the system.  This is done on demand from
840  * the pageout daemon.
841  *
842  * Returns nothing.
843  */
844 static void
845 keg_drain(uma_keg_t keg)
846 {
847 	struct slabhead freeslabs = { 0 };
848 	uma_slab_t slab;
849 	uma_slab_t n;
850 
851 	/*
852 	 * We don't want to take pages from statically allocated kegs at this
853 	 * time
854 	 */
855 	if (keg->uk_flags & UMA_ZONE_NOFREE || keg->uk_freef == NULL)
856 		return;
857 
858 #ifdef UMA_DEBUG
859 	printf("%s free items: %u\n", keg->uk_name, keg->uk_free);
860 #endif
861 	KEG_LOCK(keg);
862 	if (keg->uk_free == 0)
863 		goto finished;
864 
865 	slab = LIST_FIRST(&keg->uk_free_slab);
866 	while (slab) {
867 		n = LIST_NEXT(slab, us_link);
868 
869 		/* We have no where to free these to */
870 		if (slab->us_flags & UMA_SLAB_BOOT) {
871 			slab = n;
872 			continue;
873 		}
874 
875 		LIST_REMOVE(slab, us_link);
876 		keg->uk_pages -= keg->uk_ppera;
877 		keg->uk_free -= keg->uk_ipers;
878 
879 		if (keg->uk_flags & UMA_ZONE_HASH)
880 			UMA_HASH_REMOVE(&keg->uk_hash, slab, slab->us_data);
881 
882 		SLIST_INSERT_HEAD(&freeslabs, slab, us_hlink);
883 
884 		slab = n;
885 	}
886 finished:
887 	KEG_UNLOCK(keg);
888 
889 	while ((slab = SLIST_FIRST(&freeslabs)) != NULL) {
890 		SLIST_REMOVE(&freeslabs, slab, uma_slab, us_hlink);
891 		keg_free_slab(keg, slab, keg->uk_ipers);
892 	}
893 }
894 
895 static void
896 zone_drain_wait(uma_zone_t zone, int waitok)
897 {
898 
899 	/*
900 	 * Set draining to interlock with zone_dtor() so we can release our
901 	 * locks as we go.  Only dtor() should do a WAITOK call since it
902 	 * is the only call that knows the structure will still be available
903 	 * when it wakes up.
904 	 */
905 	ZONE_LOCK(zone);
906 	while (zone->uz_flags & UMA_ZFLAG_DRAINING) {
907 		if (waitok == M_NOWAIT)
908 			goto out;
909 		msleep(zone, zone->uz_lockptr, PVM, "zonedrain", 1);
910 	}
911 	zone->uz_flags |= UMA_ZFLAG_DRAINING;
912 	bucket_cache_drain(zone);
913 	ZONE_UNLOCK(zone);
914 	/*
915 	 * The DRAINING flag protects us from being freed while
916 	 * we're running.  Normally the uma_rwlock would protect us but we
917 	 * must be able to release and acquire the right lock for each keg.
918 	 */
919 	zone_foreach_keg(zone, &keg_drain);
920 	ZONE_LOCK(zone);
921 	zone->uz_flags &= ~UMA_ZFLAG_DRAINING;
922 	wakeup(zone);
923 out:
924 	ZONE_UNLOCK(zone);
925 }
926 
927 void
928 zone_drain(uma_zone_t zone)
929 {
930 
931 	zone_drain_wait(zone, M_NOWAIT);
932 }
933 
934 /*
935  * Allocate a new slab for a keg.  This does not insert the slab onto a list.
936  *
937  * Arguments:
938  *	wait  Shall we wait?
939  *
940  * Returns:
941  *	The slab that was allocated or NULL if there is no memory and the
942  *	caller specified M_NOWAIT.
943  */
944 static uma_slab_t
945 keg_alloc_slab(uma_keg_t keg, uma_zone_t zone, int wait)
946 {
947 	uma_slabrefcnt_t slabref;
948 	uma_alloc allocf;
949 	uma_slab_t slab;
950 	uint8_t *mem;
951 	uint8_t flags;
952 	int i;
953 
954 	mtx_assert(&keg->uk_lock, MA_OWNED);
955 	slab = NULL;
956 	mem = NULL;
957 
958 #ifdef UMA_DEBUG
959 	printf("alloc_slab:  Allocating a new slab for %s\n", keg->uk_name);
960 #endif
961 	allocf = keg->uk_allocf;
962 	KEG_UNLOCK(keg);
963 
964 	if (keg->uk_flags & UMA_ZONE_OFFPAGE) {
965 		slab = zone_alloc_item(keg->uk_slabzone, NULL, wait);
966 		if (slab == NULL)
967 			goto out;
968 	}
969 
970 	/*
971 	 * This reproduces the old vm_zone behavior of zero filling pages the
972 	 * first time they are added to a zone.
973 	 *
974 	 * Malloced items are zeroed in uma_zalloc.
975 	 */
976 
977 	if ((keg->uk_flags & UMA_ZONE_MALLOC) == 0)
978 		wait |= M_ZERO;
979 	else
980 		wait &= ~M_ZERO;
981 
982 	if (keg->uk_flags & UMA_ZONE_NODUMP)
983 		wait |= M_NODUMP;
984 
985 	/* zone is passed for legacy reasons. */
986 	mem = allocf(zone, keg->uk_ppera * PAGE_SIZE, &flags, wait);
987 	if (mem == NULL) {
988 		if (keg->uk_flags & UMA_ZONE_OFFPAGE)
989 			zone_free_item(keg->uk_slabzone, slab, NULL, SKIP_NONE);
990 		slab = NULL;
991 		goto out;
992 	}
993 
994 	/* Point the slab into the allocated memory */
995 	if (!(keg->uk_flags & UMA_ZONE_OFFPAGE))
996 		slab = (uma_slab_t )(mem + keg->uk_pgoff);
997 
998 	if (keg->uk_flags & UMA_ZONE_VTOSLAB)
999 		for (i = 0; i < keg->uk_ppera; i++)
1000 			vsetslab((vm_offset_t)mem + (i * PAGE_SIZE), slab);
1001 
1002 	slab->us_keg = keg;
1003 	slab->us_data = mem;
1004 	slab->us_freecount = keg->uk_ipers;
1005 	slab->us_flags = flags;
1006 	BIT_FILL(SLAB_SETSIZE, &slab->us_free);
1007 #ifdef INVARIANTS
1008 	BIT_ZERO(SLAB_SETSIZE, &slab->us_debugfree);
1009 #endif
1010 	if (keg->uk_flags & UMA_ZONE_REFCNT) {
1011 		slabref = (uma_slabrefcnt_t)slab;
1012 		for (i = 0; i < keg->uk_ipers; i++)
1013 			slabref->us_refcnt[i] = 0;
1014 	}
1015 
1016 	if (keg->uk_init != NULL) {
1017 		for (i = 0; i < keg->uk_ipers; i++)
1018 			if (keg->uk_init(slab->us_data + (keg->uk_rsize * i),
1019 			    keg->uk_size, wait) != 0)
1020 				break;
1021 		if (i != keg->uk_ipers) {
1022 			keg_free_slab(keg, slab, i);
1023 			slab = NULL;
1024 			goto out;
1025 		}
1026 	}
1027 out:
1028 	KEG_LOCK(keg);
1029 
1030 	if (slab != NULL) {
1031 		if (keg->uk_flags & UMA_ZONE_HASH)
1032 			UMA_HASH_INSERT(&keg->uk_hash, slab, mem);
1033 
1034 		keg->uk_pages += keg->uk_ppera;
1035 		keg->uk_free += keg->uk_ipers;
1036 	}
1037 
1038 	return (slab);
1039 }
1040 
1041 /*
1042  * This function is intended to be used early on in place of page_alloc() so
1043  * that we may use the boot time page cache to satisfy allocations before
1044  * the VM is ready.
1045  */
1046 static void *
1047 startup_alloc(uma_zone_t zone, vm_size_t bytes, uint8_t *pflag, int wait)
1048 {
1049 	uma_keg_t keg;
1050 	uma_slab_t tmps;
1051 	int pages, check_pages;
1052 
1053 	keg = zone_first_keg(zone);
1054 	pages = howmany(bytes, PAGE_SIZE);
1055 	check_pages = pages - 1;
1056 	KASSERT(pages > 0, ("startup_alloc can't reserve 0 pages\n"));
1057 
1058 	/*
1059 	 * Check our small startup cache to see if it has pages remaining.
1060 	 */
1061 	mtx_lock(&uma_boot_pages_mtx);
1062 
1063 	/* First check if we have enough room. */
1064 	tmps = LIST_FIRST(&uma_boot_pages);
1065 	while (tmps != NULL && check_pages-- > 0)
1066 		tmps = LIST_NEXT(tmps, us_link);
1067 	if (tmps != NULL) {
1068 		/*
1069 		 * It's ok to lose tmps references.  The last one will
1070 		 * have tmps->us_data pointing to the start address of
1071 		 * "pages" contiguous pages of memory.
1072 		 */
1073 		while (pages-- > 0) {
1074 			tmps = LIST_FIRST(&uma_boot_pages);
1075 			LIST_REMOVE(tmps, us_link);
1076 		}
1077 		mtx_unlock(&uma_boot_pages_mtx);
1078 		*pflag = tmps->us_flags;
1079 		return (tmps->us_data);
1080 	}
1081 	mtx_unlock(&uma_boot_pages_mtx);
1082 	if (booted < UMA_STARTUP2)
1083 		panic("UMA: Increase vm.boot_pages");
1084 	/*
1085 	 * Now that we've booted reset these users to their real allocator.
1086 	 */
1087 #ifdef UMA_MD_SMALL_ALLOC
1088 	keg->uk_allocf = (keg->uk_ppera > 1) ? page_alloc : uma_small_alloc;
1089 #else
1090 	keg->uk_allocf = page_alloc;
1091 #endif
1092 	return keg->uk_allocf(zone, bytes, pflag, wait);
1093 }
1094 
1095 /*
1096  * Allocates a number of pages from the system
1097  *
1098  * Arguments:
1099  *	bytes  The number of bytes requested
1100  *	wait  Shall we wait?
1101  *
1102  * Returns:
1103  *	A pointer to the alloced memory or possibly
1104  *	NULL if M_NOWAIT is set.
1105  */
1106 static void *
1107 page_alloc(uma_zone_t zone, vm_size_t bytes, uint8_t *pflag, int wait)
1108 {
1109 	void *p;	/* Returned page */
1110 
1111 	*pflag = UMA_SLAB_KMEM;
1112 	p = (void *) kmem_malloc(kmem_arena, bytes, wait);
1113 
1114 	return (p);
1115 }
1116 
1117 /*
1118  * Allocates a number of pages from within an object
1119  *
1120  * Arguments:
1121  *	bytes  The number of bytes requested
1122  *	wait   Shall we wait?
1123  *
1124  * Returns:
1125  *	A pointer to the alloced memory or possibly
1126  *	NULL if M_NOWAIT is set.
1127  */
1128 static void *
1129 noobj_alloc(uma_zone_t zone, vm_size_t bytes, uint8_t *flags, int wait)
1130 {
1131 	TAILQ_HEAD(, vm_page) alloctail;
1132 	u_long npages;
1133 	vm_offset_t retkva, zkva;
1134 	vm_page_t p, p_next;
1135 	uma_keg_t keg;
1136 
1137 	TAILQ_INIT(&alloctail);
1138 	keg = zone_first_keg(zone);
1139 
1140 	npages = howmany(bytes, PAGE_SIZE);
1141 	while (npages > 0) {
1142 		p = vm_page_alloc(NULL, 0, VM_ALLOC_INTERRUPT |
1143 		    VM_ALLOC_WIRED | VM_ALLOC_NOOBJ);
1144 		if (p != NULL) {
1145 			/*
1146 			 * Since the page does not belong to an object, its
1147 			 * listq is unused.
1148 			 */
1149 			TAILQ_INSERT_TAIL(&alloctail, p, listq);
1150 			npages--;
1151 			continue;
1152 		}
1153 		if (wait & M_WAITOK) {
1154 			VM_WAIT;
1155 			continue;
1156 		}
1157 
1158 		/*
1159 		 * Page allocation failed, free intermediate pages and
1160 		 * exit.
1161 		 */
1162 		TAILQ_FOREACH_SAFE(p, &alloctail, listq, p_next) {
1163 			vm_page_unwire(p, PQ_NONE);
1164 			vm_page_free(p);
1165 		}
1166 		return (NULL);
1167 	}
1168 	*flags = UMA_SLAB_PRIV;
1169 	zkva = keg->uk_kva +
1170 	    atomic_fetchadd_long(&keg->uk_offset, round_page(bytes));
1171 	retkva = zkva;
1172 	TAILQ_FOREACH(p, &alloctail, listq) {
1173 		pmap_qenter(zkva, &p, 1);
1174 		zkva += PAGE_SIZE;
1175 	}
1176 
1177 	return ((void *)retkva);
1178 }
1179 
1180 /*
1181  * Frees a number of pages to the system
1182  *
1183  * Arguments:
1184  *	mem   A pointer to the memory to be freed
1185  *	size  The size of the memory being freed
1186  *	flags The original p->us_flags field
1187  *
1188  * Returns:
1189  *	Nothing
1190  */
1191 static void
1192 page_free(void *mem, vm_size_t size, uint8_t flags)
1193 {
1194 	struct vmem *vmem;
1195 
1196 	if (flags & UMA_SLAB_KMEM)
1197 		vmem = kmem_arena;
1198 	else if (flags & UMA_SLAB_KERNEL)
1199 		vmem = kernel_arena;
1200 	else
1201 		panic("UMA: page_free used with invalid flags %d", flags);
1202 
1203 	kmem_free(vmem, (vm_offset_t)mem, size);
1204 }
1205 
1206 /*
1207  * Zero fill initializer
1208  *
1209  * Arguments/Returns follow uma_init specifications
1210  */
1211 static int
1212 zero_init(void *mem, int size, int flags)
1213 {
1214 	bzero(mem, size);
1215 	return (0);
1216 }
1217 
1218 /*
1219  * Finish creating a small uma keg.  This calculates ipers, and the keg size.
