1 /* 2 * Slab allocator functions that are independent of the allocator strategy 3 * 4 * (C) 2012 Christoph Lameter <cl@linux.com> 5 */ 6 #include <linux/slab.h> 7 8 #include <linux/mm.h> 9 #include <linux/poison.h> 10 #include <linux/interrupt.h> 11 #include <linux/memory.h> 12 #include <linux/compiler.h> 13 #include <linux/module.h> 14 #include <linux/cpu.h> 15 #include <linux/uaccess.h> 16 #include <linux/seq_file.h> 17 #include <linux/proc_fs.h> 18 #include <asm/cacheflush.h> 19 #include <asm/tlbflush.h> 20 #include <asm/page.h> 21 #include <linux/memcontrol.h> 22 23 #define CREATE_TRACE_POINTS 24 #include <trace/events/kmem.h> 25 26 #include "slab.h" 27 28 enum slab_state slab_state; 29 LIST_HEAD(slab_caches); 30 DEFINE_MUTEX(slab_mutex); 31 struct kmem_cache *kmem_cache; 32 33 static LIST_HEAD(slab_caches_to_rcu_destroy); 34 static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work); 35 static DECLARE_WORK(slab_caches_to_rcu_destroy_work, 36 slab_caches_to_rcu_destroy_workfn); 37 38 /* 39 * Set of flags that will prevent slab merging 40 */ 41 #define SLAB_NEVER_MERGE (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \ 42 SLAB_TRACE | SLAB_TYPESAFE_BY_RCU | SLAB_NOLEAKTRACE | \ 43 SLAB_FAILSLAB | SLAB_KASAN) 44 45 #define SLAB_MERGE_SAME (SLAB_RECLAIM_ACCOUNT | SLAB_CACHE_DMA | \ 46 SLAB_NOTRACK | SLAB_ACCOUNT) 47 48 /* 49 * Merge control. If this is set then no merging of slab caches will occur. 50 * (Could be removed. This was introduced to pacify the merge skeptics.) 51 */ 52 static int slab_nomerge; 53 54 static int __init setup_slab_nomerge(char *str) 55 { 56 slab_nomerge = 1; 57 return 1; 58 } 59 60 #ifdef CONFIG_SLUB 61 __setup_param("slub_nomerge", slub_nomerge, setup_slab_nomerge, 0); 62 #endif 63 64 __setup("slab_nomerge", setup_slab_nomerge); 65 66 /* 67 * Determine the size of a slab object 68 */ 69 unsigned int kmem_cache_size(struct kmem_cache *s) 70 { 71 return s->object_size; 72 } 73 EXPORT_SYMBOL(kmem_cache_size); 74 75 #ifdef CONFIG_DEBUG_VM 76 static int kmem_cache_sanity_check(const char *name, size_t size) 77 { 78 struct kmem_cache *s = NULL; 79 80 if (!name || in_interrupt() || size < sizeof(void *) || 81 size > KMALLOC_MAX_SIZE) { 82 pr_err("kmem_cache_create(%s) integrity check failed\n", name); 83 return -EINVAL; 84 } 85 86 list_for_each_entry(s, &slab_caches, list) { 87 char tmp; 88 int res; 89 90 /* 91 * This happens when the module gets unloaded and doesn't 92 * destroy its slab cache and no-one else reuses the vmalloc 93 * area of the module. Print a warning. 94 */ 95 res = probe_kernel_address(s->name, tmp); 96 if (res) { 97 pr_err("Slab cache with size %d has lost its name\n", 98 s->object_size); 99 continue; 100 } 101 } 102 103 WARN_ON(strchr(name, ' ')); /* It confuses parsers */ 104 return 0; 105 } 106 #else 107 static inline int kmem_cache_sanity_check(const char *name, size_t size) 108 { 109 return 0; 110 } 111 #endif 112 113 void __kmem_cache_free_bulk(struct kmem_cache *s, size_t nr, void **p) 114 { 115 size_t i; 116 117 for (i = 0; i < nr; i++) { 118 if (s) 119 kmem_cache_free(s, p[i]); 120 else 121 kfree(p[i]); 122 } 123 } 124 125 int __kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t nr, 126 void **p) 127 { 128 size_t i; 129 130 for (i = 0; i < nr; i++) { 131 void *x = p[i] = kmem_cache_alloc(s, flags); 132 if (!x) { 133 __kmem_cache_free_bulk(s, i, p); 134 return 0; 135 } 136 } 137 return i; 138 } 139 140 #if defined(CONFIG_MEMCG) && !defined(CONFIG_SLOB) 141 142 LIST_HEAD(slab_root_caches); 143 144 void slab_init_memcg_params(struct kmem_cache *s) 145 { 146 s->memcg_params.root_cache = NULL; 147 RCU_INIT_POINTER(s->memcg_params.memcg_caches, NULL); 148 INIT_LIST_HEAD(&s->memcg_params.children); 149 } 150 151 static int init_memcg_params(struct kmem_cache *s, 152 struct mem_cgroup *memcg, struct kmem_cache *root_cache) 153 { 154 struct memcg_cache_array *arr; 155 156 if (root_cache) { 157 s->memcg_params.root_cache = root_cache; 158 s->memcg_params.memcg = memcg; 159 INIT_LIST_HEAD(&s->memcg_params.children_node); 160 INIT_LIST_HEAD(&s->memcg_params.kmem_caches_node); 161 return 0; 162 } 163 164 slab_init_memcg_params(s); 165 166 if (!memcg_nr_cache_ids) 167 return 0; 168 169 arr = kzalloc(sizeof(struct memcg_cache_array) + 170 memcg_nr_cache_ids * sizeof(void *), 171 GFP_KERNEL); 172 if (!arr) 173 return -ENOMEM; 174 175 RCU_INIT_POINTER(s->memcg_params.memcg_caches, arr); 176 return 0; 177 } 178 179 static void destroy_memcg_params(struct kmem_cache *s) 180 { 181 if (is_root_cache(s)) 182 kfree(rcu_access_pointer(s->memcg_params.memcg_caches)); 183 } 184 185 static int update_memcg_params(struct kmem_cache *s, int new_array_size) 186 { 187 struct memcg_cache_array *old, *new; 188 189 new = kzalloc(sizeof(struct memcg_cache_array) + 190 new_array_size * sizeof(void *), GFP_KERNEL); 191 if (!new) 192 return -ENOMEM; 193 194 old = rcu_dereference_protected(s->memcg_params.memcg_caches, 195 lockdep_is_held(&slab_mutex)); 196 if (old) 197 memcpy(new->entries, old->entries, 198 memcg_nr_cache_ids * sizeof(void *)); 199 200 rcu_assign_pointer(s->memcg_params.memcg_caches, new); 201 if (old) 202 kfree_rcu(old, rcu); 203 return 0; 204 } 205 206 int memcg_update_all_caches(int num_memcgs) 207 { 208 struct kmem_cache *s; 209 int ret = 0; 210 211 mutex_lock(&slab_mutex); 212 list_for_each_entry(s, &slab_root_caches, root_caches_node) { 213 ret = update_memcg_params(s, num_memcgs); 214 /* 215 * Instead of freeing the memory, we'll just leave the caches 216 * up to this point in an updated state. 