2 * SLUB: A slab allocator that limits cache line use instead of queuing
3 * objects in per cpu and per node lists.
5 * The allocator synchronizes using per slab locks or atomic operatios
6 * and only uses a centralized lock to manage a pool of partial slabs.
8 * (C) 2007 SGI, Christoph Lameter
9 * (C) 2011 Linux Foundation, Christoph Lameter
13 #include <linux/swap.h> /* struct reclaim_state */
14 #include <linux/module.h>
15 #include <linux/bit_spinlock.h>
16 #include <linux/interrupt.h>
17 #include <linux/bitops.h>
18 #include <linux/slab.h>
20 #include <linux/proc_fs.h>
21 #include <linux/notifier.h>
22 #include <linux/seq_file.h>
23 #include <linux/kmemcheck.h>
24 #include <linux/cpu.h>
25 #include <linux/cpuset.h>
26 #include <linux/mempolicy.h>
27 #include <linux/ctype.h>
28 #include <linux/debugobjects.h>
29 #include <linux/kallsyms.h>
30 #include <linux/memory.h>
31 #include <linux/math64.h>
32 #include <linux/fault-inject.h>
33 #include <linux/stacktrace.h>
34 #include <linux/prefetch.h>
35 #include <linux/memcontrol.h>
37 #include <trace/events/kmem.h>
43 * 1. slab_mutex (Global Mutex)
45 * 3. slab_lock(page) (Only on some arches and for debugging)
49 * The role of the slab_mutex is to protect the list of all the slabs
50 * and to synchronize major metadata changes to slab cache structures.
52 * The slab_lock is only used for debugging and on arches that do not
53 * have the ability to do a cmpxchg_double. It only protects the second
54 * double word in the page struct. Meaning
55 * A. page->freelist -> List of object free in a page
56 * B. page->counters -> Counters of objects
57 * C. page->frozen -> frozen state
59 * If a slab is frozen then it is exempt from list management. It is not
60 * on any list. The processor that froze the slab is the one who can
61 * perform list operations on the page. Other processors may put objects
62 * onto the freelist but the processor that froze the slab is the only
63 * one that can retrieve the objects from the page's freelist.
65 * The list_lock protects the partial and full list on each node and
66 * the partial slab counter. If taken then no new slabs may be added or
67 * removed from the lists nor make the number of partial slabs be modified.
68 * (Note that the total number of slabs is an atomic value that may be
69 * modified without taking the list lock).
71 * The list_lock is a centralized lock and thus we avoid taking it as
72 * much as possible. As long as SLUB does not have to handle partial
73 * slabs, operations can continue without any centralized lock. F.e.
74 * allocating a long series of objects that fill up slabs does not require
76 * Interrupts are disabled during allocation and deallocation in order to
77 * make the slab allocator safe to use in the context of an irq. In addition
78 * interrupts are disabled to ensure that the processor does not change
79 * while handling per_cpu slabs, due to kernel preemption.
81 * SLUB assigns one slab for allocation to each processor.
82 * Allocations only occur from these slabs called cpu slabs.
84 * Slabs with free elements are kept on a partial list and during regular
85 * operations no list for full slabs is used. If an object in a full slab is
86 * freed then the slab will show up again on the partial lists.
87 * We track full slabs for debugging purposes though because otherwise we
88 * cannot scan all objects.
90 * Slabs are freed when they become empty. Teardown and setup is
91 * minimal so we rely on the page allocators per cpu caches for
92 * fast frees and allocs.
94 * Overloading of page flags that are otherwise used for LRU management.
96 * PageActive The slab is frozen and exempt from list processing.
97 * This means that the slab is dedicated to a purpose
98 * such as satisfying allocations for a specific
99 * processor. Objects may be freed in the slab while
100 * it is frozen but slab_free will then skip the usual
101 * list operations. It is up to the processor holding
102 * the slab to integrate the slab into the slab lists
103 * when the slab is no longer needed.
105 * One use of this flag is to mark slabs that are
106 * used for allocations. Then such a slab becomes a cpu
107 * slab. The cpu slab may be equipped with an additional
108 * freelist that allows lockless access to
109 * free objects in addition to the regular freelist
110 * that requires the slab lock.
112 * PageError Slab requires special handling due to debug
113 * options set. This moves slab handling out of
114 * the fast path and disables lockless freelists.
117 static inline int kmem_cache_debug(struct kmem_cache *s)
119 #ifdef CONFIG_SLUB_DEBUG
120 return unlikely(s->flags & SLAB_DEBUG_FLAGS);
126 static inline bool kmem_cache_has_cpu_partial(struct kmem_cache *s)
128 #ifdef CONFIG_SLUB_CPU_PARTIAL
129 return !kmem_cache_debug(s);
136 * Issues still to be resolved:
138 * - Support PAGE_ALLOC_DEBUG. Should be easy to do.
