1 // SPDX-License-Identifier: GPL-2.0
3 * Slab allocator functions that are independent of the allocator strategy
5 * (C) 2012 Christoph Lameter <cl@linux.com>
7 #include <linux/slab.h>
10 #include <linux/poison.h>
11 #include <linux/interrupt.h>
12 #include <linux/memory.h>
13 #include <linux/cache.h>
14 #include <linux/compiler.h>
15 #include <linux/module.h>
16 #include <linux/cpu.h>
17 #include <linux/uaccess.h>
18 #include <linux/seq_file.h>
19 #include <linux/proc_fs.h>
20 #include <asm/cacheflush.h>
21 #include <asm/tlbflush.h>
23 #include <linux/memcontrol.h>
25 #define CREATE_TRACE_POINTS
26 #include <trace/events/kmem.h>
30 enum slab_state slab_state;
31 LIST_HEAD(slab_caches);
32 DEFINE_MUTEX(slab_mutex);
33 struct kmem_cache *kmem_cache;
35 #ifdef CONFIG_HARDENED_USERCOPY
36 bool usercopy_fallback __ro_after_init =
37 IS_ENABLED(CONFIG_HARDENED_USERCOPY_FALLBACK);
38 module_param(usercopy_fallback, bool, 0400);
39 MODULE_PARM_DESC(usercopy_fallback,
40 "WARN instead of reject usercopy whitelist violations");
43 static LIST_HEAD(slab_caches_to_rcu_destroy);
44 static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work);
45 static DECLARE_WORK(slab_caches_to_rcu_destroy_work,
46 slab_caches_to_rcu_destroy_workfn);
49 * Set of flags that will prevent slab merging
51 #define SLAB_NEVER_MERGE (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \
52 SLAB_TRACE | SLAB_TYPESAFE_BY_RCU | SLAB_NOLEAKTRACE | \
53 SLAB_FAILSLAB | SLAB_KASAN)
55 #define SLAB_MERGE_SAME (SLAB_RECLAIM_ACCOUNT | SLAB_CACHE_DMA | \
56 SLAB_CACHE_DMA32 | SLAB_ACCOUNT)
59 * Merge control. If this is set then no merging of slab caches will occur.
61 static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT);
63 static int __init setup_slab_nomerge(char *str)
70 __setup_param("slub_nomerge", slub_nomerge, setup_slab_nomerge, 0);
73 __setup("slab_nomerge", setup_slab_nomerge);
76 * Determine the size of a slab object
78 unsigned int kmem_cache_size(struct kmem_cache *s)
80 return s->object_size;
82 EXPORT_SYMBOL(kmem_cache_size);
84 #ifdef CONFIG_DEBUG_VM
85 static int kmem_cache_sanity_check(const char *name, unsigned int size)
87 if (!name || in_interrupt() || size < sizeof(void *) ||
88 size > KMALLOC_MAX_SIZE) {
89 pr_err("kmem_cache_create(%s) integrity check failed\n", name);
93 WARN_ON(strchr(name, ' ')); /* It confuses parsers */
97 static inline int kmem_cache_sanity_check(const char *name, unsigned int size)
103 void __kmem_cache_free_bulk(struct kmem_cache *s, size_t nr, void **p)
107 for (i = 0; i < nr; i++) {
109 kmem_cache_free(s, p[i]);
115 int __kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t nr,
120 for (i = 0; i < nr; i++) {
121 void *x = p[i] = kmem_cache_alloc(s, flags);
123 __kmem_cache_free_bulk(s, i, p);
130 #ifdef CONFIG_MEMCG_KMEM
132 LIST_HEAD(slab_root_caches);
133 static DEFINE_SPINLOCK(memcg_kmem_wq_lock);
135 static void kmemcg_cache_shutdown(struct percpu_ref *percpu_ref);
137 void slab_init_memcg_params(struct kmem_cache *s)
139 s->memcg_params.root_cache = NULL;
140 RCU_INIT_POINTER(s->memcg_params.memcg_caches, NULL);
141 INIT_LIST_HEAD(&s->memcg_params.children);
142 s->memcg_params.dying = false;
145 static int init_memcg_params(struct kmem_cache *s,
146 struct kmem_cache *root_cache)
148 struct memcg_cache_array *arr;
151 int ret = percpu_ref_init(&s->memcg_params.refcnt,
152 kmemcg_cache_shutdown,
157 s->memcg_params.root_cache = root_cache;
158 INIT_LIST_HEAD(&s->memcg_params.children_node);
159 INIT_LIST_HEAD(&s->memcg_params.kmem_caches_node);
163 slab_init_memcg_params(s);
165 if (!memcg_nr_cache_ids)
168 arr = kvzalloc(sizeof(struct memcg_cache_array) +
169 memcg_nr_cache_ids * sizeof(void *),
174 RCU_INIT_POINTER(s->memcg_params.memcg_caches, arr);
178 static void destroy_memcg_params(struct kmem_cache *s)
180 if (is_root_cache(s))
181 kvfree(rcu_access_pointer(s->memcg_params.memcg_caches));
183 percpu_ref_exit(&s->memcg_params.refcnt);
186 static void free_memcg_params(struct rcu_head *rcu)
188 struct memcg_cache_array *old;
190 old = container_of(rcu, struct memcg_cache_array, rcu);
194 static int update_memcg_params(struct kmem_cache *s, int new_array_size)
196 struct memcg_cache_array *old, *new;
198 new = kvzalloc(sizeof(struct memcg_cache_array) +
199 new_array_size * sizeof(void *), GFP_KERNEL);
203 old = rcu_dereference_protected(s->memcg_params.memcg_caches,
204 lockdep_is_held(&slab_mutex));
206 memcpy(new->entries, old->entries,
207 memcg_nr_cache_ids * sizeof(void *));
209 rcu_assign_pointer(s->memcg_params.memcg_caches, new);
211 call_rcu(&old->rcu, free_memcg_params);
215 int memcg_update_all_caches(int num_memcgs)
217 struct kmem_cache *s;
220 mutex_lock(&slab_mutex);
221 list_for_each_entry(s, &slab_root_caches, root_caches_node) {
222 ret = update_memcg_params(s, num_memcgs);
224 * Instead of freeing the memory, we'll just leave the caches
225 * up to this point in an updated state.
