1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2002-2019 Jeffrey Roberson <jeff@FreeBSD.org> 5 * Copyright (c) 2004, 2005 Bosko Milekic <bmilekic@FreeBSD.org> 6 * Copyright (c) 2004-2006 Robert N. M. Watson 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice unmodified, this list of conditions, and the following 14 * disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 /* 32 * uma_core.c Implementation of the Universal Memory allocator 33 * 34 * This allocator is intended to replace the multitude of similar object caches 35 * in the standard FreeBSD kernel. The intent is to be flexible as well as 36 * efficient. A primary design goal is to return unused memory to the rest of 37 * the system. This will make the system as a whole more flexible due to the 38 * ability to move memory to subsystems which most need it instead of leaving 39 * pools of reserved memory unused. 40 * 41 * The basic ideas stem from similar slab/zone based allocators whose algorithms 42 * are well known. 43 * 44 */ 45 46 /* 47 * TODO: 48 * - Improve memory usage for large allocations 49 * - Investigate cache size adjustments 50 */ 51 52 #include <sys/cdefs.h> 53 __FBSDID("$FreeBSD$"); 54 55 #include "opt_ddb.h" 56 #include "opt_param.h" 57 #include "opt_vm.h" 58 59 #include <sys/param.h> 60 #include <sys/systm.h> 61 #include <sys/asan.h> 62 #include <sys/bitset.h> 63 #include <sys/domainset.h> 64 #include <sys/eventhandler.h> 65 #include <sys/kernel.h> 66 #include <sys/types.h> 67 #include <sys/limits.h> 68 #include <sys/queue.h> 69 #include <sys/malloc.h> 70 #include <sys/ktr.h> 71 #include <sys/lock.h> 72 #include <sys/msan.h> 73 #include <sys/mutex.h> 74 #include <sys/proc.h> 75 #include <sys/random.h> 76 #include <sys/rwlock.h> 77 #include <sys/sbuf.h> 78 #include <sys/sched.h> 79 #include <sys/sleepqueue.h> 80 #include <sys/smp.h> 81 #include <sys/smr.h> 82 #include <sys/sysctl.h> 83 #include <sys/taskqueue.h> 84 #include <sys/vmmeter.h> 85 86 #include <vm/vm.h> 87 #include <vm/vm_param.h> 88 #include <vm/vm_domainset.h> 89 #include <vm/vm_object.h> 90 #include <vm/vm_page.h> 91 #include <vm/vm_pageout.h> 92 #include <vm/vm_phys.h> 93 #include <vm/vm_pagequeue.h> 94 #include <vm/vm_map.h> 95 #include <vm/vm_kern.h> 96 #include <vm/vm_extern.h> 97 #include <vm/vm_dumpset.h> 98 #include <vm/uma.h> 99 #include <vm/uma_int.h> 100 #include <vm/uma_dbg.h> 101 102 #include <ddb/ddb.h> 103 104 #ifdef DEBUG_MEMGUARD 105 #include <vm/memguard.h> 106 #endif 107 108 #include <machine/md_var.h> 109 110 #ifdef INVARIANTS 111 #define UMA_ALWAYS_CTORDTOR 1 112 #else 113 #define UMA_ALWAYS_CTORDTOR 0 114 #endif 115 116 /* 117 * This is the zone and keg from which all zones are spawned. 118 */ 119 static uma_zone_t kegs; 120 static uma_zone_t zones; 121 122 /* 123 * On INVARIANTS builds, the slab contains a second bitset of the same size, 124 * "dbg_bits", which is laid out immediately after us_free. 125 */ 126 #ifdef INVARIANTS 127 #define SLAB_BITSETS 2 128 #else 129 #define SLAB_BITSETS 1 130 #endif 131 132 /* 133 * These are the two zones from which all offpage uma_slab_ts are allocated. 134 * 135 * One zone is for slab headers that can represent a larger number of items, 136 * making the slabs themselves more efficient, and the other zone is for 137 * headers that are smaller and represent fewer items, making the headers more 138 * efficient. 139 */ 140 #define SLABZONE_SIZE(setsize) \ 141 (sizeof(struct uma_hash_slab) + BITSET_SIZE(setsize) * SLAB_BITSETS) 142 #define SLABZONE0_SETSIZE (PAGE_SIZE / 16) 143 #define SLABZONE1_SETSIZE SLAB_MAX_SETSIZE 144 #define SLABZONE0_SIZE SLABZONE_SIZE(SLABZONE0_SETSIZE) 145 #define SLABZONE1_SIZE SLABZONE_SIZE(SLABZONE1_SETSIZE) 146 static uma_zone_t slabzones[2]; 147 148 /* 149 * The initial hash tables come out of this zone so they can be allocated 150 * prior to malloc coming up. 151 */ 152 static uma_zone_t hashzone; 153 154 /* The boot-time adjusted value for cache line alignment. */ 155 int uma_align_cache = 64 - 1; 156 157 static MALLOC_DEFINE(M_UMAHASH, "UMAHash", "UMA Hash Buckets"); 158 static MALLOC_DEFINE(M_UMA, "UMA", "UMA Misc"); 159 160 /* 161 * Are we allowed to allocate buckets? 162 */ 163 static int bucketdisable = 1; 164 165 /* Linked list of all kegs in the system */ 166 static LIST_HEAD(,uma_keg) uma_kegs = LIST_HEAD_INITIALIZER(uma_kegs); 167 168 /* Linked list of all cache-only zones in the system */ 169 static LIST_HEAD(,uma_zone) uma_cachezones = 170 LIST_HEAD_INITIALIZER(uma_cachezones); 171 172 /* 173 * Mutex for global lists: uma_kegs, uma_cachezones, and the per-keg list of 174 * zones. 175 */ 176 static struct rwlock_padalign __exclusive_cache_line uma_rwlock; 177 178 static struct sx uma_reclaim_lock; 179 180 /* 181 * First available virual address for boot time allocations. 182 */ 183 static vm_offset_t bootstart; 184 static vm_offset_t bootmem; 185 186 /* 187 * kmem soft limit, initialized by uma_set_limit(). Ensure that early 188 * allocations don't trigger a wakeup of the reclaim thread. 189 */ 190 unsigned long uma_kmem_limit = LONG_MAX; 191 SYSCTL_ULONG(_vm, OID_AUTO, uma_kmem_limit, CTLFLAG_RD, &uma_kmem_limit, 0, 192 "UMA kernel memory soft limit"); 193 unsigned long uma_kmem_total; 194 SYSCTL_ULONG(_vm, OID_AUTO, uma_kmem_total, CTLFLAG_RD, &uma_kmem_total, 0, 195 "UMA kernel memory usage"); 196 197 /* Is the VM done starting up? */ 198 static enum { 199 BOOT_COLD, 200 BOOT_KVA, 201 BOOT_PCPU, 202 BOOT_RUNNING, 203 BOOT_SHUTDOWN, 204 } booted = BOOT_COLD; 205 206 /* 207 * This is the handle used to schedule events that need to happen 208 * outside of the allocation fast path. 209 */ 210 static struct timeout_task uma_timeout_task; 211 #define UMA_TIMEOUT 20 /* Seconds for callout interval. */ 212 213 /* 214 * This structure is passed as the zone ctor arg so that I don't have to create 215 * a special allocation function just for zones. 216 */ 217 struct uma_zctor_args { 218 const char *name; 219 size_t size; 220 uma_ctor ctor; 221 uma_dtor dtor; 222 uma_init uminit; 223 uma_fini fini; 224 uma_import import; 225 uma_release release; 226 void *arg; 227 uma_keg_t keg; 228 int align; 229 uint32_t flags; 230 }; 231 232 struct uma_kctor_args { 233 uma_zone_t zone; 234 size_t size; 235 uma_init uminit; 236 uma_fini fini; 237 int align; 238 uint32_t flags; 239 }; 240 241 struct uma_bucket_zone { 242 uma_zone_t ubz_zone; 243 const char *ubz_name; 244 int ubz_entries; /* Number of items it can hold. */ 245 int ubz_maxsize; /* Maximum allocation size per-item. */ 246 }; 247 248 /* 249 * Compute the actual number of bucket entries to pack them in power 250 * of two sizes for more efficient space utilization. 251 */ 252 #define BUCKET_SIZE(n) \ 253 (((sizeof(void *) * (n)) - sizeof(struct uma_bucket)) / sizeof(void *)) 254 255 #define BUCKET_MAX BUCKET_SIZE(256) 256 257 struct uma_bucket_zone bucket_zones[] = { 258 /* Literal bucket sizes. */ 259 { NULL, "2 Bucket", 2, 4096 }, 260 { NULL, "4 Bucket", 4, 3072 }, 261 { NULL, "8 Bucket", 8, 2048 }, 262 { NULL, "16 Bucket", 16, 1024 }, 263 /* Rounded down power of 2 sizes for efficiency. */ 264 { NULL, "32 Bucket", BUCKET_SIZE(32), 512 }, 265 { NULL, "64 Bucket", BUCKET_SIZE(64), 256 }, 266 { NULL, "128 Bucket", BUCKET_SIZE(128), 128 }, 267 { NULL, "256 Bucket", BUCKET_SIZE(256), 64 }, 268 { NULL, NULL, 0} 269 }; 270 271 /* 272 * Flags and enumerations to be passed to internal functions. 273 */ 274 enum zfreeskip { 275 SKIP_NONE = 0, 276 SKIP_CNT = 0x00000001, 277 SKIP_DTOR = 0x00010000, 278 SKIP_FINI = 0x00020000, 279 }; 280 281 /* Prototypes.. */ 282 283 void uma_startup1(vm_offset_t); 284 void uma_startup2(void); 285 286 static void *noobj_alloc(uma_zone_t, vm_size_t, int, uint8_t *, int); 287 static void *page_alloc(uma_zone_t, vm_size_t, int, uint8_t *, int); 288 static void *pcpu_page_alloc(uma_zone_t, vm_size_t, int, uint8_t *, int); 289 static void *startup_alloc(uma_zone_t, vm_size_t, int, uint8_t *, int); 290 static void *contig_alloc(uma_zone_t, vm_size_t, int, uint8_t *, int); 291 static void page_free(void *, vm_size_t, uint8_t); 292 static void pcpu_page_free(void *, vm_size_t, uint8_t); 293 static uma_slab_t keg_alloc_slab(uma_keg_t, uma_zone_t, int, int, int); 294 static void cache_drain(uma_zone_t); 295 static void bucket_drain(uma_zone_t, uma_bucket_t); 296 static void bucket_cache_reclaim(uma_zone_t zone, bool, int); 297 static bool bucket_cache_reclaim_domain(uma_zone_t, bool, bool, int); 298 static int keg_ctor(void *, int, void *, int); 299 static void keg_dtor(void *, int, void *); 300 static void keg_drain(uma_keg_t keg, int domain); 301 static int zone_ctor(void *, int, void *, int); 302 static void zone_dtor(void *, int, void *); 303 static inline void item_dtor(uma_zone_t zone, void *item, int size, 304 void *udata, enum zfreeskip skip); 305 static int zero_init(void *, int, int); 306 static void zone_free_bucket(uma_zone_t zone, uma_bucket_t bucket, void *udata, 307 int itemdomain, bool ws); 308 static void zone_foreach(void (*zfunc)(uma_zone_t, void *), void *); 309 static void zone_foreach_unlocked(void (*zfunc)(uma_zone_t, void *), void *); 310 static void zone_timeout(uma_zone_t zone, void *); 311 static int hash_alloc(struct uma_hash *, u_int); 312 static int hash_expand(struct uma_hash *, struct uma_hash *); 313 static void hash_free(struct uma_hash *hash); 314 static void uma_timeout(void *, int); 315 static void uma_shutdown(void); 316 static void *zone_alloc_item(uma_zone_t, void *, int, int); 317 static void zone_free_item(uma_zone_t, void *, void *, enum zfreeskip); 318 static int zone_alloc_limit(uma_zone_t zone, int count, int flags); 319 static void zone_free_limit(uma_zone_t zone, int count); 320 static void bucket_enable(void); 321 static void bucket_init(void); 322 static uma_bucket_t bucket_alloc(uma_zone_t zone, void *, int); 323 static void bucket_free(uma_zone_t zone, uma_bucket_t, void *); 324 static void bucket_zone_drain(int domain); 325 static uma_bucket_t zone_alloc_bucket(uma_zone_t, void *, int, int); 326 static void *slab_alloc_item(uma_keg_t keg, uma_slab_t slab); 327 static void slab_free_item(uma_zone_t zone, uma_slab_t slab, void *item); 328 static size_t slab_sizeof(int nitems); 329 static uma_keg_t uma_kcreate(uma_zone_t zone, size_t size, uma_init uminit, 330 uma_fini fini, int align, uint32_t flags); 331 static int zone_import(void *, void **, int, int, int); 332 static void zone_release(void *, void **, int); 333 static bool cache_alloc(uma_zone_t, uma_cache_t, void *, int); 334 static bool cache_free(uma_zone_t, uma_cache_t, void *, int); 335 336 static int sysctl_vm_zone_count(SYSCTL_HANDLER_ARGS); 337 static int sysctl_vm_zone_stats(SYSCTL_HANDLER_ARGS); 338 static int sysctl_handle_uma_zone_allocs(SYSCTL_HANDLER_ARGS); 339 static int sysctl_handle_uma_zone_frees(SYSCTL_HANDLER_ARGS); 340 static int sysctl_handle_uma_zone_flags(SYSCTL_HANDLER_ARGS); 341 static int sysctl_handle_uma_slab_efficiency(SYSCTL_HANDLER_ARGS); 342 static int sysctl_handle_uma_zone_items(SYSCTL_HANDLER_ARGS); 343 344 static uint64_t uma_zone_get_allocs(uma_zone_t zone); 345 346 static SYSCTL_NODE(_vm, OID_AUTO, debug, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 347 "Memory allocation debugging"); 348 349 #ifdef INVARIANTS 350 static uint64_t uma_keg_get_allocs(uma_keg_t zone); 351 static inline struct noslabbits *slab_dbg_bits(uma_slab_t slab, uma_keg_t keg); 352 353 static bool uma_dbg_kskip(uma_keg_t keg, void *mem); 354 static bool uma_dbg_zskip(uma_zone_t zone, void *mem); 355 static void uma_dbg_free(uma_zone_t zone, uma_slab_t slab, void *item); 356 static void uma_dbg_alloc(uma_zone_t zone, uma_slab_t slab, void *item); 357 358 static u_int dbg_divisor = 1; 359 SYSCTL_UINT(_vm_debug, OID_AUTO, divisor, 360 CTLFLAG_RDTUN | CTLFLAG_NOFETCH, &dbg_divisor, 0, 361 "Debug & thrash every this item in memory allocator"); 362 363 static counter_u64_t uma_dbg_cnt = EARLY_COUNTER; 364 static counter_u64_t uma_skip_cnt = EARLY_COUNTER; 365 SYSCTL_COUNTER_U64(_vm_debug, OID_AUTO, trashed, CTLFLAG_RD, 366 &uma_dbg_cnt, "memory items debugged"); 367 SYSCTL_COUNTER_U64(_vm_debug, OID_AUTO, skipped, CTLFLAG_RD, 368 &uma_skip_cnt, "memory items skipped, not debugged"); 369 #endif 370 371 SYSCTL_NODE(_vm, OID_AUTO, uma, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 372 "Universal Memory Allocator"); 373 374 SYSCTL_PROC(_vm, OID_AUTO, zone_count, CTLFLAG_RD|CTLFLAG_MPSAFE|CTLTYPE_INT, 375 0, 0, sysctl_vm_zone_count, "I", "Number of UMA zones"); 376 377 SYSCTL_PROC(_vm, OID_AUTO, zone_stats, CTLFLAG_RD|CTLFLAG_MPSAFE|CTLTYPE_STRUCT, 378 0, 0, sysctl_vm_zone_stats, "s,struct uma_type_header", "Zone Stats"); 379 380 static int zone_warnings = 1; 381 SYSCTL_INT(_vm, OID_AUTO, zone_warnings, CTLFLAG_RWTUN, &zone_warnings, 0, 382 "Warn when UMA zones becomes full"); 383 384 static int multipage_slabs = 1; 385 TUNABLE_INT("vm.debug.uma_multipage_slabs", &multipage_slabs); 386 SYSCTL_INT(_vm_debug, OID_AUTO, uma_multipage_slabs, 387 CTLFLAG_RDTUN | CTLFLAG_NOFETCH, &multipage_slabs, 0, 388 "UMA may choose larger slab sizes for better efficiency"); 389 390 /* 391 * Select the slab zone for an offpage slab with the given maximum item count. 392 */ 393 static inline uma_zone_t 394 slabzone(int ipers) 395 { 396 397 return (slabzones[ipers > SLABZONE0_SETSIZE]); 398 } 399 400 /* 401 * This routine checks to see whether or not it's safe to enable buckets. 402 */ 403 static void 404 bucket_enable(void) 405 { 406 407 KASSERT(booted >= BOOT_KVA, ("Bucket enable before init")); 408 bucketdisable = vm_page_count_min(); 409 } 410 411 /* 412 * Initialize bucket_zones, the array of zones of buckets of various sizes. 413 * 414 * For each zone, calculate the memory required for each bucket, consisting 415 * of the header and an array of pointers. 416 */ 417 static void 418 bucket_init(void) 419 { 420 struct uma_bucket_zone *ubz; 421 int size; 422 423 for (ubz = &bucket_zones[0]; ubz->ubz_entries != 0; ubz++) { 424 size = roundup(sizeof(struct uma_bucket), sizeof(void *)); 425 size += sizeof(void *) * ubz->ubz_entries; 426 ubz->ubz_zone = uma_zcreate(ubz->ubz_name, size, 427 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 428 UMA_ZONE_MTXCLASS | UMA_ZFLAG_BUCKET | 429 UMA_ZONE_FIRSTTOUCH); 430 } 431 } 432 433 /* 434 * Given a desired number of entries for a bucket, return the zone from which 435 * to allocate the bucket. 436 */ 437 static struct uma_bucket_zone * 438 bucket_zone_lookup(int entries) 439 { 440 struct uma_bucket_zone *ubz; 441 442 for (ubz = &bucket_zones[0]; ubz->ubz_entries != 0; ubz++) 443 if (ubz->ubz_entries >= entries) 444 return (ubz); 445 ubz--; 446 return (ubz); 447 } 448 449 static int 450 bucket_select(int size) 451 { 452 struct uma_bucket_zone *ubz; 453 454 ubz = &bucket_zones[0]; 455 if (size > ubz->ubz_maxsize) 456 return MAX((ubz->ubz_maxsize * ubz->ubz_entries) / size, 1); 457 458 for (; ubz->ubz_entries != 0; ubz++) 459 if (ubz->ubz_maxsize < size) 460 break; 461 ubz--; 462 return (ubz->ubz_entries); 463 } 464 465 static uma_bucket_t 466 bucket_alloc(uma_zone_t zone, void *udata, int flags) 467 { 468 struct uma_bucket_zone *ubz; 469 uma_bucket_t bucket; 470 471 /* 472 * Don't allocate buckets early in boot. 473 */ 474 if (__predict_false(booted < BOOT_KVA)) 475 return (NULL); 476 477 /* 478 * To limit bucket recursion we store the original zone flags 479 * in a cookie passed via zalloc_arg/zfree_arg. This allows the 480 * NOVM flag to persist even through deep recursions. We also 481 * store ZFLAG_BUCKET once we have recursed attempting to allocate 482 * a bucket for a bucket zone so we do not allow infinite bucket 483 * recursion. This cookie will even persist to frees of unused 484 * buckets via the allocation path or bucket allocations in the 485 * free path. 486 */ 487 if ((zone->uz_flags & UMA_ZFLAG_BUCKET) == 0) 488 udata = (void *)(uintptr_t)zone->uz_flags; 489 else { 490 if ((uintptr_t)udata & UMA_ZFLAG_BUCKET) 491 return (NULL); 492 udata = (void *)((uintptr_t)udata | UMA_ZFLAG_BUCKET); 493 } 494 if (((uintptr_t)udata & UMA_ZONE_VM) != 0) 495 flags |= M_NOVM; 496 ubz = bucket_zone_lookup(atomic_load_16(&zone->uz_bucket_size)); 497 if (ubz->ubz_zone == zone && (ubz + 1)->ubz_entries != 0) 498 ubz++; 499 bucket = uma_zalloc_arg(ubz->ubz_zone, udata, flags); 500 if (bucket) { 501 #ifdef INVARIANTS 502 bzero(bucket->ub_bucket, sizeof(void *) * ubz->ubz_entries); 503 #endif 504 bucket->ub_cnt = 0; 505 bucket->ub_entries = min(ubz->ubz_entries, 506 zone->uz_bucket_size_max); 507 bucket->ub_seq = SMR_SEQ_INVALID; 508 CTR3(KTR_UMA, "bucket_alloc: zone %s(%p) allocated bucket %p", 509 zone->uz_name, zone, bucket); 510 } 511 512 return (bucket); 513 } 514 515 static void 516 bucket_free(uma_zone_t zone, uma_bucket_t bucket, void *udata) 517 { 518 struct uma_bucket_zone *ubz; 519 520 if (bucket->ub_cnt != 0) 521 bucket_drain(zone, bucket); 522 523 KASSERT(bucket->ub_cnt == 0, 524 ("bucket_free: Freeing a non free bucket.")); 525 KASSERT(bucket->ub_seq == SMR_SEQ_INVALID, 526 ("bucket_free: Freeing an SMR bucket.")); 527 if ((zone->uz_flags & UMA_ZFLAG_BUCKET) == 0) 528 udata = (void *)(uintptr_t)zone->uz_flags; 529 ubz = bucket_zone_lookup(bucket->ub_entries); 530 uma_zfree_arg(ubz->ubz_zone, bucket, udata); 531 } 532 533 static void 534 bucket_zone_drain(int domain) 535 { 536 struct uma_bucket_zone *ubz; 537 538 for (ubz = &bucket_zones[0]; ubz->ubz_entries != 0; ubz++) 539 uma_zone_reclaim_domain(ubz->ubz_zone, UMA_RECLAIM_DRAIN, 540 domain); 541 } 542 543 #ifdef KASAN 544 _Static_assert(UMA_SMALLEST_UNIT % KASAN_SHADOW_SCALE == 0, 545 "Base UMA allocation size not a multiple of the KASAN scale factor"); 546 547 static void 548 kasan_mark_item_valid(uma_zone_t zone, void *item) 549 { 550 void *pcpu_item; 551 size_t sz, rsz; 552 int i; 553 554 if ((zone->uz_flags & UMA_ZONE_NOKASAN) != 0) 555 return; 556 557 sz = zone->uz_size; 558 rsz = roundup2(sz, KASAN_SHADOW_SCALE); 559 if ((zone->uz_flags & UMA_ZONE_PCPU) == 0) { 560 kasan_mark(item, sz, rsz, KASAN_GENERIC_REDZONE); 561 } else { 562 pcpu_item = zpcpu_base_to_offset(item); 563 for (i = 0; i <= mp_maxid; i++) 564 kasan_mark(zpcpu_get_cpu(pcpu_item, i), sz, rsz, 565 KASAN_GENERIC_REDZONE); 566 } 567 } 568 569 static void 570 kasan_mark_item_invalid(uma_zone_t zone, void *item) 571 { 572 void *pcpu_item; 573 size_t sz; 574 int i; 575 576 if ((zone->uz_flags & UMA_ZONE_NOKASAN) != 0) 577 return; 578 579 sz = roundup2(zone->uz_size, KASAN_SHADOW_SCALE); 580 if ((zone->uz_flags & UMA_ZONE_PCPU) == 0) { 581 kasan_mark(item, 0, sz, KASAN_UMA_FREED); 582 } else { 583 pcpu_item = zpcpu_base_to_offset(item); 584 for (i = 0; i <= mp_maxid; i++) 585 kasan_mark(zpcpu_get_cpu(pcpu_item, i), 0, sz, 586 KASAN_UMA_FREED); 587 } 588 } 589 590 static void 591 kasan_mark_slab_valid(uma_keg_t keg, void *mem) 592 { 593 size_t sz; 594 595 if ((keg->uk_flags & UMA_ZONE_NOKASAN) == 0) { 596 sz = keg->uk_ppera * PAGE_SIZE; 597 kasan_mark(mem, sz, sz, 0); 598 } 599 } 600 601 static void 602 kasan_mark_slab_invalid(uma_keg_t keg, void *mem) 603 { 604 size_t sz; 605 606 if ((keg->uk_flags & UMA_ZONE_NOKASAN) == 0) { 607 if ((keg->uk_flags & UMA_ZFLAG_OFFPAGE) != 0) 608 sz = keg->uk_ppera * PAGE_SIZE; 609 else 610 sz = keg->uk_pgoff; 611 kasan_mark(mem, 0, sz, KASAN_UMA_FREED); 612 } 613 } 614 #else /* !KASAN */ 615 static void 616 kasan_mark_item_valid(uma_zone_t zone __unused, void *item __unused) 617 { 618 } 619 620 static void 621 kasan_mark_item_invalid(uma_zone_t zone __unused, void *item __unused) 622 { 623 } 624 625 static void 626 kasan_mark_slab_valid(uma_keg_t keg __unused, void *mem __unused) 627 { 628 } 629 630 static void 631 kasan_mark_slab_invalid(uma_keg_t keg __unused, void *mem __unused) 632 { 633 } 634 #endif /* KASAN */ 635 636 #ifdef KMSAN 637 static inline void 638 kmsan_mark_item_uninitialized(uma_zone_t zone, void *item) 639 { 640 void *pcpu_item; 641 size_t sz; 642 int i; 643 644 if ((zone->uz_flags & 645 (UMA_ZFLAG_CACHE | UMA_ZONE_SECONDARY | UMA_ZONE_MALLOC)) != 0) { 646 /* 647 * Cache zones should not be instrumented by default, as UMA 648 * does not have enough information to do so correctly. 649 * Consumers can mark items themselves if it makes sense to do 650 * so. 651 * 652 * Items from secondary zones are initialized by the parent 653 * zone and thus cannot safely be marked by UMA. 654 * 655 * malloc zones are handled directly by malloc(9) and friends, 656 * since they can provide more precise origin tracking. 657 */ 658 return; 659 } 660 if (zone->uz_keg->uk_init != NULL) { 661 /* 662 * By definition, initialized items cannot be marked. The 663 * best we can do is mark items from these zones after they 664 * are freed to the keg. 665 */ 666 return; 667 } 668 669 sz = zone->uz_size; 670 if ((zone->uz_flags & UMA_ZONE_PCPU) == 0) { 671 kmsan_orig(item, sz, KMSAN_TYPE_UMA, KMSAN_RET_ADDR); 672 kmsan_mark(item, sz, KMSAN_STATE_UNINIT); 673 } else { 674 pcpu_item = zpcpu_base_to_offset(item); 675 for (i = 0; i <= mp_maxid; i++) { 676 kmsan_orig(zpcpu_get_cpu(pcpu_item, i), sz, 677 KMSAN_TYPE_UMA, KMSAN_RET_ADDR); 678 kmsan_mark(zpcpu_get_cpu(pcpu_item, i), sz, 679 KMSAN_STATE_INITED); 680 } 681 } 682 } 683 #else /* !KMSAN */ 684 static inline void 685 kmsan_mark_item_uninitialized(uma_zone_t zone __unused, void *item __unused) 686 { 687 } 688 #endif /* KMSAN */ 689 690 /* 691 * Acquire the domain lock and record contention. 692 */ 693 static uma_zone_domain_t 694 zone_domain_lock(uma_zone_t zone, int domain) 695 { 696 uma_zone_domain_t zdom; 697 bool lockfail; 698 699 zdom = ZDOM_GET(zone, domain); 700 lockfail = false; 701 if (ZDOM_OWNED(zdom)) 702 lockfail = true; 703 ZDOM_LOCK(zdom); 704 /* This is unsynchronized. The counter does not need to be precise. */ 705 if (lockfail && zone->uz_bucket_size < zone->uz_bucket_size_max) 706 zone->uz_bucket_size++; 707 return (zdom); 708 } 709 710 /* 711 * Search for the domain with the least cached items and return it if it 712 * is out of balance with the preferred domain. 