1220  *
1221  * Arguments
1222  *	keg  The zone we should initialize
1223  *
1224  * Returns
1225  *	Nothing
1226  */
1227 static void
1228 keg_small_init(uma_keg_t keg)
1229 {
1230 	u_int rsize;
1231 	u_int memused;
1232 	u_int wastedspace;
1233 	u_int shsize;
1234 
1235 	if (keg->uk_flags & UMA_ZONE_PCPU) {
1236 		u_int ncpus = mp_ncpus ? mp_ncpus : MAXCPU;
1237 
1238 		keg->uk_slabsize = sizeof(struct pcpu);
1239 		keg->uk_ppera = howmany(ncpus * sizeof(struct pcpu),
1240 		    PAGE_SIZE);
1241 	} else {
1242 		keg->uk_slabsize = UMA_SLAB_SIZE;
1243 		keg->uk_ppera = 1;
1244 	}
1245 
1246 	/*
1247 	 * Calculate the size of each allocation (rsize) according to
1248 	 * alignment.  If the requested size is smaller than we have
1249 	 * allocation bits for we round it up.
1250 	 */
1251 	rsize = keg->uk_size;
1252 	if (rsize < keg->uk_slabsize / SLAB_SETSIZE)
1253 		rsize = keg->uk_slabsize / SLAB_SETSIZE;
1254 	if (rsize & keg->uk_align)
1255 		rsize = (rsize & ~keg->uk_align) + (keg->uk_align + 1);
1256 	keg->uk_rsize = rsize;
1257 
1258 	KASSERT((keg->uk_flags & UMA_ZONE_PCPU) == 0 ||
1259 	    keg->uk_rsize < sizeof(struct pcpu),
1260 	    ("%s: size %u too large", __func__, keg->uk_rsize));
1261 
1262 	if (keg->uk_flags & UMA_ZONE_REFCNT)
1263 		rsize += sizeof(uint32_t);
1264 
1265 	if (keg->uk_flags & UMA_ZONE_OFFPAGE)
1266 		shsize = 0;
1267 	else
1268 		shsize = sizeof(struct uma_slab);
1269 
1270 	keg->uk_ipers = (keg->uk_slabsize - shsize) / rsize;
1271 	KASSERT(keg->uk_ipers > 0 && keg->uk_ipers <= SLAB_SETSIZE,
1272 	    ("%s: keg->uk_ipers %u", __func__, keg->uk_ipers));
1273 
1274 	memused = keg->uk_ipers * rsize + shsize;
1275 	wastedspace = keg->uk_slabsize - memused;
1276 
1277 	/*
1278 	 * We can't do OFFPAGE if we're internal or if we've been
1279 	 * asked to not go to the VM for buckets.  If we do this we
1280 	 * may end up going to the VM  for slabs which we do not
1281 	 * want to do if we're UMA_ZFLAG_CACHEONLY as a result
1282 	 * of UMA_ZONE_VM, which clearly forbids it.
1283 	 */
1284 	if ((keg->uk_flags & UMA_ZFLAG_INTERNAL) ||
1285 	    (keg->uk_flags & UMA_ZFLAG_CACHEONLY))
1286 		return;
1287 
1288 	/*
1289 	 * See if using an OFFPAGE slab will limit our waste.  Only do
1290 	 * this if it permits more items per-slab.
1291 	 *
1292 	 * XXX We could try growing slabsize to limit max waste as well.
1293 	 * Historically this was not done because the VM could not
1294 	 * efficiently handle contiguous allocations.
1295 	 */
1296 	if ((wastedspace >= keg->uk_slabsize / UMA_MAX_WASTE) &&
1297 	    (keg->uk_ipers < (keg->uk_slabsize / keg->uk_rsize))) {
1298 		keg->uk_ipers = keg->uk_slabsize / keg->uk_rsize;
1299 		KASSERT(keg->uk_ipers > 0 && keg->uk_ipers <= SLAB_SETSIZE,
1300 		    ("%s: keg->uk_ipers %u", __func__, keg->uk_ipers));
1301 #ifdef UMA_DEBUG
1302 		printf("UMA decided we need offpage slab headers for "
1303 		    "keg: %s, calculated wastedspace = %d, "
1304 		    "maximum wasted space allowed = %d, "
1305 		    "calculated ipers = %d, "
1306 		    "new wasted space = %d\n", keg->uk_name, wastedspace,
1307 		    keg->uk_slabsize / UMA_MAX_WASTE, keg->uk_ipers,
1308 		    keg->uk_slabsize - keg->uk_ipers * keg->uk_rsize);
1309 #endif
1310 		keg->uk_flags |= UMA_ZONE_OFFPAGE;
1311 	}
1312 
1313 	if ((keg->uk_flags & UMA_ZONE_OFFPAGE) &&
1314 	    (keg->uk_flags & UMA_ZONE_VTOSLAB) == 0)
1315 		keg->uk_flags |= UMA_ZONE_HASH;
1316 }
1317 
1318 /*
1319  * Finish creating a large (> UMA_SLAB_SIZE) uma kegs.  Just give in and do
1320  * OFFPAGE for now.  When I can allow for more dynamic slab sizes this will be
1321  * more complicated.
1322  *
1323  * Arguments
1324  *	keg  The keg we should initialize
1325  *
1326  * Returns
1327  *	Nothing
1328  */
1329 static void
1330 keg_large_init(uma_keg_t keg)
1331 {
1332 	u_int shsize;
1333 
1334 	KASSERT(keg != NULL, ("Keg is null in keg_large_init"));
1335 	KASSERT((keg->uk_flags & UMA_ZFLAG_CACHEONLY) == 0,
1336 	    ("keg_large_init: Cannot large-init a UMA_ZFLAG_CACHEONLY keg"));
1337 	KASSERT((keg->uk_flags & UMA_ZONE_PCPU) == 0,
1338 	    ("%s: Cannot large-init a UMA_ZONE_PCPU keg", __func__));
1339 
1340 	keg->uk_ppera = howmany(keg->uk_size, PAGE_SIZE);
1341 	keg->uk_slabsize = keg->uk_ppera * PAGE_SIZE;
1342 	keg->uk_ipers = 1;
1343 	keg->uk_rsize = keg->uk_size;
1344 
1345 	/* We can't do OFFPAGE if we're internal, bail out here. */
1346 	if (keg->uk_flags & UMA_ZFLAG_INTERNAL)
1347 		return;
1348 
1349 	/* Check whether we have enough space to not do OFFPAGE. */
1350 	if ((keg->uk_flags & UMA_ZONE_OFFPAGE) == 0) {
1351 		shsize = sizeof(struct uma_slab);
1352 		if (keg->uk_flags & UMA_ZONE_REFCNT)
1353 			shsize += keg->uk_ipers * sizeof(uint32_t);
1354 		if (shsize & UMA_ALIGN_PTR)
1355 			shsize = (shsize & ~UMA_ALIGN_PTR) +
1356 			    (UMA_ALIGN_PTR + 1);
1357 
1358 		if ((PAGE_SIZE * keg->uk_ppera) - keg->uk_rsize < shsize)
1359 			keg->uk_flags |= UMA_ZONE_OFFPAGE;
1360 	}
1361 
1362 	if ((keg->uk_flags & UMA_ZONE_OFFPAGE) &&
1363 	    (keg->uk_flags & UMA_ZONE_VTOSLAB) == 0)
1364 		keg->uk_flags |= UMA_ZONE_HASH;
1365 }
1366 
1367 static void
1368 keg_cachespread_init(uma_keg_t keg)
1369 {
1370 	int alignsize;
1371 	int trailer;
1372 	int pages;
1373 	int rsize;
1374 
1375 	KASSERT((keg->uk_flags & UMA_ZONE_PCPU) == 0,
1376 	    ("%s: Cannot cachespread-init a UMA_ZONE_PCPU keg", __func__));
1377 
1378 	alignsize = keg->uk_align + 1;
1379 	rsize = keg->uk_size;
1380 	/*
1381 	 * We want one item to start on every align boundary in a page.  To
1382 	 * do this we will span pages.  We will also extend the item by the
1383 	 * size of align if it is an even multiple of align.  Otherwise, it
1384 	 * would fall on the same boundary every time.
1385 	 */
1386 	if (rsize & keg->uk_align)
1387 		rsize = (rsize & ~keg->uk_align) + alignsize;
1388 	if ((rsize & alignsize) == 0)
1389 		rsize += alignsize;
1390 	trailer = rsize - keg->uk_size;
1391 	pages = (rsize * (PAGE_SIZE / alignsize)) / PAGE_SIZE;
1392 	pages = MIN(pages, (128 * 1024) / PAGE_SIZE);
1393 	keg->uk_rsize = rsize;
1394 	keg->uk_ppera = pages;
1395 	keg->uk_slabsize = UMA_SLAB_SIZE;
1396 	keg->uk_ipers = ((pages * PAGE_SIZE) + trailer) / rsize;
1397 	keg->uk_flags |= UMA_ZONE_OFFPAGE | UMA_ZONE_VTOSLAB;
1398 	KASSERT(keg->uk_ipers <= SLAB_SETSIZE,
1399 	    ("%s: keg->uk_ipers too high(%d) increase max_ipers", __func__,
1400 	    keg->uk_ipers));
1401 }
1402 
1403 /*
1404  * Keg header ctor.  This initializes all fields, locks, etc.  And inserts
1405  * the keg onto the global keg list.
1406  *
1407  * Arguments/Returns follow uma_ctor specifications
1408  *	udata  Actually uma_kctor_args
1409  */
1410 static int
1411 keg_ctor(void *mem, int size, void *udata, int flags)
1412 {
1413 	struct uma_kctor_args *arg = udata;
1414 	uma_keg_t keg = mem;
1415 	uma_zone_t zone;
1416 
1417 	bzero(keg, size);
1418 	keg->uk_size = arg->size;
1419 	keg->uk_init = arg->uminit;
1420 	keg->uk_fini = arg->fini;
1421 	keg->uk_align = arg->align;
1422 	keg->uk_free = 0;
1423 	keg->uk_reserve = 0;
1424 	keg->uk_pages = 0;
1425 	keg->uk_flags = arg->flags;
1426 	keg->uk_allocf = page_alloc;
1427 	keg->uk_freef = page_free;
1428 	keg->uk_slabzone = NULL;
1429 
1430 	/*
1431 	 * The master zone is passed to us at keg-creation time.
1432 	 */
1433 	zone = arg->zone;
1434 	keg->uk_name = zone->uz_name;
1435 
1436 	if (arg->flags & UMA_ZONE_VM)
1437 		keg->uk_flags |= UMA_ZFLAG_CACHEONLY;
1438 
1439 	if (arg->flags & UMA_ZONE_ZINIT)
1440 		keg->uk_init = zero_init;
1441 
1442 	if (arg->flags & UMA_ZONE_REFCNT || arg->flags & UMA_ZONE_MALLOC)
1443 		keg->uk_flags |= UMA_ZONE_VTOSLAB;
1444 
1445 	if (arg->flags & UMA_ZONE_PCPU)
1446 #ifdef SMP
1447 		keg->uk_flags |= UMA_ZONE_OFFPAGE;
1448 #else
1449 		keg->uk_flags &= ~UMA_ZONE_PCPU;
1450 #endif
1451 
1452 	if (keg->uk_flags & UMA_ZONE_CACHESPREAD) {
1453 		keg_cachespread_init(keg);
1454 	} else if (keg->uk_flags & UMA_ZONE_REFCNT) {
1455 		if (keg->uk_size >
1456 		    (UMA_SLAB_SIZE - sizeof(struct uma_slab_refcnt) -
1457 		    sizeof(uint32_t)))
1458 			keg_large_init(keg);
1459 		else
1460 			keg_small_init(keg);
1461 	} else {
1462 		if (keg->uk_size > (UMA_SLAB_SIZE - sizeof(struct uma_slab)))
1463 			keg_large_init(keg);
1464 		else
1465 			keg_small_init(keg);
1466 	}
1467 
1468 	if (keg->uk_flags & UMA_ZONE_OFFPAGE) {
1469 		if (keg->uk_flags & UMA_ZONE_REFCNT) {
1470 			if (keg->uk_ipers > uma_max_ipers_ref)
1471 				panic("Too many ref items per zone: %d > %d\n",
1472 				    keg->uk_ipers, uma_max_ipers_ref);
1473 			keg->uk_slabzone = slabrefzone;
1474 		} else
1475 			keg->uk_slabzone = slabzone;
1476 	}
1477 
1478 	/*
1479 	 * If we haven't booted yet we need allocations to go through the
1480 	 * startup cache until the vm is ready.
1481 	 */
1482 	if (keg->uk_ppera == 1) {
1483 #ifdef UMA_MD_SMALL_ALLOC
1484 		keg->uk_allocf = uma_small_alloc;
1485 		keg->uk_freef = uma_small_free;
1486 
1487 		if (booted < UMA_STARTUP)
1488 			keg->uk_allocf = startup_alloc;
1489 #else
1490 		if (booted < UMA_STARTUP2)
1491 			keg->uk_allocf = startup_alloc;
1492 #endif
1493 	} else if (booted < UMA_STARTUP2 &&
1494 	    (keg->uk_flags & UMA_ZFLAG_INTERNAL))
1495 		keg->uk_allocf = startup_alloc;
1496 
1497 	/*
1498 	 * Initialize keg's lock
1499 	 */
1500 	KEG_LOCK_INIT(keg, (arg->flags & UMA_ZONE_MTXCLASS));
1501 
1502 	/*
1503 	 * If we're putting the slab header in the actual page we need to
1504 	 * figure out where in each page it goes.  This calculates a right
1505 	 * justified offset into the memory on an ALIGN_PTR boundary.
1506 	 */
1507 	if (!(keg->uk_flags & UMA_ZONE_OFFPAGE)) {
1508 		u_int totsize;
1509 
1510 		/* Size of the slab struct and free list */
1511 		totsize = sizeof(struct uma_slab);
1512 
1513 		/* Size of the reference counts. */
1514 		if (keg->uk_flags & UMA_ZONE_REFCNT)
1515 			totsize += keg->uk_ipers * sizeof(uint32_t);
1516 
1517 		if (totsize & UMA_ALIGN_PTR)
1518 			totsize = (totsize & ~UMA_ALIGN_PTR) +
1519 			    (UMA_ALIGN_PTR + 1);
1520 		keg->uk_pgoff = (PAGE_SIZE * keg->uk_ppera) - totsize;
1521 
1522 		/*
1523 		 * The only way the following is possible is if with our
1524 		 * UMA_ALIGN_PTR adjustments we are now bigger than
1525 		 * UMA_SLAB_SIZE.  I haven't checked whether this is
1526 		 * mathematically possible for all cases, so we make
1527 		 * sure here anyway.