230 mutex_unlock(&slab_mutex);
234 void memcg_link_cache(struct kmem_cache *s, struct mem_cgroup *memcg)
236 if (is_root_cache(s)) {
237 list_add(&s->root_caches_node, &slab_root_caches);
239 css_get(&memcg->css);
240 s->memcg_params.memcg = memcg;
241 list_add(&s->memcg_params.children_node,
242 &s->memcg_params.root_cache->memcg_params.children);
243 list_add(&s->memcg_params.kmem_caches_node,
244 &s->memcg_params.memcg->kmem_caches);
248 static void memcg_unlink_cache(struct kmem_cache *s)
250 if (is_root_cache(s)) {
251 list_del(&s->root_caches_node);
253 list_del(&s->memcg_params.children_node);
254 list_del(&s->memcg_params.kmem_caches_node);
255 css_put(&s->memcg_params.memcg->css);
259 static inline int init_memcg_params(struct kmem_cache *s,
260 struct kmem_cache *root_cache)
265 static inline void destroy_memcg_params(struct kmem_cache *s)
269 static inline void memcg_unlink_cache(struct kmem_cache *s)
272 #endif /* CONFIG_MEMCG_KMEM */
275 * Figure out what the alignment of the objects will be given a set of
276 * flags, a user specified alignment and the size of the objects.
278 static unsigned int calculate_alignment(slab_flags_t flags,
279 unsigned int align, unsigned int size)
282 * If the user wants hardware cache aligned objects then follow that
283 * suggestion if the object is sufficiently large.
285 * The hardware cache alignment cannot override the specified
286 * alignment though. If that is greater then use it.
288 if (flags & SLAB_HWCACHE_ALIGN) {
291 ralign = cache_line_size();
292 while (size <= ralign / 2)
294 align = max(align, ralign);
297 if (align < ARCH_SLAB_MINALIGN)
298 align = ARCH_SLAB_MINALIGN;
300 return ALIGN(align, sizeof(void *));
304 * Find a mergeable slab cache
306 int slab_unmergeable(struct kmem_cache *s)
308 if (slab_nomerge || (s->flags & SLAB_NEVER_MERGE))
311 if (!is_root_cache(s))
321 * We may have set a slab to be unmergeable during bootstrap.
329 struct kmem_cache *find_mergeable(unsigned int size, unsigned int align,
330 slab_flags_t flags, const char *name, void (*ctor)(void *))
332 struct kmem_cache *s;
340 size = ALIGN(size, sizeof(void *));
341 align = calculate_alignment(flags, align, size);
342 size = ALIGN(size, align);
343 flags = kmem_cache_flags(size, flags, name, NULL);
345 if (flags & SLAB_NEVER_MERGE)
348 list_for_each_entry_reverse(s, &slab_root_caches, root_caches_node) {
349 if (slab_unmergeable(s))
355 if ((flags & SLAB_MERGE_SAME) != (s->flags & SLAB_MERGE_SAME))
358 * Check if alignment is compatible.
359 * Courtesy of Adrian Drzewiecki
361 if ((s->size & ~(align - 1)) != s->size)
364 if (s->size - size >= sizeof(void *))
367 if (IS_ENABLED(CONFIG_SLAB) && align &&
368 (align > s->align || s->align % align))
376 static struct kmem_cache *create_cache(const char *name,
377 unsigned int object_size, unsigned int align,
378 slab_flags_t flags, unsigned int useroffset,
379 unsigned int usersize, void (*ctor)(void *),
380 struct mem_cgroup *memcg, struct kmem_cache *root_cache)
382 struct kmem_cache *s;
385 if (WARN_ON(useroffset + usersize > object_size))
386 useroffset = usersize = 0;
389 s = kmem_cache_zalloc(kmem_cache, GFP_KERNEL);
394 s->size = s->object_size = object_size;
397 s->useroffset = useroffset;
398 s->usersize = usersize;
400 err = init_memcg_params(s, root_cache);
404 err = __kmem_cache_create(s, flags);
409 list_add(&s->list, &slab_caches);
410 memcg_link_cache(s, memcg);
417 destroy_memcg_params(s);
418 kmem_cache_free(kmem_cache, s);
423 * kmem_cache_create_usercopy - Create a cache with a region suitable
424 * for copying to userspace
425 * @name: A string which is used in /proc/slabinfo to identify this cache.
426 * @size: The size of objects to be created in this cache.
427 * @align: The required alignment for the objects.
429 * @useroffset: Usercopy region offset
430 * @usersize: Usercopy region size
431 * @ctor: A constructor for the objects.
433 * Cannot be called within a interrupt, but can be interrupted.
434 * The @ctor is run when new pages are allocated by the cache.
438 * %SLAB_POISON - Poison the slab with a known test pattern (a5a5a5a5)
439 * to catch references to uninitialised memory.
441 * %SLAB_RED_ZONE - Insert `Red` zones around the allocated memory to check
442 * for buffer overruns.
444 * %SLAB_HWCACHE_ALIGN - Align the objects in this cache to a hardware
445 * cacheline. This can be beneficial if you're counting cycles as closely
448 * Return: a pointer to the cache on success, NULL on failure.