217 */ 218 if (ret) 219 break; 220 } 221 mutex_unlock(&slab_mutex); 222 return ret; 223 } 224 225 void memcg_link_cache(struct kmem_cache *s) 226 { 227 if (is_root_cache(s)) { 228 list_add(&s->root_caches_node, &slab_root_caches); 229 } else { 230 list_add(&s->memcg_params.children_node, 231 &s->memcg_params.root_cache->memcg_params.children); 232 list_add(&s->memcg_params.kmem_caches_node, 233 &s->memcg_params.memcg->kmem_caches); 234 } 235 } 236 237 static void memcg_unlink_cache(struct kmem_cache *s) 238 { 239 if (is_root_cache(s)) { 240 list_del(&s->root_caches_node); 241 } else { 242 list_del(&s->memcg_params.children_node); 243 list_del(&s->memcg_params.kmem_caches_node); 244 } 245 } 246 #else 247 static inline int init_memcg_params(struct kmem_cache *s, 248 struct mem_cgroup *memcg, struct kmem_cache *root_cache) 249 { 250 return 0; 251 } 252 253 static inline void destroy_memcg_params(struct kmem_cache *s) 254 { 255 } 256 257 static inline void memcg_unlink_cache(struct kmem_cache *s) 258 { 259 } 260 #endif /* CONFIG_MEMCG && !CONFIG_SLOB */ 261 262 /* 263 * Find a mergeable slab cache 264 */ 265 int slab_unmergeable(struct kmem_cache *s) 266 { 267 if (slab_nomerge || (s->flags & SLAB_NEVER_MERGE)) 268 return 1; 269 270 if (!is_root_cache(s)) 271 return 1; 272 273 if (s->ctor) 274 return 1; 275 276 /* 277 * We may have set a slab to be unmergeable during bootstrap. 278 */ 279 if (s->refcount < 0) 280 return 1; 281 282 return 0; 283 } 284 285 struct kmem_cache *find_mergeable(size_t size, size_t align, 286 unsigned long flags, const char *name, void (*ctor)(void *)) 287 { 288 struct kmem_cache *s; 289 290 if (slab_nomerge) 291 return NULL; 292 293 if (ctor) 294 return NULL; 295 296 size = ALIGN(size, sizeof(void *)); 297 align = calculate_alignment(flags, align, size); 298 size = ALIGN(size, align); 299 flags = kmem_cache_flags(size, flags, name, NULL); 300 301 if (flags & SLAB_NEVER_MERGE) 302 return NULL; 303 304 list_for_each_entry_reverse(s, &slab_root_caches, root_caches_node) { 305 if (slab_unmergeable(s)) 306 continue; 307 308 if (size > s->size) 309 continue; 310 311 if ((flags & SLAB_MERGE_SAME) != (s->flags & SLAB_MERGE_SAME)) 312 continue; 313 /* 314 * Check if alignment is compatible. 315 * Courtesy of Adrian Drzewiecki 316 */ 317 if ((s->size & ~(align - 1)) != s->size) 318 continue; 319 320 if (s->size - size >= sizeof(void *)) 321 continue; 322 323 if (IS_ENABLED(CONFIG_SLAB) && align && 324 (align > s->align || s->align % align)) 325 continue; 326 327 return s; 328 } 329 return NULL; 330 } 331 332 /* 333 * Figure out what the alignment of the objects will be given a set of 334 * flags, a user specified alignment and the size of the objects. 335 */ 336 unsigned long calculate_alignment(unsigned long flags, 337 unsigned long align, unsigned long size) 338 { 339 /* 340 * If the user wants hardware cache aligned objects then follow that 341 * suggestion if the object is sufficiently large. 342 * 343 * The hardware cache alignment cannot override the specified 344 * alignment though. If that is greater then use it. 345 */ 346 if (flags & SLAB_HWCACHE_ALIGN) { 347 unsigned long ralign = cache_line_size(); 348 while (size <= ralign / 2) 349 ralign /= 2; 350 align = max(align, ralign); 351 } 352 353 if (align < ARCH_SLAB_MINALIGN) 354 align = ARCH_SLAB_MINALIGN; 355 356 return ALIGN(align, sizeof(void *)); 357 } 358 359 static struct kmem_cache *create_cache(const char *name, 360 size_t object_size, size_t size, size_t align, 361 unsigned long flags, void (*ctor)(void *), 362 struct mem_cgroup *memcg, struct kmem_cache *root_cache) 363 { 364 struct kmem_cache *s; 365 int err; 366 367 err = -ENOMEM; 368 s = kmem_cache_zalloc(kmem_cache, GFP_KERNEL); 369 if (!s) 370 goto out; 371 372 s->name = name; 373 s->object_size = object_size; 374 s->size = size; 375 s->align = align; 376 s->ctor = ctor; 377 378 err = init_memcg_params(s, memcg, root_cache); 379 if (err) 380 goto out_free_cache; 381 382 err = __kmem_cache_create(s, flags); 383 if (err) 384 goto out_free_cache; 385 386 s->refcount = 1; 387 list_add(&s->list, &slab_caches); 388 memcg_link_cache(s); 389 out: 390 if (err) 391 return ERR_PTR(err); 392 return s; 393 394 out_free_cache: 395 destroy_memcg_params(s); 396 kmem_cache_free(kmem_cache, s); 397 goto out; 398 } 399 400 /* 401 * kmem_cache_create - Create a cache. 