713 */ 714 static __noinline int 715 zone_domain_lowest(uma_zone_t zone, int pref) 716 { 717 long least, nitems, prefitems; 718 int domain; 719 int i; 720 721 prefitems = least = LONG_MAX; 722 domain = 0; 723 for (i = 0; i < vm_ndomains; i++) { 724 nitems = ZDOM_GET(zone, i)->uzd_nitems; 725 if (nitems < least) { 726 domain = i; 727 least = nitems; 728 } 729 if (domain == pref) 730 prefitems = nitems; 731 } 732 if (prefitems < least * 2) 733 return (pref); 734 735 return (domain); 736 } 737 738 /* 739 * Search for the domain with the most cached items and return it or the 740 * preferred domain if it has enough to proceed. 741 */ 742 static __noinline int 743 zone_domain_highest(uma_zone_t zone, int pref) 744 { 745 long most, nitems; 746 int domain; 747 int i; 748 749 if (ZDOM_GET(zone, pref)->uzd_nitems > BUCKET_MAX) 750 return (pref); 751 752 most = 0; 753 domain = 0; 754 for (i = 0; i < vm_ndomains; i++) { 755 nitems = ZDOM_GET(zone, i)->uzd_nitems; 756 if (nitems > most) { 757 domain = i; 758 most = nitems; 759 } 760 } 761 762 return (domain); 763 } 764 765 /* 766 * Set the maximum imax value. 767 */ 768 static void 769 zone_domain_imax_set(uma_zone_domain_t zdom, int nitems) 770 { 771 long old; 772 773 old = zdom->uzd_imax; 774 do { 775 if (old >= nitems) 776 return; 777 } while (atomic_fcmpset_long(&zdom->uzd_imax, &old, nitems) == 0); 778 779 /* 780 * We are at new maximum, so do the last WSS update for the old 781 * bimin and prepare to measure next allocation batch. 782 */ 783 if (zdom->uzd_wss < old - zdom->uzd_bimin) 784 zdom->uzd_wss = old - zdom->uzd_bimin; 785 zdom->uzd_bimin = nitems; 786 } 787 788 /* 789 * Attempt to satisfy an allocation by retrieving a full bucket from one of the 790 * zone's caches. If a bucket is found the zone is not locked on return. 791 */ 792 static uma_bucket_t 793 zone_fetch_bucket(uma_zone_t zone, uma_zone_domain_t zdom, bool reclaim) 794 { 795 uma_bucket_t bucket; 796 long cnt; 797 int i; 798 bool dtor = false; 799 800 ZDOM_LOCK_ASSERT(zdom); 801 802 if ((bucket = STAILQ_FIRST(&zdom->uzd_buckets)) == NULL) 803 return (NULL); 804 805 /* SMR Buckets can not be re-used until readers expire. */ 806 if ((zone->uz_flags & UMA_ZONE_SMR) != 0 && 807 bucket->ub_seq != SMR_SEQ_INVALID) { 808 if (!smr_poll(zone->uz_smr, bucket->ub_seq, false)) 809 return (NULL); 810 bucket->ub_seq = SMR_SEQ_INVALID; 811 dtor = (zone->uz_dtor != NULL) || UMA_ALWAYS_CTORDTOR; 812 if (STAILQ_NEXT(bucket, ub_link) != NULL) 813 zdom->uzd_seq = STAILQ_NEXT(bucket, ub_link)->ub_seq; 814 } 815 STAILQ_REMOVE_HEAD(&zdom->uzd_buckets, ub_link); 816 817 KASSERT(zdom->uzd_nitems >= bucket->ub_cnt, 818 ("%s: item count underflow (%ld, %d)", 819 __func__, zdom->uzd_nitems, bucket->ub_cnt)); 820 KASSERT(bucket->ub_cnt > 0, 821 ("%s: empty bucket in bucket cache", __func__)); 822 zdom->uzd_nitems -= bucket->ub_cnt; 823 824 if (reclaim) { 825 /* 826 * Shift the bounds of the current WSS interval to avoid 827 * perturbing the estimates. 828 */ 829 cnt = lmin(zdom->uzd_bimin, bucket->ub_cnt); 830 atomic_subtract_long(&zdom->uzd_imax, cnt); 831 zdom->uzd_bimin -= cnt; 832 zdom->uzd_imin -= lmin(zdom->uzd_imin, bucket->ub_cnt); 833 if (zdom->uzd_limin >= bucket->ub_cnt) { 834 zdom->uzd_limin -= bucket->ub_cnt; 835 } else { 836 zdom->uzd_limin = 0; 837 zdom->uzd_timin = 0; 838 } 839 } else if (zdom->uzd_bimin > zdom->uzd_nitems) { 840 zdom->uzd_bimin = zdom->uzd_nitems; 841 if (zdom->uzd_imin > zdom->uzd_nitems) 842 zdom->uzd_imin = zdom->uzd_nitems; 843 } 844 845 ZDOM_UNLOCK(zdom); 846 if (dtor) 847 for (i = 0; i < bucket->ub_cnt; i++) 848 item_dtor(zone, bucket->ub_bucket[i], zone->uz_size, 849 NULL, SKIP_NONE); 850 851 return (bucket); 852 } 853 854 /* 855 * Insert a full bucket into the specified cache. The "ws" parameter indicates 856 * whether the bucket's contents should be counted as part of the zone's working 857 * set. The bucket may be freed if it exceeds the bucket limit. 858 */ 859 static void 860 zone_put_bucket(uma_zone_t zone, int domain, uma_bucket_t bucket, void *udata, 861 const bool ws) 862 { 863 uma_zone_domain_t zdom; 864 865 /* We don't cache empty buckets. This can happen after a reclaim. */ 866 if (bucket->ub_cnt == 0) 867 goto out; 868 zdom = zone_domain_lock(zone, domain); 869 870 /* 871 * Conditionally set the maximum number of items. 872 */ 873 zdom->uzd_nitems += bucket->ub_cnt; 874 if (__predict_true(zdom->uzd_nitems < zone->uz_bucket_max)) { 875 if (ws) { 876 zone_domain_imax_set(zdom, zdom->uzd_nitems); 877 } else { 878 /* 879 * Shift the bounds of the current WSS interval to 880 * avoid perturbing the estimates. 881 */ 882 atomic_add_long(&zdom->uzd_imax, bucket->ub_cnt); 883 zdom->uzd_imin += bucket->ub_cnt; 884 zdom->uzd_bimin += bucket->ub_cnt; 885 zdom->uzd_limin += bucket->ub_cnt; 886 } 887 if (STAILQ_EMPTY(&zdom->uzd_buckets)) 888 zdom->uzd_seq = bucket->ub_seq; 889 890 /* 891 * Try to promote reuse of recently used items. For items 892 * protected by SMR, try to defer reuse to minimize polling. 893 */ 894 if (bucket->ub_seq == SMR_SEQ_INVALID) 895 STAILQ_INSERT_HEAD(&zdom->uzd_buckets, bucket, ub_link); 896 else 897 STAILQ_INSERT_TAIL(&zdom->uzd_buckets, bucket, ub_link); 898 ZDOM_UNLOCK(zdom); 899 return; 900 } 901 zdom->uzd_nitems -= bucket->ub_cnt; 902 ZDOM_UNLOCK(zdom); 903 out: 904 bucket_free(zone, bucket, udata); 905 } 906 907 /* Pops an item out of a per-cpu cache bucket. */ 908 static inline void * 909 cache_bucket_pop(uma_cache_t cache, uma_cache_bucket_t bucket) 910 { 911 void *item; 912 913 CRITICAL_ASSERT(curthread); 914 915 bucket->ucb_cnt--; 916 item = bucket->ucb_bucket->ub_bucket[bucket->ucb_cnt]; 917 #ifdef INVARIANTS 918 bucket->ucb_bucket->ub_bucket[bucket->ucb_cnt] = NULL; 919 KASSERT(item != NULL, ("uma_zalloc: Bucket pointer mangled.")); 920 #endif 921 cache->uc_allocs++; 922 923 return (item); 924 } 925 926 /* Pushes an item into a per-cpu cache bucket. */ 927 static inline void 928 cache_bucket_push(uma_cache_t cache, uma_cache_bucket_t bucket, void *item) 929 { 930 931 CRITICAL_ASSERT(curthread); 932 KASSERT(bucket->ucb_bucket->ub_bucket[bucket->ucb_cnt] == NULL, 933 ("uma_zfree: Freeing to non free bucket index.")); 934 935 bucket->ucb_bucket->ub_bucket[bucket->ucb_cnt] = item; 936 bucket->ucb_cnt++; 937 cache->uc_frees++; 938 } 939 940 /* 941 * Unload a UMA bucket from a per-cpu cache. 942 */ 943 static inline uma_bucket_t 944 cache_bucket_unload(uma_cache_bucket_t bucket) 945 { 946 uma_bucket_t b; 947 948 b = bucket->ucb_bucket; 949 if (b != NULL) { 950 MPASS(b->ub_entries == bucket->ucb_entries); 951 b->ub_cnt = bucket->ucb_cnt; 952 bucket->ucb_bucket = NULL; 953 bucket->ucb_entries = bucket->ucb_cnt = 0; 954 } 955 956 return (b); 957 } 958 959 static inline uma_bucket_t 960 cache_bucket_unload_alloc(uma_cache_t cache) 961 { 962 963 return (cache_bucket_unload(&cache->uc_allocbucket)); 964 } 965 966 static inline uma_bucket_t 967 cache_bucket_unload_free(uma_cache_t cache) 968 { 969 970 return (cache_bucket_unload(&cache->uc_freebucket)); 971 } 972 973 static inline uma_bucket_t 974 cache_bucket_unload_cross(uma_cache_t cache) 975 { 976 977 return (cache_bucket_unload(&cache->uc_crossbucket)); 978 } 979 980 /* 981 * Load a bucket into a per-cpu cache bucket. 982 */ 983 static inline void 984 cache_bucket_load(uma_cache_bucket_t bucket, uma_bucket_t b) 985 { 986 987 CRITICAL_ASSERT(curthread); 988 MPASS(bucket->ucb_bucket == NULL); 989 MPASS(b->ub_seq == SMR_SEQ_INVALID); 990 991 bucket->ucb_bucket = b; 992 bucket->ucb_cnt = b->ub_cnt; 993 bucket->ucb_entries = b->ub_entries; 994 } 995 996 static inline void 997 cache_bucket_load_alloc(uma_cache_t cache, uma_bucket_t b) 998 { 999 1000 cache_bucket_load(&cache->uc_allocbucket, b); 1001 } 1002 1003 static inline void 1004 cache_bucket_load_free(uma_cache_t cache, uma_bucket_t b) 1005 { 1006 1007 cache_bucket_load(&cache->uc_freebucket, b); 1008 } 1009 1010 #ifdef NUMA 1011 static inline void 1012 cache_bucket_load_cross(uma_cache_t cache, uma_bucket_t b) 1013 { 1014 1015 cache_bucket_load(&cache->uc_crossbucket, b); 1016 } 1017 #endif 1018 1019 /* 1020 * Copy and preserve ucb_spare. 1021 */ 1022 static inline void 1023 cache_bucket_copy(uma_cache_bucket_t b1, uma_cache_bucket_t b2) 1024 { 1025 1026 b1->ucb_bucket = b2->ucb_bucket; 1027 b1->ucb_entries = b2->ucb_entries; 1028 b1->ucb_cnt = b2->ucb_cnt; 1029 } 1030 1031 /* 1032 * Swap two cache buckets. 1033 */ 1034 static inline void 1035 cache_bucket_swap(uma_cache_bucket_t b1, uma_cache_bucket_t b2) 1036 { 1037 struct uma_cache_bucket b3; 1038 1039 CRITICAL_ASSERT(curthread); 1040 1041 cache_bucket_copy(&b3, b1); 1042 cache_bucket_copy(b1, b2); 1043 cache_bucket_copy(b2, &b3); 1044 } 1045 1046 /* 1047 * Attempt to fetch a bucket from a zone on behalf of the current cpu cache. 1048 */ 1049 static uma_bucket_t 1050 cache_fetch_bucket(uma_zone_t zone, uma_cache_t cache, int domain) 1051 { 1052 uma_zone_domain_t zdom; 1053 uma_bucket_t bucket; 1054 smr_seq_t seq; 1055 1056 /* 1057 * Avoid the lock if possible. 1058 */ 1059 zdom = ZDOM_GET(zone, domain); 1060 if (zdom->uzd_nitems == 0) 1061 return (NULL); 1062 1063 if ((cache_uz_flags(cache) & UMA_ZONE_SMR) != 0 && 1064 (seq = atomic_load_32(&zdom->uzd_seq)) != SMR_SEQ_INVALID && 1065 !smr_poll(zone->uz_smr, seq, false)) 1066 return (NULL); 1067 1068 /* 1069 * Check the zone's cache of buckets. 1070 */ 1071 zdom = zone_domain_lock(zone, domain); 1072 if ((bucket = zone_fetch_bucket(zone, zdom, false)) != NULL) 1073 return (bucket); 1074 ZDOM_UNLOCK(zdom); 1075 1076 return (NULL); 1077 } 1078 1079 static void 1080 zone_log_warning(uma_zone_t zone) 1081 { 1082 static const struct timeval warninterval = { 300, 0 }; 1083 1084 if (!zone_warnings || zone->uz_warning == NULL) 1085 return; 1086 1087 if (ratecheck(&zone->uz_ratecheck, &warninterval)) 1088 printf("[zone: %s] %s\n", zone->uz_name, zone->uz_warning); 1089 } 1090 1091 static inline void 1092 zone_maxaction(uma_zone_t zone) 1093 { 1094 1095 if (zone->uz_maxaction.ta_func != NULL) 1096 taskqueue_enqueue(taskqueue_thread, &zone->uz_maxaction); 1097 } 1098 1099 /* 1100 * Routine called by timeout which is used to fire off some time interval 1101 * based calculations. (stats, hash size, etc.) 1102 * 1103 * Arguments: 1104 * arg Unused 1105 * 1106 * Returns: 1107 * Nothing 1108 */ 1109 static void 1110 uma_timeout(void *context __unused, int pending __unused) 1111 { 1112 bucket_enable(); 1113 zone_foreach(zone_timeout, NULL); 1114 1115 /* Reschedule this event */ 1116 taskqueue_enqueue_timeout(taskqueue_thread, &uma_timeout_task, 1117 UMA_TIMEOUT * hz); 1118 } 1119 1120 /* 1121 * Update the working set size estimates for the zone's bucket cache. 1122 * The constants chosen here are somewhat arbitrary. 1123 */ 1124 static void 1125 zone_domain_update_wss(uma_zone_domain_t zdom) 1126 { 1127 long m; 1128 1129 ZDOM_LOCK_ASSERT(zdom); 1130 MPASS(zdom->uzd_imax >= zdom->uzd_nitems); 1131 MPASS(zdom->uzd_nitems >= zdom->uzd_bimin); 1132 MPASS(zdom->uzd_bimin >= zdom->uzd_imin); 1133 1134 /* 1135 * Estimate WSS as modified moving average of biggest allocation 1136 * batches for each period over few minutes (UMA_TIMEOUT of 20s). 1137 */ 1138 zdom->uzd_wss = lmax(zdom->uzd_wss * 3 / 4, 1139 zdom->uzd_imax - zdom->uzd_bimin); 1140 1141 /* 1142 * Estimate longtime minimum item count as a combination of recent 1143 * minimum item count, adjusted by WSS for safety, and the modified 1144 * moving average over the last several hours (UMA_TIMEOUT of 20s). 1145 * timin measures time since limin tried to go negative, that means 1146 * we were dangerously close to or got out of cache. 1147 */ 1148 m = zdom->uzd_imin - zdom->uzd_wss; 1149 if (m >= 0) { 1150 if (zdom->uzd_limin >= m) 1151 zdom->uzd_limin = m; 1152 else 1153 zdom->uzd_limin = (m + zdom->uzd_limin * 255) / 256; 1154 zdom->uzd_timin++; 1155 } else { 1156 zdom->uzd_limin = 0; 1157 zdom->uzd_timin = 0; 1158 } 1159 1160 /* To reduce period edge effects on WSS keep half of the imax. */ 1161 atomic_subtract_long(&zdom->uzd_imax, 1162 (zdom->uzd_imax - zdom->uzd_nitems + 1) / 2); 1163 zdom->uzd_imin = zdom->uzd_bimin = zdom->uzd_nitems; 1164 } 1165 1166 /* 1167 * Routine to perform timeout driven calculations. This expands the 1168 * hashes and does per cpu statistics aggregation. 1169 * 1170 * Returns nothing. 1171 */ 1172 static void 1173 zone_timeout(uma_zone_t zone, void *unused) 1174 { 1175 uma_keg_t keg; 1176 u_int slabs, pages; 1177 1178 if ((zone->uz_flags & UMA_ZFLAG_HASH) == 0) 1179 goto trim; 1180 1181 keg = zone->uz_keg; 1182 1183 /* 1184 * Hash zones are non-numa by definition so the first domain 1185 * is the only one present. 1186 */ 1187 KEG_LOCK(keg, 0); 1188 pages = keg->uk_domain[0].ud_pages; 1189 1190 /* 1191 * Expand the keg hash table. 1192 * 1193 * This is done if the number of slabs is larger than the hash size. 1194 * What I'm trying to do here is completely reduce collisions. This 1195 * may be a little aggressive. Should I allow for two collisions max? 1196 */ 1197 if ((slabs = pages / keg->uk_ppera) > keg->uk_hash.uh_hashsize) { 1198 struct uma_hash newhash; 1199 struct uma_hash oldhash; 1200 int ret; 1201 1202 /* 1203 * This is so involved because allocating and freeing 1204 * while the keg lock is held will lead to deadlock. 1205 * I have to do everything in stages and check for 1206 * races. 1207 */ 1208 KEG_UNLOCK(keg, 0); 1209 ret = hash_alloc(&newhash, 1 << fls(slabs)); 1210 KEG_LOCK(keg, 0); 1211 if (ret) { 1212 if (hash_expand(&keg->uk_hash, &newhash)) { 1213 oldhash = keg->uk_hash; 1214 keg->uk_hash = newhash; 1215 } else 1216 oldhash = newhash; 1217 1218 KEG_UNLOCK(keg, 0); 1219 hash_free(&oldhash); 1220 goto trim; 1221 } 1222 } 1223 KEG_UNLOCK(keg, 0); 1224 1225 trim: 1226 /* Trim caches not used for a long time. */ 1227 if ((zone->uz_flags & UMA_ZONE_UNMANAGED) == 0) { 1228 for (int i = 0; i < vm_ndomains; i++) { 1229 if (bucket_cache_reclaim_domain(zone, false, false, i) && 1230 (zone->uz_flags & UMA_ZFLAG_CACHE) == 0) 1231 keg_drain(zone->uz_keg, i); 1232 } 1233 } 1234 } 1235 1236 /* 1237 * Allocate and zero fill the next sized hash table from the appropriate 1238 * backing store. 1239 * 1240 * Arguments: 1241 * hash A new hash structure with the old hash size in uh_hashsize 1242 * 1243 * Returns: 1244 * 1 on success and 0 on failure. 1245 */ 1246 static int 1247 hash_alloc(struct uma_hash *hash, u_int size) 1248 { 1249 size_t alloc; 1250 1251 KASSERT(powerof2(size), ("hash size must be power of 2")); 1252 if (size > UMA_HASH_SIZE_INIT) { 1253 hash->uh_hashsize = size; 1254 alloc = sizeof(hash->uh_slab_hash[0]) * hash->uh_hashsize; 1255 hash->uh_slab_hash = malloc(alloc, M_UMAHASH, M_NOWAIT); 1256 } else { 1257 alloc = sizeof(hash->uh_slab_hash[0]) * UMA_HASH_SIZE_INIT; 1258 hash->uh_slab_hash = zone_alloc_item(hashzone, NULL, 1259 UMA_ANYDOMAIN, M_WAITOK); 1260 hash->uh_hashsize = UMA_HASH_SIZE_INIT; 1261 } 1262 if (hash->uh_slab_hash) { 1263 bzero(hash->uh_slab_hash, alloc); 1264 hash->uh_hashmask = hash->uh_hashsize - 1; 1265 return (1); 1266 } 1267 1268 return (0); 1269 } 1270 1271 /* 1272 * Expands the hash table for HASH zones. This is done from zone_timeout 1273 * to reduce collisions. This must not be done in the regular allocation 1274 * path, otherwise, we can recurse on the vm while allocating pages. 1275 * 1276 * Arguments: 1277 * oldhash The hash you want to expand 1278 * newhash The hash structure for the new table 1279 * 1280 * Returns: 1281 * Nothing 1282 * 1283 * Discussion: 1284 */ 1285 static int 1286 hash_expand(struct uma_hash *oldhash, struct uma_hash *newhash) 1287 { 1288 uma_hash_slab_t slab; 1289 u_int hval; 1290 u_int idx; 1291 1292 if (!newhash->uh_slab_hash) 1293 return (0); 1294 1295 if (oldhash->uh_hashsize >= newhash->uh_hashsize) 1296 return (0); 1297 1298 /* 1299 * I need to investigate hash algorithms for resizing without a 1300 * full rehash. 1301 */ 1302 1303 for (idx = 0; idx < oldhash->uh_hashsize; idx++) 1304 while (!LIST_EMPTY(&oldhash->uh_slab_hash[idx])) { 1305 slab = LIST_FIRST(&oldhash->uh_slab_hash[idx]); 1306 LIST_REMOVE(slab, uhs_hlink); 1307 hval = UMA_HASH(newhash, slab->uhs_data); 1308 LIST_INSERT_HEAD(&newhash->uh_slab_hash[hval], 1309 slab, uhs_hlink); 1310 } 1311 1312 return (1); 1313 } 1314 1315 /* 1316 * Free the hash bucket to the appropriate backing store. 1317 * 1318 * Arguments: 1319 * slab_hash The hash bucket we're freeing 1320 * hashsize The number of entries in that hash bucket 1321 * 1322 * Returns: 1323 * Nothing 1324 */ 1325 static void 1326 hash_free(struct uma_hash *hash) 1327 { 1328 if (hash->uh_slab_hash == NULL) 1329 return; 1330 if (hash->uh_hashsize == UMA_HASH_SIZE_INIT) 1331 zone_free_item(hashzone, hash->uh_slab_hash, NULL, SKIP_NONE); 1332 else 1333 free(hash->uh_slab_hash, M_UMAHASH); 1334 } 1335 1336 /* 1337 * Frees all outstanding items in a bucket 1338 * 1339 * Arguments: 1340 * zone The zone to free to, must be unlocked. 1341 * bucket The free/alloc bucket with items. 1342 * 1343 * Returns: 1344 * Nothing 1345 */ 1346 static void 1347 bucket_drain(uma_zone_t zone, uma_bucket_t bucket) 1348 { 1349 int i; 1350 1351 if (bucket->ub_cnt == 0) 1352 return; 1353 1354 if ((zone->uz_flags & UMA_ZONE_SMR) != 0 && 1355 bucket->ub_seq != SMR_SEQ_INVALID) { 1356 smr_wait(zone->uz_smr, bucket->ub_seq); 1357 bucket->ub_seq = SMR_SEQ_INVALID; 1358 for (i = 0; i < bucket->ub_cnt; i++) 1359 item_dtor(zone, bucket->ub_bucket[i], 1360 zone->uz_size, NULL, SKIP_NONE); 1361 } 1362 if (zone->uz_fini) 1363 for (i = 0; i < bucket->ub_cnt; i++) { 1364 kasan_mark_item_valid(zone, bucket->ub_bucket[i]); 1365 zone->uz_fini(bucket->ub_bucket[i], zone->uz_size); 1366 kasan_mark_item_invalid(zone, bucket->ub_bucket[i]); 1367 } 1368 zone->uz_release(zone->uz_arg, bucket->ub_bucket, bucket->ub_cnt); 1369 if (zone->uz_max_items > 0) 1370 zone_free_limit(zone, bucket->ub_cnt); 1371 #ifdef INVARIANTS 1372 bzero(bucket->ub_bucket, sizeof(void *) * bucket->ub_cnt); 1373 #endif 1374 bucket->ub_cnt = 0; 1375 } 1376 1377 /* 1378 * Drains the per cpu caches for a zone. 1379 * 1380 * NOTE: This may only be called while the zone is being torn down, and not 1381 * during normal operation. This is necessary in order that we do not have 1382 * to migrate CPUs to drain the per-CPU caches. 1383 * 1384 * Arguments: 1385 * zone The zone to drain, must be unlocked. 1386 * 1387 * Returns: 1388 * Nothing 1389 */ 1390 static void 1391 cache_drain(uma_zone_t zone) 1392 { 1393 uma_cache_t cache; 1394 uma_bucket_t bucket; 1395 smr_seq_t seq; 1396 int cpu; 1397 1398 /* 1399 * XXX: It is safe to not lock the per-CPU caches, because we're 1400 * tearing down the zone anyway. I.e., there will be no further use 1401 * of the caches at this point. 1402 * 1403 * XXX: It would good to be able to assert that the zone is being 1404 * torn down to prevent improper use of cache_drain(). 1405 */ 1406 seq = SMR_SEQ_INVALID; 1407 if ((zone->uz_flags & UMA_ZONE_SMR) != 0) 1408 seq = smr_advance(zone->uz_smr); 1409 CPU_FOREACH(cpu) { 1410 cache = &zone->uz_cpu[cpu]; 1411 bucket = cache_bucket_unload_alloc(cache); 1412 if (bucket != NULL) 1413 bucket_free(zone, bucket, NULL); 1414 bucket = cache_bucket_unload_free(cache); 1415 if (bucket != NULL) { 1416 bucket->ub_seq = seq; 1417 bucket_free(zone, bucket, NULL); 1418 } 1419 bucket = cache_bucket_unload_cross(cache); 1420 if (bucket != NULL) { 1421 bucket->ub_seq = seq; 1422 bucket_free(zone, bucket, NULL); 1423 } 1424 } 1425 bucket_cache_reclaim(zone, true, UMA_ANYDOMAIN); 1426 } 1427 1428 static void 1429 cache_shrink(uma_zone_t zone, void *unused) 1430 { 1431 1432 if (zone->uz_flags & UMA_ZFLAG_INTERNAL) 1433 return; 1434 1435 ZONE_LOCK(zone); 1436 zone->uz_bucket_size = 1437 (zone->uz_bucket_size_min + zone->uz_bucket_size) / 2; 1438 ZONE_UNLOCK(zone); 1439 } 1440 1441 static void 1442 cache_drain_safe_cpu(uma_zone_t zone, void *unused) 1443 { 1444 uma_cache_t cache; 1445 uma_bucket_t b1, b2, b3; 1446 int domain; 1447 1448 if (zone->uz_flags & UMA_ZFLAG_INTERNAL) 1449 return; 1450 1451 b1 = b2 = b3 = NULL; 1452 critical_enter(); 1453 cache = &zone->uz_cpu[curcpu]; 1454 domain = PCPU_GET(domain); 1455 b1 = cache_bucket_unload_alloc(cache); 1456 1457 /* 1458 * Don't flush SMR zone buckets. This leaves the zone without a 1459 * bucket and forces every free to synchronize(). 1460 */ 1461 if ((zone->uz_flags & UMA_ZONE_SMR) == 0) { 1462 b2 = cache_bucket_unload_free(cache); 1463 b3 = cache_bucket_unload_cross(cache); 1464 } 1465 critical_exit(); 1466 1467 if (b1 != NULL) 1468 zone_free_bucket(zone, b1, NULL, domain, false); 1469 if (b2 != NULL) 1470 zone_free_bucket(zone, b2, NULL, domain, false); 1471 if (b3 != NULL) { 1472 /* Adjust the domain so it goes to zone_free_cross. */ 1473 domain = (domain + 1) % vm_ndomains; 1474 zone_free_bucket(zone, b3, NULL, domain, false); 1475 } 1476 } 1477 1478 /* 1479 * Safely drain per-CPU caches of a zone(s) to alloc bucket. 1480 * This is an expensive call because it needs to bind to all CPUs 1481 * one by one and enter a critical section on each of them in order 1482 * to safely access their cache buckets. 1483 * Zone lock must not be held on call this function. 1484 */ 1485 static void 1486 pcpu_cache_drain_safe(uma_zone_t zone) 1487 { 1488 int cpu; 1489 1490 /* 1491 * Polite bucket sizes shrinking was not enough, shrink aggressively. 