451 kmem_cache_create_usercopy(const char *name,
452 unsigned int size, unsigned int align,
454 unsigned int useroffset, unsigned int usersize,
455 void (*ctor)(void *))
457 struct kmem_cache *s = NULL;
458 const char *cache_name;
463 memcg_get_cache_ids();
465 mutex_lock(&slab_mutex);
467 err = kmem_cache_sanity_check(name, size);
472 /* Refuse requests with allocator specific flags */
473 if (flags & ~SLAB_FLAGS_PERMITTED) {
479 * Some allocators will constraint the set of valid flags to a subset
480 * of all flags. We expect them to define CACHE_CREATE_MASK in this
481 * case, and we'll just provide them with a sanitized version of the
484 flags &= CACHE_CREATE_MASK;
486 /* Fail closed on bad usersize of useroffset values. */
487 if (WARN_ON(!usersize && useroffset) ||
488 WARN_ON(size < usersize || size - usersize < useroffset))
489 usersize = useroffset = 0;
492 s = __kmem_cache_alias(name, size, align, flags, ctor);
496 cache_name = kstrdup_const(name, GFP_KERNEL);
502 s = create_cache(cache_name, size,
503 calculate_alignment(flags, align, size),
504 flags, useroffset, usersize, ctor, NULL, NULL);
507 kfree_const(cache_name);
511 mutex_unlock(&slab_mutex);
513 memcg_put_cache_ids();
518 if (flags & SLAB_PANIC)
519 panic("kmem_cache_create: Failed to create slab '%s'. Error %d\n",
522 pr_warn("kmem_cache_create(%s) failed with error %d\n",
530 EXPORT_SYMBOL(kmem_cache_create_usercopy);
533 * kmem_cache_create - Create a cache.
534 * @name: A string which is used in /proc/slabinfo to identify this cache.
535 * @size: The size of objects to be created in this cache.
536 * @align: The required alignment for the objects.
538 * @ctor: A constructor for the objects.
540 * Cannot be called within a interrupt, but can be interrupted.
541 * The @ctor is run when new pages are allocated by the cache.
545 * %SLAB_POISON - Poison the slab with a known test pattern (a5a5a5a5)
546 * to catch references to uninitialised memory.
548 * %SLAB_RED_ZONE - Insert `Red` zones around the allocated memory to check
549 * for buffer overruns.
551 * %SLAB_HWCACHE_ALIGN - Align the objects in this cache to a hardware
552 * cacheline. This can be beneficial if you're counting cycles as closely
555 * Return: a pointer to the cache on success, NULL on failure.
558 kmem_cache_create(const char *name, unsigned int size, unsigned int align,
559 slab_flags_t flags, void (*ctor)(void *))
561 return kmem_cache_create_usercopy(name, size, align, flags, 0, 0,
564 EXPORT_SYMBOL(kmem_cache_create);
566 static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work)
568 LIST_HEAD(to_destroy);
569 struct kmem_cache *s, *s2;
572 * On destruction, SLAB_TYPESAFE_BY_RCU kmem_caches are put on the
573 * @slab_caches_to_rcu_destroy list. The slab pages are freed
574 * through RCU and and the associated kmem_cache are dereferenced
575 * while freeing the pages, so the kmem_caches should be freed only
576 * after the pending RCU operations are finished. As rcu_barrier()
577 * is a pretty slow operation, we batch all pending destructions
580 mutex_lock(&slab_mutex);
581 list_splice_init(&slab_caches_to_rcu_destroy, &to_destroy);
582 mutex_unlock(&slab_mutex);
584 if (list_empty(&to_destroy))
589 list_for_each_entry_safe(s, s2, &to_destroy, list) {
590 #ifdef SLAB_SUPPORTS_SYSFS
591 sysfs_slab_release(s);
593 slab_kmem_cache_release(s);
598 static int shutdown_cache(struct kmem_cache *s)
600 /* free asan quarantined objects */
601 kasan_cache_shutdown(s);
603 if (__kmem_cache_shutdown(s) != 0)
606 memcg_unlink_cache(s);
609 if (s->flags & SLAB_TYPESAFE_BY_RCU) {
610 #ifdef SLAB_SUPPORTS_SYSFS
611 sysfs_slab_unlink(s);
613 list_add_tail(&s->list, &slab_caches_to_rcu_destroy);
614 schedule_work(&slab_caches_to_rcu_destroy_work);
616 #ifdef SLAB_SUPPORTS_SYSFS
617 sysfs_slab_unlink(s);
618 sysfs_slab_release(s);
620 slab_kmem_cache_release(s);
627 #ifdef CONFIG_MEMCG_KMEM
629 * memcg_create_kmem_cache - Create a cache for a memory cgroup.
630 * @memcg: The memory cgroup the new cache is for.
631 * @root_cache: The parent of the new cache.
633 * This function attempts to create a kmem cache that will serve allocation
634 * requests going from @memcg to @root_cache. The new cache inherits properties
637 void memcg_create_kmem_cache(struct mem_cgroup *memcg,
638 struct kmem_cache *root_cache)
640 static char memcg_name_buf[NAME_MAX + 1]; /* protected by slab_mutex */
641 struct cgroup_subsys_state *css = &memcg->css;
642 struct memcg_cache_array *arr;
643 struct kmem_cache *s = NULL;
650 mutex_lock(&slab_mutex);
653 * The memory cgroup could have been offlined while the cache
654 * creation work was pending.
656 if (memcg->kmem_state != KMEM_ONLINE)
659 idx = memcg_cache_id(memcg);
660 arr = rcu_dereference_protected(root_cache->memcg_params.memcg_caches,
661 lockdep_is_held(&slab_mutex));
664 * Since per-memcg caches are created asynchronously on first
665 * allocation (see memcg_kmem_get_cache()), several threads can try to
666 * create the same cache, but only one of them may succeed.