402 * @name: A string which is used in /proc/slabinfo to identify this cache. 403 * @size: The size of objects to be created in this cache. 404 * @align: The required alignment for the objects. 405 * @flags: SLAB flags 406 * @ctor: A constructor for the objects. 407 * 408 * Returns a ptr to the cache on success, NULL on failure. 409 * Cannot be called within a interrupt, but can be interrupted. 410 * The @ctor is run when new pages are allocated by the cache. 411 * 412 * The flags are 413 * 414 * %SLAB_POISON - Poison the slab with a known test pattern (a5a5a5a5) 415 * to catch references to uninitialised memory. 416 * 417 * %SLAB_RED_ZONE - Insert `Red' zones around the allocated memory to check 418 * for buffer overruns. 419 * 420 * %SLAB_HWCACHE_ALIGN - Align the objects in this cache to a hardware 421 * cacheline. This can be beneficial if you're counting cycles as closely 422 * as davem. 423 */ 424 struct kmem_cache * 425 kmem_cache_create(const char *name, size_t size, size_t align, 426 unsigned long flags, void (*ctor)(void *)) 427 { 428 struct kmem_cache *s = NULL; 429 const char *cache_name; 430 int err; 431 432 get_online_cpus(); 433 get_online_mems(); 434 memcg_get_cache_ids(); 435 436 mutex_lock(&slab_mutex); 437 438 err = kmem_cache_sanity_check(name, size); 439 if (err) { 440 goto out_unlock; 441 } 442 443 /* Refuse requests with allocator specific flags */ 444 if (flags & ~SLAB_FLAGS_PERMITTED) { 445 err = -EINVAL; 446 goto out_unlock; 447 } 448 449 /* 450 * Some allocators will constraint the set of valid flags to a subset 451 * of all flags. We expect them to define CACHE_CREATE_MASK in this 452 * case, and we'll just provide them with a sanitized version of the 453 * passed flags. 454 */ 455 flags &= CACHE_CREATE_MASK; 456 457 s = __kmem_cache_alias(name, size, align, flags, ctor); 458 if (s) 459 goto out_unlock; 460 461 cache_name = kstrdup_const(name, GFP_KERNEL); 462 if (!cache_name) { 463 err = -ENOMEM; 464 goto out_unlock; 465 } 466 467 s = create_cache(cache_name, size, size, 468 calculate_alignment(flags, align, size), 469 flags, ctor, NULL, NULL); 470 if (IS_ERR(s)) { 471 err = PTR_ERR(s); 472 kfree_const(cache_name); 473 } 474 475 out_unlock: 476 mutex_unlock(&slab_mutex); 477 478 memcg_put_cache_ids(); 479 put_online_mems(); 480 put_online_cpus(); 481 482 if (err) { 483 if (flags & SLAB_PANIC) 484 panic("kmem_cache_create: Failed to create slab '%s'. Error %d\n", 485 name, err); 486 else { 487 pr_warn("kmem_cache_create(%s) failed with error %d\n", 488 name, err); 489 dump_stack(); 490 } 491 return NULL; 492 } 493 return s; 494 } 495 EXPORT_SYMBOL(kmem_cache_create); 496 497 static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work) 498 { 499 LIST_HEAD(to_destroy); 500 struct kmem_cache *s, *s2; 501 502 /* 503 * On destruction, SLAB_TYPESAFE_BY_RCU kmem_caches are put on the 504 * @slab_caches_to_rcu_destroy list. The slab pages are freed 505 * through RCU and and the associated kmem_cache are dereferenced 506 * while freeing the pages, so the kmem_caches should be freed only 507 * after the pending RCU operations are finished. As rcu_barrier() 508 * is a pretty slow operation, we batch all pending destructions 509 * asynchronously. 510 */ 511 mutex_lock(&slab_mutex); 512 list_splice_init(&slab_caches_to_rcu_destroy, &to_destroy); 513 mutex_unlock(&slab_mutex); 514 515 if (list_empty(&to_destroy)) 516 return; 517 518 rcu_barrier(); 519 520 list_for_each_entry_safe(s, s2, &to_destroy, list) { 521 #ifdef SLAB_SUPPORTS_SYSFS 522 sysfs_slab_release(s); 523 #else 524 slab_kmem_cache_release(s); 525 #endif 526 } 527 } 528 529 static int shutdown_cache(struct kmem_cache *s) 530 { 531 /* free asan quarantined objects */ 532 kasan_cache_shutdown(s); 533 534 if (__kmem_cache_shutdown(s) != 0) 535 return -EBUSY; 536 537 memcg_unlink_cache(s); 538 list_del(&s->list); 539 540 if (s->flags & SLAB_TYPESAFE_BY_RCU) { 541 list_add_tail(&s->list, &slab_caches_to_rcu_destroy); 542 schedule_work(&slab_caches_to_rcu_destroy_work); 543 } else { 544 #ifdef SLAB_SUPPORTS_SYSFS 545 sysfs_slab_release(s); 546 #else 547 slab_kmem_cache_release(s); 548 #endif 549 } 550 551 return 0; 552 } 553 554 #if defined(CONFIG_MEMCG) && !defined(CONFIG_SLOB) 555 /* 556 * memcg_create_kmem_cache - Create a cache for a memory cgroup. 557 * @memcg: The memory cgroup the new cache is for. 558 * @root_cache: The parent of the new cache. 559 * 560 * This function attempts to create a kmem cache that will serve allocation 561 * requests going from @memcg to @root_cache. The new cache inherits properties 562 * from its parent. 