1492 */ 1493 if (zone) 1494 cache_shrink(zone, NULL); 1495 else 1496 zone_foreach(cache_shrink, NULL); 1497 1498 CPU_FOREACH(cpu) { 1499 thread_lock(curthread); 1500 sched_bind(curthread, cpu); 1501 thread_unlock(curthread); 1502 1503 if (zone) 1504 cache_drain_safe_cpu(zone, NULL); 1505 else 1506 zone_foreach(cache_drain_safe_cpu, NULL); 1507 } 1508 thread_lock(curthread); 1509 sched_unbind(curthread); 1510 thread_unlock(curthread); 1511 } 1512 1513 /* 1514 * Reclaim cached buckets from a zone. All buckets are reclaimed if the caller 1515 * requested a drain, otherwise the per-domain caches are trimmed to either 1516 * estimated working set size. 1517 */ 1518 static bool 1519 bucket_cache_reclaim_domain(uma_zone_t zone, bool drain, bool trim, int domain) 1520 { 1521 uma_zone_domain_t zdom; 1522 uma_bucket_t bucket; 1523 long target; 1524 bool done = false; 1525 1526 /* 1527 * The cross bucket is partially filled and not part of 1528 * the item count. Reclaim it individually here. 1529 */ 1530 zdom = ZDOM_GET(zone, domain); 1531 if ((zone->uz_flags & UMA_ZONE_SMR) == 0 || drain) { 1532 ZONE_CROSS_LOCK(zone); 1533 bucket = zdom->uzd_cross; 1534 zdom->uzd_cross = NULL; 1535 ZONE_CROSS_UNLOCK(zone); 1536 if (bucket != NULL) 1537 bucket_free(zone, bucket, NULL); 1538 } 1539 1540 /* 1541 * If we were asked to drain the zone, we are done only once 1542 * this bucket cache is empty. If trim, we reclaim items in 1543 * excess of the zone's estimated working set size. Multiple 1544 * consecutive calls will shrink the WSS and so reclaim more. 1545 * If neither drain nor trim, then voluntarily reclaim 1/4 1546 * (to reduce first spike) of items not used for a long time. 1547 */ 1548 ZDOM_LOCK(zdom); 1549 zone_domain_update_wss(zdom); 1550 if (drain) 1551 target = 0; 1552 else if (trim) 1553 target = zdom->uzd_wss; 1554 else if (zdom->uzd_timin > 900 / UMA_TIMEOUT) 1555 target = zdom->uzd_nitems - zdom->uzd_limin / 4; 1556 else { 1557 ZDOM_UNLOCK(zdom); 1558 return (done); 1559 } 1560 while ((bucket = STAILQ_FIRST(&zdom->uzd_buckets)) != NULL && 1561 zdom->uzd_nitems >= target + bucket->ub_cnt) { 1562 bucket = zone_fetch_bucket(zone, zdom, true); 1563 if (bucket == NULL) 1564 break; 1565 bucket_free(zone, bucket, NULL); 1566 done = true; 1567 ZDOM_LOCK(zdom); 1568 } 1569 ZDOM_UNLOCK(zdom); 1570 return (done); 1571 } 1572 1573 static void 1574 bucket_cache_reclaim(uma_zone_t zone, bool drain, int domain) 1575 { 1576 int i; 1577 1578 /* 1579 * Shrink the zone bucket size to ensure that the per-CPU caches 1580 * don't grow too large. 1581 */ 1582 if (zone->uz_bucket_size > zone->uz_bucket_size_min) 1583 zone->uz_bucket_size--; 1584 1585 if (domain != UMA_ANYDOMAIN && 1586 (zone->uz_flags & UMA_ZONE_ROUNDROBIN) == 0) { 1587 bucket_cache_reclaim_domain(zone, drain, true, domain); 1588 } else { 1589 for (i = 0; i < vm_ndomains; i++) 1590 bucket_cache_reclaim_domain(zone, drain, true, i); 1591 } 1592 } 1593 1594 static void 1595 keg_free_slab(uma_keg_t keg, uma_slab_t slab, int start) 1596 { 1597 uint8_t *mem; 1598 size_t size; 1599 int i; 1600 uint8_t flags; 1601 1602 CTR4(KTR_UMA, "keg_free_slab keg %s(%p) slab %p, returning %d bytes", 1603 keg->uk_name, keg, slab, PAGE_SIZE * keg->uk_ppera); 1604 1605 mem = slab_data(slab, keg); 1606 size = PAGE_SIZE * keg->uk_ppera; 1607 1608 kasan_mark_slab_valid(keg, mem); 1609 if (keg->uk_fini != NULL) { 1610 for (i = start - 1; i > -1; i--) 1611 #ifdef INVARIANTS 1612 /* 1613 * trash_fini implies that dtor was trash_dtor. trash_fini 1614 * would check that memory hasn't been modified since free, 1615 * which executed trash_dtor. 1616 * That's why we need to run uma_dbg_kskip() check here, 1617 * albeit we don't make skip check for other init/fini 1618 * invocations. 1619 */ 1620 if (!uma_dbg_kskip(keg, slab_item(slab, keg, i)) || 1621 keg->uk_fini != trash_fini) 1622 #endif 1623 keg->uk_fini(slab_item(slab, keg, i), keg->uk_size); 1624 } 1625 flags = slab->us_flags; 1626 if (keg->uk_flags & UMA_ZFLAG_OFFPAGE) { 1627 zone_free_item(slabzone(keg->uk_ipers), slab_tohashslab(slab), 1628 NULL, SKIP_NONE); 1629 } 1630 keg->uk_freef(mem, size, flags); 1631 uma_total_dec(size); 1632 } 1633 1634 static void 1635 keg_drain_domain(uma_keg_t keg, int domain) 1636 { 1637 struct slabhead freeslabs; 1638 uma_domain_t dom; 1639 uma_slab_t slab, tmp; 1640 uint32_t i, stofree, stokeep, partial; 1641 1642 dom = &keg->uk_domain[domain]; 1643 LIST_INIT(&freeslabs); 1644 1645 CTR4(KTR_UMA, "keg_drain %s(%p) domain %d free items: %u", 1646 keg->uk_name, keg, domain, dom->ud_free_items); 1647 1648 KEG_LOCK(keg, domain); 1649 1650 /* 1651 * Are the free items in partially allocated slabs sufficient to meet 1652 * the reserve? If not, compute the number of fully free slabs that must 1653 * be kept. 1654 */ 1655 partial = dom->ud_free_items - dom->ud_free_slabs * keg->uk_ipers; 1656 if (partial < keg->uk_reserve) { 1657 stokeep = min(dom->ud_free_slabs, 1658 howmany(keg->uk_reserve - partial, keg->uk_ipers)); 1659 } else { 1660 stokeep = 0; 1661 } 1662 stofree = dom->ud_free_slabs - stokeep; 1663 1664 /* 1665 * Partition the free slabs into two sets: those that must be kept in 1666 * order to maintain the reserve, and those that may be released back to 1667 * the system. Since one set may be much larger than the other, 1668 * populate the smaller of the two sets and swap them if necessary. 1669 */ 1670 for (i = min(stofree, stokeep); i > 0; i--) { 1671 slab = LIST_FIRST(&dom->ud_free_slab); 1672 LIST_REMOVE(slab, us_link); 1673 LIST_INSERT_HEAD(&freeslabs, slab, us_link); 1674 } 1675 if (stofree > stokeep) 1676 LIST_SWAP(&freeslabs, &dom->ud_free_slab, uma_slab, us_link); 1677 1678 if ((keg->uk_flags & UMA_ZFLAG_HASH) != 0) { 1679 LIST_FOREACH(slab, &freeslabs, us_link) 1680 UMA_HASH_REMOVE(&keg->uk_hash, slab); 1681 } 1682 dom->ud_free_items -= stofree * keg->uk_ipers; 1683 dom->ud_free_slabs -= stofree; 1684 dom->ud_pages -= stofree * keg->uk_ppera; 1685 KEG_UNLOCK(keg, domain); 1686 1687 LIST_FOREACH_SAFE(slab, &freeslabs, us_link, tmp) 1688 keg_free_slab(keg, slab, keg->uk_ipers); 1689 } 1690 1691 /* 1692 * Frees pages from a keg back to the system. This is done on demand from 1693 * the pageout daemon. 1694 * 1695 * Returns nothing. 1696 */ 1697 static void 1698 keg_drain(uma_keg_t keg, int domain) 1699 { 1700 int i; 1701 1702 if ((keg->uk_flags & UMA_ZONE_NOFREE) != 0) 1703 return; 1704 if (domain != UMA_ANYDOMAIN) { 1705 keg_drain_domain(keg, domain); 1706 } else { 1707 for (i = 0; i < vm_ndomains; i++) 1708 keg_drain_domain(keg, i); 1709 } 1710 } 1711 1712 static void 1713 zone_reclaim(uma_zone_t zone, int domain, int waitok, bool drain) 1714 { 1715 /* 1716 * Count active reclaim operations in order to interlock with 1717 * zone_dtor(), which removes the zone from global lists before 1718 * attempting to reclaim items itself. 1719 * 1720 * The zone may be destroyed while sleeping, so only zone_dtor() should 1721 * specify M_WAITOK. 1722 */ 1723 ZONE_LOCK(zone); 1724 if (waitok == M_WAITOK) { 1725 while (zone->uz_reclaimers > 0) 1726 msleep(zone, ZONE_LOCKPTR(zone), PVM, "zonedrain", 1); 1727 } 1728 zone->uz_reclaimers++; 1729 ZONE_UNLOCK(zone); 1730 bucket_cache_reclaim(zone, drain, domain); 1731 1732 if ((zone->uz_flags & UMA_ZFLAG_CACHE) == 0) 1733 keg_drain(zone->uz_keg, domain); 1734 ZONE_LOCK(zone); 1735 zone->uz_reclaimers--; 1736 if (zone->uz_reclaimers == 0) 1737 wakeup(zone); 1738 ZONE_UNLOCK(zone); 1739 } 1740 1741 /* 1742 * Allocate a new slab for a keg and inserts it into the partial slab list. 1743 * The keg should be unlocked on entry. If the allocation succeeds it will 1744 * be locked on return. 1745 * 1746 * Arguments: 1747 * flags Wait flags for the item initialization routine 1748 * aflags Wait flags for the slab allocation 1749 * 1750 * Returns: 1751 * The slab that was allocated or NULL if there is no memory and the 1752 * caller specified M_NOWAIT. 1753 */ 1754 static uma_slab_t 1755 keg_alloc_slab(uma_keg_t keg, uma_zone_t zone, int domain, int flags, 1756 int aflags) 1757 { 1758 uma_domain_t dom; 1759 uma_slab_t slab; 1760 unsigned long size; 1761 uint8_t *mem; 1762 uint8_t sflags; 1763 int i; 1764 1765 TSENTER(); 1766 1767 KASSERT(domain >= 0 && domain < vm_ndomains, 1768 ("keg_alloc_slab: domain %d out of range", domain)); 1769 1770 slab = NULL; 1771 mem = NULL; 1772 if (keg->uk_flags & UMA_ZFLAG_OFFPAGE) { 1773 uma_hash_slab_t hslab; 1774 hslab = zone_alloc_item(slabzone(keg->uk_ipers), NULL, 1775 domain, aflags); 1776 if (hslab == NULL) 1777 goto fail; 1778 slab = &hslab->uhs_slab; 1779 } 1780 1781 /* 1782 * This reproduces the old vm_zone behavior of zero filling pages the 1783 * first time they are added to a zone. 1784 * 1785 * Malloced items are zeroed in uma_zalloc. 1786 */ 1787 1788 if ((keg->uk_flags & UMA_ZONE_MALLOC) == 0) 1789 aflags |= M_ZERO; 1790 else 1791 aflags &= ~M_ZERO; 1792 1793 if (keg->uk_flags & UMA_ZONE_NODUMP) 1794 aflags |= M_NODUMP; 1795 1796 /* zone is passed for legacy reasons. */ 1797 size = keg->uk_ppera * PAGE_SIZE; 1798 mem = keg->uk_allocf(zone, size, domain, &sflags, aflags); 1799 if (mem == NULL) { 1800 if (keg->uk_flags & UMA_ZFLAG_OFFPAGE) 1801 zone_free_item(slabzone(keg->uk_ipers), 1802 slab_tohashslab(slab), NULL, SKIP_NONE); 1803 goto fail; 1804 } 1805 uma_total_inc(size); 1806 1807 /* For HASH zones all pages go to the same uma_domain. */ 1808 if ((keg->uk_flags & UMA_ZFLAG_HASH) != 0) 1809 domain = 0; 1810 1811 kmsan_mark(mem, size, 1812 (aflags & M_ZERO) != 0 ? KMSAN_STATE_INITED : KMSAN_STATE_UNINIT); 1813 1814 /* Point the slab into the allocated memory */ 1815 if (!(keg->uk_flags & UMA_ZFLAG_OFFPAGE)) 1816 slab = (uma_slab_t)(mem + keg->uk_pgoff); 1817 else 1818 slab_tohashslab(slab)->uhs_data = mem; 1819 1820 if (keg->uk_flags & UMA_ZFLAG_VTOSLAB) 1821 for (i = 0; i < keg->uk_ppera; i++) 1822 vsetzoneslab((vm_offset_t)mem + (i * PAGE_SIZE), 1823 zone, slab); 1824 1825 slab->us_freecount = keg->uk_ipers; 1826 slab->us_flags = sflags; 1827 slab->us_domain = domain; 1828 1829 BIT_FILL(keg->uk_ipers, &slab->us_free); 1830 #ifdef INVARIANTS 1831 BIT_ZERO(keg->uk_ipers, slab_dbg_bits(slab, keg)); 1832 #endif 1833 1834 if (keg->uk_init != NULL) { 1835 for (i = 0; i < keg->uk_ipers; i++) 1836 if (keg->uk_init(slab_item(slab, keg, i), 1837 keg->uk_size, flags) != 0) 1838 break; 1839 if (i != keg->uk_ipers) { 1840 keg_free_slab(keg, slab, i); 1841 goto fail; 1842 } 1843 } 1844 kasan_mark_slab_invalid(keg, mem); 1845 KEG_LOCK(keg, domain); 1846 1847 CTR3(KTR_UMA, "keg_alloc_slab: allocated slab %p for %s(%p)", 1848 slab, keg->uk_name, keg); 1849 1850 if (keg->uk_flags & UMA_ZFLAG_HASH) 1851 UMA_HASH_INSERT(&keg->uk_hash, slab, mem); 1852 1853 /* 1854 * If we got a slab here it's safe to mark it partially used 1855 * and return. We assume that the caller is going to remove 1856 * at least one item. 1857 */ 1858 dom = &keg->uk_domain[domain]; 1859 LIST_INSERT_HEAD(&dom->ud_part_slab, slab, us_link); 1860 dom->ud_pages += keg->uk_ppera; 1861 dom->ud_free_items += keg->uk_ipers; 1862 1863 TSEXIT(); 1864 return (slab); 1865 1866 fail: 1867 return (NULL); 1868 } 1869 1870 /* 1871 * This function is intended to be used early on in place of page_alloc(). It 1872 * performs contiguous physical memory allocations and uses a bump allocator for 1873 * KVA, so is usable before the kernel map is initialized. 1874 */ 1875 static void * 1876 startup_alloc(uma_zone_t zone, vm_size_t bytes, int domain, uint8_t *pflag, 1877 int wait) 1878 { 1879 vm_paddr_t pa; 1880 vm_page_t m; 1881 int i, pages; 1882 1883 pages = howmany(bytes, PAGE_SIZE); 1884 KASSERT(pages > 0, ("%s can't reserve 0 pages", __func__)); 1885 1886 *pflag = UMA_SLAB_BOOT; 1887 m = vm_page_alloc_noobj_contig_domain(domain, malloc2vm_flags(wait) | 1888 VM_ALLOC_WIRED, pages, (vm_paddr_t)0, ~(vm_paddr_t)0, 1, 0, 1889 VM_MEMATTR_DEFAULT); 1890 if (m == NULL) 1891 return (NULL); 1892 1893 pa = VM_PAGE_TO_PHYS(m); 1894 for (i = 0; i < pages; i++, pa += PAGE_SIZE) { 1895 #if defined(__aarch64__) || defined(__amd64__) || \ 1896 defined(__riscv) || defined(__powerpc64__) 1897 if ((wait & M_NODUMP) == 0) 1898 dump_add_page(pa); 1899 #endif 1900 } 1901 1902 /* Allocate KVA and indirectly advance bootmem. */ 1903 return ((void *)pmap_map(&bootmem, m->phys_addr, 1904 m->phys_addr + (pages * PAGE_SIZE), VM_PROT_READ | VM_PROT_WRITE)); 1905 } 1906 1907 static void 1908 startup_free(void *mem, vm_size_t bytes) 1909 { 1910 vm_offset_t va; 1911 vm_page_t m; 1912 1913 va = (vm_offset_t)mem; 1914 m = PHYS_TO_VM_PAGE(pmap_kextract(va)); 1915 1916 /* 1917 * startup_alloc() returns direct-mapped slabs on some platforms. Avoid 1918 * unmapping ranges of the direct map. 1919 */ 1920 if (va >= bootstart && va + bytes <= bootmem) 1921 pmap_remove(kernel_pmap, va, va + bytes); 1922 for (; bytes != 0; bytes -= PAGE_SIZE, m++) { 1923 #if defined(__aarch64__) || defined(__amd64__) || \ 1924 defined(__riscv) || defined(__powerpc64__) 1925 dump_drop_page(VM_PAGE_TO_PHYS(m)); 1926 #endif 1927 vm_page_unwire_noq(m); 1928 vm_page_free(m); 1929 } 1930 } 1931 1932 /* 1933 * Allocates a number of pages from the system 1934 * 1935 * Arguments: 1936 * bytes The number of bytes requested 1937 * wait Shall we wait? 1938 * 1939 * Returns: 1940 * A pointer to the alloced memory or possibly 1941 * NULL if M_NOWAIT is set. 1942 */ 1943 static void * 1944 page_alloc(uma_zone_t zone, vm_size_t bytes, int domain, uint8_t *pflag, 1945 int wait) 1946 { 1947 void *p; /* Returned page */ 1948 1949 *pflag = UMA_SLAB_KERNEL; 1950 p = kmem_malloc_domainset(DOMAINSET_FIXED(domain), bytes, wait); 1951 1952 return (p); 1953 } 1954 1955 static void * 1956 pcpu_page_alloc(uma_zone_t zone, vm_size_t bytes, int domain, uint8_t *pflag, 1957 int wait) 1958 { 1959 struct pglist alloctail; 1960 vm_offset_t addr, zkva; 1961 int cpu, flags; 1962 vm_page_t p, p_next; 1963 #ifdef NUMA 1964 struct pcpu *pc; 1965 #endif 1966 1967 MPASS(bytes == (mp_maxid + 1) * PAGE_SIZE); 1968 1969 TAILQ_INIT(&alloctail); 1970 flags = VM_ALLOC_SYSTEM | VM_ALLOC_WIRED | malloc2vm_flags(wait); 1971 *pflag = UMA_SLAB_KERNEL; 1972 for (cpu = 0; cpu <= mp_maxid; cpu++) { 1973 if (CPU_ABSENT(cpu)) { 1974 p = vm_page_alloc_noobj(flags); 1975 } else { 1976 #ifndef NUMA 1977 p = vm_page_alloc_noobj(flags); 1978 #else 1979 pc = pcpu_find(cpu); 1980 if (__predict_false(VM_DOMAIN_EMPTY(pc->pc_domain))) 1981 p = NULL; 1982 else 1983 p = vm_page_alloc_noobj_domain(pc->pc_domain, 1984 flags); 1985 if (__predict_false(p == NULL)) 1986 p = vm_page_alloc_noobj(flags); 1987 #endif 1988 } 1989 if (__predict_false(p == NULL)) 1990 goto fail; 1991 TAILQ_INSERT_TAIL(&alloctail, p, listq); 1992 } 1993 if ((addr = kva_alloc(bytes)) == 0) 1994 goto fail; 1995 zkva = addr; 1996 TAILQ_FOREACH(p, &alloctail, listq) { 1997 pmap_qenter(zkva, &p, 1); 1998 zkva += PAGE_SIZE; 1999 } 2000 return ((void*)addr); 2001 fail: 2002 TAILQ_FOREACH_SAFE(p, &alloctail, listq, p_next) { 2003 vm_page_unwire_noq(p); 2004 vm_page_free(p); 2005 } 2006 return (NULL); 2007 } 2008 2009 /* 2010 * Allocates a number of pages not belonging to a VM object 2011 * 2012 * Arguments: 2013 * bytes The number of bytes requested 2014 * wait Shall we wait? 2015 * 2016 * Returns: 2017 * A pointer to the alloced memory or possibly 2018 * NULL if M_NOWAIT is set. 2019 */ 2020 static void * 2021 noobj_alloc(uma_zone_t zone, vm_size_t bytes, int domain, uint8_t *flags, 2022 int wait) 2023 { 2024 TAILQ_HEAD(, vm_page) alloctail; 2025 u_long npages; 2026 vm_offset_t retkva, zkva; 2027 vm_page_t p, p_next; 2028 uma_keg_t keg; 2029 int req; 2030 2031 TAILQ_INIT(&alloctail); 2032 keg = zone->uz_keg; 2033 req = VM_ALLOC_INTERRUPT | VM_ALLOC_WIRED; 2034 if ((wait & M_WAITOK) != 0) 2035 req |= VM_ALLOC_WAITOK; 2036 2037 npages = howmany(bytes, PAGE_SIZE); 2038 while (npages > 0) { 2039 p = vm_page_alloc_noobj_domain(domain, req); 2040 if (p != NULL) { 2041 /* 2042 * Since the page does not belong to an object, its 2043 * listq is unused. 2044 */ 2045 TAILQ_INSERT_TAIL(&alloctail, p, listq); 2046 npages--; 2047 continue; 2048 } 2049 /* 2050 * Page allocation failed, free intermediate pages and 2051 * exit. 2052 */ 2053 TAILQ_FOREACH_SAFE(p, &alloctail, listq, p_next) { 2054 vm_page_unwire_noq(p); 2055 vm_page_free(p); 2056 } 2057 return (NULL); 2058 } 2059 *flags = UMA_SLAB_PRIV; 2060 zkva = keg->uk_kva + 2061 atomic_fetchadd_long(&keg->uk_offset, round_page(bytes)); 2062 retkva = zkva; 2063 TAILQ_FOREACH(p, &alloctail, listq) { 2064 pmap_qenter(zkva, &p, 1); 2065 zkva += PAGE_SIZE; 2066 } 2067 2068 return ((void *)retkva); 2069 } 2070 2071 /* 2072 * Allocate physically contiguous pages. 2073 */ 2074 static void * 2075 contig_alloc(uma_zone_t zone, vm_size_t bytes, int domain, uint8_t *pflag, 2076 int wait) 2077 { 2078 2079 *pflag = UMA_SLAB_KERNEL; 2080 return ((void *)kmem_alloc_contig_domainset(DOMAINSET_FIXED(domain), 2081 bytes, wait, 0, ~(vm_paddr_t)0, 1, 0, VM_MEMATTR_DEFAULT)); 2082 } 2083 2084 /* 2085 * Frees a number of pages to the system 2086 * 2087 * Arguments: 2088 * mem A pointer to the memory to be freed 2089 * size The size of the memory being freed 2090 * flags The original p->us_flags field 2091 * 2092 * Returns: 2093 * Nothing 2094 */ 2095 static void 2096 page_free(void *mem, vm_size_t size, uint8_t flags) 2097 { 2098 2099 if ((flags & UMA_SLAB_BOOT) != 0) { 2100 startup_free(mem, size); 2101 return; 2102 } 2103 2104 KASSERT((flags & UMA_SLAB_KERNEL) != 0, 2105 ("UMA: page_free used with invalid flags %x", flags)); 2106 2107 kmem_free(mem, size); 2108 } 2109 2110 /* 2111 * Frees pcpu zone allocations 2112 * 2113 * Arguments: 2114 * mem A pointer to the memory to be freed 2115 * size The size of the memory being freed 2116 * flags The original p->us_flags field 2117 * 2118 * Returns: 2119 * Nothing 2120 */ 2121 static void 2122 pcpu_page_free(void *mem, vm_size_t size, uint8_t flags) 2123 { 2124 vm_offset_t sva, curva; 2125 vm_paddr_t paddr; 2126 vm_page_t m; 2127 2128 MPASS(size == (mp_maxid+1)*PAGE_SIZE); 2129 2130 if ((flags & UMA_SLAB_BOOT) != 0) { 2131 startup_free(mem, size); 2132 return; 2133 } 2134 2135 sva = (vm_offset_t)mem; 2136 for (curva = sva; curva < sva + size; curva += PAGE_SIZE) { 2137 paddr = pmap_kextract(curva); 2138 m = PHYS_TO_VM_PAGE(paddr); 2139 vm_page_unwire_noq(m); 2140 vm_page_free(m); 2141 } 2142 pmap_qremove(sva, size >> PAGE_SHIFT); 2143 kva_free(sva, size); 2144 } 2145 2146 /* 2147 * Zero fill initializer 2148 * 2149 * Arguments/Returns follow uma_init specifications 2150 */ 2151 static int 2152 zero_init(void *mem, int size, int flags) 2153 { 2154 bzero(mem, size); 2155 return (0); 2156 } 2157 2158 #ifdef INVARIANTS 2159 static struct noslabbits * 2160 slab_dbg_bits(uma_slab_t slab, uma_keg_t keg) 2161 { 2162 2163 return ((void *)((char *)&slab->us_free + BITSET_SIZE(keg->uk_ipers))); 2164 } 2165 #endif 2166 2167 /* 2168 * Actual size of embedded struct slab (!OFFPAGE). 2169 */ 2170 static size_t 2171 slab_sizeof(int nitems) 2172 { 2173 size_t s; 2174 2175 s = sizeof(struct uma_slab) + BITSET_SIZE(nitems) * SLAB_BITSETS; 2176 return (roundup(s, UMA_ALIGN_PTR + 1)); 2177 } 2178 2179 #define UMA_FIXPT_SHIFT 31 2180 #define UMA_FRAC_FIXPT(n, d) \ 2181 ((uint32_t)(((uint64_t)(n) << UMA_FIXPT_SHIFT) / (d))) 2182 #define UMA_FIXPT_PCT(f) \ 2183 ((u_int)(((uint64_t)100 * (f)) >> UMA_FIXPT_SHIFT)) 2184 #define UMA_PCT_FIXPT(pct) UMA_FRAC_FIXPT((pct), 100) 2185 #define UMA_MIN_EFF UMA_PCT_FIXPT(100 - UMA_MAX_WASTE) 2186 2187 /* 2188 * Compute the number of items that will fit in a slab. If hdr is true, the 2189 * item count may be limited to provide space in the slab for an inline slab 2190 * header. Otherwise, all slab space will be provided for item storage. 2191 */ 2192 static u_int 2193 slab_ipers_hdr(u_int size, u_int rsize, u_int slabsize, bool hdr) 2194 { 2195 u_int ipers; 2196 u_int padpi; 2197 2198 /* The padding between items is not needed after the last item. */ 2199 padpi = rsize - size; 2200 2201 if (hdr) { 2202 /* 2203 * Start with the maximum item count and remove items until 2204 * the slab header first alongside the allocatable memory. 2205 */ 2206 for (ipers = MIN(SLAB_MAX_SETSIZE, 2207 (slabsize + padpi - slab_sizeof(1)) / rsize); 2208 ipers > 0 && 2209 ipers * rsize - padpi + slab_sizeof(ipers) > slabsize; 2210 ipers--) 2211 continue; 2212 } else { 2213 ipers = MIN((slabsize + padpi) / rsize, SLAB_MAX_SETSIZE); 2214 } 2215 2216 return (ipers); 2217 } 2218 2219 struct keg_layout_result { 2220 u_int format; 2221 u_int slabsize; 2222 u_int ipers; 2223 u_int eff; 2224 }; 2225 2226 static void 2227 keg_layout_one(uma_keg_t keg, u_int rsize, u_int slabsize, u_int fmt, 2228 struct keg_layout_result *kl) 2229 { 2230 u_int total; 2231 2232 kl->format = fmt; 2233 kl->slabsize = slabsize; 2234 2235 /* Handle INTERNAL as inline with an extra page. */ 2236 if ((fmt & UMA_ZFLAG_INTERNAL) != 0) { 2237 kl->format &= ~UMA_ZFLAG_INTERNAL; 2238 kl->slabsize += PAGE_SIZE; 2239 } 2240 2241 kl->ipers = slab_ipers_hdr(keg->uk_size, rsize, kl->slabsize, 2242 (fmt & UMA_ZFLAG_OFFPAGE) == 0); 2243 2244 /* Account for memory used by an offpage slab header. */ 2245 total = kl->slabsize; 2246 if ((fmt & UMA_ZFLAG_OFFPAGE) != 0) 2247 total += slabzone(kl->ipers)->uz_keg->uk_rsize; 2248 2249 kl->eff = UMA_FRAC_FIXPT(kl->ipers * rsize, total); 2250 } 2251 2252 /* 2253 * Determine the format of a uma keg. This determines where the slab header 2254 * will be placed (inline or offpage) and calculates ipers, rsize, and ppera. 2255 * 2256 * Arguments 2257 * keg The zone we should initialize 2258 * 2259 * Returns 2260 * Nothing 2261 */ 2262 static void 2263 keg_layout(uma_keg_t keg) 2264 { 2265 struct keg_layout_result kl = {}, kl_tmp; 2266 u_int fmts[2]; 2267 u_int alignsize; 2268 u_int nfmt; 2269 u_int pages; 2270 u_int rsize; 2271 u_int slabsize; 2272 u_int i, j; 2273 2274 KASSERT((keg->uk_flags & UMA_ZONE_PCPU) == 0 || 2275 (keg->uk_size <= UMA_PCPU_ALLOC_SIZE && 2276 (keg->uk_flags & UMA_ZONE_CACHESPREAD) == 0), 2277 ("%s: cannot configure for PCPU: keg=%s, size=%u, flags=0x%b", 2278 __func__, keg->uk_name, keg->uk_size, keg->uk_flags, 2279 PRINT_UMA_ZFLAGS)); 2280 KASSERT((keg->uk_flags & (UMA_ZFLAG_INTERNAL | UMA_ZONE_VM)) == 0 || 2281 (keg->uk_flags & (UMA_ZONE_NOTOUCH | UMA_ZONE_PCPU)) == 0, 2282 ("%s: incompatible flags 0x%b", __func__, keg->uk_flags, 2283 PRINT_UMA_ZFLAGS)); 2284 2285 alignsize = keg->uk_align + 1; 2286 #ifdef KASAN 2287 /* 2288 * ASAN requires that each allocation be aligned to the shadow map 2289 * scale factor. 