668 if (arr->entries[idx])
671 cgroup_name(css->cgroup, memcg_name_buf, sizeof(memcg_name_buf));
672 cache_name = kasprintf(GFP_KERNEL, "%s(%llu:%s)", root_cache->name,
673 css->serial_nr, memcg_name_buf);
677 s = create_cache(cache_name, root_cache->object_size,
679 root_cache->flags & CACHE_CREATE_MASK,
680 root_cache->useroffset, root_cache->usersize,
681 root_cache->ctor, memcg, root_cache);
683 * If we could not create a memcg cache, do not complain, because
684 * that's not critical at all as we can always proceed with the root
693 * Since readers won't lock (see memcg_kmem_get_cache()), we need a
694 * barrier here to ensure nobody will see the kmem_cache partially
698 arr->entries[idx] = s;
701 mutex_unlock(&slab_mutex);
707 static void kmemcg_workfn(struct work_struct *work)
709 struct kmem_cache *s = container_of(work, struct kmem_cache,
715 mutex_lock(&slab_mutex);
716 s->memcg_params.work_fn(s);
717 mutex_unlock(&slab_mutex);
723 static void kmemcg_rcufn(struct rcu_head *head)
725 struct kmem_cache *s = container_of(head, struct kmem_cache,
726 memcg_params.rcu_head);
729 * We need to grab blocking locks. Bounce to ->work. The
730 * work item shares the space with the RCU head and can't be
731 * initialized eariler.
733 INIT_WORK(&s->memcg_params.work, kmemcg_workfn);
734 queue_work(memcg_kmem_cache_wq, &s->memcg_params.work);
737 static void kmemcg_cache_shutdown_fn(struct kmem_cache *s)
739 WARN_ON(shutdown_cache(s));
742 static void kmemcg_cache_shutdown(struct percpu_ref *percpu_ref)
744 struct kmem_cache *s = container_of(percpu_ref, struct kmem_cache,
745 memcg_params.refcnt);
748 spin_lock_irqsave(&memcg_kmem_wq_lock, flags);
749 if (s->memcg_params.root_cache->memcg_params.dying)
752 s->memcg_params.work_fn = kmemcg_cache_shutdown_fn;
753 INIT_WORK(&s->memcg_params.work, kmemcg_workfn);
754 queue_work(memcg_kmem_cache_wq, &s->memcg_params.work);
757 spin_unlock_irqrestore(&memcg_kmem_wq_lock, flags);
760 static void kmemcg_cache_deactivate_after_rcu(struct kmem_cache *s)
762 __kmemcg_cache_deactivate_after_rcu(s);
763 percpu_ref_kill(&s->memcg_params.refcnt);
766 static void kmemcg_cache_deactivate(struct kmem_cache *s)
768 if (WARN_ON_ONCE(is_root_cache(s)))
771 __kmemcg_cache_deactivate(s);
774 * memcg_kmem_wq_lock is used to synchronize memcg_params.dying
775 * flag and make sure that no new kmem_cache deactivation tasks
776 * are queued (see flush_memcg_workqueue() ).
778 spin_lock_irq(&memcg_kmem_wq_lock);
779 if (s->memcg_params.root_cache->memcg_params.dying)
782 s->memcg_params.work_fn = kmemcg_cache_deactivate_after_rcu;
783 call_rcu(&s->memcg_params.rcu_head, kmemcg_rcufn);
785 spin_unlock_irq(&memcg_kmem_wq_lock);
788 void memcg_deactivate_kmem_caches(struct mem_cgroup *memcg)
791 struct memcg_cache_array *arr;
792 struct kmem_cache *s, *c;
794 idx = memcg_cache_id(memcg);
799 mutex_lock(&slab_mutex);
800 list_for_each_entry(s, &slab_root_caches, root_caches_node) {
801 arr = rcu_dereference_protected(s->memcg_params.memcg_caches,
802 lockdep_is_held(&slab_mutex));
803 c = arr->entries[idx];
807 kmemcg_cache_deactivate(c);
808 arr->entries[idx] = NULL;
810 mutex_unlock(&slab_mutex);
816 static int shutdown_memcg_caches(struct kmem_cache *s)
818 struct memcg_cache_array *arr;
819 struct kmem_cache *c, *c2;
823 BUG_ON(!is_root_cache(s));
826 * First, shutdown active caches, i.e. caches that belong to online
829 arr = rcu_dereference_protected(s->memcg_params.memcg_caches,
830 lockdep_is_held(&slab_mutex));
831 for_each_memcg_cache_index(i) {
835 if (shutdown_cache(c))
837 * The cache still has objects. Move it to a temporary
838 * list so as not to try to destroy it for a second
839 * time while iterating over inactive caches below.
841 list_move(&c->memcg_params.children_node, &busy);
844 * The cache is empty and will be destroyed soon. Clear
845 * the pointer to it in the memcg_caches array so that
846 * it will never be accessed even if the root cache
849 arr->entries[i] = NULL;
853 * Second, shutdown all caches left from memory cgroups that are now
856 list_for_each_entry_safe(c, c2, &s->memcg_params.children,
857 memcg_params.children_node)
860 list_splice(&busy, &s->memcg_params.children);
863 * A cache being destroyed must be empty. In particular, this means
864 * that all per memcg caches attached to it must be empty too.