563 */ 564 void memcg_create_kmem_cache(struct mem_cgroup *memcg, 565 struct kmem_cache *root_cache) 566 { 567 static char memcg_name_buf[NAME_MAX + 1]; /* protected by slab_mutex */ 568 struct cgroup_subsys_state *css = &memcg->css; 569 struct memcg_cache_array *arr; 570 struct kmem_cache *s = NULL; 571 char *cache_name; 572 int idx; 573 574 get_online_cpus(); 575 get_online_mems(); 576 577 mutex_lock(&slab_mutex); 578 579 /* 580 * The memory cgroup could have been offlined while the cache 581 * creation work was pending. 582 */ 583 if (memcg->kmem_state != KMEM_ONLINE) 584 goto out_unlock; 585 586 idx = memcg_cache_id(memcg); 587 arr = rcu_dereference_protected(root_cache->memcg_params.memcg_caches, 588 lockdep_is_held(&slab_mutex)); 589 590 /* 591 * Since per-memcg caches are created asynchronously on first 592 * allocation (see memcg_kmem_get_cache()), several threads can try to 593 * create the same cache, but only one of them may succeed. 594 */ 595 if (arr->entries[idx]) 596 goto out_unlock; 597 598 cgroup_name(css->cgroup, memcg_name_buf, sizeof(memcg_name_buf)); 599 cache_name = kasprintf(GFP_KERNEL, "%s(%llu:%s)", root_cache->name, 600 css->serial_nr, memcg_name_buf); 601 if (!cache_name) 602 goto out_unlock; 603 604 s = create_cache(cache_name, root_cache->object_size, 605 root_cache->size, root_cache->align, 606 root_cache->flags & CACHE_CREATE_MASK, 607 root_cache->ctor, memcg, root_cache); 608 /* 609 * If we could not create a memcg cache, do not complain, because 610 * that's not critical at all as we can always proceed with the root 611 * cache. 612 */ 613 if (IS_ERR(s)) { 614 kfree(cache_name); 615 goto out_unlock; 616 } 617 618 /* 619 * Since readers won't lock (see cache_from_memcg_idx()), we need a 620 * barrier here to ensure nobody will see the kmem_cache partially 621 * initialized. 622 */ 623 smp_wmb(); 624 arr->entries[idx] = s; 625 626 out_unlock: 627 mutex_unlock(&slab_mutex); 628 629 put_online_mems(); 630 put_online_cpus(); 631 } 632 633 static void kmemcg_deactivate_workfn(struct work_struct *work) 634 { 635 struct kmem_cache *s = container_of(work, struct kmem_cache, 636 memcg_params.deact_work); 637 638 get_online_cpus(); 639 get_online_mems(); 640 641 mutex_lock(&slab_mutex); 642 643 s->memcg_params.deact_fn(s); 644 645 mutex_unlock(&slab_mutex); 646 647 put_online_mems(); 648 put_online_cpus(); 649 650 /* done, put the ref from slab_deactivate_memcg_cache_rcu_sched() */ 651 css_put(&s->memcg_params.memcg->css); 652 } 653 654 static void kmemcg_deactivate_rcufn(struct rcu_head *head) 655 { 656 struct kmem_cache *s = container_of(head, struct kmem_cache, 657 memcg_params.deact_rcu_head); 658 659 /* 660 * We need to grab blocking locks. Bounce to ->deact_work. The 661 * work item shares the space with the RCU head and can't be 662 * initialized eariler. 663 */ 664 INIT_WORK(&s->memcg_params.deact_work, kmemcg_deactivate_workfn); 665 queue_work(memcg_kmem_cache_wq, &s->memcg_params.deact_work); 666 } 667 668 /** 669 * slab_deactivate_memcg_cache_rcu_sched - schedule deactivation after a 670 * sched RCU grace period 671 * @s: target kmem_cache 672 * @deact_fn: deactivation function to call 673 * 674 * Schedule @deact_fn to be invoked with online cpus, mems and slab_mutex 675 * held after a sched RCU grace period. The slab is guaranteed to stay 676 * alive until @deact_fn is finished. This is to be used from 677 * __kmemcg_cache_deactivate(). 678 */ 679 void slab_deactivate_memcg_cache_rcu_sched(struct kmem_cache *s, 680 void (*deact_fn)(struct kmem_cache *)) 681 { 682 if (WARN_ON_ONCE(is_root_cache(s)) || 683 WARN_ON_ONCE(s->memcg_params.deact_fn)) 684 return; 685 686 /* pin memcg so that @s doesn't get destroyed in the middle */ 687 css_get(&s->memcg_params.memcg->css); 688 689 s->memcg_params.deact_fn = deact_fn; 690 call_rcu_sched(&s->memcg_params.deact_rcu_head, kmemcg_deactivate_rcufn); 691 } 692 693 void memcg_deactivate_kmem_caches(struct mem_cgroup *memcg) 694 { 695 int idx; 696 struct memcg_cache_array *arr; 697 struct kmem_cache *s, *c; 698 699 idx = memcg_cache_id(memcg); 700 701 get_online_cpus(); 702 get_online_mems(); 703 704 mutex_lock(&slab_mutex); 705 list_for_each_entry(s, &slab_root_caches, root_caches_node) { 706 arr = rcu_dereference_protected(s->memcg_params.memcg_caches, 707 lockdep_is_held(&slab_mutex)); 708 c = arr->entries[idx]; 709 if (!c) 710 continue; 711 712 __kmemcg_cache_deactivate(c); 713 arr->entries[idx] = NULL; 714 } 715 mutex_unlock(&slab_mutex); 716 717 put_online_mems(); 718 put_online_cpus(); 719 } 720 721 void memcg_destroy_kmem_caches(struct mem_cgroup *memcg) 722 { 723 struct kmem_cache *s, *s2; 724 725 get_online_cpus(); 726 get_online_mems(); 727 728 mutex_lock(&slab_mutex); 729 list_for_each_entry_safe(s, s2, &memcg->kmem_caches, 730 memcg_params.kmem_caches_node) { 731 /* 732 * The cgroup is about to be freed and therefore has no charges 733 * left. Hence, all its caches must be empty by now. 734 */ 735 BUG_ON(shutdown_cache(s)); 736 } 737 mutex_unlock(&slab_mutex); 738 739 put_online_mems(); 740 put_online_cpus(); 741 } 742 743 static int shutdown_memcg_caches(struct kmem_cache *s) 744 { 745 struct memcg_cache_array *arr; 746 struct kmem_cache *c, *c2; 747 LIST_HEAD(busy); 748 int i; 749 750 BUG_ON(!is_root_cache(s)); 751 752 /* 753 * First, shutdown active caches, i.e. caches that belong to online 754 * memory cgroups. 