2290 */ 2291 if (alignsize < KASAN_SHADOW_SCALE) 2292 alignsize = KASAN_SHADOW_SCALE; 2293 #endif 2294 2295 /* 2296 * Calculate the size of each allocation (rsize) according to 2297 * alignment. If the requested size is smaller than we have 2298 * allocation bits for we round it up. 2299 */ 2300 rsize = MAX(keg->uk_size, UMA_SMALLEST_UNIT); 2301 rsize = roundup2(rsize, alignsize); 2302 2303 if ((keg->uk_flags & UMA_ZONE_CACHESPREAD) != 0) { 2304 /* 2305 * We want one item to start on every align boundary in a page. 2306 * To do this we will span pages. We will also extend the item 2307 * by the size of align if it is an even multiple of align. 2308 * Otherwise, it would fall on the same boundary every time. 2309 */ 2310 if ((rsize & alignsize) == 0) 2311 rsize += alignsize; 2312 slabsize = rsize * (PAGE_SIZE / alignsize); 2313 slabsize = MIN(slabsize, rsize * SLAB_MAX_SETSIZE); 2314 slabsize = MIN(slabsize, UMA_CACHESPREAD_MAX_SIZE); 2315 slabsize = round_page(slabsize); 2316 } else { 2317 /* 2318 * Start with a slab size of as many pages as it takes to 2319 * represent a single item. We will try to fit as many 2320 * additional items into the slab as possible. 2321 */ 2322 slabsize = round_page(keg->uk_size); 2323 } 2324 2325 /* Build a list of all of the available formats for this keg. */ 2326 nfmt = 0; 2327 2328 /* Evaluate an inline slab layout. */ 2329 if ((keg->uk_flags & (UMA_ZONE_NOTOUCH | UMA_ZONE_PCPU)) == 0) 2330 fmts[nfmt++] = 0; 2331 2332 /* TODO: vm_page-embedded slab. */ 2333 2334 /* 2335 * We can't do OFFPAGE if we're internal or if we've been 2336 * asked to not go to the VM for buckets. If we do this we 2337 * may end up going to the VM for slabs which we do not want 2338 * to do if we're UMA_ZONE_VM, which clearly forbids it. 2339 * In those cases, evaluate a pseudo-format called INTERNAL 2340 * which has an inline slab header and one extra page to 2341 * guarantee that it fits. 2342 * 2343 * Otherwise, see if using an OFFPAGE slab will improve our 2344 * efficiency. 2345 */ 2346 if ((keg->uk_flags & (UMA_ZFLAG_INTERNAL | UMA_ZONE_VM)) != 0) 2347 fmts[nfmt++] = UMA_ZFLAG_INTERNAL; 2348 else 2349 fmts[nfmt++] = UMA_ZFLAG_OFFPAGE; 2350 2351 /* 2352 * Choose a slab size and format which satisfy the minimum efficiency. 2353 * Prefer the smallest slab size that meets the constraints. 2354 * 2355 * Start with a minimum slab size, to accommodate CACHESPREAD. Then, 2356 * for small items (up to PAGE_SIZE), the iteration increment is one 2357 * page; and for large items, the increment is one item. 2358 */ 2359 i = (slabsize + rsize - keg->uk_size) / MAX(PAGE_SIZE, rsize); 2360 KASSERT(i >= 1, ("keg %s(%p) flags=0x%b slabsize=%u, rsize=%u, i=%u", 2361 keg->uk_name, keg, keg->uk_flags, PRINT_UMA_ZFLAGS, slabsize, 2362 rsize, i)); 2363 for ( ; ; i++) { 2364 slabsize = (rsize <= PAGE_SIZE) ? ptoa(i) : 2365 round_page(rsize * (i - 1) + keg->uk_size); 2366 2367 for (j = 0; j < nfmt; j++) { 2368 /* Only if we have no viable format yet. */ 2369 if ((fmts[j] & UMA_ZFLAG_INTERNAL) != 0 && 2370 kl.ipers > 0) 2371 continue; 2372 2373 keg_layout_one(keg, rsize, slabsize, fmts[j], &kl_tmp); 2374 if (kl_tmp.eff <= kl.eff) 2375 continue; 2376 2377 kl = kl_tmp; 2378 2379 CTR6(KTR_UMA, "keg %s layout: format %#x " 2380 "(ipers %u * rsize %u) / slabsize %#x = %u%% eff", 2381 keg->uk_name, kl.format, kl.ipers, rsize, 2382 kl.slabsize, UMA_FIXPT_PCT(kl.eff)); 2383 2384 /* Stop when we reach the minimum efficiency. */ 2385 if (kl.eff >= UMA_MIN_EFF) 2386 break; 2387 } 2388 2389 if (kl.eff >= UMA_MIN_EFF || !multipage_slabs || 2390 slabsize >= SLAB_MAX_SETSIZE * rsize || 2391 (keg->uk_flags & (UMA_ZONE_PCPU | UMA_ZONE_CONTIG)) != 0) 2392 break; 2393 } 2394 2395 pages = atop(kl.slabsize); 2396 if ((keg->uk_flags & UMA_ZONE_PCPU) != 0) 2397 pages *= mp_maxid + 1; 2398 2399 keg->uk_rsize = rsize; 2400 keg->uk_ipers = kl.ipers; 2401 keg->uk_ppera = pages; 2402 keg->uk_flags |= kl.format; 2403 2404 /* 2405 * How do we find the slab header if it is offpage or if not all item 2406 * start addresses are in the same page? We could solve the latter 2407 * case with vaddr alignment, but we don't. 2408 */ 2409 if ((keg->uk_flags & UMA_ZFLAG_OFFPAGE) != 0 || 2410 (keg->uk_ipers - 1) * rsize >= PAGE_SIZE) { 2411 if ((keg->uk_flags & UMA_ZONE_NOTPAGE) != 0) 2412 keg->uk_flags |= UMA_ZFLAG_HASH; 2413 else 2414 keg->uk_flags |= UMA_ZFLAG_VTOSLAB; 2415 } 2416 2417 CTR6(KTR_UMA, "%s: keg=%s, flags=%#x, rsize=%u, ipers=%u, ppera=%u", 2418 __func__, keg->uk_name, keg->uk_flags, rsize, keg->uk_ipers, 2419 pages); 2420 KASSERT(keg->uk_ipers > 0 && keg->uk_ipers <= SLAB_MAX_SETSIZE, 2421 ("%s: keg=%s, flags=0x%b, rsize=%u, ipers=%u, ppera=%u", __func__, 2422 keg->uk_name, keg->uk_flags, PRINT_UMA_ZFLAGS, rsize, 2423 keg->uk_ipers, pages)); 2424 } 2425 2426 /* 2427 * Keg header ctor. This initializes all fields, locks, etc. And inserts 2428 * the keg onto the global keg list. 2429 * 2430 * Arguments/Returns follow uma_ctor specifications 2431 * udata Actually uma_kctor_args 2432 */ 2433 static int 2434 keg_ctor(void *mem, int size, void *udata, int flags) 2435 { 2436 struct uma_kctor_args *arg = udata; 2437 uma_keg_t keg = mem; 2438 uma_zone_t zone; 2439 int i; 2440 2441 bzero(keg, size); 2442 keg->uk_size = arg->size; 2443 keg->uk_init = arg->uminit; 2444 keg->uk_fini = arg->fini; 2445 keg->uk_align = arg->align; 2446 keg->uk_reserve = 0; 2447 keg->uk_flags = arg->flags; 2448 2449 /* 2450 * We use a global round-robin policy by default. Zones with 2451 * UMA_ZONE_FIRSTTOUCH set will use first-touch instead, in which 2452 * case the iterator is never run. 2453 */ 2454 keg->uk_dr.dr_policy = DOMAINSET_RR(); 2455 keg->uk_dr.dr_iter = 0; 2456 2457 /* 2458 * The primary zone is passed to us at keg-creation time. 2459 */ 2460 zone = arg->zone; 2461 keg->uk_name = zone->uz_name; 2462 2463 if (arg->flags & UMA_ZONE_ZINIT) 2464 keg->uk_init = zero_init; 2465 2466 if (arg->flags & UMA_ZONE_MALLOC) 2467 keg->uk_flags |= UMA_ZFLAG_VTOSLAB; 2468 2469 #ifndef SMP 2470 keg->uk_flags &= ~UMA_ZONE_PCPU; 2471 #endif 2472 2473 keg_layout(keg); 2474 2475 /* 2476 * Use a first-touch NUMA policy for kegs that pmap_extract() will 2477 * work on. Use round-robin for everything else. 2478 * 2479 * Zones may override the default by specifying either. 2480 */ 2481 #ifdef NUMA 2482 if ((keg->uk_flags & 2483 (UMA_ZONE_ROUNDROBIN | UMA_ZFLAG_CACHE | UMA_ZONE_NOTPAGE)) == 0) 2484 keg->uk_flags |= UMA_ZONE_FIRSTTOUCH; 2485 else if ((keg->uk_flags & UMA_ZONE_FIRSTTOUCH) == 0) 2486 keg->uk_flags |= UMA_ZONE_ROUNDROBIN; 2487 #endif 2488 2489 /* 2490 * If we haven't booted yet we need allocations to go through the 2491 * startup cache until the vm is ready. 2492 */ 2493 #ifdef UMA_MD_SMALL_ALLOC 2494 if (keg->uk_ppera == 1) 2495 keg->uk_allocf = uma_small_alloc; 2496 else 2497 #endif 2498 if (booted < BOOT_KVA) 2499 keg->uk_allocf = startup_alloc; 2500 else if (keg->uk_flags & UMA_ZONE_PCPU) 2501 keg->uk_allocf = pcpu_page_alloc; 2502 else if ((keg->uk_flags & UMA_ZONE_CONTIG) != 0 && keg->uk_ppera > 1) 2503 keg->uk_allocf = contig_alloc; 2504 else 2505 keg->uk_allocf = page_alloc; 2506 #ifdef UMA_MD_SMALL_ALLOC 2507 if (keg->uk_ppera == 1) 2508 keg->uk_freef = uma_small_free; 2509 else 2510 #endif 2511 if (keg->uk_flags & UMA_ZONE_PCPU) 2512 keg->uk_freef = pcpu_page_free; 2513 else 2514 keg->uk_freef = page_free; 2515 2516 /* 2517 * Initialize keg's locks. 2518 */ 2519 for (i = 0; i < vm_ndomains; i++) 2520 KEG_LOCK_INIT(keg, i, (arg->flags & UMA_ZONE_MTXCLASS)); 2521 2522 /* 2523 * If we're putting the slab header in the actual page we need to 2524 * figure out where in each page it goes. See slab_sizeof 2525 * definition. 2526 */ 2527 if (!(keg->uk_flags & UMA_ZFLAG_OFFPAGE)) { 2528 size_t shsize; 2529 2530 shsize = slab_sizeof(keg->uk_ipers); 2531 keg->uk_pgoff = (PAGE_SIZE * keg->uk_ppera) - shsize; 2532 /* 2533 * The only way the following is possible is if with our 2534 * UMA_ALIGN_PTR adjustments we are now bigger than 2535 * UMA_SLAB_SIZE. I haven't checked whether this is 2536 * mathematically possible for all cases, so we make 2537 * sure here anyway. 2538 */ 2539 KASSERT(keg->uk_pgoff + shsize <= PAGE_SIZE * keg->uk_ppera, 2540 ("zone %s ipers %d rsize %d size %d slab won't fit", 2541 zone->uz_name, keg->uk_ipers, keg->uk_rsize, keg->uk_size)); 2542 } 2543 2544 if (keg->uk_flags & UMA_ZFLAG_HASH) 2545 hash_alloc(&keg->uk_hash, 0); 2546 2547 CTR3(KTR_UMA, "keg_ctor %p zone %s(%p)", keg, zone->uz_name, zone); 2548 2549 LIST_INSERT_HEAD(&keg->uk_zones, zone, uz_link); 2550 2551 rw_wlock(&uma_rwlock); 2552 LIST_INSERT_HEAD(&uma_kegs, keg, uk_link); 2553 rw_wunlock(&uma_rwlock); 2554 return (0); 2555 } 2556 2557 static void 2558 zone_kva_available(uma_zone_t zone, void *unused) 2559 { 2560 uma_keg_t keg; 2561 2562 if ((zone->uz_flags & UMA_ZFLAG_CACHE) != 0) 2563 return; 2564 KEG_GET(zone, keg); 2565 2566 if (keg->uk_allocf == startup_alloc) { 2567 /* Switch to the real allocator. */ 2568 if (keg->uk_flags & UMA_ZONE_PCPU) 2569 keg->uk_allocf = pcpu_page_alloc; 2570 else if ((keg->uk_flags & UMA_ZONE_CONTIG) != 0 && 2571 keg->uk_ppera > 1) 2572 keg->uk_allocf = contig_alloc; 2573 else 2574 keg->uk_allocf = page_alloc; 2575 } 2576 } 2577 2578 static void 2579 zone_alloc_counters(uma_zone_t zone, void *unused) 2580 { 2581 2582 zone->uz_allocs = counter_u64_alloc(M_WAITOK); 2583 zone->uz_frees = counter_u64_alloc(M_WAITOK); 2584 zone->uz_fails = counter_u64_alloc(M_WAITOK); 2585 zone->uz_xdomain = counter_u64_alloc(M_WAITOK); 2586 } 2587 2588 static void 2589 zone_alloc_sysctl(uma_zone_t zone, void *unused) 2590 { 2591 uma_zone_domain_t zdom; 2592 uma_domain_t dom; 2593 uma_keg_t keg; 2594 struct sysctl_oid *oid, *domainoid; 2595 int domains, i, cnt; 2596 static const char *nokeg = "cache zone"; 2597 char *c; 2598 2599 /* 2600 * Make a sysctl safe copy of the zone name by removing 2601 * any special characters and handling dups by appending 2602 * an index. 2603 */ 2604 if (zone->uz_namecnt != 0) { 2605 /* Count the number of decimal digits and '_' separator. */ 2606 for (i = 1, cnt = zone->uz_namecnt; cnt != 0; i++) 2607 cnt /= 10; 2608 zone->uz_ctlname = malloc(strlen(zone->uz_name) + i + 1, 2609 M_UMA, M_WAITOK); 2610 sprintf(zone->uz_ctlname, "%s_%d", zone->uz_name, 2611 zone->uz_namecnt); 2612 } else 2613 zone->uz_ctlname = strdup(zone->uz_name, M_UMA); 2614 for (c = zone->uz_ctlname; *c != '\0'; c++) 2615 if (strchr("./\\ -", *c) != NULL) 2616 *c = '_'; 2617 2618 /* 2619 * Basic parameters at the root. 2620 */ 2621 zone->uz_oid = SYSCTL_ADD_NODE(NULL, SYSCTL_STATIC_CHILDREN(_vm_uma), 2622 OID_AUTO, zone->uz_ctlname, CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, ""); 2623 oid = zone->uz_oid; 2624 SYSCTL_ADD_U32(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2625 "size", CTLFLAG_RD, &zone->uz_size, 0, "Allocation size"); 2626 SYSCTL_ADD_PROC(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2627 "flags", CTLFLAG_RD | CTLTYPE_STRING | CTLFLAG_MPSAFE, 2628 zone, 0, sysctl_handle_uma_zone_flags, "A", 2629 "Allocator configuration flags"); 2630 SYSCTL_ADD_U16(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2631 "bucket_size", CTLFLAG_RD, &zone->uz_bucket_size, 0, 2632 "Desired per-cpu cache size"); 2633 SYSCTL_ADD_U16(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2634 "bucket_size_max", CTLFLAG_RD, &zone->uz_bucket_size_max, 0, 2635 "Maximum allowed per-cpu cache size"); 2636 2637 /* 2638 * keg if present. 2639 */ 2640 if ((zone->uz_flags & UMA_ZFLAG_HASH) == 0) 2641 domains = vm_ndomains; 2642 else 2643 domains = 1; 2644 oid = SYSCTL_ADD_NODE(NULL, SYSCTL_CHILDREN(zone->uz_oid), OID_AUTO, 2645 "keg", CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, ""); 2646 keg = zone->uz_keg; 2647 if ((zone->uz_flags & UMA_ZFLAG_CACHE) == 0) { 2648 SYSCTL_ADD_CONST_STRING(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2649 "name", CTLFLAG_RD, keg->uk_name, "Keg name"); 2650 SYSCTL_ADD_U32(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2651 "rsize", CTLFLAG_RD, &keg->uk_rsize, 0, 2652 "Real object size with alignment"); 2653 SYSCTL_ADD_U16(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2654 "ppera", CTLFLAG_RD, &keg->uk_ppera, 0, 2655 "pages per-slab allocation"); 2656 SYSCTL_ADD_U16(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2657 "ipers", CTLFLAG_RD, &keg->uk_ipers, 0, 2658 "items available per-slab"); 2659 SYSCTL_ADD_U32(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2660 "align", CTLFLAG_RD, &keg->uk_align, 0, 2661 "item alignment mask"); 2662 SYSCTL_ADD_U32(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2663 "reserve", CTLFLAG_RD, &keg->uk_reserve, 0, 2664 "number of reserved items"); 2665 SYSCTL_ADD_PROC(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2666 "efficiency", CTLFLAG_RD | CTLTYPE_INT | CTLFLAG_MPSAFE, 2667 keg, 0, sysctl_handle_uma_slab_efficiency, "I", 2668 "Slab utilization (100 - internal fragmentation %)"); 2669 domainoid = SYSCTL_ADD_NODE(NULL, SYSCTL_CHILDREN(oid), 2670 OID_AUTO, "domain", CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, ""); 2671 for (i = 0; i < domains; i++) { 2672 dom = &keg->uk_domain[i]; 2673 oid = SYSCTL_ADD_NODE(NULL, SYSCTL_CHILDREN(domainoid), 2674 OID_AUTO, VM_DOMAIN(i)->vmd_name, 2675 CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, ""); 2676 SYSCTL_ADD_U32(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2677 "pages", CTLFLAG_RD, &dom->ud_pages, 0, 2678 "Total pages currently allocated from VM"); 2679 SYSCTL_ADD_U32(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2680 "free_items", CTLFLAG_RD, &dom->ud_free_items, 0, 2681 "Items free in the slab layer"); 2682 SYSCTL_ADD_U32(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2683 "free_slabs", CTLFLAG_RD, &dom->ud_free_slabs, 0, 2684 "Unused slabs"); 2685 } 2686 } else 2687 SYSCTL_ADD_CONST_STRING(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2688 "name", CTLFLAG_RD, nokeg, "Keg name"); 2689 2690 /* 2691 * Information about zone limits. 2692 */ 2693 oid = SYSCTL_ADD_NODE(NULL, SYSCTL_CHILDREN(zone->uz_oid), OID_AUTO, 2694 "limit", CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, ""); 2695 SYSCTL_ADD_PROC(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2696 "items", CTLFLAG_RD | CTLTYPE_U64 | CTLFLAG_MPSAFE, 2697 zone, 0, sysctl_handle_uma_zone_items, "QU", 2698 "Current number of allocated items if limit is set"); 2699 SYSCTL_ADD_U64(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2700 "max_items", CTLFLAG_RD, &zone->uz_max_items, 0, 2701 "Maximum number of allocated and cached items"); 2702 SYSCTL_ADD_U32(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2703 "sleepers", CTLFLAG_RD, &zone->uz_sleepers, 0, 2704 "Number of threads sleeping at limit"); 2705 SYSCTL_ADD_U64(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2706 "sleeps", CTLFLAG_RD, &zone->uz_sleeps, 0, 2707 "Total zone limit sleeps"); 2708 SYSCTL_ADD_U64(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2709 "bucket_max", CTLFLAG_RD, &zone->uz_bucket_max, 0, 2710 "Maximum number of items in each domain's bucket cache"); 2711 2712 /* 2713 * Per-domain zone information. 2714 */ 2715 domainoid = SYSCTL_ADD_NODE(NULL, SYSCTL_CHILDREN(zone->uz_oid), 2716 OID_AUTO, "domain", CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, ""); 2717 for (i = 0; i < domains; i++) { 2718 zdom = ZDOM_GET(zone, i); 2719 oid = SYSCTL_ADD_NODE(NULL, SYSCTL_CHILDREN(domainoid), 2720 OID_AUTO, VM_DOMAIN(i)->vmd_name, 2721 CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, ""); 2722 SYSCTL_ADD_LONG(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2723 "nitems", CTLFLAG_RD, &zdom->uzd_nitems, 2724 "number of items in this domain"); 2725 SYSCTL_ADD_LONG(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2726 "imax", CTLFLAG_RD, &zdom->uzd_imax, 2727 "maximum item count in this period"); 2728 SYSCTL_ADD_LONG(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2729 "imin", CTLFLAG_RD, &zdom->uzd_imin, 2730 "minimum item count in this period"); 2731 SYSCTL_ADD_LONG(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2732 "bimin", CTLFLAG_RD, &zdom->uzd_bimin, 2733 "Minimum item count in this batch"); 2734 SYSCTL_ADD_LONG(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2735 "wss", CTLFLAG_RD, &zdom->uzd_wss, 2736 "Working set size"); 2737 SYSCTL_ADD_LONG(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2738 "limin", CTLFLAG_RD, &zdom->uzd_limin, 2739 "Long time minimum item count"); 2740 SYSCTL_ADD_INT(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2741 "timin", CTLFLAG_RD, &zdom->uzd_timin, 0, 2742 "Time since zero long time minimum item count"); 2743 } 2744 2745 /* 2746 * General statistics. 2747 */ 2748 oid = SYSCTL_ADD_NODE(NULL, SYSCTL_CHILDREN(zone->uz_oid), OID_AUTO, 2749 "stats", CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, ""); 2750 SYSCTL_ADD_PROC(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2751 "current", CTLFLAG_RD | CTLTYPE_INT | CTLFLAG_MPSAFE, 2752 zone, 1, sysctl_handle_uma_zone_cur, "I", 2753 "Current number of allocated items"); 2754 SYSCTL_ADD_PROC(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2755 "allocs", CTLFLAG_RD | CTLTYPE_U64 | CTLFLAG_MPSAFE, 2756 zone, 0, sysctl_handle_uma_zone_allocs, "QU", 2757 "Total allocation calls"); 2758 SYSCTL_ADD_PROC(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2759 "frees", CTLFLAG_RD | CTLTYPE_U64 | CTLFLAG_MPSAFE, 2760 zone, 0, sysctl_handle_uma_zone_frees, "QU", 2761 "Total free calls"); 2762 SYSCTL_ADD_COUNTER_U64(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2763 "fails", CTLFLAG_RD, &zone->uz_fails, 2764 "Number of allocation failures"); 2765 SYSCTL_ADD_COUNTER_U64(NULL, SYSCTL_CHILDREN(oid), OID_AUTO, 2766 "xdomain", CTLFLAG_RD, &zone->uz_xdomain, 2767 "Free calls from the wrong domain"); 2768 } 2769 2770 struct uma_zone_count { 2771 const char *name; 2772 int count; 2773 }; 2774 2775 static void 2776 zone_count(uma_zone_t zone, void *arg) 2777 { 2778 struct uma_zone_count *cnt; 2779 2780 cnt = arg; 2781 /* 2782 * Some zones are rapidly created with identical names and 2783 * destroyed out of order. This can lead to gaps in the count. 2784 * Use one greater than the maximum observed for this name. 2785 */ 2786 if (strcmp(zone->uz_name, cnt->name) == 0) 2787 cnt->count = MAX(cnt->count, 2788 zone->uz_namecnt + 1); 2789 } 2790 2791 static void 2792 zone_update_caches(uma_zone_t zone) 2793 { 2794 int i; 2795 2796 for (i = 0; i <= mp_maxid; i++) { 2797 cache_set_uz_size(&zone->uz_cpu[i], zone->uz_size); 2798 cache_set_uz_flags(&zone->uz_cpu[i], zone->uz_flags); 2799 } 2800 } 2801 2802 /* 2803 * Zone header ctor. This initializes all fields, locks, etc. 2804 * 2805 * Arguments/Returns follow uma_ctor specifications 2806 * udata Actually uma_zctor_args 2807 */ 2808 static int 2809 zone_ctor(void *mem, int size, void *udata, int flags) 2810 { 2811 struct uma_zone_count cnt; 2812 struct uma_zctor_args *arg = udata; 2813 uma_zone_domain_t zdom; 2814 uma_zone_t zone = mem; 2815 uma_zone_t z; 2816 uma_keg_t keg; 2817 int i; 2818 2819 bzero(zone, size); 2820 zone->uz_name = arg->name; 2821 zone->uz_ctor = arg->ctor; 2822 zone->uz_dtor = arg->dtor; 2823 zone->uz_init = NULL; 2824 zone->uz_fini = NULL; 2825 zone->uz_sleeps = 0; 2826 zone->uz_bucket_size = 0; 2827 zone->uz_bucket_size_min = 0; 2828 zone->uz_bucket_size_max = BUCKET_MAX; 2829 zone->uz_flags = (arg->flags & UMA_ZONE_SMR); 2830 zone->uz_warning = NULL; 2831 /* The domain structures follow the cpu structures. */ 2832 zone->uz_bucket_max = ULONG_MAX; 2833 timevalclear(&zone->uz_ratecheck); 2834 2835 /* Count the number of duplicate names. */ 2836 cnt.name = arg->name; 2837 cnt.count = 0; 2838 zone_foreach(zone_count, &cnt); 2839 zone->uz_namecnt = cnt.count; 2840 ZONE_CROSS_LOCK_INIT(zone); 2841 2842 for (i = 0; i < vm_ndomains; i++) { 2843 zdom = ZDOM_GET(zone, i); 2844 ZDOM_LOCK_INIT(zone, zdom, (arg->flags & UMA_ZONE_MTXCLASS)); 2845 STAILQ_INIT(&zdom->uzd_buckets); 2846 } 2847 2848 #if defined(INVARIANTS) && !defined(KASAN) && !defined(KMSAN) 2849 if (arg->uminit == trash_init && arg->fini == trash_fini) 2850 zone->uz_flags |= UMA_ZFLAG_TRASH | UMA_ZFLAG_CTORDTOR; 2851 #elif defined(KASAN) 2852 if ((arg->flags & (UMA_ZONE_NOFREE | UMA_ZFLAG_CACHE)) != 0) 2853 arg->flags |= UMA_ZONE_NOKASAN; 2854 #endif 2855 2856 /* 2857 * This is a pure cache zone, no kegs. 2858 */ 2859 if (arg->import) { 2860 KASSERT((arg->flags & UMA_ZFLAG_CACHE) != 0, 2861 ("zone_ctor: Import specified for non-cache zone.")); 2862 zone->uz_flags = arg->flags; 2863 zone->uz_size = arg->size; 2864 zone->uz_import = arg->import; 2865 zone->uz_release = arg->release; 2866 zone->uz_arg = arg->arg; 2867 #ifdef NUMA 2868 /* 2869 * Cache zones are round-robin unless a policy is 2870 * specified because they may have incompatible 2871 * constraints. 2872 */ 2873 if ((zone->uz_flags & UMA_ZONE_FIRSTTOUCH) == 0) 2874 zone->uz_flags |= UMA_ZONE_ROUNDROBIN; 2875 #endif 2876 rw_wlock(&uma_rwlock); 2877 LIST_INSERT_HEAD(&uma_cachezones, zone, uz_link); 2878 rw_wunlock(&uma_rwlock); 2879 goto out; 2880 } 2881 2882 /* 2883 * Use the regular zone/keg/slab allocator. 