1528 		 */
1529 		totsize = keg->uk_pgoff + sizeof(struct uma_slab);
1530 		if (keg->uk_flags & UMA_ZONE_REFCNT)
1531 			totsize += keg->uk_ipers * sizeof(uint32_t);
1532 		if (totsize > PAGE_SIZE * keg->uk_ppera) {
1533 			printf("zone %s ipers %d rsize %d size %d\n",
1534 			    zone->uz_name, keg->uk_ipers, keg->uk_rsize,
1535 			    keg->uk_size);
1536 			panic("UMA slab won't fit.");
1537 		}
1538 	}
1539 
1540 	if (keg->uk_flags & UMA_ZONE_HASH)
1541 		hash_alloc(&keg->uk_hash);
1542 
1543 #ifdef UMA_DEBUG
1544 	printf("UMA: %s(%p) size %d(%d) flags %#x ipers %d ppera %d out %d free %d\n",
1545 	    zone->uz_name, zone, keg->uk_size, keg->uk_rsize, keg->uk_flags,
1546 	    keg->uk_ipers, keg->uk_ppera,
1547 	    (keg->uk_ipers * keg->uk_pages) - keg->uk_free, keg->uk_free);
1548 #endif
1549 
1550 	LIST_INSERT_HEAD(&keg->uk_zones, zone, uz_link);
1551 
1552 	rw_wlock(&uma_rwlock);
1553 	LIST_INSERT_HEAD(&uma_kegs, keg, uk_link);
1554 	rw_wunlock(&uma_rwlock);
1555 	return (0);
1556 }
1557 
1558 /*
1559  * Zone header ctor.  This initializes all fields, locks, etc.
1560  *
1561  * Arguments/Returns follow uma_ctor specifications
1562  *	udata  Actually uma_zctor_args
1563  */
1564 static int
1565 zone_ctor(void *mem, int size, void *udata, int flags)
1566 {
1567 	struct uma_zctor_args *arg = udata;
1568 	uma_zone_t zone = mem;
1569 	uma_zone_t z;
1570 	uma_keg_t keg;
1571 
1572 	bzero(zone, size);
1573 	zone->uz_name = arg->name;
1574 	zone->uz_ctor = arg->ctor;
1575 	zone->uz_dtor = arg->dtor;
1576 	zone->uz_slab = zone_fetch_slab;
1577 	zone->uz_init = NULL;
1578 	zone->uz_fini = NULL;
1579 	zone->uz_allocs = 0;
1580 	zone->uz_frees = 0;
1581 	zone->uz_fails = 0;
1582 	zone->uz_sleeps = 0;
1583 	zone->uz_count = 0;
1584 	zone->uz_count_min = 0;
1585 	zone->uz_flags = 0;
1586 	zone->uz_warning = NULL;
1587 	timevalclear(&zone->uz_ratecheck);
1588 	zone->uz_maxaction = NULL;
1589 	keg = arg->keg;
1590 
1591 	ZONE_LOCK_INIT(zone, (arg->flags & UMA_ZONE_MTXCLASS));
1592 
1593 	/*
1594 	 * This is a pure cache zone, no kegs.
1595 	 */
1596 	if (arg->import) {
1597 		if (arg->flags & UMA_ZONE_VM)
1598 			arg->flags |= UMA_ZFLAG_CACHEONLY;
1599 		zone->uz_flags = arg->flags;
1600 		zone->uz_size = arg->size;
1601 		zone->uz_import = arg->import;
1602 		zone->uz_release = arg->release;
1603 		zone->uz_arg = arg->arg;
1604 		zone->uz_lockptr = &zone->uz_lock;
1605 		rw_wlock(&uma_rwlock);
1606 		LIST_INSERT_HEAD(&uma_cachezones, zone, uz_link);
1607 		rw_wunlock(&uma_rwlock);
1608 		goto out;
1609 	}
1610 
1611 	/*
1612 	 * Use the regular zone/keg/slab allocator.
1613 	 */
1614 	zone->uz_import = (uma_import)zone_import;
1615 	zone->uz_release = (uma_release)zone_release;
1616 	zone->uz_arg = zone;
1617 
1618 	if (arg->flags & UMA_ZONE_SECONDARY) {
1619 		KASSERT(arg->keg != NULL, ("Secondary zone on zero'd keg"));
1620 		zone->uz_init = arg->uminit;
1621 		zone->uz_fini = arg->fini;
1622 		zone->uz_lockptr = &keg->uk_lock;
1623 		zone->uz_flags |= UMA_ZONE_SECONDARY;
1624 		rw_wlock(&uma_rwlock);
1625 		ZONE_LOCK(zone);
1626 		LIST_FOREACH(z, &keg->uk_zones, uz_link) {
1627 			if (LIST_NEXT(z, uz_link) == NULL) {
1628 				LIST_INSERT_AFTER(z, zone, uz_link);
1629 				break;
1630 			}
1631 		}
1632 		ZONE_UNLOCK(zone);
1633 		rw_wunlock(&uma_rwlock);
1634 	} else if (keg == NULL) {
1635 		if ((keg = uma_kcreate(zone, arg->size, arg->uminit, arg->fini,
1636 		    arg->align, arg->flags)) == NULL)
1637 			return (ENOMEM);
1638 	} else {
1639 		struct uma_kctor_args karg;
1640 		int error;
1641 
1642 		/* We should only be here from uma_startup() */
1643 		karg.size = arg->size;
1644 		karg.uminit = arg->uminit;
1645 		karg.fini = arg->fini;
1646 		karg.align = arg->align;
1647 		karg.flags = arg->flags;
1648 		karg.zone = zone;
1649 		error = keg_ctor(arg->keg, sizeof(struct uma_keg), &karg,
1650 		    flags);
1651 		if (error)
1652 			return (error);
1653 	}
1654 
1655 	/*
1656 	 * Link in the first keg.
1657 	 */
1658 	zone->uz_klink.kl_keg = keg;
1659 	LIST_INSERT_HEAD(&zone->uz_kegs, &zone->uz_klink, kl_link);
1660 	zone->uz_lockptr = &keg->uk_lock;
1661 	zone->uz_size = keg->uk_size;
1662 	zone->uz_flags |= (keg->uk_flags &
1663 	    (UMA_ZONE_INHERIT | UMA_ZFLAG_INHERIT));
1664 
1665 	/*
1666 	 * Some internal zones don't have room allocated for the per cpu
1667 	 * caches.  If we're internal, bail out here.
1668 	 */
1669 	if (keg->uk_flags & UMA_ZFLAG_INTERNAL) {
1670 		KASSERT((zone->uz_flags & UMA_ZONE_SECONDARY) == 0,
1671 		    ("Secondary zone requested UMA_ZFLAG_INTERNAL"));
1672 		return (0);
1673 	}
1674 
1675 out:
1676 	if ((arg->flags & UMA_ZONE_MAXBUCKET) == 0)
1677 		zone->uz_count = bucket_select(zone->uz_size);
1678 	else
1679 		zone->uz_count = BUCKET_MAX;
1680 	zone->uz_count_min = zone->uz_count;
1681 
1682 	return (0);
1683 }
1684 
1685 /*
1686  * Keg header dtor.  This frees all data, destroys locks, frees the hash
1687  * table and removes the keg from the global list.
1688  *
1689  * Arguments/Returns follow uma_dtor specifications
1690  *	udata  unused
1691  */
1692 static void
1693 keg_dtor(void *arg, int size, void *udata)
1694 {
1695 	uma_keg_t keg;
1696 
1697 	keg = (uma_keg_t)arg;
1698 	KEG_LOCK(keg);
1699 	if (keg->uk_free != 0) {
1700 		printf("Freed UMA keg (%s) was not empty (%d items). "
1701 		    " Lost %d pages of memory.\n",
1702 		    keg->uk_name ? keg->uk_name : "",
1703 		    keg->uk_free, keg->uk_pages);
1704 	}
1705 	KEG_UNLOCK(keg);
1706 
1707 	hash_free(&keg->uk_hash);
1708 
1709 	KEG_LOCK_FINI(keg);
1710 }
1711 
1712 /*
1713  * Zone header dtor.
1714  *
1715  * Arguments/Returns follow uma_dtor specifications
1716  *	udata  unused
1717  */
1718 static void
1719 zone_dtor(void *arg, int size, void *udata)
1720 {
1721 	uma_klink_t klink;
1722 	uma_zone_t zone;
1723 	uma_keg_t keg;
1724 
1725 	zone = (uma_zone_t)arg;
1726 	keg = zone_first_keg(zone);
1727 
1728 	if (!(zone->uz_flags & UMA_ZFLAG_INTERNAL))
1729 		cache_drain(zone);
1730 
1731 	rw_wlock(&uma_rwlock);
1732 	LIST_REMOVE(zone, uz_link);
1733 	rw_wunlock(&uma_rwlock);
1734 	/*
1735 	 * XXX there are some races here where
1736 	 * the zone can be drained but zone lock
1737 	 * released and then refilled before we
1738 	 * remove it... we dont care for now
1739 	 */
1740 	zone_drain_wait(zone, M_WAITOK);
1741 	/*
1742 	 * Unlink all of our kegs.
1743 	 */
1744 	while ((klink = LIST_FIRST(&zone->uz_kegs)) != NULL) {
1745 		klink->kl_keg = NULL;
1746 		LIST_REMOVE(klink, kl_link);
1747 		if (klink == &zone->uz_klink)
1748 			continue;
1749 		free(klink, M_TEMP);
1750 	}
1751 	/*
1752 	 * We only destroy kegs from non secondary zones.
1753 	 */
1754 	if (keg != NULL && (zone->uz_flags & UMA_ZONE_SECONDARY) == 0)  {
1755 		rw_wlock(&uma_rwlock);
1756 		LIST_REMOVE(keg, uk_link);
1757 		rw_wunlock(&uma_rwlock);
1758 		zone_free_item(kegs, keg, NULL, SKIP_NONE);
1759 	}
1760 	ZONE_LOCK_FINI(zone);
1761 }
1762 
1763 /*
1764  * Traverses every zone in the system and calls a callback
1765  *
1766  * Arguments:
1767  *	zfunc  A pointer to a function which accepts a zone
1768  *		as an argument.
1769  *
1770  * Returns:
1771  *	Nothing
1772  */
1773 static void
1774 zone_foreach(void (*zfunc)(uma_zone_t))
1775 {
1776 	uma_keg_t keg;
1777 	uma_zone_t zone;
1778 
1779 	rw_rlock(&uma_rwlock);
1780 	LIST_FOREACH(keg, &uma_kegs, uk_link) {
1781 		LIST_FOREACH(zone, &keg->uk_zones, uz_link)
1782 			zfunc(zone);
1783 	}
1784 	rw_runlock(&uma_rwlock);
1785 }
1786 
1787 /* Public functions */
1788 /* See uma.h */
1789 void
1790 uma_startup(void *bootmem, int boot_pages)
1791 {
1792 	struct uma_zctor_args args;
1793 	uma_slab_t slab;
1794 	u_int slabsize;
1795 	int i;
1796 
1797 #ifdef UMA_DEBUG
1798 	printf("Creating uma keg headers zone and keg.\n");
1799 #endif
1800 	rw_init(&uma_rwlock, "UMA lock");
1801 
1802 	/* "manually" create the initial zone */
1803 	memset(&args, 0, sizeof(args));
1804 	args.name = "UMA Kegs";
1805 	args.size = sizeof(struct uma_keg);
1806 	args.ctor = keg_ctor;
1807 	args.dtor = keg_dtor;
1808 	args.uminit = zero_init;
1809 	args.fini = NULL;
1810 	args.keg = &masterkeg;
1811 	args.align = 32 - 1;
1812 	args.flags = UMA_ZFLAG_INTERNAL;
1813 	/* The initial zone has no Per cpu queues so it's smaller */
1814 	zone_ctor(kegs, sizeof(struct uma_zone), &args, M_WAITOK);
1815 
1816 #ifdef UMA_DEBUG
1817 	printf("Filling boot free list.\n");
1818 #endif
1819 	for (i = 0; i < boot_pages; i++) {
1820 		slab = (uma_slab_t)((uint8_t *)bootmem + (i * UMA_SLAB_SIZE));
1821 		slab->us_data = (uint8_t *)slab;
1822 		slab->us_flags = UMA_SLAB_BOOT;
1823 		LIST_INSERT_HEAD(&uma_boot_pages, slab, us_link);
1824 	}
1825 	mtx_init(&uma_boot_pages_mtx, "UMA boot pages", NULL, MTX_DEF);
1826 
1827 #ifdef UMA_DEBUG
1828 	printf("Creating uma zone headers zone and keg.\n");
1829 #endif
1830 	args.name = "UMA Zones";
1831 	args.size = sizeof(struct uma_zone) +
1832 	    (sizeof(struct uma_cache) * (mp_maxid + 1));
1833 	args.ctor = zone_ctor;
1834 	args.dtor = zone_dtor;
1835 	args.uminit = zero_init;
1836 	args.fini = NULL;
1837 	args.keg = NULL;
1838 	args.align = 32 - 1;
1839 	args.flags = UMA_ZFLAG_INTERNAL;
1840 	/* The initial zone has no Per cpu queues so it's smaller */
1841 	zone_ctor(zones, sizeof(struct uma_zone), &args, M_WAITOK);
1842 
1843 #ifdef UMA_DEBUG
1844 	printf("Creating slab and hash zones.\n");
1845 #endif
1846 
1847 	/* Now make a zone for slab headers */
1848 	slabzone = uma_zcreate("UMA Slabs",
1849 				sizeof(struct uma_slab),
1850 				NULL, NULL, NULL, NULL,
1851 				UMA_ALIGN_PTR, UMA_ZFLAG_INTERNAL);
1852 
1853 	/*
1854 	 * We also create a zone for the bigger slabs with reference
1855 	 * counts in them, to accomodate UMA_ZONE_REFCNT zones.