755 */ 756 arr = rcu_dereference_protected(s->memcg_params.memcg_caches, 757 lockdep_is_held(&slab_mutex)); 758 for_each_memcg_cache_index(i) { 759 c = arr->entries[i]; 760 if (!c) 761 continue; 762 if (shutdown_cache(c)) 763 /* 764 * The cache still has objects. Move it to a temporary 765 * list so as not to try to destroy it for a second 766 * time while iterating over inactive caches below. 767 */ 768 list_move(&c->memcg_params.children_node, &busy); 769 else 770 /* 771 * The cache is empty and will be destroyed soon. Clear 772 * the pointer to it in the memcg_caches array so that 773 * it will never be accessed even if the root cache 774 * stays alive. 775 */ 776 arr->entries[i] = NULL; 777 } 778 779 /* 780 * Second, shutdown all caches left from memory cgroups that are now 781 * offline. 782 */ 783 list_for_each_entry_safe(c, c2, &s->memcg_params.children, 784 memcg_params.children_node) 785 shutdown_cache(c); 786 787 list_splice(&busy, &s->memcg_params.children); 788 789 /* 790 * A cache being destroyed must be empty. In particular, this means 791 * that all per memcg caches attached to it must be empty too. 792 */ 793 if (!list_empty(&s->memcg_params.children)) 794 return -EBUSY; 795 return 0; 796 } 797 #else 798 static inline int shutdown_memcg_caches(struct kmem_cache *s) 799 { 800 return 0; 801 } 802 #endif /* CONFIG_MEMCG && !CONFIG_SLOB */ 803 804 void slab_kmem_cache_release(struct kmem_cache *s) 805 { 806 __kmem_cache_release(s); 807 destroy_memcg_params(s); 808 kfree_const(s->name); 809 kmem_cache_free(kmem_cache, s); 810 } 811 812 void kmem_cache_destroy(struct kmem_cache *s) 813 { 814 int err; 815 816 if (unlikely(!s)) 817 return; 818 819 get_online_cpus(); 820 get_online_mems(); 821 822 mutex_lock(&slab_mutex); 823 824 s->refcount--; 825 if (s->refcount) 826 goto out_unlock; 827 828 err = shutdown_memcg_caches(s); 829 if (!err) 830 err = shutdown_cache(s); 831 832 if (err) { 833 pr_err("kmem_cache_destroy %s: Slab cache still has objects\n", 834 s->name); 835 dump_stack(); 836 } 837 out_unlock: 838 mutex_unlock(&slab_mutex); 839 840 put_online_mems(); 841 put_online_cpus(); 842 } 843 EXPORT_SYMBOL(kmem_cache_destroy); 844 845 /** 846 * kmem_cache_shrink - Shrink a cache. 847 * @cachep: The cache to shrink. 848 * 849 * Releases as many slabs as possible for a cache. 850 * To help debugging, a zero exit status indicates all slabs were released. 851 */ 852 int kmem_cache_shrink(struct kmem_cache *cachep) 853 { 854 int ret; 855 856 get_online_cpus(); 857 get_online_mems(); 858 kasan_cache_shrink(cachep); 859 ret = __kmem_cache_shrink(cachep); 860 put_online_mems(); 861 put_online_cpus(); 862 return ret; 863 } 864 EXPORT_SYMBOL(kmem_cache_shrink); 865 866 bool slab_is_available(void) 867 { 868 return slab_state >= UP; 869 } 870 871 #ifndef CONFIG_SLOB 872 /* Create a cache during boot when no slab services are available yet */ 873 void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t size, 874 unsigned long flags) 875 { 876 int err; 877 878 s->name = name; 879 s->size = s->object_size = size; 880 s->align = calculate_alignment(flags, ARCH_KMALLOC_MINALIGN, size); 881 882 slab_init_memcg_params(s); 883 884 err = __kmem_cache_create(s, flags); 885 886 if (err) 887 panic("Creation of kmalloc slab %s size=%zu failed. Reason %d\n", 888 name, size, err); 889 890 s->refcount = -1; /* Exempt from merging for now */ 891 } 892 893 struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, 894 unsigned long flags) 895 { 896 struct kmem_cache *s = kmem_cache_zalloc(kmem_cache, GFP_NOWAIT); 897 898 if (!s) 899 panic("Out of memory when creating slab %s\n", name); 900 901 create_boot_cache(s, name, size, flags); 902 list_add(&s->list, &slab_caches); 903 memcg_link_cache(s); 904 s->refcount = 1; 905 return s; 906 } 907 908 struct kmem_cache *kmalloc_caches[KMALLOC_SHIFT_HIGH + 1]; 909 EXPORT_SYMBOL(kmalloc_caches); 910 911 #ifdef CONFIG_ZONE_DMA 912 struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1]; 913 EXPORT_SYMBOL(kmalloc_dma_caches); 914 #endif 915 916 /* 917 * Conversion table for small slabs sizes / 8 to the index in the 918 * kmalloc array. This is necessary for slabs < 192 since we have non power 919 * of two cache sizes there. The size of larger slabs can be determined using 920 * fls. 921 */ 922 static s8 size_index[24] = { 923 3, /* 8 */ 924 4, /* 16 */ 925 5, /* 24 */ 926 5, /* 32 */ 927 6, /* 40 */ 928 6, /* 48 */ 929 6, /* 56 */ 930 6, /* 64 */ 931 1, /* 72 */ 932 1, /* 80 */ 933 1, /* 88 */ 934 1, /* 96 */ 935 7, /* 104 */ 936 7, /* 112 */ 937 7, /* 120 */ 938 7, /* 128 */ 939 2, /* 136 */ 940 2, /* 144 */ 941 2, /* 152 */ 942 2, /* 160 */ 943 2, /* 168 */ 944 2, /* 176 */ 945 2, /* 184 */ 946 2 /* 192 */ 947 }; 948 949 static inline int size_index_elem(size_t bytes) 950 { 951 return (bytes - 1) / 8; 952 } 953 954 /* 955 * Find the kmem_cache structure that serves a given size of 956 * allocation 957 */ 958 struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags) 959 { 960 int index; 961 962 if (unlikely(size > KMALLOC_MAX_SIZE)) { 963 WARN_ON_ONCE(!