2884 */ 2885 zone->uz_import = zone_import; 2886 zone->uz_release = zone_release; 2887 zone->uz_arg = zone; 2888 keg = arg->keg; 2889 2890 if (arg->flags & UMA_ZONE_SECONDARY) { 2891 KASSERT((zone->uz_flags & UMA_ZONE_SECONDARY) == 0, 2892 ("Secondary zone requested UMA_ZFLAG_INTERNAL")); 2893 KASSERT(arg->keg != NULL, ("Secondary zone on zero'd keg")); 2894 zone->uz_init = arg->uminit; 2895 zone->uz_fini = arg->fini; 2896 zone->uz_flags |= UMA_ZONE_SECONDARY; 2897 rw_wlock(&uma_rwlock); 2898 ZONE_LOCK(zone); 2899 LIST_FOREACH(z, &keg->uk_zones, uz_link) { 2900 if (LIST_NEXT(z, uz_link) == NULL) { 2901 LIST_INSERT_AFTER(z, zone, uz_link); 2902 break; 2903 } 2904 } 2905 ZONE_UNLOCK(zone); 2906 rw_wunlock(&uma_rwlock); 2907 } else if (keg == NULL) { 2908 if ((keg = uma_kcreate(zone, arg->size, arg->uminit, arg->fini, 2909 arg->align, arg->flags)) == NULL) 2910 return (ENOMEM); 2911 } else { 2912 struct uma_kctor_args karg; 2913 int error; 2914 2915 /* We should only be here from uma_startup() */ 2916 karg.size = arg->size; 2917 karg.uminit = arg->uminit; 2918 karg.fini = arg->fini; 2919 karg.align = arg->align; 2920 karg.flags = (arg->flags & ~UMA_ZONE_SMR); 2921 karg.zone = zone; 2922 error = keg_ctor(arg->keg, sizeof(struct uma_keg), &karg, 2923 flags); 2924 if (error) 2925 return (error); 2926 } 2927 2928 /* Inherit properties from the keg. */ 2929 zone->uz_keg = keg; 2930 zone->uz_size = keg->uk_size; 2931 zone->uz_flags |= (keg->uk_flags & 2932 (UMA_ZONE_INHERIT | UMA_ZFLAG_INHERIT)); 2933 2934 out: 2935 if (booted >= BOOT_PCPU) { 2936 zone_alloc_counters(zone, NULL); 2937 if (booted >= BOOT_RUNNING) 2938 zone_alloc_sysctl(zone, NULL); 2939 } else { 2940 zone->uz_allocs = EARLY_COUNTER; 2941 zone->uz_frees = EARLY_COUNTER; 2942 zone->uz_fails = EARLY_COUNTER; 2943 } 2944 2945 /* Caller requests a private SMR context. */ 2946 if ((zone->uz_flags & UMA_ZONE_SMR) != 0) 2947 zone->uz_smr = smr_create(zone->uz_name, 0, 0); 2948 2949 KASSERT((arg->flags & (UMA_ZONE_MAXBUCKET | UMA_ZONE_NOBUCKET)) != 2950 (UMA_ZONE_MAXBUCKET | UMA_ZONE_NOBUCKET), 2951 ("Invalid zone flag combination")); 2952 if (arg->flags & UMA_ZFLAG_INTERNAL) 2953 zone->uz_bucket_size_max = zone->uz_bucket_size = 0; 2954 if ((arg->flags & UMA_ZONE_MAXBUCKET) != 0) 2955 zone->uz_bucket_size = BUCKET_MAX; 2956 else if ((arg->flags & UMA_ZONE_NOBUCKET) != 0) 2957 zone->uz_bucket_size = 0; 2958 else 2959 zone->uz_bucket_size = bucket_select(zone->uz_size); 2960 zone->uz_bucket_size_min = zone->uz_bucket_size; 2961 if (zone->uz_dtor != NULL || zone->uz_ctor != NULL) 2962 zone->uz_flags |= UMA_ZFLAG_CTORDTOR; 2963 zone_update_caches(zone); 2964 2965 return (0); 2966 } 2967 2968 /* 2969 * Keg header dtor. This frees all data, destroys locks, frees the hash 2970 * table and removes the keg from the global list. 2971 * 2972 * Arguments/Returns follow uma_dtor specifications 2973 * udata unused 2974 */ 2975 static void 2976 keg_dtor(void *arg, int size, void *udata) 2977 { 2978 uma_keg_t keg; 2979 uint32_t free, pages; 2980 int i; 2981 2982 keg = (uma_keg_t)arg; 2983 free = pages = 0; 2984 for (i = 0; i < vm_ndomains; i++) { 2985 free += keg->uk_domain[i].ud_free_items; 2986 pages += keg->uk_domain[i].ud_pages; 2987 KEG_LOCK_FINI(keg, i); 2988 } 2989 if (pages != 0) 2990 printf("Freed UMA keg (%s) was not empty (%u items). " 2991 " Lost %u pages of memory.\n", 2992 keg->uk_name ? keg->uk_name : "", 2993 pages / keg->uk_ppera * keg->uk_ipers - free, pages); 2994 2995 hash_free(&keg->uk_hash); 2996 } 2997 2998 /* 2999 * Zone header dtor. 3000 * 3001 * Arguments/Returns follow uma_dtor specifications 3002 * udata unused 3003 */ 3004 static void 3005 zone_dtor(void *arg, int size, void *udata) 3006 { 3007 uma_zone_t zone; 3008 uma_keg_t keg; 3009 int i; 3010 3011 zone = (uma_zone_t)arg; 3012 3013 sysctl_remove_oid(zone->uz_oid, 1, 1); 3014 3015 if (!(zone->uz_flags & UMA_ZFLAG_INTERNAL)) 3016 cache_drain(zone); 3017 3018 rw_wlock(&uma_rwlock); 3019 LIST_REMOVE(zone, uz_link); 3020 rw_wunlock(&uma_rwlock); 3021 if ((zone->uz_flags & (UMA_ZONE_SECONDARY | UMA_ZFLAG_CACHE)) == 0) { 3022 keg = zone->uz_keg; 3023 keg->uk_reserve = 0; 3024 } 3025 zone_reclaim(zone, UMA_ANYDOMAIN, M_WAITOK, true); 3026 3027 /* 3028 * We only destroy kegs from non secondary/non cache zones. 3029 */ 3030 if ((zone->uz_flags & (UMA_ZONE_SECONDARY | UMA_ZFLAG_CACHE)) == 0) { 3031 keg = zone->uz_keg; 3032 rw_wlock(&uma_rwlock); 3033 LIST_REMOVE(keg, uk_link); 3034 rw_wunlock(&uma_rwlock); 3035 zone_free_item(kegs, keg, NULL, SKIP_NONE); 3036 } 3037 counter_u64_free(zone->uz_allocs); 3038 counter_u64_free(zone->uz_frees); 3039 counter_u64_free(zone->uz_fails); 3040 counter_u64_free(zone->uz_xdomain); 3041 free(zone->uz_ctlname, M_UMA); 3042 for (i = 0; i < vm_ndomains; i++) 3043 ZDOM_LOCK_FINI(ZDOM_GET(zone, i)); 3044 ZONE_CROSS_LOCK_FINI(zone); 3045 } 3046 3047 static void 3048 zone_foreach_unlocked(void (*zfunc)(uma_zone_t, void *arg), void *arg) 3049 { 3050 uma_keg_t keg; 3051 uma_zone_t zone; 3052 3053 LIST_FOREACH(keg, &uma_kegs, uk_link) { 3054 LIST_FOREACH(zone, &keg->uk_zones, uz_link) 3055 zfunc(zone, arg); 3056 } 3057 LIST_FOREACH(zone, &uma_cachezones, uz_link) 3058 zfunc(zone, arg); 3059 } 3060 3061 /* 3062 * Traverses every zone in the system and calls a callback 3063 * 3064 * Arguments: 3065 * zfunc A pointer to a function which accepts a zone 3066 * as an argument. 3067 * 3068 * Returns: 3069 * Nothing 3070 */ 3071 static void 3072 zone_foreach(void (*zfunc)(uma_zone_t, void *arg), void *arg) 3073 { 3074 3075 rw_rlock(&uma_rwlock); 3076 zone_foreach_unlocked(zfunc, arg); 3077 rw_runlock(&uma_rwlock); 3078 } 3079 3080 /* 3081 * Initialize the kernel memory allocator. This is done after pages can be 3082 * allocated but before general KVA is available. 3083 */ 3084 void 3085 uma_startup1(vm_offset_t virtual_avail) 3086 { 3087 struct uma_zctor_args args; 3088 size_t ksize, zsize, size; 3089 uma_keg_t primarykeg; 3090 uintptr_t m; 3091 int domain; 3092 uint8_t pflag; 3093 3094 bootstart = bootmem = virtual_avail; 3095 3096 rw_init(&uma_rwlock, "UMA lock"); 3097 sx_init(&uma_reclaim_lock, "umareclaim"); 3098 3099 ksize = sizeof(struct uma_keg) + 3100 (sizeof(struct uma_domain) * vm_ndomains); 3101 ksize = roundup(ksize, UMA_SUPER_ALIGN); 3102 zsize = sizeof(struct uma_zone) + 3103 (sizeof(struct uma_cache) * (mp_maxid + 1)) + 3104 (sizeof(struct uma_zone_domain) * vm_ndomains); 3105 zsize = roundup(zsize, UMA_SUPER_ALIGN); 3106 3107 /* Allocate the zone of zones, zone of kegs, and zone of zones keg. */ 3108 size = (zsize * 2) + ksize; 3109 for (domain = 0; domain < vm_ndomains; domain++) { 3110 m = (uintptr_t)startup_alloc(NULL, size, domain, &pflag, 3111 M_NOWAIT | M_ZERO); 3112 if (m != 0) 3113 break; 3114 } 3115 zones = (uma_zone_t)m; 3116 m += zsize; 3117 kegs = (uma_zone_t)m; 3118 m += zsize; 3119 primarykeg = (uma_keg_t)m; 3120 3121 /* "manually" create the initial zone */ 3122 memset(&args, 0, sizeof(args)); 3123 args.name = "UMA Kegs"; 3124 args.size = ksize; 3125 args.ctor = keg_ctor; 3126 args.dtor = keg_dtor; 3127 args.uminit = zero_init; 3128 args.fini = NULL; 3129 args.keg = primarykeg; 3130 args.align = UMA_SUPER_ALIGN - 1; 3131 args.flags = UMA_ZFLAG_INTERNAL; 3132 zone_ctor(kegs, zsize, &args, M_WAITOK); 3133 3134 args.name = "UMA Zones"; 3135 args.size = zsize; 3136 args.ctor = zone_ctor; 3137 args.dtor = zone_dtor; 3138 args.uminit = zero_init; 3139 args.fini = NULL; 3140 args.keg = NULL; 3141 args.align = UMA_SUPER_ALIGN - 1; 3142 args.flags = UMA_ZFLAG_INTERNAL; 3143 zone_ctor(zones, zsize, &args, M_WAITOK); 3144 3145 /* Now make zones for slab headers */ 3146 slabzones[0] = uma_zcreate("UMA Slabs 0", SLABZONE0_SIZE, 3147 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZFLAG_INTERNAL); 3148 slabzones[1] = uma_zcreate("UMA Slabs 1", SLABZONE1_SIZE, 3149 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZFLAG_INTERNAL); 3150 3151 hashzone = uma_zcreate("UMA Hash", 3152 sizeof(struct slabhead *) * UMA_HASH_SIZE_INIT, 3153 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZFLAG_INTERNAL); 3154 3155 bucket_init(); 3156 smr_init(); 3157 } 3158 3159 #ifndef UMA_MD_SMALL_ALLOC 3160 extern void vm_radix_reserve_kva(void); 3161 #endif 3162 3163 /* 3164 * Advertise the availability of normal kva allocations and switch to 3165 * the default back-end allocator. Marks the KVA we consumed on startup 3166 * as used in the map. 3167 */ 3168 void 3169 uma_startup2(void) 3170 { 3171 3172 if (bootstart != bootmem) { 3173 vm_map_lock(kernel_map); 3174 (void)vm_map_insert(kernel_map, NULL, 0, bootstart, bootmem, 3175 VM_PROT_RW, VM_PROT_RW, MAP_NOFAULT); 3176 vm_map_unlock(kernel_map); 3177 } 3178 3179 #ifndef UMA_MD_SMALL_ALLOC 3180 /* Set up radix zone to use noobj_alloc. */ 3181 vm_radix_reserve_kva(); 3182 #endif 3183 3184 booted = BOOT_KVA; 3185 zone_foreach_unlocked(zone_kva_available, NULL); 3186 bucket_enable(); 3187 } 3188 3189 /* 3190 * Allocate counters as early as possible so that boot-time allocations are 3191 * accounted more precisely. 3192 */ 3193 static void 3194 uma_startup_pcpu(void *arg __unused) 3195 { 3196 3197 zone_foreach_unlocked(zone_alloc_counters, NULL); 3198 booted = BOOT_PCPU; 3199 } 3200 SYSINIT(uma_startup_pcpu, SI_SUB_COUNTER, SI_ORDER_ANY, uma_startup_pcpu, NULL); 3201 3202 /* 3203 * Finish our initialization steps. 3204 */ 3205 static void 3206 uma_startup3(void *arg __unused) 3207 { 3208 3209 #ifdef INVARIANTS 3210 TUNABLE_INT_FETCH("vm.debug.divisor", &dbg_divisor); 3211 uma_dbg_cnt = counter_u64_alloc(M_WAITOK); 3212 uma_skip_cnt = counter_u64_alloc(M_WAITOK); 3213 #endif 3214 zone_foreach_unlocked(zone_alloc_sysctl, NULL); 3215 booted = BOOT_RUNNING; 3216 3217 EVENTHANDLER_REGISTER(shutdown_post_sync, uma_shutdown, NULL, 3218 EVENTHANDLER_PRI_FIRST); 3219 } 3220 SYSINIT(uma_startup3, SI_SUB_VM_CONF, SI_ORDER_SECOND, uma_startup3, NULL); 3221 3222 static void 3223 uma_startup4(void *arg __unused) 3224 { 3225 TIMEOUT_TASK_INIT(taskqueue_thread, &uma_timeout_task, 0, uma_timeout, 3226 NULL); 3227 taskqueue_enqueue_timeout(taskqueue_thread, &uma_timeout_task, 3228 UMA_TIMEOUT * hz); 3229 } 3230 SYSINIT(uma_startup4, SI_SUB_TASKQ, SI_ORDER_ANY, uma_startup4, NULL); 3231 3232 static void 3233 uma_shutdown(void) 3234 { 3235 3236 booted = BOOT_SHUTDOWN; 3237 } 3238 3239 static uma_keg_t 3240 uma_kcreate(uma_zone_t zone, size_t size, uma_init uminit, uma_fini fini, 3241 int align, uint32_t flags) 3242 { 3243 struct uma_kctor_args args; 3244 3245 args.size = size; 3246 args.uminit = uminit; 3247 args.fini = fini; 3248 args.align = (align == UMA_ALIGN_CACHE) ? uma_align_cache : align; 3249 args.flags = flags; 3250 args.zone = zone; 3251 return (zone_alloc_item(kegs, &args, UMA_ANYDOMAIN, M_WAITOK)); 3252 } 3253 3254 /* Public functions */ 3255 /* See uma.h */ 3256 void 3257 uma_set_align(int align) 3258 { 3259 3260 if (align != UMA_ALIGN_CACHE) 3261 uma_align_cache = align; 3262 } 3263 3264 /* See uma.h */ 3265 uma_zone_t 3266 uma_zcreate(const char *name, size_t size, uma_ctor ctor, uma_dtor dtor, 3267 uma_init uminit, uma_fini fini, int align, uint32_t flags) 3268 3269 { 3270 struct uma_zctor_args args; 3271 uma_zone_t res; 3272 3273 KASSERT(powerof2(align + 1), ("invalid zone alignment %d for \"%s\"", 3274 align, name)); 3275 3276 /* This stuff is essential for the zone ctor */ 3277 memset(&args, 0, sizeof(args)); 3278 args.name = name; 3279 args.size = size; 3280 args.ctor = ctor; 3281 args.dtor = dtor; 3282 args.uminit = uminit; 3283 args.fini = fini; 3284 #if defined(INVARIANTS) && !defined(KASAN) && !defined(KMSAN) 3285 /* 3286 * Inject procedures which check for memory use after free if we are 3287 * allowed to scramble the memory while it is not allocated. This 3288 * requires that: UMA is actually able to access the memory, no init 3289 * or fini procedures, no dependency on the initial value of the 3290 * memory, and no (legitimate) use of the memory after free. Note, 3291 * the ctor and dtor do not need to be empty. 3292 */ 3293 if ((!(flags & (UMA_ZONE_ZINIT | UMA_ZONE_NOTOUCH | 3294 UMA_ZONE_NOFREE))) && uminit == NULL && fini == NULL) { 3295 args.uminit = trash_init; 3296 args.fini = trash_fini; 3297 } 3298 #endif 3299 args.align = align; 3300 args.flags = flags; 3301 args.keg = NULL; 3302 3303 sx_xlock(&uma_reclaim_lock); 3304 res = zone_alloc_item(zones, &args, UMA_ANYDOMAIN, M_WAITOK); 3305 sx_xunlock(&uma_reclaim_lock); 3306 3307 return (res); 3308 } 3309 3310 /* See uma.h */ 3311 uma_zone_t 3312 uma_zsecond_create(const char *name, uma_ctor ctor, uma_dtor dtor, 3313 uma_init zinit, uma_fini zfini, uma_zone_t primary) 3314 { 3315 struct uma_zctor_args args; 3316 uma_keg_t keg; 3317 uma_zone_t res; 3318 3319 keg = primary->uz_keg; 3320 memset(&args, 0, sizeof(args)); 3321 args.name = name; 3322 args.size = keg->uk_size; 3323 args.ctor = ctor; 3324 args.dtor = dtor; 3325 args.uminit = zinit; 3326 args.fini = zfini; 3327 args.align = keg->uk_align; 3328 args.flags = keg->uk_flags | UMA_ZONE_SECONDARY; 3329 args.keg = keg; 3330 3331 sx_xlock(&uma_reclaim_lock); 3332 res = zone_alloc_item(zones, &args, UMA_ANYDOMAIN, M_WAITOK); 3333 sx_xunlock(&uma_reclaim_lock); 3334 3335 return (res); 3336 } 3337 3338 /* See uma.h */ 3339 uma_zone_t 3340 uma_zcache_create(const char *name, int size, uma_ctor ctor, uma_dtor dtor, 3341 uma_init zinit, uma_fini zfini, uma_import zimport, uma_release zrelease, 3342 void *arg, int flags) 3343 { 3344 struct uma_zctor_args args; 3345 3346 memset(&args, 0, sizeof(args)); 3347 args.name = name; 3348 args.size = size; 3349 args.ctor = ctor; 3350 args.dtor = dtor; 3351 args.uminit = zinit; 3352 args.fini = zfini; 3353 args.import = zimport; 3354 args.release = zrelease; 3355 args.arg = arg; 3356 args.align = 0; 3357 args.flags = flags | UMA_ZFLAG_CACHE; 3358 3359 return (zone_alloc_item(zones, &args, UMA_ANYDOMAIN, M_WAITOK)); 3360 } 3361 3362 /* See uma.h */ 3363 void 3364 uma_zdestroy(uma_zone_t zone) 3365 { 3366 3367 /* 3368 * Large slabs are expensive to reclaim, so don't bother doing 3369 * unnecessary work if we're shutting down. 3370 */ 3371 if (booted == BOOT_SHUTDOWN && 3372 zone->uz_fini == NULL && zone->uz_release == zone_release) 3373 return; 3374 sx_xlock(&uma_reclaim_lock); 3375 zone_free_item(zones, zone, NULL, SKIP_NONE); 3376 sx_xunlock(&uma_reclaim_lock); 3377 } 3378 3379 void 3380 uma_zwait(uma_zone_t zone) 3381 { 3382 3383 if ((zone->uz_flags & UMA_ZONE_SMR) != 0) 3384 uma_zfree_smr(zone, uma_zalloc_smr(zone, M_WAITOK)); 3385 else if ((zone->uz_flags & UMA_ZONE_PCPU) != 0) 3386 uma_zfree_pcpu(zone, uma_zalloc_pcpu(zone, M_WAITOK)); 3387 else 3388 uma_zfree(zone, uma_zalloc(zone, M_WAITOK)); 3389 } 3390 3391 void * 3392 uma_zalloc_pcpu_arg(uma_zone_t zone, void *udata, int flags) 3393 { 3394 void *item, *pcpu_item; 3395 #ifdef SMP 3396 int i; 3397 3398 MPASS(zone->uz_flags & UMA_ZONE_PCPU); 3399 #endif 3400 item = uma_zalloc_arg(zone, udata, flags & ~M_ZERO); 3401 if (item == NULL) 3402 return (NULL); 3403 pcpu_item = zpcpu_base_to_offset(item); 3404 if (flags & M_ZERO) { 3405 #ifdef SMP 3406 for (i = 0; i <= mp_maxid; i++) 3407 bzero(zpcpu_get_cpu(pcpu_item, i), zone->uz_size); 3408 #else 3409 bzero(item, zone->uz_size); 3410 #endif 3411 } 3412 return (pcpu_item); 3413 } 3414 3415 /* 3416 * A stub while both regular and pcpu cases are identical. 3417 */ 3418 void 3419 uma_zfree_pcpu_arg(uma_zone_t zone, void *pcpu_item, void *udata) 3420 { 3421 void *item; 3422 3423 #ifdef SMP 3424 MPASS(zone->uz_flags & UMA_ZONE_PCPU); 3425 #endif 3426 3427 /* uma_zfree_pcu_*(..., NULL) does nothing, to match free(9). */ 3428 if (pcpu_item == NULL) 3429 return; 3430 3431 item = zpcpu_offset_to_base(pcpu_item); 3432 uma_zfree_arg(zone, item, udata); 3433 } 3434 3435 static inline void * 3436 item_ctor(uma_zone_t zone, int uz_flags, int size, void *udata, int flags, 3437 void *item) 3438 { 3439 #ifdef INVARIANTS 3440 bool skipdbg; 3441 #endif 3442 3443 kasan_mark_item_valid(zone, item); 3444 kmsan_mark_item_uninitialized(zone, item); 3445 3446 #ifdef INVARIANTS 3447 skipdbg = uma_dbg_zskip(zone, item); 3448 if (!skipdbg && (uz_flags & UMA_ZFLAG_TRASH) != 0 && 3449 zone->uz_ctor != trash_ctor) 3450 trash_ctor(item, size, udata, flags); 3451 #endif 3452 3453 /* Check flags before loading ctor pointer. */ 3454 if (__predict_false((uz_flags & UMA_ZFLAG_CTORDTOR) != 0) && 3455 __predict_false(zone->uz_ctor != NULL) && 3456 zone->uz_ctor(item, size, udata, flags) != 0) { 3457 counter_u64_add(zone->uz_fails, 1); 3458 zone_free_item(zone, item, udata, SKIP_DTOR | SKIP_CNT); 3459 return (NULL); 3460 } 3461 #ifdef INVARIANTS 3462 if (!skipdbg) 3463 uma_dbg_alloc(zone, NULL, item); 3464 #endif 3465 if (__predict_false(flags & M_ZERO)) 3466 return (memset(item, 0, size)); 3467 3468 return (item); 3469 } 3470 3471 static inline void 3472 item_dtor(uma_zone_t zone, void *item, int size, void *udata, 3473 enum zfreeskip skip) 3474 { 3475 #ifdef INVARIANTS 3476 bool skipdbg; 3477 3478 skipdbg = uma_dbg_zskip(zone, item); 3479 if (skip == SKIP_NONE && !skipdbg) { 3480 if ((zone->uz_flags & UMA_ZONE_MALLOC) != 0) 3481 uma_dbg_free(zone, udata, item); 3482 else 3483 uma_dbg_free(zone, NULL, item); 3484 } 3485 #endif 3486 if (__predict_true(skip < SKIP_DTOR)) { 3487 if (zone->uz_dtor != NULL) 3488 zone->uz_dtor(item, size, udata); 3489 #ifdef INVARIANTS 3490 if (!skipdbg && (zone->uz_flags & UMA_ZFLAG_TRASH) != 0 && 3491 zone->uz_dtor != trash_dtor) 3492 trash_dtor(item, size, udata); 3493 #endif 3494 } 3495 kasan_mark_item_invalid(zone, item); 3496 } 3497 3498 #ifdef NUMA 3499 static int 3500 item_domain(void *item) 3501 { 3502 int domain; 3503 3504 domain = vm_phys_domain(vtophys(item)); 3505 KASSERT(domain >= 0 && domain < vm_ndomains, 3506 ("%s: unknown domain for item %p", __func__, item)); 3507 return (domain); 3508 } 3509 #endif 3510 3511 #if defined(INVARIANTS) || defined(DEBUG_MEMGUARD) || defined(WITNESS) 3512 #if defined(INVARIANTS) && (defined(DDB) || defined(STACK)) 3513 #include <sys/stack.h> 3514 #endif 3515 #define UMA_ZALLOC_DEBUG 3516 static int 3517 uma_zalloc_debug(uma_zone_t zone, void **itemp, void *udata, int flags) 3518 { 3519 int error; 3520 3521 error = 0; 3522 #ifdef WITNESS 3523 if (flags & M_WAITOK) { 3524 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 3525 "uma_zalloc_debug: zone \"%s\"", zone->uz_name); 3526 } 3527 #endif 3528 3529 #ifdef INVARIANTS 3530 KASSERT((flags & M_EXEC) == 0, 3531 ("uma_zalloc_debug: called with M_EXEC")); 3532 KASSERT(curthread->td_critnest == 0 || SCHEDULER_STOPPED(), 3533 ("uma_zalloc_debug: called within spinlock or critical section")); 3534 KASSERT((zone->uz_flags & UMA_ZONE_PCPU) == 0 || (flags & M_ZERO) == 0, 3535 ("uma_zalloc_debug: allocating from a pcpu zone with M_ZERO")); 3536 3537 _Static_assert(M_NOWAIT != 0 && M_WAITOK != 0, 3538 "M_NOWAIT and M_WAITOK must be non-zero for this assertion:"); 3539 #if 0 3540 /* 3541 * Give the #elif clause time to find problems, then remove it 3542 * and enable this. (Remove <sys/stack.h> above, too.) 3543 */ 3544 KASSERT((flags & (M_NOWAIT|M_WAITOK)) == M_NOWAIT || 3545 (flags & (M_NOWAIT|M_WAITOK)) == M_WAITOK, 3546 ("uma_zalloc_debug: must pass one of M_NOWAIT or M_WAITOK")); 3547 #elif defined(DDB) || defined(STACK) 3548 if (__predict_false((flags & (M_NOWAIT|M_WAITOK)) != M_NOWAIT && 3549 (flags & (M_NOWAIT|M_WAITOK)) != M_WAITOK)) { 3550 static int stack_count; 3551 struct stack st; 3552 3553 if (stack_count < 10) { 3554 ++stack_count; 3555 printf("uma_zalloc* called with bad WAIT flags:\n"); 3556 stack_save(&st); 3557 stack_print(&st); 3558 } 3559 } 3560 #endif 3561 #endif 3562 3563 #ifdef DEBUG_MEMGUARD 3564 if ((zone->uz_flags & (UMA_ZONE_SMR | UMA_ZFLAG_CACHE)) == 0 && 3565 memguard_cmp_zone(zone)) { 3566 void *item; 3567 item = memguard_alloc(zone->uz_size, flags); 3568 if (item != NULL) { 3569 error = EJUSTRETURN; 3570 if (zone->uz_init != NULL && 3571 zone->uz_init(item, zone->uz_size, flags) != 0) { 3572 *itemp = NULL; 3573 return (error); 3574 } 3575 if (zone->uz_ctor != NULL && 3576 zone->uz_ctor(item, zone->uz_size, udata, 3577 flags) != 0) { 3578 counter_u64_add(zone->uz_fails, 1); 3579 if (zone->uz_fini != NULL) 3580 zone->uz_fini(item, zone->uz_size); 3581 *itemp = NULL; 3582 return (error); 3583 } 3584 *itemp = item; 3585 return (error); 3586 } 3587 /* This is unfortunate but should not be fatal. */ 3588 } 3589 #endif 3590 return (error); 3591 } 3592 3593 static int 3594 uma_zfree_debug(uma_zone_t zone, void *item, void *udata) 3595 { 3596 KASSERT(curthread->td_critnest == 0 || SCHEDULER_STOPPED(), 3597 ("uma_zfree_debug: called with spinlock or critical section held")); 3598 3599 #ifdef DEBUG_MEMGUARD 3600 if ((zone->uz_flags & (UMA_ZONE_SMR | UMA_ZFLAG_CACHE)) == 0 && 3601 is_memguard_addr(item)) { 3602 if (zone->uz_dtor != NULL) 3603 zone->uz_dtor(item, zone->uz_size, udata); 3604 if (zone->uz_fini != NULL) 3605 zone->uz_fini(item, zone->uz_size); 3606 memguard_free(item); 3607 return (EJUSTRETURN); 3608 } 3609 #endif 3610 return (0); 3611 } 3612 #endif 3613 3614 static inline void * 3615 cache_alloc_item(uma_zone_t zone, uma_cache_t cache, uma_cache_bucket_t bucket, 3616 void *udata, int flags) 3617 { 3618 void *item; 3619 int size, uz_flags; 3620 3621 item = cache_bucket_pop(cache, bucket); 3622 size = cache_uz_size(cache); 3623 uz_flags = cache_uz_flags(cache); 3624 critical_exit(); 3625 return (item_ctor(zone, uz_flags, size, udata, flags, item)); 3626 } 3627 3628 static __noinline void * 3629 cache_alloc_retry(uma_zone_t zone, uma_cache_t cache, void *udata, int flags) 3630 { 3631 uma_cache_bucket_t bucket; 3632 int domain; 3633 3634 while (cache_alloc(zone, cache, udata, flags)) { 3635 cache = &zone->uz_cpu[curcpu]; 3636 bucket = &cache->uc_allocbucket; 3637 if (__predict_false(bucket->ucb_cnt == 0)) 3638 continue; 3639 return (cache_alloc_item(zone, cache, bucket, udata, flags)); 3640 } 3641 critical_exit(); 3642 3643 /* 3644 * We can not get a bucket so try to return a single item. 3645 */ 3646 if (zone->uz_flags & UMA_ZONE_FIRSTTOUCH) 3647 domain = PCPU_GET(domain); 3648 else 3649 domain = UMA_ANYDOMAIN; 3650 return (zone_alloc_item(zone, udata, domain, flags)); 3651 } 3652 3653 /* See uma.h */ 3654 void * 3655 uma_zalloc_smr(uma_zone_t zone, int flags) 3656 { 3657 uma_cache_bucket_t bucket; 3658 uma_cache_t cache; 3659 3660 CTR3(KTR_UMA, "uma_zalloc_smr zone %s(%p) flags %d", zone->uz_name, 3661 zone, flags); 3662 3663 #ifdef UMA_ZALLOC_DEBUG 3664 void *item; 3665 3666 KASSERT((zone->uz_flags & UMA_ZONE_SMR) != 0, 3667 ("uma_zalloc_arg: called with non-SMR zone.")); 3668 if (uma_zalloc_debug(zone, &item, NULL, flags) == EJUSTRETURN) 3669 return (item); 3670 #endif 3671 3672 critical_enter(); 3673 cache = &zone->uz_cpu[curcpu]; 3674 bucket = &cache->uc_allocbucket; 3675 if (__predict_false(bucket->ucb_cnt == 0)) 3676 return (cache_alloc_retry(zone, cache, NULL, flags)); 3677 return (cache_alloc_item(zone, cache, bucket, NULL, flags)); 3678 } 3679 3680 /* See uma.h */ 3681 void * 3682 uma_zalloc_arg(uma_zone_t zone, void *udata, int flags) 3683 { 3684 uma_cache_bucket_t bucket; 3685 uma_cache_t cache; 3686 3687 /* Enable entropy collection for RANDOM_ENABLE_UMA kernel option */ 3688 random_harvest_fast_uma(&zone, sizeof(zone), RANDOM_UMA); 3689 3690 /* This is the fast path allocation */ 3691 CTR3(KTR_UMA, "uma_zalloc_arg zone %s(%p) flags %d", zone->uz_name, 3692 zone, flags); 3693 3694 #ifdef UMA_ZALLOC_DEBUG 3695 void *item; 3696 3697 KASSERT((zone->uz_flags & UMA_ZONE_SMR) == 0, 3698 ("uma_zalloc_arg: called with SMR zone.")); 3699 if (uma_zalloc_debug(zone, &item, udata, flags) == EJUSTRETURN) 3700 return (item); 3701 #endif 3702 3703 /* 3704 * If possible, allocate from the per-CPU cache. There are two 3705 * requirements for safe access to the per-CPU cache: (1) the thread 3706 * accessing the cache must not be preempted or yield during access, 3707 * and (2) the thread must not migrate CPUs without switching which 3708 * cache it accesses. We rely on a critical section to prevent 3709 * preemption and migration. We release the critical section in 3710 * order to acquire the zone mutex if we are unable to allocate from 3711 * the current cache; when we re-acquire the critical section, we 3712 * must detect and handle migration if it has occurred. 