140 * - Variable sizing of the per node arrays
143 /* Enable to test recovery from slab corruption on boot */
144 #undef SLUB_RESILIENCY_TEST
146 /* Enable to log cmpxchg failures */
147 #undef SLUB_DEBUG_CMPXCHG
150 * Mininum number of partial slabs. These will be left on the partial
151 * lists even if they are empty. kmem_cache_shrink may reclaim them.
153 #define MIN_PARTIAL 5
156 * Maximum number of desirable partial slabs.
157 * The existence of more partial slabs makes kmem_cache_shrink
158 * sort the partial list by the number of objects in use.
160 #define MAX_PARTIAL 10
162 #define DEBUG_DEFAULT_FLAGS (SLAB_DEBUG_FREE | SLAB_RED_ZONE | \
163 SLAB_POISON | SLAB_STORE_USER)
166 * Debugging flags that require metadata to be stored in the slab. These get
167 * disabled when slub_debug=O is used and a cache's min order increases with
170 #define DEBUG_METADATA_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
173 * Set of flags that will prevent slab merging
175 #define SLUB_NEVER_MERGE (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \
176 SLAB_TRACE | SLAB_DESTROY_BY_RCU | SLAB_NOLEAKTRACE | \
179 #define SLUB_MERGE_SAME (SLAB_DEBUG_FREE | SLAB_RECLAIM_ACCOUNT | \
180 SLAB_CACHE_DMA | SLAB_NOTRACK)
183 #define OO_MASK ((1 << OO_SHIFT) - 1)
184 #define MAX_OBJS_PER_PAGE 32767 /* since page.objects is u15 */
186 /* Internal SLUB flags */
187 #define __OBJECT_POISON 0x80000000UL /* Poison object */
188 #define __CMPXCHG_DOUBLE 0x40000000UL /* Use cmpxchg_double */
191 static struct notifier_block slab_notifier;
195 * Tracking user of a slab.
197 #define TRACK_ADDRS_COUNT 16
199 unsigned long addr; /* Called from address */
200 #ifdef CONFIG_STACKTRACE
201 unsigned long addrs[TRACK_ADDRS_COUNT]; /* Called from address */
203 int cpu; /* Was running on cpu */
204 int pid; /* Pid context */
205 unsigned long when; /* When did the operation occur */
208 enum track_item { TRACK_ALLOC, TRACK_FREE };
211 static int sysfs_slab_add(struct kmem_cache *);
212 static int sysfs_slab_alias(struct kmem_cache *, const char *);
213 static void memcg_propagate_slab_attrs(struct kmem_cache *s);
215 static inline int sysfs_slab_add(struct kmem_cache *s) { return 0; }
216 static inline int sysfs_slab_alias(struct kmem_cache *s, const char *p)
218 static inline void memcg_propagate_slab_attrs(struct kmem_cache *s) { }
221 static inline void stat(const struct kmem_cache *s, enum stat_item si)
223 #ifdef CONFIG_SLUB_STATS
225 * The rmw is racy on a preemptible kernel but this is acceptable, so
226 * avoid this_cpu_add()'s irq-disable overhead.
228 raw_cpu_inc(s->cpu_slab->stat[si]);
232 /********************************************************************
233 * Core slab cache functions
234 *******************************************************************/
236 /* Verify that a pointer has an address that is valid within a slab page */
237 static inline int check_valid_pointer(struct kmem_cache *s,
238 struct page *page, const void *object)
245 base = page_address(page);
246 if (object < base || object >= base + page->objects * s->size ||
247 (object - base) % s->size) {
254 static inline void *get_freepointer(struct kmem_cache *s, void *object)
256 return *(void **)(object + s->offset);
259 static void prefetch_freepointer(const struct kmem_cache *s, void *object)
261 prefetch(object + s->offset);
264 static inline void *get_freepointer_safe(struct kmem_cache *s, void *object)
268 #ifdef CONFIG_DEBUG_PAGEALLOC
269 probe_kernel_read(&p, (void **)(object + s->offset), sizeof(p));
271 p = get_freepointer(s, object);
276 static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp)
278 *(void **)(object + s->offset) = fp;
281 /* Loop over all objects in a slab */
282 #define for_each_object(__p, __s, __addr, __objects) \
283 for (__p = (__addr); __p < (__addr) + (__objects) * (__s)->size;\
286 /* Determine object index from a given position */
287 static inline int slab_index(void *p, struct kmem_cache *s, void *addr)
289 return (p - addr) / s->size;
292 static inline size_t slab_ksize(const struct kmem_cache *s)
294 #ifdef CONFIG_SLUB_DEBUG
296 * Debugging requires use of the padding between object
297 * and whatever may come after it.