(flags & __GFP_NOWARN)); 964 return NULL; 965 } 966 967 if (size <= 192) { 968 if (!size) 969 return ZERO_SIZE_PTR; 970 971 index = size_index[size_index_elem(size)]; 972 } else 973 index = fls(size - 1); 974 975 #ifdef CONFIG_ZONE_DMA 976 if (unlikely((flags & GFP_DMA))) 977 return kmalloc_dma_caches[index]; 978 979 #endif 980 return kmalloc_caches[index]; 981 } 982 983 /* 984 * kmalloc_info[] is to make slub_debug=,kmalloc-xx option work at boot time. 985 * kmalloc_index() supports up to 2^26=64MB, so the final entry of the table is 986 * kmalloc-67108864. 987 */ 988 const struct kmalloc_info_struct kmalloc_info[] __initconst = { 989 {NULL, 0}, {"kmalloc-96", 96}, 990 {"kmalloc-192", 192}, {"kmalloc-8", 8}, 991 {"kmalloc-16", 16}, {"kmalloc-32", 32}, 992 {"kmalloc-64", 64}, {"kmalloc-128", 128}, 993 {"kmalloc-256", 256}, {"kmalloc-512", 512}, 994 {"kmalloc-1024", 1024}, {"kmalloc-2048", 2048}, 995 {"kmalloc-4096", 4096}, {"kmalloc-8192", 8192}, 996 {"kmalloc-16384", 16384}, {"kmalloc-32768", 32768}, 997 {"kmalloc-65536", 65536}, {"kmalloc-131072", 131072}, 998 {"kmalloc-262144", 262144}, {"kmalloc-524288", 524288}, 999 {"kmalloc-1048576", 1048576}, {"kmalloc-2097152", 2097152}, 1000 {"kmalloc-4194304", 4194304}, {"kmalloc-8388608", 8388608}, 1001 {"kmalloc-16777216", 16777216}, {"kmalloc-33554432", 33554432}, 1002 {"kmalloc-67108864", 67108864} 1003 }; 1004 1005 /* 1006 * Patch up the size_index table if we have strange large alignment 1007 * requirements for the kmalloc array. This is only the case for 1008 * MIPS it seems. The standard arches will not generate any code here. 1009 * 1010 * Largest permitted alignment is 256 bytes due to the way we 1011 * handle the index determination for the smaller caches. 1012 * 1013 * Make sure that nothing crazy happens if someone starts tinkering 1014 * around with ARCH_KMALLOC_MINALIGN 1015 */ 1016 void __init setup_kmalloc_cache_index_table(void) 1017 { 1018 int i; 1019 1020 BUILD_BUG_ON(KMALLOC_MIN_SIZE > 256 || 1021 (KMALLOC_MIN_SIZE & (KMALLOC_MIN_SIZE - 1))); 1022 1023 for (i = 8; i < KMALLOC_MIN_SIZE; i += 8) { 1024 int elem = size_index_elem(i); 1025 1026 if (elem >= ARRAY_SIZE(size_index)) 1027 break; 1028 size_index[elem] = KMALLOC_SHIFT_LOW; 1029 } 1030 1031 if (KMALLOC_MIN_SIZE >= 64) { 1032 /* 1033 * The 96 byte size cache is not used if the alignment 1034 * is 64 byte. 1035 */ 1036 for (i = 64 + 8; i <= 96; i += 8) 1037 size_index[size_index_elem(i)] = 7; 1038 1039 } 1040 1041 if (KMALLOC_MIN_SIZE >= 128) { 1042 /* 1043 * The 192 byte sized cache is not used if the alignment 1044 * is 128 byte. Redirect kmalloc to use the 256 byte cache 1045 * instead. 1046 */ 1047 for (i = 128 + 8; i <= 192; i += 8) 1048 size_index[size_index_elem(i)] = 8; 1049 } 1050 } 1051 1052 static void __init new_kmalloc_cache(int idx, unsigned long flags) 1053 { 1054 kmalloc_caches[idx] = create_kmalloc_cache(kmalloc_info[idx].name, 1055 kmalloc_info[idx].size, flags); 1056 } 1057 1058 /* 1059 * Create the kmalloc array. Some of the regular kmalloc arrays 1060 * may already have been created because they were needed to 1061 * enable allocations for slab creation. 1062 */ 1063 void __init create_kmalloc_caches(unsigned long flags) 1064 { 1065 int i; 1066 1067 for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) { 1068 if (!kmalloc_caches[i]) 1069 new_kmalloc_cache(i, flags); 1070 1071 /* 1072 * Caches that are not of the two-to-the-power-of size. 1073 * These have to be created immediately after the 1074 * earlier power of two caches 1075 */ 1076 if (KMALLOC_MIN_SIZE <= 32 && !kmalloc_caches[1] && i == 6) 1077 new_kmalloc_cache(1, flags); 1078 if (KMALLOC_MIN_SIZE <= 64 && !kmalloc_caches[2] && i == 7) 1079 new_kmalloc_cache(2, flags); 1080 } 1081 1082 /* Kmalloc array is now usable */ 1083 slab_state = UP; 1084 1085 #ifdef CONFIG_ZONE_DMA 1086 for (i = 0; i <= KMALLOC_SHIFT_HIGH; i++) { 1087 struct kmem_cache *s = kmalloc_caches[i]; 1088 1089 if (s) { 1090 int size = kmalloc_size(i); 1091 char *n = kasprintf(GFP_NOWAIT, 1092 "dma-kmalloc-%d", size); 1093 1094 BUG_ON(!n); 1095 kmalloc_dma_caches[i] = create_kmalloc_cache(n, 1096 size, SLAB_CACHE_DMA | flags); 1097 } 1098 } 1099 #endif 1100 } 1101 #endif /* !CONFIG_SLOB */ 1102 1103 /* 1104 * To avoid unnecessary overhead, we pass through large allocation requests 1105 * directly to the page allocator. We use __GFP_COMP, because we will need to 1106 * know the allocation order to free the pages properly in kfree. 