1856 	 */
1857 	slabsize = sizeof(struct uma_slab_refcnt);
1858 	slabsize += uma_max_ipers_ref * sizeof(uint32_t);
1859 	slabrefzone = uma_zcreate("UMA RCntSlabs",
1860 				  slabsize,
1861 				  NULL, NULL, NULL, NULL,
1862 				  UMA_ALIGN_PTR,
1863 				  UMA_ZFLAG_INTERNAL);
1864 
1865 	hashzone = uma_zcreate("UMA Hash",
1866 	    sizeof(struct slabhead *) * UMA_HASH_SIZE_INIT,
1867 	    NULL, NULL, NULL, NULL,
1868 	    UMA_ALIGN_PTR, UMA_ZFLAG_INTERNAL);
1869 
1870 	bucket_init();
1871 
1872 	booted = UMA_STARTUP;
1873 
1874 #ifdef UMA_DEBUG
1875 	printf("UMA startup complete.\n");
1876 #endif
1877 }
1878 
1879 /* see uma.h */
1880 void
1881 uma_startup2(void)
1882 {
1883 	booted = UMA_STARTUP2;
1884 	bucket_enable();
1885 	sx_init(&uma_drain_lock, "umadrain");
1886 #ifdef UMA_DEBUG
1887 	printf("UMA startup2 complete.\n");
1888 #endif
1889 }
1890 
1891 /*
1892  * Initialize our callout handle
1893  *
1894  */
1895 
1896 static void
1897 uma_startup3(void)
1898 {
1899 #ifdef UMA_DEBUG
1900 	printf("Starting callout.\n");
1901 #endif
1902 	callout_init(&uma_callout, 1);
1903 	callout_reset(&uma_callout, UMA_TIMEOUT * hz, uma_timeout, NULL);
1904 #ifdef UMA_DEBUG
1905 	printf("UMA startup3 complete.\n");
1906 #endif
1907 }
1908 
1909 static uma_keg_t
1910 uma_kcreate(uma_zone_t zone, size_t size, uma_init uminit, uma_fini fini,
1911 		int align, uint32_t flags)
1912 {
1913 	struct uma_kctor_args args;
1914 
1915 	args.size = size;
1916 	args.uminit = uminit;
1917 	args.fini = fini;
1918 	args.align = (align == UMA_ALIGN_CACHE) ? uma_align_cache : align;
1919 	args.flags = flags;
1920 	args.zone = zone;
1921 	return (zone_alloc_item(kegs, &args, M_WAITOK));
1922 }
1923 
1924 /* See uma.h */
1925 void
1926 uma_set_align(int align)
1927 {
1928 
1929 	if (align != UMA_ALIGN_CACHE)
1930 		uma_align_cache = align;
1931 }
1932 
1933 /* See uma.h */
1934 uma_zone_t
1935 uma_zcreate(const char *name, size_t size, uma_ctor ctor, uma_dtor dtor,
1936 		uma_init uminit, uma_fini fini, int align, uint32_t flags)
1937 
1938 {
1939 	struct uma_zctor_args args;
1940 	uma_zone_t res;
1941 	bool locked;
1942 
1943 	/* This stuff is essential for the zone ctor */
1944 	memset(&args, 0, sizeof(args));
1945 	args.name = name;
1946 	args.size = size;
1947 	args.ctor = ctor;
1948 	args.dtor = dtor;
1949 	args.uminit = uminit;
1950 	args.fini = fini;
1951 #ifdef  INVARIANTS
1952 	/*
1953 	 * If a zone is being created with an empty constructor and
1954 	 * destructor, pass UMA constructor/destructor which checks for
1955 	 * memory use after free.
1956 	 */
1957 	if ((!(flags & (UMA_ZONE_ZINIT | UMA_ZONE_NOFREE))) &&
1958 	    ctor == NULL && dtor == NULL && uminit == NULL && fini == NULL) {
1959 		args.ctor = trash_ctor;
1960 		args.dtor = trash_dtor;
1961 		args.uminit = trash_init;
1962 		args.fini = trash_fini;
1963 	}
1964 #endif
1965 	args.align = align;
1966 	args.flags = flags;
1967 	args.keg = NULL;
1968 
1969 	if (booted < UMA_STARTUP2) {
1970 		locked = false;
1971 	} else {
1972 		sx_slock(&uma_drain_lock);
1973 		locked = true;
1974 	}
1975 	res = zone_alloc_item(zones, &args, M_WAITOK);
1976 	if (locked)
1977 		sx_sunlock(&uma_drain_lock);
1978 	return (res);
1979 }
1980 
1981 /* See uma.h */
1982 uma_zone_t
1983 uma_zsecond_create(char *name, uma_ctor ctor, uma_dtor dtor,
1984 		    uma_init zinit, uma_fini zfini, uma_zone_t master)
1985 {
1986 	struct uma_zctor_args args;
1987 	uma_keg_t keg;
1988 	uma_zone_t res;
1989 	bool locked;
1990 
1991 	keg = zone_first_keg(master);
1992 	memset(&args, 0, sizeof(args));
1993 	args.name = name;
1994 	args.size = keg->uk_size;
1995 	args.ctor = ctor;
1996 	args.dtor = dtor;
1997 	args.uminit = zinit;
1998 	args.fini = zfini;
1999 	args.align = keg->uk_align;
2000 	args.flags = keg->uk_flags | UMA_ZONE_SECONDARY;
2001 	args.keg = keg;
2002 
2003 	if (booted < UMA_STARTUP2) {
2004 		locked = false;
2005 	} else {
2006 		sx_slock(&uma_drain_lock);
2007 		locked = true;
2008 	}
2009 	/* XXX Attaches only one keg of potentially many. */
2010 	res = zone_alloc_item(zones, &args, M_WAITOK);
2011 	if (locked)
2012 		sx_sunlock(&uma_drain_lock);
2013 	return (res);
2014 }
2015 
2016 /* See uma.h */
2017 uma_zone_t
2018 uma_zcache_create(char *name, int size, uma_ctor ctor, uma_dtor dtor,
2019 		    uma_init zinit, uma_fini zfini, uma_import zimport,
2020 		    uma_release zrelease, void *arg, int flags)
2021 {
2022 	struct uma_zctor_args args;
2023 
2024 	memset(&args, 0, sizeof(args));
2025 	args.name = name;
2026 	args.size = size;
2027 	args.ctor = ctor;
2028 	args.dtor = dtor;
2029 	args.uminit = zinit;
2030 	args.fini = zfini;
2031 	args.import = zimport;
2032 	args.release = zrelease;
2033 	args.arg = arg;
2034 	args.align = 0;
2035 	args.flags = flags;
2036 
2037 	return (zone_alloc_item(zones, &args, M_WAITOK));
2038 }
2039 
2040 static void
2041 zone_lock_pair(uma_zone_t a, uma_zone_t b)
2042 {
2043 	if (a < b) {
2044 		ZONE_LOCK(a);
2045 		mtx_lock_flags(b->uz_lockptr, MTX_DUPOK);
2046 	} else {
2047 		ZONE_LOCK(b);
2048 		mtx_lock_flags(a->uz_lockptr, MTX_DUPOK);
2049 	}
2050 }
2051 
2052 static void
2053 zone_unlock_pair(uma_zone_t a, uma_zone_t b)
2054 {
2055 
2056 	ZONE_UNLOCK(a);
2057 	ZONE_UNLOCK(b);
2058 }
2059 
2060 int
2061 uma_zsecond_add(uma_zone_t zone, uma_zone_t master)
2062 {
2063 	uma_klink_t klink;
2064 	uma_klink_t kl;
2065 	int error;
2066 
2067 	error = 0;
2068 	klink = malloc(sizeof(*klink), M_TEMP, M_WAITOK | M_ZERO);
2069 
2070 	zone_lock_pair(zone, master);
2071 	/*
2072 	 * zone must use vtoslab() to resolve objects and must already be
2073 	 * a secondary.
2074 	 */
2075 	if ((zone->uz_flags & (UMA_ZONE_VTOSLAB | UMA_ZONE_SECONDARY))
2076 	    != (UMA_ZONE_VTOSLAB | UMA_ZONE_SECONDARY)) {
2077 		error = EINVAL;
2078 		goto out;
2079 	}
2080 	/*
2081 	 * The new master must also use vtoslab().
2082 	 */
2083 	if ((zone->uz_flags & UMA_ZONE_VTOSLAB) != UMA_ZONE_VTOSLAB) {
2084 		error = EINVAL;
2085 		goto out;
2086 	}
2087 	/*
2088 	 * Both must either be refcnt, or not be refcnt.
2089 	 */
2090 	if ((zone->uz_flags & UMA_ZONE_REFCNT) !=
2091 	    (master->uz_flags & UMA_ZONE_REFCNT)) {
2092 		error = EINVAL;
2093 		goto out;
2094 	}
2095 	/*
2096 	 * The underlying object must be the same size.  rsize
2097 	 * may be different.
2098 	 */
2099 	if (master->uz_size != zone->uz_size) {
2100 		error = E2BIG;
2101 		goto out;
2102 	}
2103 	/*
2104 	 * Put it at the end of the list.
2105 	 */
2106 	klink->kl_keg = zone_first_keg(master);
2107 	LIST_FOREACH(kl, &zone->uz_kegs, kl_link) {
2108 		if (LIST_NEXT(kl, kl_link) == NULL) {
2109 			LIST_INSERT_AFTER(kl, klink, kl_link);
2110 			break;
2111 		}
2112 	}
2113 	klink = NULL;
2114 	zone->uz_flags |= UMA_ZFLAG_MULTI;
2115 	zone->uz_slab = zone_fetch_slab_multi;
2116 
2117 out:
2118 	zone_unlock_pair(zone, master);
2119 	if (klink != NULL)
2120 		free(klink, M_TEMP);
2121 
2122 	return (error);
2123 }
2124 
2125 
2126 /* See uma.h */
2127 void
2128 uma_zdestroy(uma_zone_t zone)
2129 {
2130 
2131 	sx_slock(&uma_drain_lock);
2132 	zone_free_item(zones, zone, NULL, SKIP_NONE);
2133 	sx_sunlock(&uma_drain_lock);
2134 }
2135 
2136 /* See uma.h */
2137 void *
2138 uma_zalloc_arg(uma_zone_t zone, void *udata, int flags)
2139 {
2140 	void *item;
2141 	uma_cache_t cache;
2142 	uma_bucket_t bucket;
2143 	int lockfail;
2144 	int cpu;
2145 
2146 	/* Enable entropy collection for RANDOM_ENABLE_UMA kernel option */
2147 	random_harvest_fast_uma(&zone, sizeof(zone), 1, RANDOM_UMA);
2148 
2149 	/* This is the fast path allocation */
2150 #ifdef UMA_DEBUG_ALLOC_1
2151 	printf("Allocating one item from %s(%p)\n", zone->uz_name, zone);
2152 #endif
2153 	CTR3(KTR_UMA, "uma_zalloc_arg thread %x zone %s flags %d", curthread,
2154 	    zone->uz_name, flags);
2155 
2156 	if (flags & M_WAITOK) {
2157 		WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
2158 		    "uma_zalloc_arg: zone \"%s\"", zone->uz_name);
2159 	}
2160 	KASSERT(curthread->td_critnest == 0 || SCHEDULER_STOPPED(),
2161 	    ("uma_zalloc_arg: called with spinlock or critical section held"));
2162 
2163 #ifdef DEBUG_MEMGUARD
2164 	if (memguard_cmp_zone(zone)) {
2165 		item = memguard_alloc(zone->uz_size, flags);
2166 		if (item != NULL) {
2167 			/*
2168 			 * Avoid conflict with the use-after-free
2169 			 * protecting infrastructure from INVARIANTS.
2170 			 */
2171 			if (zone->uz_init != NULL &&
2172 			    zone->uz_init != mtrash_init &&
2173 			    zone->uz_init(item, zone->uz_size, flags) != 0)
2174 				return (NULL);
2175 			if (zone->uz_ctor != NULL &&
2176 			    zone->uz_ctor != mtrash_ctor &&
2177 			    zone->uz_ctor(item, zone->uz_size, udata,
2178 			    flags) != 0) {
2179 			    	zone->uz_fini(item, zone->uz_size);
2180 				return (NULL);
2181 			}
2182 			return (item);
2183 		}
2184 		/* This is unfortunate but should not be fatal. */
2185 	}
2186 #endif
2187 	/*
2188 	 * If possible, allocate from the per-CPU cache.  There are two
2189 	 * requirements for safe access to the per-CPU cache: (1) the thread
2190 	 * accessing the cache must not be preempted or yield during access,
2191 	 * and (2) the thread must not migrate CPUs without switching which
2192 	 * cache it accesses.  We rely on a critical section to prevent
2193 	 * preemption and migration.  We release the critical section in
2194 	 * order to acquire the zone mutex if we are unable to allocate from
2195 	 * the current cache; when we re-acquire the critical section, we
2196 	 * must detect and handle migration if it has occurred.
2197 	 */
2198 	critical_enter();
2199 	cpu = curcpu;
2200 	cache = &zone->uz_cpu[cpu];
2201 
2202 zalloc_start:
2203 	bucket = cache->uc_allocbucket;
2204 	if (bucket != NULL && bucket->ub_cnt > 0) {
2205 		bucket->ub_cnt--;
2206 		item = bucket->ub_bucket[bucket->ub_cnt];
2207 #ifdef INVARIANTS
2208 		bucket->ub_bucket[bucket->ub_cnt] = NULL;
2209 #endif
2210 		KASSERT(item != NULL, ("uma_zalloc: Bucket pointer mangled."));
2211 		cache->uc_allocs++;
2212 		critical_exit();
2213 		if (zone->uz_ctor != NULL &&
2214 		    zone->uz_ctor(item, zone->uz_size, udata, flags) != 0) {
2215 			atomic_add_long(&zone->uz_fails, 1);
2216 			zone_free_item(zone, item, udata, SKIP_DTOR);
2217 			return (NULL);
2218 		}
2219 #ifdef INVARIANTS
2220 		uma_dbg_alloc(zone, NULL, item);
2221 #endif
2222 		if (flags & M_ZERO)
2223 			uma_zero_item(item, zone);
2224 		return (item);
2225 	}
2226 
2227 	/*
2228 	 * We have run out of items in our alloc bucket.