3713 */ 3714 critical_enter(); 3715 cache = &zone->uz_cpu[curcpu]; 3716 bucket = &cache->uc_allocbucket; 3717 if (__predict_false(bucket->ucb_cnt == 0)) 3718 return (cache_alloc_retry(zone, cache, udata, flags)); 3719 return (cache_alloc_item(zone, cache, bucket, udata, flags)); 3720 } 3721 3722 /* 3723 * Replenish an alloc bucket and possibly restore an old one. Called in 3724 * a critical section. Returns in a critical section. 3725 * 3726 * A false return value indicates an allocation failure. 3727 * A true return value indicates success and the caller should retry. 3728 */ 3729 static __noinline bool 3730 cache_alloc(uma_zone_t zone, uma_cache_t cache, void *udata, int flags) 3731 { 3732 uma_bucket_t bucket; 3733 int curdomain, domain; 3734 bool new; 3735 3736 CRITICAL_ASSERT(curthread); 3737 3738 /* 3739 * If we have run out of items in our alloc bucket see 3740 * if we can switch with the free bucket. 3741 * 3742 * SMR Zones can't re-use the free bucket until the sequence has 3743 * expired. 3744 */ 3745 if ((cache_uz_flags(cache) & UMA_ZONE_SMR) == 0 && 3746 cache->uc_freebucket.ucb_cnt != 0) { 3747 cache_bucket_swap(&cache->uc_freebucket, 3748 &cache->uc_allocbucket); 3749 return (true); 3750 } 3751 3752 /* 3753 * Discard any empty allocation bucket while we hold no locks. 3754 */ 3755 bucket = cache_bucket_unload_alloc(cache); 3756 critical_exit(); 3757 3758 if (bucket != NULL) { 3759 KASSERT(bucket->ub_cnt == 0, 3760 ("cache_alloc: Entered with non-empty alloc bucket.")); 3761 bucket_free(zone, bucket, udata); 3762 } 3763 3764 /* 3765 * Attempt to retrieve the item from the per-CPU cache has failed, so 3766 * we must go back to the zone. This requires the zdom lock, so we 3767 * must drop the critical section, then re-acquire it when we go back 3768 * to the cache. Since the critical section is released, we may be 3769 * preempted or migrate. As such, make sure not to maintain any 3770 * thread-local state specific to the cache from prior to releasing 3771 * the critical section. 3772 */ 3773 domain = PCPU_GET(domain); 3774 if ((cache_uz_flags(cache) & UMA_ZONE_ROUNDROBIN) != 0 || 3775 VM_DOMAIN_EMPTY(domain)) 3776 domain = zone_domain_highest(zone, domain); 3777 bucket = cache_fetch_bucket(zone, cache, domain); 3778 if (bucket == NULL && zone->uz_bucket_size != 0 && !bucketdisable) { 3779 bucket = zone_alloc_bucket(zone, udata, domain, flags); 3780 new = true; 3781 } else { 3782 new = false; 3783 } 3784 3785 CTR3(KTR_UMA, "uma_zalloc: zone %s(%p) bucket zone returned %p", 3786 zone->uz_name, zone, bucket); 3787 if (bucket == NULL) { 3788 critical_enter(); 3789 return (false); 3790 } 3791 3792 /* 3793 * See if we lost the race or were migrated. Cache the 3794 * initialized bucket to make this less likely or claim 3795 * the memory directly. 3796 */ 3797 critical_enter(); 3798 cache = &zone->uz_cpu[curcpu]; 3799 if (cache->uc_allocbucket.ucb_bucket == NULL && 3800 ((cache_uz_flags(cache) & UMA_ZONE_FIRSTTOUCH) == 0 || 3801 (curdomain = PCPU_GET(domain)) == domain || 3802 VM_DOMAIN_EMPTY(curdomain))) { 3803 if (new) 3804 atomic_add_long(&ZDOM_GET(zone, domain)->uzd_imax, 3805 bucket->ub_cnt); 3806 cache_bucket_load_alloc(cache, bucket); 3807 return (true); 3808 } 3809 3810 /* 3811 * We lost the race, release this bucket and start over. 3812 */ 3813 critical_exit(); 3814 zone_put_bucket(zone, domain, bucket, udata, !new); 3815 critical_enter(); 3816 3817 return (true); 3818 } 3819 3820 void * 3821 uma_zalloc_domain(uma_zone_t zone, void *udata, int domain, int flags) 3822 { 3823 #ifdef NUMA 3824 uma_bucket_t bucket; 3825 uma_zone_domain_t zdom; 3826 void *item; 3827 #endif 3828 3829 /* Enable entropy collection for RANDOM_ENABLE_UMA kernel option */ 3830 random_harvest_fast_uma(&zone, sizeof(zone), RANDOM_UMA); 3831 3832 /* This is the fast path allocation */ 3833 CTR4(KTR_UMA, "uma_zalloc_domain zone %s(%p) domain %d flags %d", 3834 zone->uz_name, zone, domain, flags); 3835 3836 KASSERT((zone->uz_flags & UMA_ZONE_SMR) == 0, 3837 ("uma_zalloc_domain: called with SMR zone.")); 3838 #ifdef NUMA 3839 KASSERT((zone->uz_flags & UMA_ZONE_FIRSTTOUCH) != 0, 3840 ("uma_zalloc_domain: called with non-FIRSTTOUCH zone.")); 3841 3842 if (vm_ndomains == 1) 3843 return (uma_zalloc_arg(zone, udata, flags)); 3844 3845 #ifdef UMA_ZALLOC_DEBUG 3846 if (uma_zalloc_debug(zone, &item, udata, flags) == EJUSTRETURN) 3847 return (item); 3848 #endif 3849 3850 /* 3851 * Try to allocate from the bucket cache before falling back to the keg. 3852 * We could try harder and attempt to allocate from per-CPU caches or 3853 * the per-domain cross-domain buckets, but the complexity is probably 3854 * not worth it. It is more important that frees of previous 3855 * cross-domain allocations do not blow up the cache. 3856 */ 3857 zdom = zone_domain_lock(zone, domain); 3858 if ((bucket = zone_fetch_bucket(zone, zdom, false)) != NULL) { 3859 item = bucket->ub_bucket[bucket->ub_cnt - 1]; 3860 #ifdef INVARIANTS 3861 bucket->ub_bucket[bucket->ub_cnt - 1] = NULL; 3862 #endif 3863 bucket->ub_cnt--; 3864 zone_put_bucket(zone, domain, bucket, udata, true); 3865 item = item_ctor(zone, zone->uz_flags, zone->uz_size, udata, 3866 flags, item); 3867 if (item != NULL) { 3868 KASSERT(item_domain(item) == domain, 3869 ("%s: bucket cache item %p from wrong domain", 3870 __func__, item)); 3871 counter_u64_add(zone->uz_allocs, 1); 3872 } 3873 return (item); 3874 } 3875 ZDOM_UNLOCK(zdom); 3876 return (zone_alloc_item(zone, udata, domain, flags)); 3877 #else 3878 return (uma_zalloc_arg(zone, udata, flags)); 3879 #endif 3880 } 3881 3882 /* 3883 * Find a slab with some space. Prefer slabs that are partially used over those 3884 * that are totally full. This helps to reduce fragmentation. 3885 * 3886 * If 'rr' is 1, search all domains starting from 'domain'. Otherwise check 3887 * only 'domain'. 3888 */ 3889 static uma_slab_t 3890 keg_first_slab(uma_keg_t keg, int domain, bool rr) 3891 { 3892 uma_domain_t dom; 3893 uma_slab_t slab; 3894 int start; 3895 3896 KASSERT(domain >= 0 && domain < vm_ndomains, 3897 ("keg_first_slab: domain %d out of range", domain)); 3898 KEG_LOCK_ASSERT(keg, domain); 3899 3900 slab = NULL; 3901 start = domain; 3902 do { 3903 dom = &keg->uk_domain[domain]; 3904 if ((slab = LIST_FIRST(&dom->ud_part_slab)) != NULL) 3905 return (slab); 3906 if ((slab = LIST_FIRST(&dom->ud_free_slab)) != NULL) { 3907 LIST_REMOVE(slab, us_link); 3908 dom->ud_free_slabs--; 3909 LIST_INSERT_HEAD(&dom->ud_part_slab, slab, us_link); 3910 return (slab); 3911 } 3912 if (rr) 3913 domain = (domain + 1) % vm_ndomains; 3914 } while (domain != start); 3915 3916 return (NULL); 3917 } 3918 3919 /* 3920 * Fetch an existing slab from a free or partial list. Returns with the 3921 * keg domain lock held if a slab was found or unlocked if not. 3922 */ 3923 static uma_slab_t 3924 keg_fetch_free_slab(uma_keg_t keg, int domain, bool rr, int flags) 3925 { 3926 uma_slab_t slab; 3927 uint32_t reserve; 3928 3929 /* HASH has a single free list. */ 3930 if ((keg->uk_flags & UMA_ZFLAG_HASH) != 0) 3931 domain = 0; 3932 3933 KEG_LOCK(keg, domain); 3934 reserve = (flags & M_USE_RESERVE) != 0 ? 0 : keg->uk_reserve; 3935 if (keg->uk_domain[domain].ud_free_items <= reserve || 3936 (slab = keg_first_slab(keg, domain, rr)) == NULL) { 3937 KEG_UNLOCK(keg, domain); 3938 return (NULL); 3939 } 3940 return (slab); 3941 } 3942 3943 static uma_slab_t 3944 keg_fetch_slab(uma_keg_t keg, uma_zone_t zone, int rdomain, const int flags) 3945 { 3946 struct vm_domainset_iter di; 3947 uma_slab_t slab; 3948 int aflags, domain; 3949 bool rr; 3950 3951 KASSERT((flags & (M_WAITOK | M_NOVM)) != (M_WAITOK | M_NOVM), 3952 ("%s: invalid flags %#x", __func__, flags)); 3953 3954 restart: 3955 /* 3956 * Use the keg's policy if upper layers haven't already specified a 3957 * domain (as happens with first-touch zones). 3958 * 3959 * To avoid races we run the iterator with the keg lock held, but that 3960 * means that we cannot allow the vm_domainset layer to sleep. Thus, 3961 * clear M_WAITOK and handle low memory conditions locally. 3962 */ 3963 rr = rdomain == UMA_ANYDOMAIN; 3964 if (rr) { 3965 aflags = (flags & ~M_WAITOK) | M_NOWAIT; 3966 vm_domainset_iter_policy_ref_init(&di, &keg->uk_dr, &domain, 3967 &aflags); 3968 } else { 3969 aflags = flags; 3970 domain = rdomain; 3971 } 3972 3973 for (;;) { 3974 slab = keg_fetch_free_slab(keg, domain, rr, flags); 3975 if (slab != NULL) 3976 return (slab); 3977 3978 /* 3979 * M_NOVM is used to break the recursion that can otherwise 3980 * occur if low-level memory management routines use UMA. 3981 */ 3982 if ((flags & M_NOVM) == 0) { 3983 slab = keg_alloc_slab(keg, zone, domain, flags, aflags); 3984 if (slab != NULL) 3985 return (slab); 3986 } 3987 3988 if (!rr) { 3989 if ((flags & M_USE_RESERVE) != 0) { 3990 /* 3991 * Drain reserves from other domains before 3992 * giving up or sleeping. It may be useful to 3993 * support per-domain reserves eventually. 3994 */ 3995 rdomain = UMA_ANYDOMAIN; 3996 goto restart; 3997 } 3998 if ((flags & M_WAITOK) == 0) 3999 break; 4000 vm_wait_domain(domain); 4001 } else if (vm_domainset_iter_policy(&di, &domain) != 0) { 4002 if ((flags & M_WAITOK) != 0) { 4003 vm_wait_doms(&keg->uk_dr.dr_policy->ds_mask, 0); 4004 goto restart; 4005 } 4006 break; 4007 } 4008 } 4009 4010 /* 4011 * We might not have been able to get a slab but another cpu 4012 * could have while we were unlocked. Check again before we 4013 * fail. 4014 */ 4015 if ((slab = keg_fetch_free_slab(keg, domain, rr, flags)) != NULL) 4016 return (slab); 4017 4018 return (NULL); 4019 } 4020 4021 static void * 4022 slab_alloc_item(uma_keg_t keg, uma_slab_t slab) 4023 { 4024 uma_domain_t dom; 4025 void *item; 4026 int freei; 4027 4028 KEG_LOCK_ASSERT(keg, slab->us_domain); 4029 4030 dom = &keg->uk_domain[slab->us_domain]; 4031 freei = BIT_FFS(keg->uk_ipers, &slab->us_free) - 1; 4032 BIT_CLR(keg->uk_ipers, freei, &slab->us_free); 4033 item = slab_item(slab, keg, freei); 4034 slab->us_freecount--; 4035 dom->ud_free_items--; 4036 4037 /* 4038 * Move this slab to the full list. It must be on the partial list, so 4039 * we do not need to update the free slab count. In particular, 4040 * keg_fetch_slab() always returns slabs on the partial list. 4041 */ 4042 if (slab->us_freecount == 0) { 4043 LIST_REMOVE(slab, us_link); 4044 LIST_INSERT_HEAD(&dom->ud_full_slab, slab, us_link); 4045 } 4046 4047 return (item); 4048 } 4049 4050 static int 4051 zone_import(void *arg, void **bucket, int max, int domain, int flags) 4052 { 4053 uma_domain_t dom; 4054 uma_zone_t zone; 4055 uma_slab_t slab; 4056 uma_keg_t keg; 4057 #ifdef NUMA 4058 int stripe; 4059 #endif 4060 int i; 4061 4062 zone = arg; 4063 slab = NULL; 4064 keg = zone->uz_keg; 4065 /* Try to keep the buckets totally full */ 4066 for (i = 0; i < max; ) { 4067 if ((slab = keg_fetch_slab(keg, zone, domain, flags)) == NULL) 4068 break; 4069 #ifdef NUMA 4070 stripe = howmany(max, vm_ndomains); 4071 #endif 4072 dom = &keg->uk_domain[slab->us_domain]; 4073 do { 4074 bucket[i++] = slab_alloc_item(keg, slab); 4075 if (keg->uk_reserve > 0 && 4076 dom->ud_free_items <= keg->uk_reserve) { 4077 /* 4078 * Avoid depleting the reserve after a 4079 * successful item allocation, even if 4080 * M_USE_RESERVE is specified. 4081 */ 4082 KEG_UNLOCK(keg, slab->us_domain); 4083 goto out; 4084 } 4085 #ifdef NUMA 4086 /* 4087 * If the zone is striped we pick a new slab for every 4088 * N allocations. Eliminating this conditional will 4089 * instead pick a new domain for each bucket rather 4090 * than stripe within each bucket. The current option 4091 * produces more fragmentation and requires more cpu 4092 * time but yields better distribution. 4093 */ 4094 if ((zone->uz_flags & UMA_ZONE_ROUNDROBIN) != 0 && 4095 vm_ndomains > 1 && --stripe == 0) 4096 break; 4097 #endif 4098 } while (slab->us_freecount != 0 && i < max); 4099 KEG_UNLOCK(keg, slab->us_domain); 4100 4101 /* Don't block if we allocated any successfully. */ 4102 flags &= ~M_WAITOK; 4103 flags |= M_NOWAIT; 4104 } 4105 out: 4106 return i; 4107 } 4108 4109 static int 4110 zone_alloc_limit_hard(uma_zone_t zone, int count, int flags) 4111 { 4112 uint64_t old, new, total, max; 4113 4114 /* 4115 * The hard case. We're going to sleep because there were existing 4116 * sleepers or because we ran out of items. This routine enforces 4117 * fairness by keeping fifo order. 4118 * 4119 * First release our ill gotten gains and make some noise. 4120 */ 4121 for (;;) { 4122 zone_free_limit(zone, count); 4123 zone_log_warning(zone); 4124 zone_maxaction(zone); 4125 if (flags & M_NOWAIT) 4126 return (0); 4127 4128 /* 4129 * We need to allocate an item or set ourself as a sleeper 4130 * while the sleepq lock is held to avoid wakeup races. This 4131 * is essentially a home rolled semaphore. 4132 */ 4133 sleepq_lock(&zone->uz_max_items); 4134 old = zone->uz_items; 4135 do { 4136 MPASS(UZ_ITEMS_SLEEPERS(old) < UZ_ITEMS_SLEEPERS_MAX); 4137 /* Cache the max since we will evaluate twice. */ 4138 max = zone->uz_max_items; 4139 if (UZ_ITEMS_SLEEPERS(old) != 0 || 4140 UZ_ITEMS_COUNT(old) >= max) 4141 new = old + UZ_ITEMS_SLEEPER; 4142 else 4143 new = old + MIN(count, max - old); 4144 } while (atomic_fcmpset_64(&zone->uz_items, &old, new) == 0); 4145 4146 /* We may have successfully allocated under the sleepq lock. */ 4147 if (UZ_ITEMS_SLEEPERS(new) == 0) { 4148 sleepq_release(&zone->uz_max_items); 4149 return (new - old); 4150 } 4151 4152 /* 4153 * This is in a different cacheline from uz_items so that we 4154 * don't constantly invalidate the fastpath cacheline when we 4155 * adjust item counts. This could be limited to toggling on 4156 * transitions. 4157 */ 4158 atomic_add_32(&zone->uz_sleepers, 1); 4159 atomic_add_64(&zone->uz_sleeps, 1); 4160 4161 /* 4162 * We have added ourselves as a sleeper. The sleepq lock 4163 * protects us from wakeup races. Sleep now and then retry. 4164 */ 4165 sleepq_add(&zone->uz_max_items, NULL, "zonelimit", 0, 0); 4166 sleepq_wait(&zone->uz_max_items, PVM); 4167 4168 /* 4169 * After wakeup, remove ourselves as a sleeper and try 4170 * again. We no longer have the sleepq lock for protection. 4171 * 4172 * Subract ourselves as a sleeper while attempting to add 4173 * our count. 4174 */ 4175 atomic_subtract_32(&zone->uz_sleepers, 1); 4176 old = atomic_fetchadd_64(&zone->uz_items, 4177 -(UZ_ITEMS_SLEEPER - count)); 4178 /* We're no longer a sleeper. */ 4179 old -= UZ_ITEMS_SLEEPER; 4180 4181 /* 4182 * If we're still at the limit, restart. Notably do not 4183 * block on other sleepers. Cache the max value to protect 4184 * against changes via sysctl. 4185 */ 4186 total = UZ_ITEMS_COUNT(old); 4187 max = zone->uz_max_items; 4188 if (total >= max) 4189 continue; 4190 /* Truncate if necessary, otherwise wake other sleepers. */ 4191 if (total + count > max) { 4192 zone_free_limit(zone, total + count - max); 4193 count = max - total; 4194 } else if (total + count < max && UZ_ITEMS_SLEEPERS(old) != 0) 4195 wakeup_one(&zone->uz_max_items); 4196 4197 return (count); 4198 } 4199 } 4200 4201 /* 4202 * Allocate 'count' items from our max_items limit. Returns the number 4203 * available. If M_NOWAIT is not specified it will sleep until at least 4204 * one item can be allocated. 4205 */ 4206 static int 4207 zone_alloc_limit(uma_zone_t zone, int count, int flags) 4208 { 4209 uint64_t old; 4210 uint64_t max; 4211 4212 max = zone->uz_max_items; 4213 MPASS(max > 0); 4214 4215 /* 4216 * We expect normal allocations to succeed with a simple 4217 * fetchadd. 4218 */ 4219 old = atomic_fetchadd_64(&zone->uz_items, count); 4220 if (__predict_true(old + count <= max)) 4221 return (count); 4222 4223 /* 4224 * If we had some items and no sleepers just return the 4225 * truncated value. We have to release the excess space 4226 * though because that may wake sleepers who weren't woken 4227 * because we were temporarily over the limit. 4228 */ 4229 if (old < max) { 4230 zone_free_limit(zone, (old + count) - max); 4231 return (max - old); 4232 } 4233 return (zone_alloc_limit_hard(zone, count, flags)); 4234 } 4235 4236 /* 4237 * Free a number of items back to the limit. 4238 */ 4239 static void 4240 zone_free_limit(uma_zone_t zone, int count) 4241 { 4242 uint64_t old; 4243 4244 MPASS(count > 0); 4245 4246 /* 4247 * In the common case we either have no sleepers or 4248 * are still over the limit and can just return. 4249 */ 4250 old = atomic_fetchadd_64(&zone->uz_items, -count); 4251 if (__predict_true(UZ_ITEMS_SLEEPERS(old) == 0 || 4252 UZ_ITEMS_COUNT(old) - count >= zone->uz_max_items)) 4253 return; 4254 4255 /* 4256 * Moderate the rate of wakeups. Sleepers will continue 4257 * to generate wakeups if necessary. 4258 */ 4259 wakeup_one(&zone->uz_max_items); 4260 } 4261 4262 static uma_bucket_t 4263 zone_alloc_bucket(uma_zone_t zone, void *udata, int domain, int flags) 4264 { 4265 uma_bucket_t bucket; 4266 int error, maxbucket, cnt; 4267 4268 CTR3(KTR_UMA, "zone_alloc_bucket zone %s(%p) domain %d", zone->uz_name, 4269 zone, domain); 4270 4271 /* Avoid allocs targeting empty domains. */ 4272 if (domain != UMA_ANYDOMAIN && VM_DOMAIN_EMPTY(domain)) 4273 domain = UMA_ANYDOMAIN; 4274 else if ((zone->uz_flags & UMA_ZONE_ROUNDROBIN) != 0) 4275 domain = UMA_ANYDOMAIN; 4276 4277 if (zone->uz_max_items > 0) 4278 maxbucket = zone_alloc_limit(zone, zone->uz_bucket_size, 4279 M_NOWAIT); 4280 else 4281 maxbucket = zone->uz_bucket_size; 4282 if (maxbucket == 0) 4283 return (NULL); 4284 4285 /* Don't wait for buckets, preserve caller's NOVM setting. */ 4286 bucket = bucket_alloc(zone, udata, M_NOWAIT | (flags & M_NOVM)); 4287 if (bucket == NULL) { 4288 cnt = 0; 4289 goto out; 4290 } 4291 4292 bucket->ub_cnt = zone->uz_import(zone->uz_arg, bucket->ub_bucket, 4293 MIN(maxbucket, bucket->ub_entries), domain, flags); 4294 4295 /* 4296 * Initialize the memory if necessary. 4297 */ 4298 if (bucket->ub_cnt != 0 && zone->uz_init != NULL) { 4299 int i; 4300 4301 for (i = 0; i < bucket->ub_cnt; i++) { 4302 kasan_mark_item_valid(zone, bucket->ub_bucket[i]); 4303 error = zone->uz_init(bucket->ub_bucket[i], 4304 zone->uz_size, flags); 4305 kasan_mark_item_invalid(zone, bucket->ub_bucket[i]); 4306 if (error != 0) 4307 break; 4308 } 4309 4310 /* 4311 * If we couldn't initialize the whole bucket, put the 4312 * rest back onto the freelist. 4313 */ 4314 if (i != bucket->ub_cnt) { 4315 zone->uz_release(zone->uz_arg, &bucket->ub_bucket[i], 4316 bucket->ub_cnt - i); 4317 #ifdef INVARIANTS 4318 bzero(&bucket->ub_bucket[i], 4319 sizeof(void *) * (bucket->ub_cnt - i)); 4320 #endif 4321 bucket->ub_cnt = i; 4322 } 4323 } 4324 4325 cnt = bucket->ub_cnt; 4326 if (bucket->ub_cnt == 0) { 4327 bucket_free(zone, bucket, udata); 4328 counter_u64_add(zone->uz_fails, 1); 4329 bucket = NULL; 4330 } 4331 out: 4332 if (zone->uz_max_items > 0 && cnt < maxbucket) 4333 zone_free_limit(zone, maxbucket - cnt); 4334 4335 return (bucket); 4336 } 4337 4338 /* 4339 * Allocates a single item from a zone. 4340 * 4341 * Arguments 4342 * zone The zone to alloc for. 4343 * udata The data to be passed to the constructor. 4344 * domain The domain to allocate from or UMA_ANYDOMAIN. 