866 if (!list_empty(&s->memcg_params.children))
871 static void flush_memcg_workqueue(struct kmem_cache *s)
873 spin_lock_irq(&memcg_kmem_wq_lock);
874 s->memcg_params.dying = true;
875 spin_unlock_irq(&memcg_kmem_wq_lock);
878 * SLAB and SLUB deactivate the kmem_caches through call_rcu. Make
879 * sure all registered rcu callbacks have been invoked.
884 * SLAB and SLUB create memcg kmem_caches through workqueue and SLUB
885 * deactivates the memcg kmem_caches through workqueue. Make sure all
886 * previous workitems on workqueue are processed.
888 flush_workqueue(memcg_kmem_cache_wq);
891 static inline int shutdown_memcg_caches(struct kmem_cache *s)
896 static inline void flush_memcg_workqueue(struct kmem_cache *s)
899 #endif /* CONFIG_MEMCG_KMEM */
901 void slab_kmem_cache_release(struct kmem_cache *s)
903 __kmem_cache_release(s);
904 destroy_memcg_params(s);
905 kfree_const(s->name);
906 kmem_cache_free(kmem_cache, s);
909 void kmem_cache_destroy(struct kmem_cache *s)
916 flush_memcg_workqueue(s);
921 mutex_lock(&slab_mutex);
927 err = shutdown_memcg_caches(s);
929 err = shutdown_cache(s);
932 pr_err("kmem_cache_destroy %s: Slab cache still has objects\n",
937 mutex_unlock(&slab_mutex);
942 EXPORT_SYMBOL(kmem_cache_destroy);
945 * kmem_cache_shrink - Shrink a cache.
946 * @cachep: The cache to shrink.
948 * Releases as many slabs as possible for a cache.
949 * To help debugging, a zero exit status indicates all slabs were released.
951 * Return: %0 if all slabs were released, non-zero otherwise
953 int kmem_cache_shrink(struct kmem_cache *cachep)
959 kasan_cache_shrink(cachep);
960 ret = __kmem_cache_shrink(cachep);
965 EXPORT_SYMBOL(kmem_cache_shrink);
967 bool slab_is_available(void)
969 return slab_state >= UP;
973 /* Create a cache during boot when no slab services are available yet */
974 void __init create_boot_cache(struct kmem_cache *s, const char *name,
975 unsigned int size, slab_flags_t flags,
976 unsigned int useroffset, unsigned int usersize)
981 s->size = s->object_size = size;
982 s->align = calculate_alignment(flags, ARCH_KMALLOC_MINALIGN, size);
983 s->useroffset = useroffset;
984 s->usersize = usersize;
986 slab_init_memcg_params(s);
988 err = __kmem_cache_create(s, flags);
991 panic("Creation of kmalloc slab %s size=%u failed. Reason %d\n",
994 s->refcount = -1; /* Exempt from merging for now */
997 struct kmem_cache *__init create_kmalloc_cache(const char *name,
998 unsigned int size, slab_flags_t flags,
999 unsigned int useroffset, unsigned int usersize)
1001 struct kmem_cache *s = kmem_cache_zalloc(kmem_cache, GFP_NOWAIT);
1004 panic("Out of memory when creating slab %s\n", name);
1006 create_boot_cache(s, name, size, flags, useroffset, usersize);
1007 list_add(&s->list, &slab_caches);
1008 memcg_link_cache(s, NULL);
1014 kmalloc_caches[NR_KMALLOC_TYPES][KMALLOC_SHIFT_HIGH + 1] __ro_after_init;
1015 EXPORT_SYMBOL(kmalloc_caches);
1018 * Conversion table for small slabs sizes / 8 to the index in the
1019 * kmalloc array. This is necessary for slabs < 192 since we have non power
1020 * of two cache sizes there. The size of larger slabs can be determined using
1023 static u8 size_index[24] __ro_after_init = {
1050 static inline unsigned int size_index_elem(unsigned int bytes)
1052 return (bytes - 1) / 8;
1056 * Find the kmem_cache structure that serves a given size of
1059 struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)
1065 return ZERO_SIZE_PTR;
1067 index = size_index[size_index_elem(size)];
1069 if (WARN_ON_ONCE(size > KMALLOC_MAX_CACHE_SIZE))
1071 index = fls(size - 1);
1074 return kmalloc_caches[kmalloc_type(flags)][index];
1078 * kmalloc_info[] is to make slub_debug=,kmalloc-xx option work at boot time.
1079 * kmalloc_index() supports up to 2^26=64MB, so the final entry of the table is
1082 const struct kmalloc_info_struct kmalloc_info[] __initconst = {
1083 {NULL, 0}, {"kmalloc-96", 96},
1084 {"kmalloc-192", 192}, {"kmalloc-8", 8},
1085 {"kmalloc-16", 16}, {"kmalloc-32", 32},
1086 {"kmalloc-64", 64}, {"kmalloc-128", 128},
1087 {"kmalloc-256", 256}, {"kmalloc-512", 512},
1088 {"kmalloc-1k", 1024}, {"kmalloc-2k", 2048},
1089 {"kmalloc-4k", 4096}, {"kmalloc-8k", 8192},
1090 {"kmalloc-16k", 16384}, {"kmalloc-32k", 32768},
1091 {"kmalloc-64k", 65536}, {"kmalloc-128k", 131072},
1092 {"kmalloc-256k", 262144}, {"kmalloc-512k", 524288},
1093 {"kmalloc-1M", 1048576}, {"kmalloc-2M", 2097152},
1094 {"kmalloc-4M", 4194304}, {"kmalloc-8M", 8388608},
1095 {"kmalloc-16M", 16777216}, {"kmalloc-32M", 33554432},
1096 {"kmalloc-64M", 67108864}
1100 * Patch up the size_index table if we have strange large alignment
1101 * requirements for the kmalloc array. This is only the case for
1102 * MIPS it seems. The standard arches will not generate any code here.