1107 */ 1108 void *kmalloc_order(size_t size, gfp_t flags, unsigned int order) 1109 { 1110 void *ret; 1111 struct page *page; 1112 1113 flags |= __GFP_COMP; 1114 page = alloc_pages(flags, order); 1115 ret = page ? page_address(page) : NULL; 1116 kmemleak_alloc(ret, size, 1, flags); 1117 kasan_kmalloc_large(ret, size, flags); 1118 return ret; 1119 } 1120 EXPORT_SYMBOL(kmalloc_order); 1121 1122 #ifdef CONFIG_TRACING 1123 void *kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) 1124 { 1125 void *ret = kmalloc_order(size, flags, order); 1126 trace_kmalloc(_RET_IP_, ret, size, PAGE_SIZE << order, flags); 1127 return ret; 1128 } 1129 EXPORT_SYMBOL(kmalloc_order_trace); 1130 #endif 1131 1132 #ifdef CONFIG_SLAB_FREELIST_RANDOM 1133 /* Randomize a generic freelist */ 1134 static void freelist_randomize(struct rnd_state *state, unsigned int *list, 1135 size_t count) 1136 { 1137 size_t i; 1138 unsigned int rand; 1139 1140 for (i = 0; i < count; i++) 1141 list[i] = i; 1142 1143 /* Fisher-Yates shuffle */ 1144 for (i = count - 1; i > 0; i--) { 1145 rand = prandom_u32_state(state); 1146 rand %= (i + 1); 1147 swap(list[i], list[rand]); 1148 } 1149 } 1150 1151 /* Create a random sequence per cache */ 1152 int cache_random_seq_create(struct kmem_cache *cachep, unsigned int count, 1153 gfp_t gfp) 1154 { 1155 struct rnd_state state; 1156 1157 if (count < 2 || cachep->random_seq) 1158 return 0; 1159 1160 cachep->random_seq = kcalloc(count, sizeof(unsigned int), gfp); 1161 if (!cachep->random_seq) 1162 return -ENOMEM; 1163 1164 /* Get best entropy at this stage of boot */ 1165 prandom_seed_state(&state, get_random_long()); 1166 1167 freelist_randomize(&state, cachep->random_seq, count); 1168 return 0; 1169 } 1170 1171 /* Destroy the per-cache random freelist sequence */ 1172 void cache_random_seq_destroy(struct kmem_cache *cachep) 1173 { 1174 kfree(cachep->random_seq); 1175 cachep->random_seq = NULL; 1176 } 1177 #endif /* CONFIG_SLAB_FREELIST_RANDOM */ 1178 1179 #ifdef CONFIG_SLABINFO 1180 1181 #ifdef CONFIG_SLAB 1182 #define SLABINFO_RIGHTS (S_IWUSR | S_IRUSR) 1183 #else 1184 #define SLABINFO_RIGHTS S_IRUSR 1185 #endif 1186 1187 static void print_slabinfo_header(struct seq_file *m) 1188 { 1189 /* 1190 * Output format version, so at least we can change it 1191 * without _too_ many complaints. 1192 */ 1193 #ifdef CONFIG_DEBUG_SLAB 1194 seq_puts(m, "slabinfo - version: 2.1 (statistics)\n"); 1195 #else 1196 seq_puts(m, "slabinfo - version: 2.1\n"); 1197 #endif 1198 seq_puts(m, "# name <active_objs> <num_objs> <objsize> <objperslab> <pagesperslab>"); 1199 seq_puts(m, " : tunables <limit> <batchcount> <sharedfactor>"); 1200 seq_puts(m, " : slabdata <active_slabs> <num_slabs> <sharedavail>"); 1201 #ifdef CONFIG_DEBUG_SLAB 1202 seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> <error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>"); 1203 seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>"); 1204 #endif 1205 seq_putc(m, '\n'); 1206 } 1207 1208 void *slab_start(struct seq_file *m, loff_t *pos) 1209 { 1210 mutex_lock(&slab_mutex); 1211 return seq_list_start(&slab_root_caches, *pos); 1212 } 1213 1214 void *slab_next(struct seq_file *m, void *p, loff_t *pos) 1215 { 1216 return seq_list_next(p, &slab_root_caches, pos); 1217 } 1218 1219 void slab_stop(struct seq_file *m, void *p) 1220 { 1221 mutex_unlock(&slab_mutex); 1222 } 1223 1224 static void 1225 memcg_accumulate_slabinfo(struct kmem_cache *s, struct slabinfo *info) 1226 { 1227 struct kmem_cache *c; 1228 struct slabinfo sinfo; 1229 1230 if (!is_root_cache(s)) 1231 return; 1232 1233 for_each_memcg_cache(c, s) { 1234 memset(&sinfo, 0, sizeof(sinfo)); 1235 get_slabinfo(c, &sinfo); 1236 1237 info->active_slabs += sinfo.active_slabs; 1238 info->num_slabs += sinfo.num_slabs; 1239 info->shared_avail += sinfo.shared_avail; 1240 info->active_objs += sinfo.active_objs; 1241 info->num_objs += sinfo.num_objs; 1242 } 1243 } 1244 1245 static void cache_show(struct kmem_cache *s, struct seq_file *m) 1246 { 1247 struct slabinfo sinfo; 1248 1249 memset(&sinfo, 0, sizeof(sinfo)); 1250 get_slabinfo(s, &sinfo); 1251 1252 memcg_accumulate_slabinfo(s, &sinfo); 1253 1254 seq_printf(m, "%-17s %6lu %6lu %6u %4u %4d", 1255 cache_name(s), sinfo.active_objs, sinfo.num_objs, s->size, 1256 sinfo.objects_per_slab, (1 << sinfo.cache_order)); 1257 1258 seq_printf(m, " : tunables %4u %4u %4u", 1259 sinfo.limit, sinfo.batchcount, sinfo.shared); 1260 seq_printf(m, " : slabdata %6lu %6lu %6lu", 1261 sinfo.active_slabs, sinfo.num_slabs, sinfo.shared_avail); 1262 slabinfo_show_stats(m, s); 1263 seq_putc(m, '\n'); 1264 } 1265 1266 static int slab_show(struct seq_file *m, void *p) 1267 { 1268 struct kmem_cache *s = list_entry(p, struct kmem_cache, root_caches_node); 1269 1270 if (p == slab_root_caches.next) 1271 print_slabinfo_header(m); 1272 cache_show(s, m); 1273 return 0; 1274 } 1275 1276 #if defined(CONFIG_MEMCG) && !defined(CONFIG_SLOB) 1277 void *memcg_slab_start(struct