2229 	 * See if we can switch with our free bucket.
2230 	 */
2231 	bucket = cache->uc_freebucket;
2232 	if (bucket != NULL && bucket->ub_cnt > 0) {
2233 #ifdef UMA_DEBUG_ALLOC
2234 		printf("uma_zalloc: Swapping empty with alloc.\n");
2235 #endif
2236 		cache->uc_freebucket = cache->uc_allocbucket;
2237 		cache->uc_allocbucket = bucket;
2238 		goto zalloc_start;
2239 	}
2240 
2241 	/*
2242 	 * Discard any empty allocation bucket while we hold no locks.
2243 	 */
2244 	bucket = cache->uc_allocbucket;
2245 	cache->uc_allocbucket = NULL;
2246 	critical_exit();
2247 	if (bucket != NULL)
2248 		bucket_free(zone, bucket, udata);
2249 
2250 	/* Short-circuit for zones without buckets and low memory. */
2251 	if (zone->uz_count == 0 || bucketdisable)
2252 		goto zalloc_item;
2253 
2254 	/*
2255 	 * Attempt to retrieve the item from the per-CPU cache has failed, so
2256 	 * we must go back to the zone.  This requires the zone lock, so we
2257 	 * must drop the critical section, then re-acquire it when we go back
2258 	 * to the cache.  Since the critical section is released, we may be
2259 	 * preempted or migrate.  As such, make sure not to maintain any
2260 	 * thread-local state specific to the cache from prior to releasing
2261 	 * the critical section.
2262 	 */
2263 	lockfail = 0;
2264 	if (ZONE_TRYLOCK(zone) == 0) {
2265 		/* Record contention to size the buckets. */
2266 		ZONE_LOCK(zone);
2267 		lockfail = 1;
2268 	}
2269 	critical_enter();
2270 	cpu = curcpu;
2271 	cache = &zone->uz_cpu[cpu];
2272 
2273 	/*
2274 	 * Since we have locked the zone we may as well send back our stats.
2275 	 */
2276 	atomic_add_long(&zone->uz_allocs, cache->uc_allocs);
2277 	atomic_add_long(&zone->uz_frees, cache->uc_frees);
2278 	cache->uc_allocs = 0;
2279 	cache->uc_frees = 0;
2280 
2281 	/* See if we lost the race to fill the cache. */
2282 	if (cache->uc_allocbucket != NULL) {
2283 		ZONE_UNLOCK(zone);
2284 		goto zalloc_start;
2285 	}
2286 
2287 	/*
2288 	 * Check the zone's cache of buckets.
2289 	 */
2290 	if ((bucket = LIST_FIRST(&zone->uz_buckets)) != NULL) {
2291 		KASSERT(bucket->ub_cnt != 0,
2292 		    ("uma_zalloc_arg: Returning an empty bucket."));
2293 
2294 		LIST_REMOVE(bucket, ub_link);
2295 		cache->uc_allocbucket = bucket;
2296 		ZONE_UNLOCK(zone);
2297 		goto zalloc_start;
2298 	}
2299 	/* We are no longer associated with this CPU. */
2300 	critical_exit();
2301 
2302 	/*
2303 	 * We bump the uz count when the cache size is insufficient to
2304 	 * handle the working set.
2305 	 */
2306 	if (lockfail && zone->uz_count < BUCKET_MAX)
2307 		zone->uz_count++;
2308 	ZONE_UNLOCK(zone);
2309 
2310 	/*
2311 	 * Now lets just fill a bucket and put it on the free list.  If that
2312 	 * works we'll restart the allocation from the begining and it
2313 	 * will use the just filled bucket.
2314 	 */
2315 	bucket = zone_alloc_bucket(zone, udata, flags);
2316 	if (bucket != NULL) {
2317 		ZONE_LOCK(zone);
2318 		critical_enter();
2319 		cpu = curcpu;
2320 		cache = &zone->uz_cpu[cpu];
2321 		/*
2322 		 * See if we lost the race or were migrated.  Cache the
2323 		 * initialized bucket to make this less likely or claim
2324 		 * the memory directly.
2325 		 */
2326 		if (cache->uc_allocbucket == NULL)
2327 			cache->uc_allocbucket = bucket;
2328 		else
2329 			LIST_INSERT_HEAD(&zone->uz_buckets, bucket, ub_link);
2330 		ZONE_UNLOCK(zone);
2331 		goto zalloc_start;
2332 	}
2333 
2334 	/*
2335 	 * We may not be able to get a bucket so return an actual item.
2336 	 */
2337 #ifdef UMA_DEBUG
2338 	printf("uma_zalloc_arg: Bucketzone returned NULL\n");
2339 #endif
2340 
2341 zalloc_item:
2342 	item = zone_alloc_item(zone, udata, flags);
2343 
2344 	return (item);
2345 }
2346 
2347 static uma_slab_t
2348 keg_fetch_slab(uma_keg_t keg, uma_zone_t zone, int flags)
2349 {
2350 	uma_slab_t slab;
2351 	int reserve;
2352 
2353 	mtx_assert(&keg->uk_lock, MA_OWNED);
2354 	slab = NULL;
2355 	reserve = 0;
2356 	if ((flags & M_USE_RESERVE) == 0)
2357 		reserve = keg->uk_reserve;
2358 
2359 	for (;;) {
2360 		/*
2361 		 * Find a slab with some space.  Prefer slabs that are partially
2362 		 * used over those that are totally full.  This helps to reduce
2363 		 * fragmentation.
2364 		 */
2365 		if (keg->uk_free > reserve) {
2366 			if (!LIST_EMPTY(&keg->uk_part_slab)) {
2367 				slab = LIST_FIRST(&keg->uk_part_slab);
2368 			} else {
2369 				slab = LIST_FIRST(&keg->uk_free_slab);
2370 				LIST_REMOVE(slab, us_link);
2371 				LIST_INSERT_HEAD(&keg->uk_part_slab, slab,
2372 				    us_link);
2373 			}
2374 			MPASS(slab->us_keg == keg);
2375 			return (slab);
2376 		}
2377 
2378 		/*
2379 		 * M_NOVM means don't ask at all!
2380 		 */
2381 		if (flags & M_NOVM)
2382 			break;
2383 
2384 		if (keg->uk_maxpages && keg->uk_pages >= keg->uk_maxpages) {
2385 			keg->uk_flags |= UMA_ZFLAG_FULL;
2386 			/*
2387 			 * If this is not a multi-zone, set the FULL bit.
2388 			 * Otherwise slab_multi() takes care of it.
2389 			 */
2390 			if ((zone->uz_flags & UMA_ZFLAG_MULTI) == 0) {
2391 				zone->uz_flags |= UMA_ZFLAG_FULL;
2392 				zone_log_warning(zone);
2393 				zone_maxaction(zone);
2394 			}
2395 			if (flags & M_NOWAIT)
2396 				break;
2397 			zone->uz_sleeps++;
2398 			msleep(keg, &keg->uk_lock, PVM, "keglimit", 0);
2399 			continue;
2400 		}
2401 		slab = keg_alloc_slab(keg, zone, flags);
2402 		/*
2403 		 * If we got a slab here it's safe to mark it partially used
2404 		 * and return.  We assume that the caller is going to remove
2405 		 * at least one item.
2406 		 */
2407 		if (slab) {
2408 			MPASS(slab->us_keg == keg);
2409 			LIST_INSERT_HEAD(&keg->uk_part_slab, slab, us_link);
2410 			return (slab);
2411 		}
2412 		/*
2413 		 * We might not have been able to get a slab but another cpu
2414 		 * could have while we were unlocked.  Check again before we
2415 		 * fail.
2416 		 */
2417 		flags |= M_NOVM;
2418 	}
2419 	return (slab);
2420 }
2421 
2422 static uma_slab_t
2423 zone_fetch_slab(uma_zone_t zone, uma_keg_t keg, int flags)
2424 {
2425 	uma_slab_t slab;
2426 
2427 	if (keg == NULL) {
2428 		keg = zone_first_keg(zone);
2429 		KEG_LOCK(keg);
2430 	}
2431 
2432 	for (;;) {
2433 		slab = keg_fetch_slab(keg, zone, flags);
2434 		if (slab)
2435 			return (slab);
2436 		if (flags & (M_NOWAIT | M_NOVM))
2437 			break;
2438 	}
2439 	KEG_UNLOCK(keg);
2440 	return (NULL);
2441 }
2442 
2443 /*
2444  * uma_zone_fetch_slab_multi:  Fetches a slab from one available keg.  Returns
2445  * with the keg locked.  On NULL no lock is held.
2446  *
2447  * The last pointer is used to seed the search.  It is not required.
2448  */
2449 static uma_slab_t
2450 zone_fetch_slab_multi(uma_zone_t zone, uma_keg_t last, int rflags)
2451 {
2452 	uma_klink_t klink;
2453 	uma_slab_t slab;
2454 	uma_keg_t keg;
2455 	int flags;
2456 	int empty;
2457 	int full;
2458 
2459 	/*
2460 	 * Don't wait on the first pass.  This will skip limit tests
2461 	 * as well.  We don't want to block if we can find a provider
2462 	 * without blocking.
2463 	 */
2464 	flags = (rflags & ~M_WAITOK) | M_NOWAIT;
2465 	/*
2466 	 * Use the last slab allocated as a hint for where to start
2467 	 * the search.
2468 	 */
2469 	if (last != NULL) {
2470 		slab = keg_fetch_slab(last, zone, flags);
2471 		if (slab)
2472 			return (slab);
2473 		KEG_UNLOCK(last);
2474 	}
2475 	/*
2476 	 * Loop until we have a slab incase of transient failures
2477 	 * while M_WAITOK is specified.  I'm not sure this is 100%
2478 	 * required but we've done it for so long now.
2479 	 */
2480 	for (;;) {
2481 		empty = 0;
2482 		full = 0;
2483 		/*
2484 		 * Search the available kegs for slabs.  Be careful to hold the
2485 		 * correct lock while calling into the keg layer.
2486 		 */
2487 		LIST_FOREACH(klink, &zone->uz_kegs, kl_link) {
2488 			keg = klink->kl_keg;
2489 			KEG_LOCK(keg);
2490 			if ((keg->uk_flags & UMA_ZFLAG_FULL) == 0) {
2491 				slab = keg_fetch_slab(keg, zone, flags);
2492 				if (slab)
2493 					return (slab);
2494 			}
2495 			if (keg->uk_flags & UMA_ZFLAG_FULL)
2496 				full++;
2497 			else
2498 				empty++;
2499 			KEG_UNLOCK(keg);
2500 		}
2501 		if (rflags & (M_NOWAIT | M_NOVM))
2502 			break;
2503 		flags = rflags;
2504 		/*
2505 		 * All kegs are full.  XXX We can't atomically check all kegs
2506 		 * and sleep so just sleep for a short period and retry.
2507 		 */
2508 		if (full && !empty) {
2509 			ZONE_LOCK(zone);
2510 			zone->uz_flags |= UMA_ZFLAG_FULL;
2511 			zone->uz_sleeps++;
2512 			zone_log_warning(zone);
2513 			zone_maxaction(zone);
2514 			msleep(zone, zone->uz_lockptr, PVM,
2515 			    "zonelimit", hz/100);
2516 			zone->uz_flags &= ~UMA_ZFLAG_FULL;
2517 			ZONE_UNLOCK(zone);
2518 			continue;
2519 		}
2520 	}
2521 	return (NULL);
2522 }
2523 
2524 static void *
2525 slab_alloc_item(uma_keg_t keg, uma_slab_t slab)
2526 {
2527 	void *item;
2528 	uint8_t freei;
2529 
2530 	MPASS(keg == slab->us_keg);
2531 	mtx_assert(&keg->uk_lock, MA_OWNED);
2532 
2533 	freei = BIT_FFS(SLAB_SETSIZE, &slab->us_free) - 1;
2534 	BIT_CLR(SLAB_SETSIZE, freei, &slab->us_free);
2535 	item = slab->us_data + (keg->uk_rsize * freei);
2536 	slab->us_freecount--;
2537 	keg->uk_free--;
2538 
2539 	/* Move this slab to the full list */
2540 	if (slab->us_freecount == 0) {
2541 		LIST_REMOVE(slab, us_link);
2542 		LIST_INSERT_HEAD(&keg->uk_full_slab, slab, us_link);
2543 	}
2544 
2545 	return (item);
2546 }
2547 
2548 static int
2549 zone_import(uma_zone_t zone, void **bucket, int max, int flags)
2550 {
2551 	uma_slab_t slab;
2552 	uma_keg_t keg;
2553 	int i;
2554 
2555 	slab = NULL;
2556 	keg = NULL;
2557 	/* Try to keep the buckets totally full */
2558 	for (i = 0; i < max; ) {
2559 		if ((slab = zone->uz_slab(zone, keg, flags)) == NULL)
2560 			break;
2561 		keg = slab->us_keg;
2562 		while (slab->us_freecount && i < max) {
2563 			bucket[i++] = slab_alloc_item(keg, slab);
2564 			if (keg->uk_free <= keg->uk_reserve)
2565 				break;
2566 		}
2567 		/* Don't grab more than one slab at a time. */
2568 		flags &= ~M_WAITOK;
2569 		flags |= M_NOWAIT;
2570 	}
2571 	if (slab != NULL)
2572 		KEG_UNLOCK(keg);
2573 
2574 	return i;
2575 }
2576 
2577 static uma_bucket_t
2578 zone_alloc_bucket(uma_zone_t zone, void *udata, int flags)
2579 {
2580 	uma_bucket_t bucket;
2581 	int max;
2582 
2583 	/* Don't wait for buckets, preserve caller's NOVM setting. */
2584 	bucket = bucket_alloc(zone, udata, M_NOWAIT | (flags & M_NOVM));
2585 	if (bucket == NULL)
2586 		return (NULL);
2587 
2588 	max = MIN(bucket->ub_entries, zone->uz_count);
2589 	bucket->ub_cnt = zone->uz_import(zone->uz_arg, bucket->ub_bucket,
2590 	    max, flags);
2591 
2592 	/*
2593 	 * Initialize the memory if necessary.