1104 * Largest permitted alignment is 256 bytes due to the way we
1105 * handle the index determination for the smaller caches.
1107 * Make sure that nothing crazy happens if someone starts tinkering
1108 * around with ARCH_KMALLOC_MINALIGN
1110 void __init setup_kmalloc_cache_index_table(void)
1114 BUILD_BUG_ON(KMALLOC_MIN_SIZE > 256 ||
1115 (KMALLOC_MIN_SIZE & (KMALLOC_MIN_SIZE - 1)));
1117 for (i = 8; i < KMALLOC_MIN_SIZE; i += 8) {
1118 unsigned int elem = size_index_elem(i);
1120 if (elem >= ARRAY_SIZE(size_index))
1122 size_index[elem] = KMALLOC_SHIFT_LOW;
1125 if (KMALLOC_MIN_SIZE >= 64) {
1127 * The 96 byte size cache is not used if the alignment
1130 for (i = 64 + 8; i <= 96; i += 8)
1131 size_index[size_index_elem(i)] = 7;
1135 if (KMALLOC_MIN_SIZE >= 128) {
1137 * The 192 byte sized cache is not used if the alignment
1138 * is 128 byte. Redirect kmalloc to use the 256 byte cache
1141 for (i = 128 + 8; i <= 192; i += 8)
1142 size_index[size_index_elem(i)] = 8;
1147 kmalloc_cache_name(const char *prefix, unsigned int size)
1150 static const char units[3] = "\0kM";
1153 while (size >= 1024 && (size % 1024 == 0)) {
1158 return kasprintf(GFP_NOWAIT, "%s-%u%c", prefix, size, units[idx]);
1162 new_kmalloc_cache(int idx, int type, slab_flags_t flags)
1166 if (type == KMALLOC_RECLAIM) {
1167 flags |= SLAB_RECLAIM_ACCOUNT;
1168 name = kmalloc_cache_name("kmalloc-rcl",
1169 kmalloc_info[idx].size);
1172 name = kmalloc_info[idx].name;
1175 kmalloc_caches[type][idx] = create_kmalloc_cache(name,
1176 kmalloc_info[idx].size, flags, 0,
1177 kmalloc_info[idx].size);
1181 * Create the kmalloc array. Some of the regular kmalloc arrays
1182 * may already have been created because they were needed to
1183 * enable allocations for slab creation.
1185 void __init create_kmalloc_caches(slab_flags_t flags)
1189 for (type = KMALLOC_NORMAL; type <= KMALLOC_RECLAIM; type++) {
1190 for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) {
1191 if (!kmalloc_caches[type][i])
1192 new_kmalloc_cache(i, type, flags);
1195 * Caches that are not of the two-to-the-power-of size.
1196 * These have to be created immediately after the
1197 * earlier power of two caches
1199 if (KMALLOC_MIN_SIZE <= 32 && i == 6 &&
1200 !kmalloc_caches[type][1])
1201 new_kmalloc_cache(1, type, flags);
1202 if (KMALLOC_MIN_SIZE <= 64 && i == 7 &&
1203 !kmalloc_caches[type][2])
1204 new_kmalloc_cache(2, type, flags);
1208 /* Kmalloc array is now usable */
1211 #ifdef CONFIG_ZONE_DMA
1212 for (i = 0; i <= KMALLOC_SHIFT_HIGH; i++) {
1213 struct kmem_cache *s = kmalloc_caches[KMALLOC_NORMAL][i];
1216 unsigned int size = kmalloc_size(i);
1217 const char *n = kmalloc_cache_name("dma-kmalloc", size);
1220 kmalloc_caches[KMALLOC_DMA][i] = create_kmalloc_cache(
1221 n, size, SLAB_CACHE_DMA | flags, 0, 0);
1226 #endif /* !CONFIG_SLOB */
1229 * To avoid unnecessary overhead, we pass through large allocation requests
1230 * directly to the page allocator. We use __GFP_COMP, because we will need to
1231 * know the allocation order to free the pages properly in kfree.
1233 void *kmalloc_order(size_t size, gfp_t flags, unsigned int order)
1238 flags |= __GFP_COMP;
1239 page = alloc_pages(flags, order);
1240 ret = page ? page_address(page) : NULL;
1241 ret = kasan_kmalloc_large(ret, size, flags);
1242 /* As ret might get tagged, call kmemleak hook after KASAN. */
1243 kmemleak_alloc(ret, size, 1, flags);
1246 EXPORT_SYMBOL(kmalloc_order);
1248 #ifdef CONFIG_TRACING
1249 void *kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order)
1251 void *ret = kmalloc_order(size, flags, order);
1252 trace_kmalloc(_RET_IP_, ret, size, PAGE_SIZE << order, flags);
1255 EXPORT_SYMBOL(kmalloc_order_trace);
1258 #ifdef CONFIG_SLAB_FREELIST_RANDOM
1259 /* Randomize a generic freelist */
1260 static void freelist_randomize(struct rnd_state *state, unsigned int *list,
1266 for (i = 0; i < count; i++)
1269 /* Fisher-Yates shuffle */
1270 for (i = count - 1; i > 0; i--) {
1271 rand = prandom_u32_state(state);
1273 swap(list[i], list[rand]);
1277 /* Create a random sequence per cache */
1278 int cache_random_seq_create(struct kmem_cache *cachep, unsigned int count,
1281 struct rnd_state state;
1283 if (count < 2 || cachep->random_seq)
1286 cachep->random_seq = kcalloc(count, sizeof(unsigned int), gfp);
1287 if (!cachep->random_seq)
1290 /* Get best entropy at this stage of boot */
1291 prandom_seed_state(&state, get_random_long());
1293 freelist_randomize(&state, cachep->random_seq, count);
1297 /* Destroy the per-cache random freelist sequence */
1298 void cache_random_seq_destroy(struct kmem_cache *cachep)
1300 kfree(cachep->random_seq);
1301 cachep->random_seq = NULL;
1303 #endif /* CONFIG_SLAB_FREELIST_RANDOM */
1305 #if defined(CONFIG_SLAB) || defined(CONFIG_SLUB_DEBUG)
1307 #define SLABINFO_RIGHTS (0600)
1309 #define SLABINFO_RIGHTS (0400)
1312 static void print_slabinfo_header(struct seq_file *m)
1315 * Output format version, so at least we can change it
1316 * without _too_ many complaints.