seq_file *m, loff_t *pos) 1278 { 1279 struct mem_cgroup *memcg = mem_cgroup_from_css(seq_css(m)); 1280 1281 mutex_lock(&slab_mutex); 1282 return seq_list_start(&memcg->kmem_caches, *pos); 1283 } 1284 1285 void *memcg_slab_next(struct seq_file *m, void *p, loff_t *pos) 1286 { 1287 struct mem_cgroup *memcg = mem_cgroup_from_css(seq_css(m)); 1288 1289 return seq_list_next(p, &memcg->kmem_caches, pos); 1290 } 1291 1292 void memcg_slab_stop(struct seq_file *m, void *p) 1293 { 1294 mutex_unlock(&slab_mutex); 1295 } 1296 1297 int memcg_slab_show(struct seq_file *m, void *p) 1298 { 1299 struct kmem_cache *s = list_entry(p, struct kmem_cache, 1300 memcg_params.kmem_caches_node); 1301 struct mem_cgroup *memcg = mem_cgroup_from_css(seq_css(m)); 1302 1303 if (p == memcg->kmem_caches.next) 1304 print_slabinfo_header(m); 1305 cache_show(s, m); 1306 return 0; 1307 } 1308 #endif 1309 1310 /* 1311 * slabinfo_op - iterator that generates /proc/slabinfo 1312 * 1313 * Output layout: 1314 * cache-name 1315 * num-active-objs 1316 * total-objs 1317 * object size 1318 * num-active-slabs 1319 * total-slabs 1320 * num-pages-per-slab 1321 * + further values on SMP and with statistics enabled 1322 */ 1323 static const struct seq_operations slabinfo_op = { 1324 .start = slab_start, 1325 .next = slab_next, 1326 .stop = slab_stop, 1327 .show = slab_show, 1328 }; 1329 1330 static int slabinfo_open(struct inode *inode, struct file *file) 1331 { 1332 return seq_open(file, &slabinfo_op); 1333 } 1334 1335 static const struct file_operations proc_slabinfo_operations = { 1336 .open = slabinfo_open, 1337 .read = seq_read, 1338 .write = slabinfo_write, 1339 .llseek = seq_lseek, 1340 .release = seq_release, 1341 }; 1342 1343 static int __init slab_proc_init(void) 1344 { 1345 proc_create("slabinfo", SLABINFO_RIGHTS, NULL, 1346 &proc_slabinfo_operations); 1347 return 0; 1348 } 1349 module_init(slab_proc_init); 1350 #endif /* CONFIG_SLABINFO */ 1351 1352 static __always_inline void *__do_krealloc(const void *p, size_t new_size, 1353 gfp_t flags) 1354 { 1355 void *ret; 1356 size_t ks = 0; 1357 1358 if (p) 1359 ks = ksize(p); 1360 1361 if (ks >= new_size) { 1362 kasan_krealloc((void *)p, new_size, flags); 1363 return (void *)p; 1364 } 1365 1366 ret = kmalloc_track_caller(new_size, flags); 1367 if (ret && p) 1368 memcpy(ret, p, ks); 1369 1370 return ret; 1371 } 1372 1373 /** 1374 * __krealloc - like krealloc() but don't free @p. 1375 * @p: object to reallocate memory for. 1376 * @new_size: how many bytes of memory are required. 1377 * @flags: the type of memory to allocate. 1378 * 1379 * This function is like krealloc() except it never frees the originally 1380 * allocated buffer. Use this if you don't want to free the buffer immediately 1381 * like, for example, with RCU. 1382 */ 1383 void *__krealloc(const void *p, size_t new_size, gfp_t flags) 1384 { 1385 if (unlikely(!new_size)) 1386 return ZERO_SIZE_PTR; 1387 1388 return __do_krealloc(p, new_size, flags); 1389 1390 } 1391 EXPORT_SYMBOL(__krealloc); 1392 1393 /** 1394 * krealloc - reallocate memory. The contents will remain unchanged. 1395 * @p: object to reallocate memory for. 1396 * @new_size: how many bytes of memory are required. 1397 * @flags: the type of memory to allocate. 1398 * 1399 * The contents of the object pointed to are preserved up to the 1400 * lesser of the new and old sizes. If @p is %NULL, krealloc() 1401 * behaves exactly like kmalloc(). If @new_size is 0 and @p is not a 1402 * %NULL pointer, the object pointed to is freed. 1403 */ 1404 void *krealloc(const void *p, size_t new_size, gfp_t flags) 1405 { 1406 void *ret; 1407 1408 if (unlikely(!new_size)) { 1409 kfree(p); 1410 return ZERO_SIZE_PTR; 1411 } 1412 1413 ret = __do_krealloc(p, new_size, flags); 1414 if (ret && p != ret) 1415 kfree(p); 1416 1417 return ret; 1418 } 1419 EXPORT_SYMBOL(krealloc); 1420 1421 /** 1422 * kzfree - like kfree but zero memory 1423 * @p: object to free memory of 1424 * 1425 * The memory of the object @p points to is zeroed before freed. 1426 * If @p is %NULL, kzfree() does nothing. 1427 * 1428 * Note: this function zeroes the whole allocated buffer which can be a good 1429 * deal bigger than the requested buffer size passed to kmalloc(). So be 1430 * careful when using this function in performance sensitive code. 1431 */ 1432 void kzfree(const void *p) 1433 { 1434 size_t ks; 1435 void *mem = (void *)p; 1436 1437 if (unlikely(ZERO_OR_NULL_PTR(mem))) 1438 return; 1439 ks = ksize(mem); 1440 memset(mem, 0, ks); 1441 kfree(mem); 1442 } 1443 EXPORT_SYMBOL(kzfree); 1444 1445 /* Tracepoints definitions. */ 1446 EXPORT_TRACEPOINT_SYMBOL(kmalloc); 1447 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_alloc); 1448 EXPORT_TRACEPOINT_SYMBOL(kmalloc_node); 1449 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_alloc_node); 1450 EXPORT_TRACEPOINT_SYMBOL(kfree); 1451 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_free); 1452