4345 * flags M_WAITOK, M_NOWAIT, M_ZERO. 4346 * 4347 * Returns 4348 * NULL if there is no memory and M_NOWAIT is set 4349 * An item if successful 4350 */ 4351 4352 static void * 4353 zone_alloc_item(uma_zone_t zone, void *udata, int domain, int flags) 4354 { 4355 void *item; 4356 4357 if (zone->uz_max_items > 0 && zone_alloc_limit(zone, 1, flags) == 0) { 4358 counter_u64_add(zone->uz_fails, 1); 4359 return (NULL); 4360 } 4361 4362 /* Avoid allocs targeting empty domains. */ 4363 if (domain != UMA_ANYDOMAIN && VM_DOMAIN_EMPTY(domain)) 4364 domain = UMA_ANYDOMAIN; 4365 4366 if (zone->uz_import(zone->uz_arg, &item, 1, domain, flags) != 1) 4367 goto fail_cnt; 4368 4369 /* 4370 * We have to call both the zone's init (not the keg's init) 4371 * and the zone's ctor. This is because the item is going from 4372 * a keg slab directly to the user, and the user is expecting it 4373 * to be both zone-init'd as well as zone-ctor'd. 4374 */ 4375 if (zone->uz_init != NULL) { 4376 int error; 4377 4378 kasan_mark_item_valid(zone, item); 4379 error = zone->uz_init(item, zone->uz_size, flags); 4380 kasan_mark_item_invalid(zone, item); 4381 if (error != 0) { 4382 zone_free_item(zone, item, udata, SKIP_FINI | SKIP_CNT); 4383 goto fail_cnt; 4384 } 4385 } 4386 item = item_ctor(zone, zone->uz_flags, zone->uz_size, udata, flags, 4387 item); 4388 if (item == NULL) 4389 goto fail; 4390 4391 counter_u64_add(zone->uz_allocs, 1); 4392 CTR3(KTR_UMA, "zone_alloc_item item %p from %s(%p)", item, 4393 zone->uz_name, zone); 4394 4395 return (item); 4396 4397 fail_cnt: 4398 counter_u64_add(zone->uz_fails, 1); 4399 fail: 4400 if (zone->uz_max_items > 0) 4401 zone_free_limit(zone, 1); 4402 CTR2(KTR_UMA, "zone_alloc_item failed from %s(%p)", 4403 zone->uz_name, zone); 4404 4405 return (NULL); 4406 } 4407 4408 /* See uma.h */ 4409 void 4410 uma_zfree_smr(uma_zone_t zone, void *item) 4411 { 4412 uma_cache_t cache; 4413 uma_cache_bucket_t bucket; 4414 int itemdomain; 4415 #ifdef NUMA 4416 int uz_flags; 4417 #endif 4418 4419 CTR3(KTR_UMA, "uma_zfree_smr zone %s(%p) item %p", 4420 zone->uz_name, zone, item); 4421 4422 #ifdef UMA_ZALLOC_DEBUG 4423 KASSERT((zone->uz_flags & UMA_ZONE_SMR) != 0, 4424 ("uma_zfree_smr: called with non-SMR zone.")); 4425 KASSERT(item != NULL, ("uma_zfree_smr: Called with NULL pointer.")); 4426 SMR_ASSERT_NOT_ENTERED(zone->uz_smr); 4427 if (uma_zfree_debug(zone, item, NULL) == EJUSTRETURN) 4428 return; 4429 #endif 4430 cache = &zone->uz_cpu[curcpu]; 4431 itemdomain = 0; 4432 #ifdef NUMA 4433 uz_flags = cache_uz_flags(cache); 4434 if ((uz_flags & UMA_ZONE_FIRSTTOUCH) != 0) 4435 itemdomain = item_domain(item); 4436 #endif 4437 critical_enter(); 4438 do { 4439 cache = &zone->uz_cpu[curcpu]; 4440 /* SMR Zones must free to the free bucket. */ 4441 bucket = &cache->uc_freebucket; 4442 #ifdef NUMA 4443 if ((uz_flags & UMA_ZONE_FIRSTTOUCH) != 0 && 4444 PCPU_GET(domain) != itemdomain) { 4445 bucket = &cache->uc_crossbucket; 4446 } 4447 #endif 4448 if (__predict_true(bucket->ucb_cnt < bucket->ucb_entries)) { 4449 cache_bucket_push(cache, bucket, item); 4450 critical_exit(); 4451 return; 4452 } 4453 } while (cache_free(zone, cache, NULL, itemdomain)); 4454 critical_exit(); 4455 4456 /* 4457 * If nothing else caught this, we'll just do an internal free. 4458 */ 4459 zone_free_item(zone, item, NULL, SKIP_NONE); 4460 } 4461 4462 /* See uma.h */ 4463 void 4464 uma_zfree_arg(uma_zone_t zone, void *item, void *udata) 4465 { 4466 uma_cache_t cache; 4467 uma_cache_bucket_t bucket; 4468 int itemdomain, uz_flags; 4469 4470 /* Enable entropy collection for RANDOM_ENABLE_UMA kernel option */ 4471 random_harvest_fast_uma(&zone, sizeof(zone), RANDOM_UMA); 4472 4473 CTR3(KTR_UMA, "uma_zfree_arg zone %s(%p) item %p", 4474 zone->uz_name, zone, item); 4475 4476 #ifdef UMA_ZALLOC_DEBUG 4477 KASSERT((zone->uz_flags & UMA_ZONE_SMR) == 0, 4478 ("uma_zfree_arg: called with SMR zone.")); 4479 if (uma_zfree_debug(zone, item, udata) == EJUSTRETURN) 4480 return; 4481 #endif 4482 /* uma_zfree(..., NULL) does nothing, to match free(9). */ 4483 if (item == NULL) 4484 return; 4485 4486 /* 4487 * We are accessing the per-cpu cache without a critical section to 4488 * fetch size and flags. This is acceptable, if we are preempted we 4489 * will simply read another cpu's line. 4490 */ 4491 cache = &zone->uz_cpu[curcpu]; 4492 uz_flags = cache_uz_flags(cache); 4493 if (UMA_ALWAYS_CTORDTOR || 4494 __predict_false((uz_flags & UMA_ZFLAG_CTORDTOR) != 0)) 4495 item_dtor(zone, item, cache_uz_size(cache), udata, SKIP_NONE); 4496 4497 /* 4498 * The race here is acceptable. If we miss it we'll just have to wait 4499 * a little longer for the limits to be reset. 4500 */ 4501 if (__predict_false(uz_flags & UMA_ZFLAG_LIMIT)) { 4502 if (atomic_load_32(&zone->uz_sleepers) > 0) 4503 goto zfree_item; 4504 } 4505 4506 /* 4507 * If possible, free to the per-CPU cache. There are two 4508 * requirements for safe access to the per-CPU cache: (1) the thread 4509 * accessing the cache must not be preempted or yield during access, 4510 * and (2) the thread must not migrate CPUs without switching which 4511 * cache it accesses. We rely on a critical section to prevent 4512 * preemption and migration. We release the critical section in 4513 * order to acquire the zone mutex if we are unable to free to the 4514 * current cache; when we re-acquire the critical section, we must 4515 * detect and handle migration if it has occurred. 4516 */ 4517 itemdomain = 0; 4518 #ifdef NUMA 4519 if ((uz_flags & UMA_ZONE_FIRSTTOUCH) != 0) 4520 itemdomain = item_domain(item); 4521 #endif 4522 critical_enter(); 4523 do { 4524 cache = &zone->uz_cpu[curcpu]; 4525 /* 4526 * Try to free into the allocbucket first to give LIFO 4527 * ordering for cache-hot datastructures. Spill over 4528 * into the freebucket if necessary. Alloc will swap 4529 * them if one runs dry. 4530 */ 4531 bucket = &cache->uc_allocbucket; 4532 #ifdef NUMA 4533 if ((uz_flags & UMA_ZONE_FIRSTTOUCH) != 0 && 4534 PCPU_GET(domain) != itemdomain) { 4535 bucket = &cache->uc_crossbucket; 4536 } else 4537 #endif 4538 if (bucket->ucb_cnt == bucket->ucb_entries && 4539 cache->uc_freebucket.ucb_cnt < 4540 cache->uc_freebucket.ucb_entries) 4541 cache_bucket_swap(&cache->uc_freebucket, 4542 &cache->uc_allocbucket); 4543 if (__predict_true(bucket->ucb_cnt < bucket->ucb_entries)) { 4544 cache_bucket_push(cache, bucket, item); 4545 critical_exit(); 4546 return; 4547 } 4548 } while (cache_free(zone, cache, udata, itemdomain)); 4549 critical_exit(); 4550 4551 /* 4552 * If nothing else caught this, we'll just do an internal free. 4553 */ 4554 zfree_item: 4555 zone_free_item(zone, item, udata, SKIP_DTOR); 4556 } 4557 4558 #ifdef NUMA 4559 /* 4560 * sort crossdomain free buckets to domain correct buckets and cache 4561 * them. 4562 */ 4563 static void 4564 zone_free_cross(uma_zone_t zone, uma_bucket_t bucket, void *udata) 4565 { 4566 struct uma_bucketlist emptybuckets, fullbuckets; 4567 uma_zone_domain_t zdom; 4568 uma_bucket_t b; 4569 smr_seq_t seq; 4570 void *item; 4571 int domain; 4572 4573 CTR3(KTR_UMA, 4574 "uma_zfree: zone %s(%p) draining cross bucket %p", 4575 zone->uz_name, zone, bucket); 4576 4577 /* 4578 * It is possible for buckets to arrive here out of order so we fetch 4579 * the current smr seq rather than accepting the bucket's. 4580 */ 4581 seq = SMR_SEQ_INVALID; 4582 if ((zone->uz_flags & UMA_ZONE_SMR) != 0) 4583 seq = smr_advance(zone->uz_smr); 4584 4585 /* 4586 * To avoid having ndomain * ndomain buckets for sorting we have a 4587 * lock on the current crossfree bucket. A full matrix with 4588 * per-domain locking could be used if necessary. 4589 */ 4590 STAILQ_INIT(&emptybuckets); 4591 STAILQ_INIT(&fullbuckets); 4592 ZONE_CROSS_LOCK(zone); 4593 for (; bucket->ub_cnt > 0; bucket->ub_cnt--) { 4594 item = bucket->ub_bucket[bucket->ub_cnt - 1]; 4595 domain = item_domain(item); 4596 zdom = ZDOM_GET(zone, domain); 4597 if (zdom->uzd_cross == NULL) { 4598 if ((b = STAILQ_FIRST(&emptybuckets)) != NULL) { 4599 STAILQ_REMOVE_HEAD(&emptybuckets, ub_link); 4600 zdom->uzd_cross = b; 4601 } else { 4602 /* 4603 * Avoid allocating a bucket with the cross lock 4604 * held, since allocation can trigger a 4605 * cross-domain free and bucket zones may 4606 * allocate from each other. 4607 */ 4608 ZONE_CROSS_UNLOCK(zone); 4609 b = bucket_alloc(zone, udata, M_NOWAIT); 4610 if (b == NULL) 4611 goto out; 4612 ZONE_CROSS_LOCK(zone); 4613 if (zdom->uzd_cross != NULL) { 4614 STAILQ_INSERT_HEAD(&emptybuckets, b, 4615 ub_link); 4616 } else { 4617 zdom->uzd_cross = b; 4618 } 4619 } 4620 } 4621 b = zdom->uzd_cross; 4622 b->ub_bucket[b->ub_cnt++] = item; 4623 b->ub_seq = seq; 4624 if (b->ub_cnt == b->ub_entries) { 4625 STAILQ_INSERT_HEAD(&fullbuckets, b, ub_link); 4626 if ((b = STAILQ_FIRST(&emptybuckets)) != NULL) 4627 STAILQ_REMOVE_HEAD(&emptybuckets, ub_link); 4628 zdom->uzd_cross = b; 4629 } 4630 } 4631 ZONE_CROSS_UNLOCK(zone); 4632 out: 4633 if (bucket->ub_cnt == 0) 4634 bucket->ub_seq = SMR_SEQ_INVALID; 4635 bucket_free(zone, bucket, udata); 4636 4637 while ((b = STAILQ_FIRST(&emptybuckets)) != NULL) { 4638 STAILQ_REMOVE_HEAD(&emptybuckets, ub_link); 4639 bucket_free(zone, b, udata); 4640 } 4641 while ((b = STAILQ_FIRST(&fullbuckets)) != NULL) { 4642 STAILQ_REMOVE_HEAD(&fullbuckets, ub_link); 4643 domain = item_domain(b->ub_bucket[0]); 4644 zone_put_bucket(zone, domain, b, udata, true); 4645 } 4646 } 4647 #endif 4648 4649 static void 4650 zone_free_bucket(uma_zone_t zone, uma_bucket_t bucket, void *udata, 4651 int itemdomain, bool ws) 4652 { 4653 4654 #ifdef NUMA 4655 /* 4656 * Buckets coming from the wrong domain will be entirely for the 4657 * only other domain on two domain systems. In this case we can 4658 * simply cache them. Otherwise we need to sort them back to 4659 * correct domains. 4660 */ 4661 if ((zone->uz_flags & UMA_ZONE_FIRSTTOUCH) != 0 && 4662 vm_ndomains > 2 && PCPU_GET(domain) != itemdomain) { 4663 zone_free_cross(zone, bucket, udata); 4664 return; 4665 } 4666 #endif 4667 4668 /* 4669 * Attempt to save the bucket in the zone's domain bucket cache. 4670 */ 4671 CTR3(KTR_UMA, 4672 "uma_zfree: zone %s(%p) putting bucket %p on free list", 4673 zone->uz_name, zone, bucket); 4674 /* ub_cnt is pointing to the last free item */ 4675 if ((zone->uz_flags & UMA_ZONE_ROUNDROBIN) != 0) 4676 itemdomain = zone_domain_lowest(zone, itemdomain); 4677 zone_put_bucket(zone, itemdomain, bucket, udata, ws); 4678 } 4679 4680 /* 4681 * Populate a free or cross bucket for the current cpu cache. Free any 4682 * existing full bucket either to the zone cache or back to the slab layer. 4683 * 4684 * Enters and returns in a critical section. false return indicates that 4685 * we can not satisfy this free in the cache layer. true indicates that 4686 * the caller should retry. 4687 */ 4688 static __noinline bool 4689 cache_free(uma_zone_t zone, uma_cache_t cache, void *udata, int itemdomain) 4690 { 4691 uma_cache_bucket_t cbucket; 4692 uma_bucket_t newbucket, bucket; 4693 4694 CRITICAL_ASSERT(curthread); 4695 4696 if (zone->uz_bucket_size == 0) 4697 return false; 4698 4699 cache = &zone->uz_cpu[curcpu]; 4700 newbucket = NULL; 4701 4702 /* 4703 * FIRSTTOUCH domains need to free to the correct zdom. When 4704 * enabled this is the zdom of the item. The bucket is the 4705 * cross bucket if the current domain and itemdomain do not match. 4706 */ 4707 cbucket = &cache->uc_freebucket; 4708 #ifdef NUMA 4709 if ((cache_uz_flags(cache) & UMA_ZONE_FIRSTTOUCH) != 0) { 4710 if (PCPU_GET(domain) != itemdomain) { 4711 cbucket = &cache->uc_crossbucket; 4712 if (cbucket->ucb_cnt != 0) 4713 counter_u64_add(zone->uz_xdomain, 4714 cbucket->ucb_cnt); 4715 } 4716 } 4717 #endif 4718 bucket = cache_bucket_unload(cbucket); 4719 KASSERT(bucket == NULL || bucket->ub_cnt == bucket->ub_entries, 4720 ("cache_free: Entered with non-full free bucket.")); 4721 4722 /* We are no longer associated with this CPU. */ 4723 critical_exit(); 4724 4725 /* 4726 * Don't let SMR zones operate without a free bucket. Force 4727 * a synchronize and re-use this one. We will only degrade 4728 * to a synchronize every bucket_size items rather than every 4729 * item if we fail to allocate a bucket. 4730 */ 4731 if ((zone->uz_flags & UMA_ZONE_SMR) != 0) { 4732 if (bucket != NULL) 4733 bucket->ub_seq = smr_advance(zone->uz_smr); 4734 newbucket = bucket_alloc(zone, udata, M_NOWAIT); 4735 if (newbucket == NULL && bucket != NULL) { 4736 bucket_drain(zone, bucket); 4737 newbucket = bucket; 4738 bucket = NULL; 4739 } 4740 } else if (!bucketdisable) 4741 newbucket = bucket_alloc(zone, udata, M_NOWAIT); 4742 4743 if (bucket != NULL) 4744 zone_free_bucket(zone, bucket, udata, itemdomain, true); 4745 4746 critical_enter(); 4747 if ((bucket = newbucket) == NULL) 4748 return (false); 4749 cache = &zone->uz_cpu[curcpu]; 4750 #ifdef NUMA 4751 /* 4752 * Check to see if we should be populating the cross bucket. If it 4753 * is already populated we will fall through and attempt to populate 4754 * the free bucket. 4755 */ 4756 if ((cache_uz_flags(cache) & UMA_ZONE_FIRSTTOUCH) != 0) { 4757 if (PCPU_GET(domain) != itemdomain && 4758 cache->uc_crossbucket.ucb_bucket == NULL) { 4759 cache_bucket_load_cross(cache, bucket); 4760 return (true); 4761 } 4762 } 4763 #endif 4764 /* 4765 * We may have lost the race to fill the bucket or switched CPUs. 4766 */ 4767 if (cache->uc_freebucket.ucb_bucket != NULL) { 4768 critical_exit(); 4769 bucket_free(zone, bucket, udata); 4770 critical_enter(); 4771 } else 4772 cache_bucket_load_free(cache, bucket); 4773 4774 return (true); 4775 } 4776 4777 static void 4778 slab_free_item(uma_zone_t zone, uma_slab_t slab, void *item) 4779 { 4780 uma_keg_t keg; 4781 uma_domain_t dom; 4782 int freei; 4783 4784 keg = zone->uz_keg; 4785 KEG_LOCK_ASSERT(keg, slab->us_domain); 4786 4787 /* Do we need to remove from any lists? */ 4788 dom = &keg->uk_domain[slab->us_domain]; 4789 if (slab->us_freecount + 1 == keg->uk_ipers) { 4790 LIST_REMOVE(slab, us_link); 4791 LIST_INSERT_HEAD(&dom->ud_free_slab, slab, us_link); 4792 dom->ud_free_slabs++; 4793 } else if (slab->us_freecount == 0) { 4794 LIST_REMOVE(slab, us_link); 4795 LIST_INSERT_HEAD(&dom->ud_part_slab, slab, us_link); 4796 } 4797 4798 /* Slab management. */ 4799 freei = slab_item_index(slab, keg, item); 4800 BIT_SET(keg->uk_ipers, freei, &slab->us_free); 4801 slab->us_freecount++; 4802 4803 /* Keg statistics. */ 4804 dom->ud_free_items++; 4805 } 4806 4807 static void 4808 zone_release(void *arg, void **bucket, int cnt) 4809 { 4810 struct mtx *lock; 4811 uma_zone_t zone; 4812 uma_slab_t slab; 4813 uma_keg_t keg; 4814 uint8_t *mem; 4815 void *item; 4816 int i; 4817 4818 zone = arg; 4819 keg = zone->uz_keg; 4820 lock = NULL; 4821 if (__predict_false((zone->uz_flags & UMA_ZFLAG_HASH) != 0)) 4822 lock = KEG_LOCK(keg, 0); 4823 for (i = 0; i < cnt; i++) { 4824 item = bucket[i]; 4825 if (__predict_true((zone->uz_flags & UMA_ZFLAG_VTOSLAB) != 0)) { 4826 slab = vtoslab((vm_offset_t)item); 4827 } else { 4828 mem = (uint8_t *)((uintptr_t)item & (~UMA_SLAB_MASK)); 4829 if ((zone->uz_flags & UMA_ZFLAG_HASH) != 0) 4830 slab = hash_sfind(&keg->uk_hash, mem); 4831 else 4832 slab = (uma_slab_t)(mem + keg->uk_pgoff); 4833 } 4834 if (lock != KEG_LOCKPTR(keg, slab->us_domain)) { 4835 if (lock != NULL) 4836 mtx_unlock(lock); 4837 lock = KEG_LOCK(keg, slab->us_domain); 4838 } 4839 slab_free_item(zone, slab, item); 4840 } 4841 if (lock != NULL) 4842 mtx_unlock(lock); 4843 } 4844 4845 /* 4846 * Frees a single item to any zone. 4847 * 4848 * Arguments: 4849 * zone The zone to free to 4850 * item The item we're freeing 4851 * udata User supplied data for the dtor 4852 * skip Skip dtors and finis 4853 */ 4854 static __noinline void 4855 zone_free_item(uma_zone_t zone, void *item, void *udata, enum zfreeskip skip) 4856 { 4857 4858 /* 4859 * If a free is sent directly to an SMR zone we have to 4860 * synchronize immediately because the item can instantly 4861 * be reallocated. This should only happen in degenerate 4862 * cases when no memory is available for per-cpu caches. 4863 */ 4864 if ((zone->uz_flags & UMA_ZONE_SMR) != 0 && skip == SKIP_NONE) 4865 smr_synchronize(zone->uz_smr); 4866 4867 item_dtor(zone, item, zone->uz_size, udata, skip); 4868 4869 if (skip < SKIP_FINI && zone->uz_fini) { 4870 kasan_mark_item_valid(zone, item); 4871 zone->uz_fini(item, zone->uz_size); 4872 kasan_mark_item_invalid(zone, item); 4873 } 4874 4875 zone->uz_release(zone->uz_arg, &item, 1); 4876 4877 if (skip & SKIP_CNT) 4878 return; 4879 4880 counter_u64_add(zone->uz_frees, 1); 4881 4882 if (zone->uz_max_items > 0) 4883 zone_free_limit(zone, 1); 4884 } 4885 4886 /* See uma.h */ 4887 int 4888 uma_zone_set_max(uma_zone_t zone, int nitems) 4889 { 4890 4891 /* 4892 * If the limit is small, we may need to constrain the maximum per-CPU 4893 * cache size, or disable caching entirely. 4894 */ 4895 uma_zone_set_maxcache(zone, nitems); 4896 4897 /* 4898 * XXX This can misbehave if the zone has any allocations with 4899 * no limit and a limit is imposed. There is currently no 4900 * way to clear a limit. 4901 */ 4902 ZONE_LOCK(zone); 4903 if (zone->uz_max_items == 0) 4904 ZONE_ASSERT_COLD(zone); 4905 zone->uz_max_items = nitems; 4906 zone->uz_flags |= UMA_ZFLAG_LIMIT; 4907 zone_update_caches(zone); 4908 /* We may need to wake waiters. */ 4909 wakeup(&zone->uz_max_items); 4910 ZONE_UNLOCK(zone); 4911 4912 return (nitems); 4913 } 4914 4915 /* See uma.h */ 4916 void 4917 uma_zone_set_maxcache(uma_zone_t zone, int nitems) 4918 { 4919 int bpcpu, bpdom, bsize, nb; 4920 4921 ZONE_LOCK(zone); 4922 4923 /* 4924 * Compute a lower bound on the number of items that may be cached in 4925 * the zone. Each CPU gets at least two buckets, and for cross-domain 4926 * frees we use an additional bucket per CPU and per domain. Select the 4927 * largest bucket size that does not exceed half of the requested limit, 4928 * with the left over space given to the full bucket cache. 4929 */ 4930 bpdom = 0; 4931 bpcpu = 2; 4932 #ifdef NUMA 4933 if ((zone->uz_flags & UMA_ZONE_FIRSTTOUCH) != 0 && vm_ndomains > 1) { 4934 bpcpu++; 4935 bpdom++; 4936 } 4937 #endif 4938 nb = bpcpu * mp_ncpus + bpdom * vm_ndomains; 4939 bsize = nitems / nb / 2; 4940 if (bsize > BUCKET_MAX) 4941 bsize = BUCKET_MAX; 4942 else if (bsize == 0 && nitems / nb > 0) 4943 bsize = 1; 4944 zone->uz_bucket_size_max = zone->uz_bucket_size = bsize; 4945 if (zone->uz_bucket_size_min > zone->uz_bucket_size_max) 4946 zone->uz_bucket_size_min = zone->uz_bucket_size_max; 4947 zone->uz_bucket_max = nitems - nb * bsize; 4948 ZONE_UNLOCK(zone); 4949 } 4950 4951 /* See uma.h */ 4952 int 4953 uma_zone_get_max(uma_zone_t zone) 4954 { 4955 int nitems; 4956 4957 nitems = atomic_load_64(&zone->uz_max_items); 4958 4959 return (nitems); 4960 } 4961 4962 /* See uma.h */ 4963 void 4964 uma_zone_set_warning(uma_zone_t zone, const char *warning) 4965 { 4966 4967 ZONE_ASSERT_COLD(zone); 4968 zone->uz_warning = warning; 4969 } 4970 4971 /* See uma.h */ 4972 void 4973 uma_zone_set_maxaction(uma_zone_t zone, uma_maxaction_t maxaction) 4974 { 4975 4976 ZONE_ASSERT_COLD(zone); 4977 TASK_INIT(&zone->uz_maxaction, 0, (task_fn_t *)maxaction, zone); 4978 } 4979 4980 /* See uma.h */ 4981 int 4982 uma_zone_get_cur(uma_zone_t zone) 4983 { 4984 int64_t nitems; 4985 u_int i; 4986 4987 nitems = 0; 4988 if (zone->uz_allocs != EARLY_COUNTER && zone->uz_frees != EARLY_COUNTER) 4989 nitems = counter_u64_fetch(zone->uz_allocs) - 4990 counter_u64_fetch(zone->uz_frees); 4991 CPU_FOREACH(i) 4992 nitems += atomic_load_64(&zone->uz_cpu[i].uc_allocs) - 4993 atomic_load_64(&zone->uz_cpu[i].uc_frees); 4994 4995 return (nitems < 0 ? 