1318 #ifdef CONFIG_DEBUG_SLAB
1319 seq_puts(m, "slabinfo - version: 2.1 (statistics)\n");
1321 seq_puts(m, "slabinfo - version: 2.1\n");
1323 seq_puts(m, "# name <active_objs> <num_objs> <objsize> <objperslab> <pagesperslab>");
1324 seq_puts(m, " : tunables <limit> <batchcount> <sharedfactor>");
1325 seq_puts(m, " : slabdata <active_slabs> <num_slabs> <sharedavail>");
1326 #ifdef CONFIG_DEBUG_SLAB
1327 seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> <error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>");
1328 seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>");
1333 void *slab_start(struct seq_file *m, loff_t *pos)
1335 mutex_lock(&slab_mutex);
1336 return seq_list_start(&slab_root_caches, *pos);
1339 void *slab_next(struct seq_file *m, void *p, loff_t *pos)
1341 return seq_list_next(p, &slab_root_caches, pos);
1344 void slab_stop(struct seq_file *m, void *p)
1346 mutex_unlock(&slab_mutex);
1350 memcg_accumulate_slabinfo(struct kmem_cache *s, struct slabinfo *info)
1352 struct kmem_cache *c;
1353 struct slabinfo sinfo;
1355 if (!is_root_cache(s))
1358 for_each_memcg_cache(c, s) {
1359 memset(&sinfo, 0, sizeof(sinfo));
1360 get_slabinfo(c, &sinfo);
1362 info->active_slabs += sinfo.active_slabs;
1363 info->num_slabs += sinfo.num_slabs;
1364 info->shared_avail += sinfo.shared_avail;
1365 info->active_objs += sinfo.active_objs;
1366 info->num_objs += sinfo.num_objs;
1370 static void cache_show(struct kmem_cache *s, struct seq_file *m)
1372 struct slabinfo sinfo;
1374 memset(&sinfo, 0, sizeof(sinfo));
1375 get_slabinfo(s, &sinfo);
1377 memcg_accumulate_slabinfo(s, &sinfo);
1379 seq_printf(m, "%-17s %6lu %6lu %6u %4u %4d",
1380 cache_name(s), sinfo.active_objs, sinfo.num_objs, s->size,
1381 sinfo.objects_per_slab, (1 << sinfo.cache_order));
1383 seq_printf(m, " : tunables %4u %4u %4u",
1384 sinfo.limit, sinfo.batchcount, sinfo.shared);
1385 seq_printf(m, " : slabdata %6lu %6lu %6lu",
1386 sinfo.active_slabs, sinfo.num_slabs, sinfo.shared_avail);
1387 slabinfo_show_stats(m, s);
1391 static int slab_show(struct seq_file *m, void *p)
1393 struct kmem_cache *s = list_entry(p, struct kmem_cache, root_caches_node);
1395 if (p == slab_root_caches.next)
1396 print_slabinfo_header(m);
1401 void dump_unreclaimable_slab(void)
1403 struct kmem_cache *s, *s2;
1404 struct slabinfo sinfo;
1407 * Here acquiring slab_mutex is risky since we don't prefer to get
1408 * sleep in oom path. But, without mutex hold, it may introduce a
1410 * Use mutex_trylock to protect the list traverse, dump nothing
1411 * without acquiring the mutex.
1413 if (!mutex_trylock(&slab_mutex)) {
1414 pr_warn("excessive unreclaimable slab but cannot dump stats\n");
1418 pr_info("Unreclaimable slab info:\n");
1419 pr_info("Name Used Total\n");
1421 list_for_each_entry_safe(s, s2, &slab_caches, list) {
1422 if (!is_root_cache(s) || (s->flags & SLAB_RECLAIM_ACCOUNT))
1425 get_slabinfo(s, &sinfo);
1427 if (sinfo.num_objs > 0)
1428 pr_info("%-17s %10luKB %10luKB\n", cache_name(s),
1429 (sinfo.active_objs * s->size) / 1024,
1430 (sinfo.num_objs * s->size) / 1024);
1432 mutex_unlock(&slab_mutex);
1435 #if defined(CONFIG_MEMCG)
1436 void *memcg_slab_start(struct seq_file *m, loff_t *pos)
1438 struct mem_cgroup *memcg = mem_cgroup_from_seq(m);
1440 mutex_lock(&slab_mutex);
1441 return seq_list_start(&memcg->kmem_caches, *pos);
1444 void *memcg_slab_next(struct seq_file *m, void *p, loff_t *pos)
1446 struct mem_cgroup *memcg = mem_cgroup_from_seq(m);
1448 return seq_list_next(p, &memcg->kmem_caches, pos);
1451 void memcg_slab_stop(struct seq_file *m, void *p)
1453 mutex_unlock(&slab_mutex);
1456 int memcg_slab_show(struct seq_file *m, void *p)
1458 struct kmem_cache *s = list_entry(p, struct kmem_cache,
1459 memcg_params.kmem_caches_node);
1460 struct mem_cgroup *memcg = mem_cgroup_from_seq(m);
1462 if (p == memcg->kmem_caches.next)
1463 print_slabinfo_header(m);
1470 * slabinfo_op - iterator that generates /proc/slabinfo
1479 * num-pages-per-slab
1480 * + further values on SMP and with statistics enabled
1482 static const struct seq_operations slabinfo_op = {
1483 .start = slab_start,
1489 static int slabinfo_open(struct inode *inode, struct file *file)
1491 return seq_open(file, &slabinfo_op);
1494 static const struct file_operations proc_slabinfo_operations = {
1495 .open = slabinfo_open,
1497 .write = slabinfo_write,
1498 .llseek = seq_lseek,
1499 .release = seq_release,
1502 static int __init slab_proc_init(void)
1504 proc_create("slabinfo", SLABINFO_RIGHTS, NULL,
1505 &proc_slabinfo_operations);
1508 module_init(slab_proc_init);
1509 #endif /* CONFIG_SLAB || CONFIG_SLUB_DEBUG */
1511 static __always_inline void *__do_krealloc(const void *p, size_t new_size,
1520 if (ks >= new_size) {
1521 p = kasan_krealloc((void *)p, new_size, flags);
1525 ret = kmalloc_track_caller(new_size, flags);
1533 * __krealloc - like krealloc() but don't free @p.