2594 	 */
2595 	if (bucket->ub_cnt != 0 && zone->uz_init != NULL) {
2596 		int i;
2597 
2598 		for (i = 0; i < bucket->ub_cnt; i++)
2599 			if (zone->uz_init(bucket->ub_bucket[i], zone->uz_size,
2600 			    flags) != 0)
2601 				break;
2602 		/*
2603 		 * If we couldn't initialize the whole bucket, put the
2604 		 * rest back onto the freelist.
2605 		 */
2606 		if (i != bucket->ub_cnt) {
2607 			zone->uz_release(zone->uz_arg, &bucket->ub_bucket[i],
2608 			    bucket->ub_cnt - i);
2609 #ifdef INVARIANTS
2610 			bzero(&bucket->ub_bucket[i],
2611 			    sizeof(void *) * (bucket->ub_cnt - i));
2612 #endif
2613 			bucket->ub_cnt = i;
2614 		}
2615 	}
2616 
2617 	if (bucket->ub_cnt == 0) {
2618 		bucket_free(zone, bucket, udata);
2619 		atomic_add_long(&zone->uz_fails, 1);
2620 		return (NULL);
2621 	}
2622 
2623 	return (bucket);
2624 }
2625 
2626 /*
2627  * Allocates a single item from a zone.
2628  *
2629  * Arguments
2630  *	zone   The zone to alloc for.
2631  *	udata  The data to be passed to the constructor.
2632  *	flags  M_WAITOK, M_NOWAIT, M_ZERO.
2633  *
2634  * Returns
2635  *	NULL if there is no memory and M_NOWAIT is set
2636  *	An item if successful
2637  */
2638 
2639 static void *
2640 zone_alloc_item(uma_zone_t zone, void *udata, int flags)
2641 {
2642 	void *item;
2643 
2644 	item = NULL;
2645 
2646 #ifdef UMA_DEBUG_ALLOC
2647 	printf("INTERNAL: Allocating one item from %s(%p)\n", zone->uz_name, zone);
2648 #endif
2649 	if (zone->uz_import(zone->uz_arg, &item, 1, flags) != 1)
2650 		goto fail;
2651 	atomic_add_long(&zone->uz_allocs, 1);
2652 
2653 	/*
2654 	 * We have to call both the zone's init (not the keg's init)
2655 	 * and the zone's ctor.  This is because the item is going from
2656 	 * a keg slab directly to the user, and the user is expecting it
2657 	 * to be both zone-init'd as well as zone-ctor'd.
2658 	 */
2659 	if (zone->uz_init != NULL) {
2660 		if (zone->uz_init(item, zone->uz_size, flags) != 0) {
2661 			zone_free_item(zone, item, udata, SKIP_FINI);
2662 			goto fail;
2663 		}
2664 	}
2665 	if (zone->uz_ctor != NULL) {
2666 		if (zone->uz_ctor(item, zone->uz_size, udata, flags) != 0) {
2667 			zone_free_item(zone, item, udata, SKIP_DTOR);
2668 			goto fail;
2669 		}
2670 	}
2671 #ifdef INVARIANTS
2672 	uma_dbg_alloc(zone, NULL, item);
2673 #endif
2674 	if (flags & M_ZERO)
2675 		uma_zero_item(item, zone);
2676 
2677 	return (item);
2678 
2679 fail:
2680 	atomic_add_long(&zone->uz_fails, 1);
2681 	return (NULL);
2682 }
2683 
2684 /* See uma.h */
2685 void
2686 uma_zfree_arg(uma_zone_t zone, void *item, void *udata)
2687 {
2688 	uma_cache_t cache;
2689 	uma_bucket_t bucket;
2690 	int lockfail;
2691 	int cpu;
2692 
2693 	/* Enable entropy collection for RANDOM_ENABLE_UMA kernel option */
2694 	random_harvest_fast_uma(&zone, sizeof(zone), 1, RANDOM_UMA);
2695 
2696 #ifdef UMA_DEBUG_ALLOC_1
2697 	printf("Freeing item %p to %s(%p)\n", item, zone->uz_name, zone);
2698 #endif
2699 	CTR2(KTR_UMA, "uma_zfree_arg thread %x zone %s", curthread,
2700 	    zone->uz_name);
2701 
2702 	KASSERT(curthread->td_critnest == 0 || SCHEDULER_STOPPED(),
2703 	    ("uma_zfree_arg: called with spinlock or critical section held"));
2704 
2705         /* uma_zfree(..., NULL) does nothing, to match free(9). */
2706         if (item == NULL)
2707                 return;
2708 #ifdef DEBUG_MEMGUARD
2709 	if (is_memguard_addr(item)) {
2710 		if (zone->uz_dtor != NULL && zone->uz_dtor != mtrash_dtor)
2711 			zone->uz_dtor(item, zone->uz_size, udata);
2712 		if (zone->uz_fini != NULL && zone->uz_fini != mtrash_fini)
2713 			zone->uz_fini(item, zone->uz_size);
2714 		memguard_free(item);
2715 		return;
2716 	}
2717 #endif
2718 #ifdef INVARIANTS
2719 	if (zone->uz_flags & UMA_ZONE_MALLOC)
2720 		uma_dbg_free(zone, udata, item);
2721 	else
2722 		uma_dbg_free(zone, NULL, item);
2723 #endif
2724 	if (zone->uz_dtor != NULL)
2725 		zone->uz_dtor(item, zone->uz_size, udata);
2726 
2727 	/*
2728 	 * The race here is acceptable.  If we miss it we'll just have to wait
2729 	 * a little longer for the limits to be reset.
2730 	 */
2731 	if (zone->uz_flags & UMA_ZFLAG_FULL)
2732 		goto zfree_item;
2733 
2734 	/*
2735 	 * If possible, free to the per-CPU cache.  There are two
2736 	 * requirements for safe access to the per-CPU cache: (1) the thread
2737 	 * accessing the cache must not be preempted or yield during access,
2738 	 * and (2) the thread must not migrate CPUs without switching which
2739 	 * cache it accesses.  We rely on a critical section to prevent
2740 	 * preemption and migration.  We release the critical section in
2741 	 * order to acquire the zone mutex if we are unable to free to the
2742 	 * current cache; when we re-acquire the critical section, we must
2743 	 * detect and handle migration if it has occurred.
2744 	 */
2745 zfree_restart:
2746 	critical_enter();
2747 	cpu = curcpu;
2748 	cache = &zone->uz_cpu[cpu];
2749 
2750 zfree_start:
2751 	/*
2752 	 * Try to free into the allocbucket first to give LIFO ordering
2753 	 * for cache-hot datastructures.  Spill over into the freebucket
2754 	 * if necessary.  Alloc will swap them if one runs dry.
2755 	 */
2756 	bucket = cache->uc_allocbucket;
2757 	if (bucket == NULL || bucket->ub_cnt >= bucket->ub_entries)
2758 		bucket = cache->uc_freebucket;
2759 	if (bucket != NULL && bucket->ub_cnt < bucket->ub_entries) {
2760 		KASSERT(bucket->ub_bucket[bucket->ub_cnt] == NULL,
2761 		    ("uma_zfree: Freeing to non free bucket index."));
2762 		bucket->ub_bucket[bucket->ub_cnt] = item;
2763 		bucket->ub_cnt++;
2764 		cache->uc_frees++;
2765 		critical_exit();
2766 		return;
2767 	}
2768 
2769 	/*
2770 	 * We must go back the zone, which requires acquiring the zone lock,
2771 	 * which in turn means we must release and re-acquire the critical
2772 	 * section.  Since the critical section is released, we may be
2773 	 * preempted or migrate.  As such, make sure not to maintain any
2774 	 * thread-local state specific to the cache from prior to releasing
2775 	 * the critical section.
2776 	 */
2777 	critical_exit();
2778 	if (zone->uz_count == 0 || bucketdisable)
2779 		goto zfree_item;
2780 
2781 	lockfail = 0;
2782 	if (ZONE_TRYLOCK(zone) == 0) {
2783 		/* Record contention to size the buckets. */
2784 		ZONE_LOCK(zone);
2785 		lockfail = 1;
2786 	}
2787 	critical_enter();
2788 	cpu = curcpu;
2789 	cache = &zone->uz_cpu[cpu];
2790 
2791 	/*
2792 	 * Since we have locked the zone we may as well send back our stats.
2793 	 */
2794 	atomic_add_long(&zone->uz_allocs, cache->uc_allocs);
2795 	atomic_add_long(&zone->uz_frees, cache->uc_frees);
2796 	cache->uc_allocs = 0;
2797 	cache->uc_frees = 0;
2798 
2799 	bucket = cache->uc_freebucket;
2800 	if (bucket != NULL && bucket->ub_cnt < bucket->ub_entries) {
2801 		ZONE_UNLOCK(zone);
2802 		goto zfree_start;
2803 	}
2804 	cache->uc_freebucket = NULL;
2805 
2806 	/* Can we throw this on the zone full list? */
2807 	if (bucket != NULL) {
2808 #ifdef UMA_DEBUG_ALLOC
2809 		printf("uma_zfree: Putting old bucket on the free list.\n");
2810 #endif
2811 		/* ub_cnt is pointing to the last free item */
2812 		KASSERT(bucket->ub_cnt != 0,
2813 		    ("uma_zfree: Attempting to insert an empty bucket onto the full list.\n"));
2814 		LIST_INSERT_HEAD(&zone->uz_buckets, bucket, ub_link);
2815 	}
2816 
2817 	/* We are no longer associated with this CPU. */
2818 	critical_exit();
2819 
2820 	/*
2821 	 * We bump the uz count when the cache size is insufficient to
2822 	 * handle the working set.
2823 	 */
2824 	if (lockfail && zone->uz_count < BUCKET_MAX)
2825 		zone->uz_count++;
2826 	ZONE_UNLOCK(zone);
2827 
2828 #ifdef UMA_DEBUG_ALLOC
2829 	printf("uma_zfree: Allocating new free bucket.\n");
2830 #endif
2831 	bucket = bucket_alloc(zone, udata, M_NOWAIT);
2832 	if (bucket) {
2833 		critical_enter();
2834 		cpu = curcpu;
2835 		cache = &zone->uz_cpu[cpu];
2836 		if (cache->uc_freebucket == NULL) {
2837 			cache->uc_freebucket = bucket;
2838 			goto zfree_start;
2839 		}
2840 		/*
2841 		 * We lost the race, start over.  We have to drop our
2842 		 * critical section to free the bucket.
2843 		 */
2844 		critical_exit();
2845 		bucket_free(zone, bucket, udata);
2846 		goto zfree_restart;
2847 	}
2848 
2849 	/*
2850 	 * If nothing else caught this, we'll just do an internal free.
2851 	 */
2852 zfree_item:
2853 	zone_free_item(zone, item, udata, SKIP_DTOR);
2854 
2855 	return;
2856 }
2857 
2858 static void
2859 slab_free_item(uma_keg_t keg, uma_slab_t slab, void *item)
2860 {
2861 	uint8_t freei;
2862 
2863 	mtx_assert(&keg->uk_lock, MA_OWNED);
2864 	MPASS(keg == slab->us_keg);
2865 
2866 	/* Do we need to remove from any lists? */
2867 	if (slab->us_freecount+1 == keg->uk_ipers) {
2868 		LIST_REMOVE(slab, us_link);
2869 		LIST_INSERT_HEAD(&keg->uk_free_slab, slab, us_link);
2870 	} else if (slab->us_freecount == 0) {
2871 		LIST_REMOVE(slab, us_link);
2872 		LIST_INSERT_HEAD(&keg->uk_part_slab, slab, us_link);
2873 	}
2874 
2875 	/* Slab management. */
2876 	freei = ((uintptr_t)item - (uintptr_t)slab->us_data) / keg->uk_rsize;
2877 	BIT_SET(SLAB_SETSIZE, freei, &slab->us_free);
2878 	slab->us_freecount++;
2879 
2880 	/* Keg statistics. */
2881 	keg->uk_free++;
2882 }
2883 
2884 static void
2885 zone_release(uma_zone_t zone, void **bucket, int cnt)
2886 {
2887 	void *item;
2888 	uma_slab_t slab;
2889 	uma_keg_t keg;
2890 	uint8_t *mem;
2891 	int clearfull;
2892 	int i;
2893 
2894 	clearfull = 0;
2895 	keg = zone_first_keg(zone);
2896 	KEG_LOCK(keg);
2897 	for (i = 0; i < cnt; i++) {
2898 		item = bucket[i];
2899 		if (!(zone->uz_flags & UMA_ZONE_VTOSLAB)) {
2900 			mem = (uint8_t *)((uintptr_t)item & (~UMA_SLAB_MASK));
2901 			if (zone->uz_flags & UMA_ZONE_HASH) {
2902 				slab = hash_sfind(&keg->uk_hash, mem);
2903 			} else {
2904 				mem += keg->uk_pgoff;
2905 				slab = (uma_slab_t)mem;
2906 			}
2907 		} else {
2908 			slab = vtoslab((vm_offset_t)item);
2909 			if (slab->us_keg != keg) {
2910 				KEG_UNLOCK(keg);
2911 				keg = slab->us_keg;
2912 				KEG_LOCK(keg);
2913 			}
2914 		}
2915 		slab_free_item(keg, slab, item);
2916 		if (keg->uk_flags & UMA_ZFLAG_FULL) {
2917 			if (keg->uk_pages < keg->uk_maxpages) {
2918 				keg->uk_flags &= ~UMA_ZFLAG_FULL;
2919 				clearfull = 1;
2920 			}
2921 
2922 			/*
2923 			 * We can handle one more allocation. Since we're
2924 			 * clearing ZFLAG_FULL, wake up all procs blocked
2925 			 * on pages. This should be uncommon, so keeping this
2926 			 * simple for now (rather than adding count of blocked
2927 			 * threads etc).
2928 			 */
2929 			wakeup(keg);
2930 		}
2931 	}
2932 	KEG_UNLOCK(keg);
2933 	if (clearfull) {
2934 		ZONE_LOCK(zone);
2935 		zone->uz_flags &= ~UMA_ZFLAG_FULL;
2936 		wakeup(zone);
2937 		ZONE_UNLOCK(zone);
2938 	}
2939 
2940 }
2941 
2942 /*
2943  * Frees a single item to any zone.