0 : nitems); 4996 } 4997 4998 static uint64_t 4999 uma_zone_get_allocs(uma_zone_t zone) 5000 { 5001 uint64_t nitems; 5002 u_int i; 5003 5004 nitems = 0; 5005 if (zone->uz_allocs != EARLY_COUNTER) 5006 nitems = counter_u64_fetch(zone->uz_allocs); 5007 CPU_FOREACH(i) 5008 nitems += atomic_load_64(&zone->uz_cpu[i].uc_allocs); 5009 5010 return (nitems); 5011 } 5012 5013 static uint64_t 5014 uma_zone_get_frees(uma_zone_t zone) 5015 { 5016 uint64_t nitems; 5017 u_int i; 5018 5019 nitems = 0; 5020 if (zone->uz_frees != EARLY_COUNTER) 5021 nitems = counter_u64_fetch(zone->uz_frees); 5022 CPU_FOREACH(i) 5023 nitems += atomic_load_64(&zone->uz_cpu[i].uc_frees); 5024 5025 return (nitems); 5026 } 5027 5028 #ifdef INVARIANTS 5029 /* Used only for KEG_ASSERT_COLD(). */ 5030 static uint64_t 5031 uma_keg_get_allocs(uma_keg_t keg) 5032 { 5033 uma_zone_t z; 5034 uint64_t nitems; 5035 5036 nitems = 0; 5037 LIST_FOREACH(z, &keg->uk_zones, uz_link) 5038 nitems += uma_zone_get_allocs(z); 5039 5040 return (nitems); 5041 } 5042 #endif 5043 5044 /* See uma.h */ 5045 void 5046 uma_zone_set_init(uma_zone_t zone, uma_init uminit) 5047 { 5048 uma_keg_t keg; 5049 5050 KEG_GET(zone, keg); 5051 KEG_ASSERT_COLD(keg); 5052 keg->uk_init = uminit; 5053 } 5054 5055 /* See uma.h */ 5056 void 5057 uma_zone_set_fini(uma_zone_t zone, uma_fini fini) 5058 { 5059 uma_keg_t keg; 5060 5061 KEG_GET(zone, keg); 5062 KEG_ASSERT_COLD(keg); 5063 keg->uk_fini = fini; 5064 } 5065 5066 /* See uma.h */ 5067 void 5068 uma_zone_set_zinit(uma_zone_t zone, uma_init zinit) 5069 { 5070 5071 ZONE_ASSERT_COLD(zone); 5072 zone->uz_init = zinit; 5073 } 5074 5075 /* See uma.h */ 5076 void 5077 uma_zone_set_zfini(uma_zone_t zone, uma_fini zfini) 5078 { 5079 5080 ZONE_ASSERT_COLD(zone); 5081 zone->uz_fini = zfini; 5082 } 5083 5084 /* See uma.h */ 5085 void 5086 uma_zone_set_freef(uma_zone_t zone, uma_free freef) 5087 { 5088 uma_keg_t keg; 5089 5090 KEG_GET(zone, keg); 5091 KEG_ASSERT_COLD(keg); 5092 keg->uk_freef = freef; 5093 } 5094 5095 /* See uma.h */ 5096 void 5097 uma_zone_set_allocf(uma_zone_t zone, uma_alloc allocf) 5098 { 5099 uma_keg_t keg; 5100 5101 KEG_GET(zone, keg); 5102 KEG_ASSERT_COLD(keg); 5103 keg->uk_allocf = allocf; 5104 } 5105 5106 /* See uma.h */ 5107 void 5108 uma_zone_set_smr(uma_zone_t zone, smr_t smr) 5109 { 5110 5111 ZONE_ASSERT_COLD(zone); 5112 5113 KASSERT(smr != NULL, ("Got NULL smr")); 5114 KASSERT((zone->uz_flags & UMA_ZONE_SMR) == 0, 5115 ("zone %p (%s) already uses SMR", zone, zone->uz_name)); 5116 zone->uz_flags |= UMA_ZONE_SMR; 5117 zone->uz_smr = smr; 5118 zone_update_caches(zone); 5119 } 5120 5121 smr_t 5122 uma_zone_get_smr(uma_zone_t zone) 5123 { 5124 5125 return (zone->uz_smr); 5126 } 5127 5128 /* See uma.h */ 5129 void 5130 uma_zone_reserve(uma_zone_t zone, int items) 5131 { 5132 uma_keg_t keg; 5133 5134 KEG_GET(zone, keg); 5135 KEG_ASSERT_COLD(keg); 5136 keg->uk_reserve = items; 5137 } 5138 5139 /* See uma.h */ 5140 int 5141 uma_zone_reserve_kva(uma_zone_t zone, int count) 5142 { 5143 uma_keg_t keg; 5144 vm_offset_t kva; 5145 u_int pages; 5146 5147 KEG_GET(zone, keg); 5148 KEG_ASSERT_COLD(keg); 5149 ZONE_ASSERT_COLD(zone); 5150 5151 pages = howmany(count, keg->uk_ipers) * keg->uk_ppera; 5152 5153 #ifdef UMA_MD_SMALL_ALLOC 5154 if (keg->uk_ppera > 1) { 5155 #else 5156 if (1) { 5157 #endif 5158 kva = kva_alloc((vm_size_t)pages * PAGE_SIZE); 5159 if (kva == 0) 5160 return (0); 5161 } else 5162 kva = 0; 5163 5164 MPASS(keg->uk_kva == 0); 5165 keg->uk_kva = kva; 5166 keg->uk_offset = 0; 5167 zone->uz_max_items = pages * keg->uk_ipers; 5168 #ifdef UMA_MD_SMALL_ALLOC 5169 keg->uk_allocf = (keg->uk_ppera > 1) ? noobj_alloc : uma_small_alloc; 5170 #else 5171 keg->uk_allocf = noobj_alloc; 5172 #endif 5173 keg->uk_flags |= UMA_ZFLAG_LIMIT | UMA_ZONE_NOFREE; 5174 zone->uz_flags |= UMA_ZFLAG_LIMIT | UMA_ZONE_NOFREE; 5175 zone_update_caches(zone); 5176 5177 return (1); 5178 } 5179 5180 /* See uma.h */ 5181 void 5182 uma_prealloc(uma_zone_t zone, int items) 5183 { 5184 struct vm_domainset_iter di; 5185 uma_domain_t dom; 5186 uma_slab_t slab; 5187 uma_keg_t keg; 5188 int aflags, domain, slabs; 5189 5190 KEG_GET(zone, keg); 5191 slabs = howmany(items, keg->uk_ipers); 5192 while (slabs-- > 0) { 5193 aflags = M_NOWAIT; 5194 vm_domainset_iter_policy_ref_init(&di, &keg->uk_dr, &domain, 5195 &aflags); 5196 for (;;) { 5197 slab = keg_alloc_slab(keg, zone, domain, M_WAITOK, 5198 aflags); 5199 if (slab != NULL) { 5200 dom = &keg->uk_domain[slab->us_domain]; 5201 /* 5202 * keg_alloc_slab() always returns a slab on the 5203 * partial list. 5204 */ 5205 LIST_REMOVE(slab, us_link); 5206 LIST_INSERT_HEAD(&dom->ud_free_slab, slab, 5207 us_link); 5208 dom->ud_free_slabs++; 5209 KEG_UNLOCK(keg, slab->us_domain); 5210 break; 5211 } 5212 if (vm_domainset_iter_policy(&di, &domain) != 0) 5213 vm_wait_doms(&keg->uk_dr.dr_policy->ds_mask, 0); 5214 } 5215 } 5216 } 5217 5218 /* 5219 * Returns a snapshot of memory consumption in bytes. 5220 */ 5221 size_t 5222 uma_zone_memory(uma_zone_t zone) 5223 { 5224 size_t sz; 5225 int i; 5226 5227 sz = 0; 5228 if (zone->uz_flags & UMA_ZFLAG_CACHE) { 5229 for (i = 0; i < vm_ndomains; i++) 5230 sz += ZDOM_GET(zone, i)->uzd_nitems; 5231 return (sz * zone->uz_size); 5232 } 5233 for (i = 0; i < vm_ndomains; i++) 5234 sz += zone->uz_keg->uk_domain[i].ud_pages; 5235 5236 return (sz * PAGE_SIZE); 5237 } 5238 5239 struct uma_reclaim_args { 5240 int domain; 5241 int req; 5242 }; 5243 5244 static void 5245 uma_reclaim_domain_cb(uma_zone_t zone, void *arg) 5246 { 5247 struct uma_reclaim_args *args; 5248 5249 args = arg; 5250 if ((zone->uz_flags & UMA_ZONE_UNMANAGED) == 0) 5251 uma_zone_reclaim_domain(zone, args->req, args->domain); 5252 } 5253 5254 /* See uma.h */ 5255 void 5256 uma_reclaim(int req) 5257 { 5258 uma_reclaim_domain(req, UMA_ANYDOMAIN); 5259 } 5260 5261 void 5262 uma_reclaim_domain(int req, int domain) 5263 { 5264 struct uma_reclaim_args args; 5265 5266 bucket_enable(); 5267 5268 args.domain = domain; 5269 args.req = req; 5270 5271 sx_slock(&uma_reclaim_lock); 5272 switch (req) { 5273 case UMA_RECLAIM_TRIM: 5274 case UMA_RECLAIM_DRAIN: 5275 zone_foreach(uma_reclaim_domain_cb, &args); 5276 break; 5277 case UMA_RECLAIM_DRAIN_CPU: 5278 zone_foreach(uma_reclaim_domain_cb, &args); 5279 pcpu_cache_drain_safe(NULL); 5280 zone_foreach(uma_reclaim_domain_cb, &args); 5281 break; 5282 default: 5283 panic("unhandled reclamation request %d", req); 5284 } 5285 5286 /* 5287 * Some slabs may have been freed but this zone will be visited early 5288 * we visit again so that we can free pages that are empty once other 5289 * zones are drained. We have to do the same for buckets. 5290 */ 5291 uma_zone_reclaim_domain(slabzones[0], UMA_RECLAIM_DRAIN, domain); 5292 uma_zone_reclaim_domain(slabzones[1], UMA_RECLAIM_DRAIN, domain); 5293 bucket_zone_drain(domain); 5294 sx_sunlock(&uma_reclaim_lock); 5295 } 5296 5297 static volatile int uma_reclaim_needed; 5298 5299 void 5300 uma_reclaim_wakeup(void) 5301 { 5302 5303 if (atomic_fetchadd_int(&uma_reclaim_needed, 1) == 0) 5304 wakeup(uma_reclaim); 5305 } 5306 5307 void 5308 uma_reclaim_worker(void *arg __unused) 5309 { 5310 5311 for (;;) { 5312 sx_xlock(&uma_reclaim_lock); 5313 while (atomic_load_int(&uma_reclaim_needed) == 0) 5314 sx_sleep(uma_reclaim, &uma_reclaim_lock, PVM, "umarcl", 5315 hz); 5316 sx_xunlock(&uma_reclaim_lock); 5317 EVENTHANDLER_INVOKE(vm_lowmem, VM_LOW_KMEM); 5318 uma_reclaim(UMA_RECLAIM_DRAIN_CPU); 5319 atomic_store_int(&uma_reclaim_needed, 0); 5320 /* Don't fire more than once per-second. */ 5321 pause("umarclslp", hz); 5322 } 5323 } 5324 5325 /* See uma.h */ 5326 void 5327 uma_zone_reclaim(uma_zone_t zone, int req) 5328 { 5329 uma_zone_reclaim_domain(zone, req, UMA_ANYDOMAIN); 5330 } 5331 5332 void 5333 uma_zone_reclaim_domain(uma_zone_t zone, int req, int domain) 5334 { 5335 switch (req) { 5336 case UMA_RECLAIM_TRIM: 5337 zone_reclaim(zone, domain, M_NOWAIT, false); 5338 break; 5339 case UMA_RECLAIM_DRAIN: 5340 zone_reclaim(zone, domain, M_NOWAIT, true); 5341 break; 5342 case UMA_RECLAIM_DRAIN_CPU: 5343 pcpu_cache_drain_safe(zone); 5344 zone_reclaim(zone, domain, M_NOWAIT, true); 5345 break; 5346 default: 5347 panic("unhandled reclamation request %d", req); 5348 } 5349 } 5350 5351 /* See uma.h */ 5352 int 5353 uma_zone_exhausted(uma_zone_t zone) 5354 { 5355 5356 return (atomic_load_32(&zone->uz_sleepers) > 0); 5357 } 5358 5359 unsigned long 5360 uma_limit(void) 5361 { 5362 5363 return (uma_kmem_limit); 5364 } 5365 5366 void 5367 uma_set_limit(unsigned long limit) 5368 { 5369 5370 uma_kmem_limit = limit; 5371 } 5372 5373 unsigned long 5374 uma_size(void) 5375 { 5376 5377 return (atomic_load_long(&uma_kmem_total)); 5378 } 5379 5380 long 5381 uma_avail(void) 5382 { 5383 5384 return (uma_kmem_limit - uma_size()); 5385 } 5386 5387 #ifdef DDB 5388 /* 5389 * Generate statistics across both the zone and its per-cpu cache's. Return 5390 * desired statistics if the pointer is non-NULL for that statistic. 5391 * 5392 * Note: does not update the zone statistics, as it can't safely clear the 5393 * per-CPU cache statistic. 5394 * 5395 */ 5396 static void 5397 uma_zone_sumstat(uma_zone_t z, long *cachefreep, uint64_t *allocsp, 5398 uint64_t *freesp, uint64_t *sleepsp, uint64_t *xdomainp) 5399 { 5400 uma_cache_t cache; 5401 uint64_t allocs, frees, sleeps, xdomain; 5402 int cachefree, cpu; 5403 5404 allocs = frees = sleeps = xdomain = 0; 5405 cachefree = 0; 5406 CPU_FOREACH(cpu) { 5407 cache = &z->uz_cpu[cpu]; 5408 cachefree += cache->uc_allocbucket.ucb_cnt; 5409 cachefree += cache->uc_freebucket.ucb_cnt; 5410 xdomain += cache->uc_crossbucket.ucb_cnt; 5411 cachefree += cache->uc_crossbucket.ucb_cnt; 5412 allocs += cache->uc_allocs; 5413 frees += cache->uc_frees; 5414 } 5415 allocs += counter_u64_fetch(z->uz_allocs); 5416 frees += counter_u64_fetch(z->uz_frees); 5417 xdomain += counter_u64_fetch(z->uz_xdomain); 5418 sleeps += z->uz_sleeps; 5419 if (cachefreep != NULL) 5420 *cachefreep = cachefree; 5421 if (allocsp != NULL) 5422 *allocsp = allocs; 5423 if (freesp != NULL) 5424 *freesp = frees; 5425 if (sleepsp != NULL) 5426 *sleepsp = sleeps; 5427 if (xdomainp != NULL) 5428 *xdomainp = xdomain; 5429 } 5430 #endif /* DDB */ 5431 5432 static int 5433 sysctl_vm_zone_count(SYSCTL_HANDLER_ARGS) 5434 { 5435 uma_keg_t kz; 5436 uma_zone_t z; 5437 int count; 5438 5439 count = 0; 5440 rw_rlock(&uma_rwlock); 5441 LIST_FOREACH(kz, &uma_kegs, uk_link) { 5442 LIST_FOREACH(z, &kz->uk_zones, uz_link) 5443 count++; 5444 } 5445 LIST_FOREACH(z, &uma_cachezones, uz_link) 5446 count++; 5447 5448 rw_runlock(&uma_rwlock); 5449 return (sysctl_handle_int(oidp, &count, 0, req)); 5450 } 5451 5452 static void 5453 uma_vm_zone_stats(struct uma_type_header *uth, uma_zone_t z, struct sbuf *sbuf, 5454 struct uma_percpu_stat *ups, bool internal) 5455 { 5456 uma_zone_domain_t zdom; 5457 uma_cache_t cache; 5458 int i; 5459 5460 for (i = 0; i < vm_ndomains; i++) { 5461 zdom = ZDOM_GET(z, i); 5462 uth->uth_zone_free += zdom->uzd_nitems; 5463 } 5464 uth->uth_allocs = counter_u64_fetch(z->uz_allocs); 5465 uth->uth_frees = counter_u64_fetch(z->uz_frees); 5466 uth->uth_fails = counter_u64_fetch(z->uz_fails); 5467 uth->uth_xdomain = counter_u64_fetch(z->uz_xdomain); 5468 uth->uth_sleeps = z->uz_sleeps; 5469 5470 for (i = 0; i < mp_maxid + 1; i++) { 5471 bzero(&ups[i], sizeof(*ups)); 5472 if (internal || CPU_ABSENT(i)) 5473 continue; 5474 cache = &z->uz_cpu[i]; 5475 ups[i].ups_cache_free += cache->uc_allocbucket.ucb_cnt; 5476 ups[i].ups_cache_free += cache->uc_freebucket.ucb_cnt; 5477 ups[i].ups_cache_free += cache->uc_crossbucket.ucb_cnt; 5478 ups[i].ups_allocs = cache->uc_allocs; 5479 ups[i].ups_frees = cache->uc_frees; 5480 } 5481 } 5482 5483 static int 5484 sysctl_vm_zone_stats(SYSCTL_HANDLER_ARGS) 5485 { 5486 struct uma_stream_header ush; 5487 struct uma_type_header uth; 5488 struct uma_percpu_stat *ups; 5489 struct sbuf sbuf; 5490 uma_keg_t kz; 5491 uma_zone_t z; 5492 uint64_t items; 5493 uint32_t kfree, pages; 5494 int count, error, i; 5495 5496 error = sysctl_wire_old_buffer(req, 0); 5497 if (error != 0) 5498 return (error); 5499 sbuf_new_for_sysctl(&sbuf, NULL, 128, req); 5500 sbuf_clear_flags(&sbuf, SBUF_INCLUDENUL); 5501 ups = malloc((mp_maxid + 1) * sizeof(*ups), M_TEMP, M_WAITOK); 5502 5503 count = 0; 5504 rw_rlock(&uma_rwlock); 5505 LIST_FOREACH(kz, &uma_kegs, uk_link) { 5506 LIST_FOREACH(z, &kz->uk_zones, uz_link) 5507 count++; 5508 } 5509 5510 LIST_FOREACH(z, &uma_cachezones, uz_link) 5511 count++; 5512 5513 /* 5514 * Insert stream header. 5515 */ 5516 bzero(&ush, sizeof(ush)); 5517 ush.ush_version = UMA_STREAM_VERSION; 5518 ush.ush_maxcpus = (mp_maxid + 1); 5519 ush.ush_count = count; 5520 (void)sbuf_bcat(&sbuf, &ush, sizeof(ush)); 5521 5522 LIST_FOREACH(kz, &uma_kegs, uk_link) { 5523 kfree = pages = 0; 5524 for (i = 0; i < vm_ndomains; i++) { 5525 kfree += kz->uk_domain[i].ud_free_items; 5526 pages += kz->uk_domain[i].ud_pages; 5527 } 5528 LIST_FOREACH(z, &kz->uk_zones, uz_link) { 5529 bzero(&uth, sizeof(uth)); 5530 strlcpy(uth.uth_name, z->uz_name, UTH_MAX_NAME); 5531 uth.uth_align = kz->uk_align; 5532 uth.uth_size = kz->uk_size; 5533 uth.uth_rsize = kz->uk_rsize; 5534 if (z->uz_max_items > 0) { 5535 items = UZ_ITEMS_COUNT(z->uz_items); 5536 uth.uth_pages = (items / kz->uk_ipers) * 5537 kz->uk_ppera; 5538 } else 5539 uth.uth_pages = pages; 5540 uth.uth_maxpages = (z->uz_max_items / kz->uk_ipers) * 5541 kz->uk_ppera; 5542 uth.uth_limit = z->uz_max_items; 5543 uth.uth_keg_free = kfree; 5544 5545 /* 5546 * A zone is secondary is it is not the first entry 5547 * on the keg's zone list. 5548 */ 5549 if ((z->uz_flags & UMA_ZONE_SECONDARY) && 5550 (LIST_FIRST(&kz->uk_zones) != z)) 5551 uth.uth_zone_flags = UTH_ZONE_SECONDARY; 5552 uma_vm_zone_stats(&uth, z, &sbuf, ups, 5553 kz->uk_flags & UMA_ZFLAG_INTERNAL); 5554 (void)sbuf_bcat(&sbuf, &uth, sizeof(uth)); 5555 for (i = 0; i < mp_maxid + 1; i++) 5556 (void)sbuf_bcat(&sbuf, &ups[i], sizeof(ups[i])); 5557 } 5558 } 5559 LIST_FOREACH(z, &uma_cachezones, uz_link) { 5560 bzero(&uth, sizeof(uth)); 5561 strlcpy(uth.uth_name, z->uz_name, UTH_MAX_NAME); 5562 uth.uth_size = z->uz_size; 5563 uma_vm_zone_stats(&uth, z, &sbuf, ups, false); 5564 (void)sbuf_bcat(&sbuf, &uth, sizeof(uth)); 5565 for (i = 0; i < mp_maxid + 1; i++) 5566 (void)sbuf_bcat(&sbuf, &ups[i], sizeof(ups[i])); 5567 } 5568 5569 rw_runlock(&uma_rwlock); 5570 error = sbuf_finish(&sbuf); 5571 sbuf_delete(&sbuf); 5572 free(ups, M_TEMP); 5573 return (error); 5574 } 5575 5576 int 5577 sysctl_handle_uma_zone_max(SYSCTL_HANDLER_ARGS) 5578 { 5579 uma_zone_t zone = *(uma_zone_t *)arg1; 5580 int error, max; 5581 5582 max = uma_zone_get_max(zone); 5583 error = sysctl_handle_int(oidp, &max, 0, req); 5584 if (error || !req->newptr) 5585 return (error); 5586 5587 uma_zone_set_max(zone, max); 5588 5589 return (0); 5590 } 5591 5592 int 5593 sysctl_handle_uma_zone_cur(SYSCTL_HANDLER_ARGS) 5594 { 5595 uma_zone_t zone; 5596 int cur; 5597 5598 /* 5599 * Some callers want to add sysctls for global zones that 5600 * may not yet exist so they pass a pointer to a pointer. 5601 */ 5602 if (arg2 == 0) 5603 zone = *(uma_zone_t *)arg1; 5604 else 5605 zone = arg1; 5606 cur = uma_zone_get_cur(zone); 5607 return (sysctl_handle_int(oidp, &cur, 0, req)); 5608 } 5609 5610 static int 5611 sysctl_handle_uma_zone_allocs(SYSCTL_HANDLER_ARGS) 5612 { 5613 uma_zone_t zone = arg1; 5614 uint64_t cur; 5615 5616 cur = uma_zone_get_allocs(zone); 5617 return (sysctl_handle_64(oidp, &cur, 0, req)); 5618 } 5619 5620 static int 5621 sysctl_handle_uma_zone_frees(SYSCTL_HANDLER_ARGS) 5622 { 5623 uma_zone_t zone = arg1; 5624 uint64_t cur; 5625 5626 cur = uma_zone_get_frees(zone); 5627 return (sysctl_handle_64(oidp, &cur, 0, req)); 5628 } 5629 5630 static int 5631 sysctl_handle_uma_zone_flags(SYSCTL_HANDLER_ARGS) 5632 { 5633 struct sbuf sbuf; 5634 uma_zone_t zone = arg1; 5635 int error; 5636 5637 sbuf_new_for_sysctl(&sbuf, NULL, 0, req); 5638 if (zone->uz_flags != 0) 5639 sbuf_printf(&sbuf, "0x%b", zone->uz_flags, PRINT_UMA_ZFLAGS); 5640 else 5641 sbuf_printf(&sbuf, "0"); 5642 error = sbuf_finish(&sbuf); 5643 sbuf_delete(&sbuf); 5644 5645 return (error); 5646 } 5647 5648 static int 5649 sysctl_handle_uma_slab_efficiency(SYSCTL_HANDLER_ARGS) 5650 { 5651 uma_keg_t keg = arg1; 5652 int avail, effpct, total; 5653 5654 total = keg->uk_ppera * PAGE_SIZE; 5655 if ((keg->uk_flags & UMA_ZFLAG_OFFPAGE) != 0) 5656 total += slabzone(keg->uk_ipers)->uz_keg->uk_rsize; 5657 /* 5658 * We consider the client's requested size and alignment here, not the 5659 * real size determination uk_rsize, because we also adjust the real 5660 * size for internal implementation reasons (max bitset size). 5661 */ 5662 avail = keg->uk_ipers * roundup2(keg->uk_size, keg->uk_align + 1); 5663 if ((keg->uk_flags & UMA_ZONE_PCPU) != 0) 5664 avail *= mp_maxid + 1; 5665 effpct = 100 * avail / total; 5666 return (sysctl_handle_int(oidp, &effpct, 0, req)); 5667 } 5668 5669 static int 5670 sysctl_handle_uma_zone_items(SYSCTL_HANDLER_ARGS) 5671 { 5672 uma_zone_t zone = arg1; 5673 uint64_t cur; 5674 5675 cur = UZ_ITEMS_COUNT(atomic_load_64(&zone->uz_items)); 5676 return (sysctl_handle_64(oidp, &cur, 0, req)); 5677 } 5678 5679 #ifdef INVARIANTS 5680 static uma_slab_t 5681 uma_dbg_getslab(uma_zone_t zone, void *item) 5682 { 5683 uma_slab_t slab; 5684 uma_keg_t keg; 5685 uint8_t *mem; 5686 5687 /* 5688 * It is safe to return the slab here even though the 5689 * zone is unlocked because the item's allocation state 5690 * essentially holds a reference. 5691 */ 5692 mem = (uint8_t *)((uintptr_t)item & (~UMA_SLAB_MASK)); 5693 if ((zone->uz_flags & UMA_ZFLAG_CACHE) != 0) 5694 return (NULL); 5695 if (zone->uz_flags & UMA_ZFLAG_VTOSLAB) 5696 return (vtoslab((vm_offset_t)mem)); 5697 keg = zone->uz_keg; 5698 if ((keg->uk_flags & UMA_ZFLAG_HASH) == 0) 5699 return ((uma_slab_t)(mem + keg->uk_pgoff)); 5700 KEG_LOCK(keg, 0); 5701 slab = hash_sfind(&keg->uk_hash, mem); 5702 KEG_UNLOCK(keg, 0); 5703 5704 return (slab); 5705 } 5706 5707 static bool 5708 uma_dbg_zskip(uma_zone_t zone, void *mem) 5709 { 5710 5711 if ((zone->uz_flags & UMA_ZFLAG_CACHE) != 0) 5712 return (true); 5713 5714 return (uma_dbg_kskip(zone->uz_keg, mem)); 5715 } 5716 5717 static bool 5718 uma_dbg_kskip(uma_keg_t keg, void *mem) 5719 { 5720 uintptr_t idx; 5721 5722 if (dbg_divisor == 0) 5723 return (true); 5724 5725 if (dbg_divisor == 1) 5726 return (false); 5727 5728 idx = (uintptr_t)mem >> PAGE_SHIFT; 5729 if (keg->uk_ipers > 1) { 5730 idx *= keg->uk_ipers; 5731 idx += ((uintptr_t)mem & PAGE_MASK) / keg->uk_rsize; 5732 } 5733 5734 if ((idx / dbg_divisor) * dbg_divisor != idx) { 5735 counter_u64_add(uma_skip_cnt, 1); 5736 return (true); 5737 } 5738 counter_u64_add(uma_dbg_cnt, 1); 5739 5740 return (false); 5741 } 5742 5743 /* 5744 * Set up the slab's freei data such that uma_dbg_free can function. 5745 * 5746 */ 5747 static void 5748 uma_dbg_alloc(uma_zone_t zone, uma_slab_t slab, void *item) 5749 { 5750 uma_keg_t keg; 5751 int freei; 5752 5753 if (slab == NULL) { 5754 slab = uma_dbg_getslab(zone, item); 5755 if (slab == NULL) 5756 panic("uma: item %p did not belong to zone %s", 5757 item, zone->uz_name); 5758 } 5759 keg = zone->uz_keg; 5760 freei = slab_item_index(slab, keg, item); 5761 5762 if (BIT_TEST_SET_ATOMIC(keg->uk_ipers, freei, 5763 slab_dbg_bits(slab, keg))) 5764 panic("Duplicate alloc of %p from zone %p(%s) slab %p(%d)", 5765 item, zone, zone->uz_name, slab, freei); 5766 } 5767 5768 /* 5769 * Verifies freed addresses. Checks for alignment, valid slab membership 5770 * and duplicate frees. 5771 * 5772 */ 5773 static void 5774 uma_dbg_free(uma_zone_t zone, uma_slab_t slab, void *item) 5775 { 5776 uma_keg_t keg; 5777 int freei; 5778 5779 if (slab == NULL) { 5780 slab = uma_dbg_getslab(zone, item); 5781 if (slab == NULL) 5782 panic("uma: Freed item %p did not belong to zone %s", 5783 item, zone->uz_name); 5784 } 5785 keg = zone->uz_keg; 5786 freei = slab_item_index(slab, keg, item); 5787 5788 if (freei >= keg->uk_ipers) 5789 panic("Invalid free of %p from zone %p(%s) slab %p(%d)", 5790 item, zone, zone->uz_name, slab, freei); 5791 5792 if (slab_item(slab, keg, freei) != item) 5793 panic("Unaligned free of %p from zone %p(%s) slab %p(%d)", 5794 item, zone, zone->uz_name, slab, freei); 5795 5796 if (!BIT_TEST_CLR_ATOMIC(keg->uk_ipers, freei, 5797 slab_dbg_bits(slab, keg))) 5798 panic("Duplicate free of %p from zone %p(%s) slab %p(%d)", 5799 item, zone, zone->uz_name, slab, freei); 5800 } 5801 #endif /* INVARIANTS */ 5802 5803 #ifdef DDB 5804 static int64_t 5805 get_uma_stats(uma_keg_t kz, uma_zone_t z, uint64_t *allocs, uint64_t *used, 5806 uint64_t *sleeps, long *cachefree, uint64_t *xdomain) 5807 { 5808 uint64_t frees; 5809 int i; 5810 5811 if (kz->uk_flags & UMA_ZFLAG_INTERNAL) { 5812 *allocs = counter_u64_fetch(z->uz_allocs); 5813 frees = counter_u64_fetch(z->uz_frees); 5814 *sleeps = z->uz_sleeps; 5815 *cachefree = 0; 5816 *xdomain = 0; 5817 } else 5818 uma_zone_sumstat(z, cachefree, allocs, &frees, sleeps, 5819 xdomain); 5820 for (i = 0; i < vm_ndomains; i++) { 5821 *cachefree += ZDOM_GET(z, i)->uzd_nitems; 5822 if (!((z->uz_flags & UMA_ZONE_SECONDARY) && 5823 (LIST_FIRST(&kz->uk_zones) != z))) 5824 *cachefree += kz->uk_domain[i].ud_free_items; 5825 } 5826 *used = *allocs - frees; 5827 return (((int64_t)*used + *cachefree) * kz->uk_size); 5828 } 5829 5830 DB_SHOW_COMMAND_FLAGS(uma, db_show_uma, DB_CMD_MEMSAFE) 5831 { 5832 const char *fmt_hdr, *fmt_entry; 5833 uma_keg_t kz; 5834 uma_zone_t z; 5835 uint64_t allocs, used, sleeps, xdomain; 5836 long cachefree; 5837 /* variables for sorting */ 5838 uma_keg_t cur_keg; 5839 uma_zone_t cur_zone, last_zone; 5840 int64_t cur_size, last_size, size; 5841 int ties; 5842 5843 /* /i option produces machine-parseable CSV output */ 5844 if (modif[0] == 'i') { 5845 fmt_hdr = "%s,%s,%s,%s,%s,%s,%s,%s,%s\n"; 5846 fmt_entry = "\"%s\",%ju,%jd,%ld,%ju,%ju,%u,%jd,%ju\n"; 5847 } else { 5848 fmt_hdr = "%18s %6s %7s %7s %11s %7s %7s %10s %8s\n"; 5849 fmt_entry = "%18s %6ju %7jd %7ld %11ju %7ju %7u %10jd %8ju\n"; 5850 } 5851 5852 db_printf(fmt_hdr, "Zone", "Size", "Used", "Free", "Requests", 5853 "Sleeps", "Bucket", "Total Mem", "XFree"); 5854 5855 /* Sort the zones with largest size first. */ 5856 last_zone = NULL; 5857 last_size = INT64_MAX; 5858 for (;;) { 5859 cur_zone = NULL; 5860 cur_size = -1; 5861 ties = 0; 5862 LIST_FOREACH(kz, &uma_kegs, uk_link) { 5863 LIST_FOREACH(z, &kz->uk_zones, uz_link) { 5864 /* 5865 * In the case of size ties, print out zones 5866 * in the order they are encountered. That is, 5867 * when we encounter the most recently output 5868 * zone, we have already printed all preceding 5869 * ties, and we must print all following ties. 5870 */ 5871 if (z == last_zone) { 5872 ties = 1; 5873 continue; 5874 } 5875 size = get_uma_stats(kz, z, &allocs, &used, 5876 &sleeps, &cachefree, &xdomain); 5877 if (size > cur_size && size < last_size + ties) 5878 { 5879 cur_size = size; 5880 cur_zone = z; 5881 cur_keg = kz; 5882 } 5883 } 5884 } 5885 if (cur_zone == NULL) 5886 break; 5887 5888 size = get_uma_stats(cur_keg, cur_zone, &allocs, &used, 5889 &sleeps, &cachefree, &xdomain); 5890 db_printf(fmt_entry, cur_zone->uz_name, 5891 (uintmax_t)cur_keg->uk_size, (intmax_t)used, cachefree, 5892 (uintmax_t)allocs, (uintmax_t)sleeps, 5893 (unsigned)cur_zone->uz_bucket_size, (intmax_t)size, 5894 xdomain); 5895 5896 if (db_pager_quit) 5897 return; 5898 last_zone = cur_zone; 5899 last_size = cur_size; 5900 } 5901 } 5902 5903 DB_SHOW_COMMAND_FLAGS(umacache, db_show_umacache, DB_CMD_MEMSAFE) 5904 { 5905 uma_zone_t z; 5906 uint64_t allocs, frees; 5907 long cachefree; 5908 int i; 5909 5910 db_printf("%18s %8s %8s %8s %12s %8s\n", "Zone", "Size", "Used", "Free", 5911 "Requests", "Bucket"); 5912 LIST_FOREACH(z, &uma_cachezones, uz_link) { 5913 uma_zone_sumstat(z, &cachefree, &allocs, &frees, NULL, NULL); 5914 for (i = 0; i < vm_ndomains; i++) 5915 cachefree += ZDOM_GET(z, i)->uzd_nitems; 5916 db_printf("%18s %8ju %8jd %8ld %12ju %8u\n", 5917 z->uz_name, (uintmax_t)z->uz_size, 5918 (intmax_t)(allocs - frees), cachefree, 5919 (uintmax_t)allocs, z->uz_bucket_size); 5920 if (db_pager_quit) 5921 return; 5922 } 5923 } 5924 #endif /* DDB */ 5925