1534 * @p: object to reallocate memory for.
1535 * @new_size: how many bytes of memory are required.
1536 * @flags: the type of memory to allocate.
1538 * This function is like krealloc() except it never frees the originally
1539 * allocated buffer. Use this if you don't want to free the buffer immediately
1540 * like, for example, with RCU.
1542 * Return: pointer to the allocated memory or %NULL in case of error
1544 void *__krealloc(const void *p, size_t new_size, gfp_t flags)
1546 if (unlikely(!new_size))
1547 return ZERO_SIZE_PTR;
1549 return __do_krealloc(p, new_size, flags);
1552 EXPORT_SYMBOL(__krealloc);
1555 * krealloc - reallocate memory. The contents will remain unchanged.
1556 * @p: object to reallocate memory for.
1557 * @new_size: how many bytes of memory are required.
1558 * @flags: the type of memory to allocate.
1560 * The contents of the object pointed to are preserved up to the
1561 * lesser of the new and old sizes. If @p is %NULL, krealloc()
1562 * behaves exactly like kmalloc(). If @new_size is 0 and @p is not a
1563 * %NULL pointer, the object pointed to is freed.
1565 * Return: pointer to the allocated memory or %NULL in case of error
1567 void *krealloc(const void *p, size_t new_size, gfp_t flags)
1571 if (unlikely(!new_size)) {
1573 return ZERO_SIZE_PTR;
1576 ret = __do_krealloc(p, new_size, flags);
1577 if (ret && kasan_reset_tag(p) != kasan_reset_tag(ret))
1582 EXPORT_SYMBOL(krealloc);
1585 * kzfree - like kfree but zero memory
1586 * @p: object to free memory of
1588 * The memory of the object @p points to is zeroed before freed.
1589 * If @p is %NULL, kzfree() does nothing.
1591 * Note: this function zeroes the whole allocated buffer which can be a good
1592 * deal bigger than the requested buffer size passed to kmalloc(). So be
1593 * careful when using this function in performance sensitive code.
1595 void kzfree(const void *p)
1598 void *mem = (void *)p;
1600 if (unlikely(ZERO_OR_NULL_PTR(mem)))
1606 EXPORT_SYMBOL(kzfree);
1609 * ksize - get the actual amount of memory allocated for a given object
1610 * @objp: Pointer to the object
1612 * kmalloc may internally round up allocations and return more memory
1613 * than requested. ksize() can be used to determine the actual amount of
1614 * memory allocated. The caller may use this additional memory, even though
1615 * a smaller amount of memory was initially specified with the kmalloc call.
1616 * The caller must guarantee that objp points to a valid object previously
1617 * allocated with either kmalloc() or kmem_cache_alloc(). The object
1618 * must not be freed during the duration of the call.
1620 * Return: size of the actual memory used by @objp in bytes
1622 size_t ksize(const void *objp)
1626 if (WARN_ON_ONCE(!objp))
1629 * We need to check that the pointed to object is valid, and only then
1630 * unpoison the shadow memory below. We use __kasan_check_read(), to
1631 * generate a more useful report at the time ksize() is called (rather
1632 * than later where behaviour is undefined due to potential
1633 * use-after-free or double-free).
1635 * If the pointed to memory is invalid we return 0, to avoid users of
1636 * ksize() writing to and potentially corrupting the memory region.
1638 * We want to perform the check before __ksize(), to avoid potentially
1639 * crashing in __ksize() due to accessing invalid metadata.
1641 if (unlikely(objp == ZERO_SIZE_PTR) || !__kasan_check_read(objp, 1))
1644 size = __ksize(objp);
1646 * We assume that ksize callers could use whole allocated area,
1647 * so we need to unpoison this area.
1649 kasan_unpoison_shadow(objp, size);
1652 EXPORT_SYMBOL(ksize);
1654 /* Tracepoints definitions. */
1655 EXPORT_TRACEPOINT_SYMBOL(kmalloc);
1656 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_alloc);
1657 EXPORT_TRACEPOINT_SYMBOL(kmalloc_node);
1658 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_alloc_node);
1659 EXPORT_TRACEPOINT_SYMBOL(kfree);
1660 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_free);
1662 int should_failslab(struct kmem_cache *s, gfp_t gfpflags)
1664 if (__should_failslab(s, gfpflags))
1668 ALLOW_ERROR_INJECTION(should_failslab, ERRNO);