2944  *
2945  * Arguments:
2946  *	zone   The zone to free to
2947  *	item   The item we're freeing
2948  *	udata  User supplied data for the dtor
2949  *	skip   Skip dtors and finis
2950  */
2951 static void
2952 zone_free_item(uma_zone_t zone, void *item, void *udata, enum zfreeskip skip)
2953 {
2954 
2955 #ifdef INVARIANTS
2956 	if (skip == SKIP_NONE) {
2957 		if (zone->uz_flags & UMA_ZONE_MALLOC)
2958 			uma_dbg_free(zone, udata, item);
2959 		else
2960 			uma_dbg_free(zone, NULL, item);
2961 	}
2962 #endif
2963 	if (skip < SKIP_DTOR && zone->uz_dtor)
2964 		zone->uz_dtor(item, zone->uz_size, udata);
2965 
2966 	if (skip < SKIP_FINI && zone->uz_fini)
2967 		zone->uz_fini(item, zone->uz_size);
2968 
2969 	atomic_add_long(&zone->uz_frees, 1);
2970 	zone->uz_release(zone->uz_arg, &item, 1);
2971 }
2972 
2973 /* See uma.h */
2974 int
2975 uma_zone_set_max(uma_zone_t zone, int nitems)
2976 {
2977 	uma_keg_t keg;
2978 
2979 	keg = zone_first_keg(zone);
2980 	if (keg == NULL)
2981 		return (0);
2982 	KEG_LOCK(keg);
2983 	keg->uk_maxpages = (nitems / keg->uk_ipers) * keg->uk_ppera;
2984 	if (keg->uk_maxpages * keg->uk_ipers < nitems)
2985 		keg->uk_maxpages += keg->uk_ppera;
2986 	nitems = keg->uk_maxpages * keg->uk_ipers;
2987 	KEG_UNLOCK(keg);
2988 
2989 	return (nitems);
2990 }
2991 
2992 /* See uma.h */
2993 int
2994 uma_zone_get_max(uma_zone_t zone)
2995 {
2996 	int nitems;
2997 	uma_keg_t keg;
2998 
2999 	keg = zone_first_keg(zone);
3000 	if (keg == NULL)
3001 		return (0);
3002 	KEG_LOCK(keg);
3003 	nitems = keg->uk_maxpages * keg->uk_ipers;
3004 	KEG_UNLOCK(keg);
3005 
3006 	return (nitems);
3007 }
3008 
3009 /* See uma.h */
3010 void
3011 uma_zone_set_warning(uma_zone_t zone, const char *warning)
3012 {
3013 
3014 	ZONE_LOCK(zone);
3015 	zone->uz_warning = warning;
3016 	ZONE_UNLOCK(zone);
3017 }
3018 
3019 /* See uma.h */
3020 void
3021 uma_zone_set_maxaction(uma_zone_t zone, uma_maxaction_t maxaction)
3022 {
3023 
3024 	ZONE_LOCK(zone);
3025 	zone->uz_maxaction = maxaction;
3026 	ZONE_UNLOCK(zone);
3027 }
3028 
3029 /* See uma.h */
3030 int
3031 uma_zone_get_cur(uma_zone_t zone)
3032 {
3033 	int64_t nitems;
3034 	u_int i;
3035 
3036 	ZONE_LOCK(zone);
3037 	nitems = zone->uz_allocs - zone->uz_frees;
3038 	CPU_FOREACH(i) {
3039 		/*
3040 		 * See the comment in sysctl_vm_zone_stats() regarding the
3041 		 * safety of accessing the per-cpu caches. With the zone lock
3042 		 * held, it is safe, but can potentially result in stale data.
3043 		 */
3044 		nitems += zone->uz_cpu[i].uc_allocs -
3045 		    zone->uz_cpu[i].uc_frees;
3046 	}
3047 	ZONE_UNLOCK(zone);
3048 
3049 	return (nitems < 0 ? 0 : nitems);
3050 }
3051 
3052 /* See uma.h */
3053 void
3054 uma_zone_set_init(uma_zone_t zone, uma_init uminit)
3055 {
3056 	uma_keg_t keg;
3057 
3058 	keg = zone_first_keg(zone);
3059 	KASSERT(keg != NULL, ("uma_zone_set_init: Invalid zone type"));
3060 	KEG_LOCK(keg);
3061 	KASSERT(keg->uk_pages == 0,
3062 	    ("uma_zone_set_init on non-empty keg"));
3063 	keg->uk_init = uminit;
3064 	KEG_UNLOCK(keg);
3065 }
3066 
3067 /* See uma.h */
3068 void
3069 uma_zone_set_fini(uma_zone_t zone, uma_fini fini)
3070 {
3071 	uma_keg_t keg;
3072 
3073 	keg = zone_first_keg(zone);
3074 	KASSERT(keg != NULL, ("uma_zone_set_fini: Invalid zone type"));
3075 	KEG_LOCK(keg);
3076 	KASSERT(keg->uk_pages == 0,
3077 	    ("uma_zone_set_fini on non-empty keg"));
3078 	keg->uk_fini = fini;
3079 	KEG_UNLOCK(keg);
3080 }
3081 
3082 /* See uma.h */
3083 void
3084 uma_zone_set_zinit(uma_zone_t zone, uma_init zinit)
3085 {
3086 
3087 	ZONE_LOCK(zone);
3088 	KASSERT(zone_first_keg(zone)->uk_pages == 0,
3089 	    ("uma_zone_set_zinit on non-empty keg"));
3090 	zone->uz_init = zinit;
3091 	ZONE_UNLOCK(zone);
3092 }
3093 
3094 /* See uma.h */
3095 void
3096 uma_zone_set_zfini(uma_zone_t zone, uma_fini zfini)
3097 {
3098 
3099 	ZONE_LOCK(zone);
3100 	KASSERT(zone_first_keg(zone)->uk_pages == 0,
3101 	    ("uma_zone_set_zfini on non-empty keg"));
3102 	zone->uz_fini = zfini;
3103 	ZONE_UNLOCK(zone);
3104 }
3105 
3106 /* See uma.h */
3107 /* XXX uk_freef is not actually used with the zone locked */
3108 void
3109 uma_zone_set_freef(uma_zone_t zone, uma_free freef)
3110 {
3111 	uma_keg_t keg;
3112 
3113 	keg = zone_first_keg(zone);
3114 	KASSERT(keg != NULL, ("uma_zone_set_freef: Invalid zone type"));
3115 	KEG_LOCK(keg);
3116 	keg->uk_freef = freef;
3117 	KEG_UNLOCK(keg);
3118 }
3119 
3120 /* See uma.h */
3121 /* XXX uk_allocf is not actually used with the zone locked */
3122 void
3123 uma_zone_set_allocf(uma_zone_t zone, uma_alloc allocf)
3124 {
3125 	uma_keg_t keg;
3126 
3127 	keg = zone_first_keg(zone);
3128 	KEG_LOCK(keg);
3129 	keg->uk_allocf = allocf;
3130 	KEG_UNLOCK(keg);
3131 }
3132 
3133 /* See uma.h */
3134 void
3135 uma_zone_reserve(uma_zone_t zone, int items)
3136 {
3137 	uma_keg_t keg;
3138 
3139 	keg = zone_first_keg(zone);
3140 	if (keg == NULL)
3141 		return;
3142 	KEG_LOCK(keg);
3143 	keg->uk_reserve = items;
3144 	KEG_UNLOCK(keg);
3145 
3146 	return;
3147 }
3148 
3149 /* See uma.h */
3150 int
3151 uma_zone_reserve_kva(uma_zone_t zone, int count)
3152 {
3153 	uma_keg_t keg;
3154 	vm_offset_t kva;
3155 	u_int pages;
3156 
3157 	keg = zone_first_keg(zone);
3158 	if (keg == NULL)
3159 		return (0);
3160 	pages = count / keg->uk_ipers;
3161 
3162 	if (pages * keg->uk_ipers < count)
3163 		pages++;
3164 
3165 #ifdef UMA_MD_SMALL_ALLOC
3166 	if (keg->uk_ppera > 1) {
3167 #else
3168 	if (1) {
3169 #endif
3170 		kva = kva_alloc((vm_size_t)pages * UMA_SLAB_SIZE);
3171 		if (kva == 0)
3172 			return (0);
3173 	} else
3174 		kva = 0;
3175 	KEG_LOCK(keg);
3176 	keg->uk_kva = kva;
3177 	keg->uk_offset = 0;
3178 	keg->uk_maxpages = pages;
3179 #ifdef UMA_MD_SMALL_ALLOC
3180 	keg->uk_allocf = (keg->uk_ppera > 1) ? noobj_alloc : uma_small_alloc;
3181 #else
3182 	keg->uk_allocf = noobj_alloc;
3183 #endif
3184 	keg->uk_flags |= UMA_ZONE_NOFREE;
3185 	KEG_UNLOCK(keg);
3186 
3187 	return (1);
3188 }
3189 
3190 /* See uma.h */
3191 void
3192 uma_prealloc(uma_zone_t zone, int items)
3193 {
3194 	int slabs;
3195 	uma_slab_t slab;
3196 	uma_keg_t keg;
3197 
3198 	keg = zone_first_keg(zone);
3199 	if (keg == NULL)
3200 		return;
3201 	KEG_LOCK(keg);
3202 	slabs = items / keg->uk_ipers;
3203 	if (slabs * keg->uk_ipers < items)
3204 		slabs++;
3205 	while (slabs > 0) {
3206 		slab = keg_alloc_slab(keg, zone, M_WAITOK);
3207 		if (slab == NULL)
3208 			break;
3209 		MPASS(slab->us_keg == keg);
3210 		LIST_INSERT_HEAD(&keg->uk_free_slab, slab, us_link);
3211 		slabs--;
3212 	}
3213 	KEG_UNLOCK(keg);
3214 }
3215 
3216 /* See uma.h */
3217 uint32_t *
3218 uma_find_refcnt(uma_zone_t zone, void *item)
3219 {
3220 	uma_slabrefcnt_t slabref;
3221 	uma_slab_t slab;
3222 	uma_keg_t keg;
3223 	uint32_t *refcnt;
3224 	int idx;
3225 
3226 	slab = vtoslab((vm_offset_t)item & (~UMA_SLAB_MASK));
3227 	slabref = (uma_slabrefcnt_t)slab;
3228 	keg = slab->us_keg;
3229 	KASSERT(keg->uk_flags & UMA_ZONE_REFCNT,
3230 	    ("uma_find_refcnt(): zone possibly not UMA_ZONE_REFCNT"));
3231 	idx = ((uintptr_t)item - (uintptr_t)slab->us_data) / keg->uk_rsize;
3232 	refcnt = &slabref->us_refcnt[idx];
3233 	return refcnt;
3234 }
3235 
3236 /* See uma.h */
3237 static void
3238 uma_reclaim_locked(bool kmem_danger)
3239 {
3240 
3241 #ifdef UMA_DEBUG
3242 	printf("UMA: vm asked us to release pages!\n");
3243 #endif
3244 	sx_assert(&uma_drain_lock, SA_XLOCKED);
3245 	bucket_enable();
3246 	zone_foreach(zone_drain);
3247 	if (vm_page_count_min() || kmem_danger) {
3248 		cache_drain_safe(NULL);
3249 		zone_foreach(zone_drain);
3250 	}
3251 	/*
3252 	 * Some slabs may have been freed but this zone will be visited early
3253 	 * we visit again so that we can free pages that are empty once other
3254 	 * zones are drained.  We have to do the same for buckets.
3255 	 */
3256 	zone_drain(slabzone);
3257 	zone_drain(slabrefzone);
3258 	bucket_zone_drain();
3259 }
3260 
3261 void
3262 uma_reclaim(void)
3263 {
3264 
3265 	sx_xlock(&uma_drain_lock);
3266 	uma_reclaim_locked(false);
3267 	sx_xunlock(&uma_drain_lock);
3268 }
3269 
3270 static int uma_reclaim_needed;
3271 
3272 void
3273 uma_reclaim_wakeup(void)
3274 {
3275 
3276 	uma_reclaim_needed = 1;
3277 	wakeup(&uma_reclaim_needed);
3278 }
3279 
3280 void
3281 uma_reclaim_worker(void *arg __unused)
3282 {
3283 
3284 	sx_xlock(&uma_drain_lock);
3285 	for (;;) {
3286 		sx_sleep(&uma_reclaim_needed, &uma_drain_lock, PVM,
3287 		    "umarcl", 0);
3288 		if (uma_reclaim_needed) {
3289 			uma_reclaim_needed = 0;
3290 			uma_reclaim_locked(true);
3291 		}
3292 	}
3293 }
3294 
3295 /* See uma.h */
3296 int
3297 uma_zone_exhausted(uma_zone_t zone)
3298 {
3299 	int full;
3300 
3301 	ZONE_LOCK(zone);
3302 	full = (zone->uz_flags & UMA_ZFLAG_FULL);
3303 	ZONE_UNLOCK(zone);
3304 	return (full);
3305 }
3306 
3307 int
3308 uma_zone_exhausted_nolock(uma_zone_t zone)
3309 {
3310 	return (zone->uz_flags & UMA_ZFLAG_FULL);
3311 }
3312 
3313 void *
3314 uma_large_malloc(vm_size_t size, int wait)
3315 {
3316 	void *mem;
3317 	uma_slab_t slab;
3318 	uint8_t flags;
3319 
3320 	slab = zone_alloc_item(slabzone, NULL, wait);
3321 	if (slab == NULL)
3322 		return (NULL);
3323 	mem = page_alloc(NULL, size, &flags, wait);
3324 	if (mem) {
3325 		vsetslab((vm_offset_t)mem, slab);
3326 		slab->us_data = mem;
3327 		slab->us_flags = flags | UMA_SLAB_MALLOC;
3328 		slab->us_size = size;
3329 	} else {
3330 		zone_free_item(slabzone, slab, NULL, SKIP_NONE);
3331 	}
3332 
3333 	return (mem);
3334 }
3335 
3336 void
3337 uma_large_free(uma_slab_t slab)
3338 {
3339 
3340 	page_free(slab->us_data, slab->us_size, slab->us_flags);
3341 	zone_free_item(slabzone, slab, NULL, SKIP_NONE);
3342 }
3343 
3344 static void
3345 uma_zero_item(void *item, uma_zone_t zone)
3346 {
3347 
3348 	if (zone->uz_flags & UMA_ZONE_PCPU) {
3349 		for (int i = 0; i < mp_ncpus; i++)
3350 			bzero(zpcpu_get_cpu(item, i), zone->uz_size);
3351 	} else
3352 		bzero(item, zone->uz_size);
3353 }
3354 
3355 void
3356 uma_print_stats(void)
3357 {
3358 	zone_foreach(uma_print_zone);
3359 }
3360 
3361 static void
3362 slab_print(uma_slab_t slab)
3363 {
3364 	printf("slab: keg %p, data %p, freecount %d\n",
3365 		slab->us_keg, slab->us_data, slab->us_freecount);
3366 }
3367 
3368 static void
3369 cache_print(uma_cache_t cache)
3370 {
3371 	printf("alloc: %p(%d), free: %p(%d)\n",
3372 		cache->uc_allocbucket,
3373 		cache->uc_allocbucket?cache->uc_allocbucket->ub_cnt:0,
3374 		cache->uc_freebucket,
3375 		cache->uc_freebucket?cache->uc_freebucket->ub_cnt:0);
3376 }
3377 
3378 static void
3379 uma_print_keg(uma_keg_t keg)
3380 {
3381 	uma_slab_t slab;
3382 
3383 	printf("keg: %s(%p) size %d(%d) flags %#x ipers %d ppera %d "
3384 	    "out %d free %d limit %d\n",
3385 	    keg->uk_name, keg, keg->uk_size, keg->uk_rsize, keg->uk_flags,
3386 	    keg->uk_ipers, keg->uk_ppera,
3387 	    (keg->uk_ipers * keg->uk_pages) - keg->uk_free, keg->uk_free,
3388 	    (keg->uk_maxpages / keg->uk_ppera) * keg->uk_ipers);
3389 	printf("Part slabs:\n");
3390 	LIST_FOREACH(slab, &keg->uk_part_slab, us_link)
3391 		slab_print(slab);
3392 	printf("Free slabs:\n");
3393 	LIST_FOREACH(slab, &keg->uk_free_slab, us_link)
3394 		slab_print(slab);
3395 	printf("Full slabs:\n");
3396 	LIST_FOREACH(slab, &keg->uk_full_slab, us_link)
3397 		slab_print(slab);
3398 }
3399 
3400 void
3401 uma_print_zone(uma_zone_t zone)
3402 {
3403 	uma_cache_t cache;
3404 	uma_klink_t kl;
3405 	int i;
3406 
3407 	printf("zone: %s(%p) size %d flags %#x\n",
3408 	    zone->uz_name, zone, zone->uz_size, zone->uz_flags);
3409 	LIST_FOREACH(kl, &zone->uz_kegs, kl_link)
3410 		uma_print_keg(kl->kl_keg);
3411 	CPU_FOREACH(i) {
3412 		cache = &zone->uz_cpu[i];
3413 		printf("CPU %d Cache:\n", i);
3414 		cache_print(cache);
3415 	}
3416 }
3417 
3418 #ifdef DDB
3419 /*
3420  * Generate statistics across both the zone and its per-cpu cache's.  Return
3421  * desired statistics if the pointer is non-NULL for that statistic.
3422  *
3423  * Note: does not update the zone statistics, as it can't safely clear the
3424  * per-CPU cache statistic.
3425  *
3426  * XXXRW: Following the uc_allocbucket and uc_freebucket pointers here isn't
3427  * safe from off-CPU; we should modify the caches to track this information
3428  * directly so that we don't have to.
3429  */
3430 static void
3431 uma_zone_sumstat(uma_zone_t z, int *cachefreep, uint64_t *allocsp,
3432     uint64_t *freesp, uint64_t *sleepsp)
3433 {
3434 	uma_cache_t cache;
3435 	uint64_t allocs, frees, sleeps;
3436 	int cachefree, cpu;
3437 
3438 	allocs = frees = sleeps = 0;
3439 	cachefree = 0;
3440 	CPU_FOREACH(cpu) {
3441 		cache = &z->uz_cpu[cpu];
3442 		if (cache->uc_allocbucket != NULL)
3443 			cachefree += cache->uc_allocbucket->ub_cnt;
3444 		if (cache->uc_freebucket != NULL)
3445 			cachefree += cache->uc_freebucket->ub_cnt;
3446 		allocs += cache->uc_allocs;
3447 		frees += cache->uc_frees;
3448 	}
3449 	allocs += z->uz_allocs;
3450 	frees += z->uz_frees;
3451 	sleeps += z->uz_sleeps;
3452 	if (cachefreep != NULL)
3453 		*cachefreep = cachefree;
3454 	if (allocsp != NULL)
3455 		*allocsp = allocs;
3456 	if (freesp != NULL)
3457 		*freesp = frees;
3458 	if (sleepsp != NULL)
3459 		*sleepsp = sleeps;
3460 }
3461 #endif /* DDB */
3462 
3463 static int
3464 sysctl_vm_zone_count(SYSCTL_HANDLER_ARGS)
3465 {
3466 	uma_keg_t kz;
3467 	uma_zone_t z;
3468 	int count;
3469 
3470 	count = 0;
3471 	rw_rlock(&uma_rwlock);
3472 	LIST_FOREACH(kz, &uma_kegs, uk_link) {
3473 		LIST_FOREACH(z, &kz->uk_zones, uz_link)
3474 			count++;
3475 	}
3476 	rw_runlock(&uma_rwlock);
3477 	return (sysctl_handle_int(oidp, &count, 0, req));
3478 }
3479 
3480 static int
3481 sysctl_vm_zone_stats(SYSCTL_HANDLER_ARGS)
3482 {
3483 	struct uma_stream_header ush;
3484 	struct uma_type_header uth;
3485 	struct uma_percpu_stat ups;
3486 	uma_bucket_t bucket;
3487 	struct sbuf sbuf;
3488 	uma_cache_t cache;
3489 	uma_klink_t kl;
3490 	uma_keg_t kz;
3491 	uma_zone_t z;
3492 	uma_keg_t k;
3493 	int count, error, i;
3494 
3495 	error = sysctl_wire_old_buffer(req, 0);
3496 	if (error != 0)
3497 		return (error);
3498 	sbuf_new_for_sysctl(&sbuf, NULL, 128, req);
3499 	sbuf_clear_flags(&sbuf, SBUF_INCLUDENUL);
3500 
3501 	count = 0;
3502 	rw_rlock(&uma_rwlock);
3503 	LIST_FOREACH(kz, &uma_kegs, uk_link) {
3504 		LIST_FOREACH(z, &kz->uk_zones, uz_link)
3505 			count++;
3506 	}
3507 
3508 	/*
3509 	 * Insert stream header.
3510 	 */
3511 	bzero(&ush, sizeof(ush));
3512 	ush.ush_version = UMA_STREAM_VERSION;
3513 	ush.ush_maxcpus = (mp_maxid + 1);
3514 	ush.ush_count = count;
3515 	(void)sbuf_bcat(&sbuf, &ush, sizeof(ush));
3516 
3517 	LIST_FOREACH(kz, &uma_kegs, uk_link) {
3518 		LIST_FOREACH(z, &kz->uk_zones, uz_link) {
3519 			bzero(&uth, sizeof(uth));
3520 			ZONE_LOCK(z);
3521 			strlcpy(uth.uth_name, z->uz_name, UTH_MAX_NAME);
3522 			uth.uth_align = kz->uk_align;
3523 			uth.uth_size = kz->uk_size;
3524 			uth.uth_rsize = kz->uk_rsize;
3525 			LIST_FOREACH(kl, &z->uz_kegs, kl_link) {
3526 				k = kl->kl_keg;
3527 				uth.uth_maxpages += k->uk_maxpages;
3528 				uth.uth_pages += k->uk_pages;
3529 				uth.uth_keg_free += k->uk_free;
3530 				uth.uth_limit = (k->uk_maxpages / k->uk_ppera)
3531 				    * k->uk_ipers;
3532 			}
3533 
3534 			/*
3535 			 * A zone is secondary is it is not the first entry
3536 			 * on the keg's zone list.
3537 			 */
3538 			if ((z->uz_flags & UMA_ZONE_SECONDARY) &&
3539 			    (LIST_FIRST(&kz->uk_zones) != z))
3540 				uth.uth_zone_flags = UTH_ZONE_SECONDARY;
3541 
3542 			LIST_FOREACH(bucket, &z->uz_buckets, ub_link)
3543 				uth.uth_zone_free += bucket->ub_cnt;
3544 			uth.uth_allocs = z->uz_allocs;
3545 			uth.uth_frees = z->uz_frees;
3546 			uth.uth_fails = z->uz_fails;
3547 			uth.uth_sleeps = z->uz_sleeps;
3548 			(void)sbuf_bcat(&sbuf, &uth, sizeof(uth));
3549 			/*
3550 			 * While it is not normally safe to access the cache
3551 			 * bucket pointers while not on the CPU that owns the
3552 			 * cache, we only allow the pointers to be exchanged
3553 			 * without the zone lock held, not invalidated, so
3554 			 * accept the possible race associated with bucket
3555 			 * exchange during monitoring.
3556 			 */
3557 			for (i = 0; i < (mp_maxid + 1); i++) {
3558 				bzero(&ups, sizeof(ups));
3559 				if (kz->uk_flags & UMA_ZFLAG_INTERNAL)
3560 					goto skip;
3561 				if (CPU_ABSENT(i))
3562 					goto skip;
3563 				cache = &z->uz_cpu[i];
3564 				if (cache->uc_allocbucket != NULL)
3565 					ups.ups_cache_free +=
3566 					    cache->uc_allocbucket->ub_cnt;
3567 				if (cache->uc_freebucket != NULL)
3568 					ups.ups_cache_free +=
3569 					    cache->uc_freebucket->ub_cnt;
3570 				ups.ups_allocs = cache->uc_allocs;
3571 				ups.ups_frees = cache->uc_frees;
3572 skip:
3573 				(void)sbuf_bcat(&sbuf, &ups, sizeof(ups));
3574 			}
3575 			ZONE_UNLOCK(z);
3576 		}
3577 	}
3578 	rw_runlock(&uma_rwlock);
3579 	error = sbuf_finish(&sbuf);
3580 	sbuf_delete(&sbuf);
3581 	return (error);
3582 }
3583 
3584 int
3585 sysctl_handle_uma_zone_max(SYSCTL_HANDLER_ARGS)
3586 {
3587 	uma_zone_t zone = *(uma_zone_t *)arg1;
3588 	int error, max;
3589 
3590 	max = uma_zone_get_max(zone);
3591 	error = sysctl_handle_int(oidp, &max, 0, req);
3592 	if (error || !req->newptr)
3593 		return (error);
3594 
3595 	uma_zone_set_max(zone, max);
3596 
3597 	return (0);
3598 }
3599 
3600 int
3601 sysctl_handle_uma_zone_cur(SYSCTL_HANDLER_ARGS)
3602 {
3603 	uma_zone_t zone = *(uma_zone_t *)arg1;
3604 	int cur;
3605 
3606 	cur = uma_zone_get_cur(zone);
3607 	return (sysctl_handle_int(oidp, &cur, 0, req));
3608 }
3609 
3610 #ifdef DDB
3611 DB_SHOW_COMMAND(uma, db_show_uma)
3612 {
3613 	uint64_t allocs, frees, sleeps;
3614 	uma_bucket_t bucket;
3615 	uma_keg_t kz;
3616 	uma_zone_t z;
3617 	int cachefree;
3618 
3619 	db_printf("%18s %8s %8s %8s %12s %8s %8s\n", "Zone", "Size", "Used",
3620 	    "Free", "Requests", "Sleeps", "Bucket");
3621 	LIST_FOREACH(kz, &uma_kegs, uk_link) {
3622 		LIST_FOREACH(z, &kz->uk_zones, uz_link) {
3623 			if (kz->uk_flags & UMA_ZFLAG_INTERNAL) {
3624 				allocs = z->uz_allocs;
3625 				frees = z->uz_frees;
3626 				sleeps = z->uz_sleeps;
3627 				cachefree = 0;
3628 			} else
3629 				uma_zone_sumstat(z, &cachefree, &allocs,
3630 				    &frees, &sleeps);
3631 			if (!((z->uz_flags & UMA_ZONE_SECONDARY) &&
3632 			    (LIST_FIRST(&kz->uk_zones) != z)))
3633 				cachefree += kz->uk_free;
3634 			LIST_FOREACH(bucket, &z->uz_buckets, ub_link)
3635 				cachefree += bucket->ub_cnt;
3636 			db_printf("%18s %8ju %8jd %8d %12ju %8ju %8u\n",
3637 			    z->uz_name, (uintmax_t)kz->uk_size,
3638 			    (intmax_t)(allocs - frees), cachefree,
3639 			    (uintmax_t)allocs, sleeps, z->uz_count);
3640 			if (db_pager_quit)
3641 				return;
3642 		}
3643 	}
3644 }
3645 
3646 DB_SHOW_COMMAND(umacache, db_show_umacache)
3647 {
3648 	uint64_t allocs, frees;
3649 	uma_bucket_t bucket;
3650 	uma_zone_t z;
3651 	int cachefree;
3652 
3653 	db_printf("%18s %8s %8s %8s %12s %8s\n", "Zone", "Size", "Used", "Free",
3654 	    "Requests", "Bucket");
3655 	LIST_FOREACH(z, &uma_cachezones, uz_link) {
3656 		uma_zone_sumstat(z, &cachefree, &allocs, &frees, NULL);
3657 		LIST_FOREACH(bucket, &z->uz_buckets, ub_link)
3658 			cachefree += bucket->ub_cnt;
3659 		db_printf("%18s %8ju %8jd %8d %12ju %8u\n",
3660 		    z->uz_name, (uintmax_t)z->uz_size,
3661 		    (intmax_t)(allocs - frees), cachefree,
3662 		    (uintmax_t)allocs, z->uz_count);
3663 		if (db_pager_quit)
3664 			return;
3665 	}
3666 }
3667 #endif
3668