299 if (s->flags & (SLAB_RED_ZONE | SLAB_POISON))
300 return s->object_size;
304 * If we have the need to store the freelist pointer
305 * back there or track user information then we can
306 * only use the space before that information.
308 if (s->flags & (SLAB_DESTROY_BY_RCU | SLAB_STORE_USER))
311 * Else we can use all the padding etc for the allocation
316 static inline int order_objects(int order, unsigned long size, int reserved)
318 return ((PAGE_SIZE << order) - reserved) / size;
321 static inline struct kmem_cache_order_objects oo_make(int order,
322 unsigned long size, int reserved)
324 struct kmem_cache_order_objects x = {
325 (order << OO_SHIFT) + order_objects(order, size, reserved)
331 static inline int oo_order(struct kmem_cache_order_objects x)
333 return x.x >> OO_SHIFT;
336 static inline int oo_objects(struct kmem_cache_order_objects x)
338 return x.x & OO_MASK;
342 * Per slab locking using the pagelock
344 static __always_inline void slab_lock(struct page *page)
346 bit_spin_lock(PG_locked, &page->flags);
349 static __always_inline void slab_unlock(struct page *page)
351 __bit_spin_unlock(PG_locked, &page->flags);
354 static inline void set_page_slub_counters(struct page *page, unsigned long counters_new)
357 tmp.counters = counters_new;
359 * page->counters can cover frozen/inuse/objects as well
360 * as page->_count. If we assign to ->counters directly
361 * we run the risk of losing updates to page->_count, so
362 * be careful and only assign to the fields we need.
364 page->frozen = tmp.frozen;
365 page->inuse = tmp.inuse;
366 page->objects = tmp.objects;
369 /* Interrupts must be disabled (for the fallback code to work right) */
370 static inline bool __cmpxchg_double_slab(struct kmem_cache *s, struct page *page,
371 void *freelist_old, unsigned long counters_old,
372 void *freelist_new, unsigned long counters_new,
375 VM_BUG_ON(!irqs_disabled());
376 #if defined(CONFIG_HAVE_CMPXCHG_DOUBLE) && \
377 defined(CONFIG_HAVE_ALIGNED_STRUCT_PAGE)
378 if (s->flags & __CMPXCHG_DOUBLE) {
379 if (cmpxchg_double(&page->freelist, &page->counters,
380 freelist_old, counters_old,
381 freelist_new, counters_new))
387 if (page->freelist == freelist_old &&
388 page->counters == counters_old) {
389 page->freelist = freelist_new;
390 set_page_slub_counters(page, counters_new);
398 stat(s, CMPXCHG_DOUBLE_FAIL);
400 #ifdef SLUB_DEBUG_CMPXCHG
401 pr_info("%s %s: cmpxchg double redo ", n, s->name);
407 static inline bool cmpxchg_double_slab(struct kmem_cache *s, struct page *page,
408 void *freelist_old, unsigned long counters_old,
409 void *freelist_new, unsigned long counters_new,
412 #if defined(CONFIG_HAVE_CMPXCHG_DOUBLE) && \
413 defined(CONFIG_HAVE_ALIGNED_STRUCT_PAGE)
414 if (s->flags & __CMPXCHG_DOUBLE) {
415 if (cmpxchg_double(&page->freelist, &page->counters,
416 freelist_old, counters_old,
417 freelist_new, counters_new))
424 local_irq_save(flags);
426 if (page->freelist == freelist_old &&
427 page->counters == counters_old) {
428 page->freelist = freelist_new;
429 set_page_slub_counters(page, counters_new);
431 local_irq_restore(flags);
435 local_irq_restore(flags);
439 stat(s, CMPXCHG_DOUBLE_FAIL);
441 #ifdef SLUB_DEBUG_CMPXCHG
442 pr_info("%s %s: cmpxchg double redo ", n, s->name);
448 #ifdef CONFIG_SLUB_DEBUG
450 * Determine a map of object in use on a page.
452 * Node listlock must be held to guarantee that the page does
453 * not vanish from under us.
455 static void get_map(struct kmem_cache *s, struct page *page, unsigned long *map)
458 void *addr = page_address(page);
460 for (p = page->freelist; p; p = get_freepointer(s, p))
461 set_bit(slab_index(p, s, addr), map);
467 #ifdef CONFIG_SLUB_DEBUG_ON
468 static int slub_debug = DEBUG_DEFAULT_FLAGS;
470 static int slub_debug;
473 static char *slub_debug_slabs;
474 static int disable_higher_order_debug;
479 static void print_section(char *text, u8 *addr, unsigned int length)
481 print_hex_dump(KERN_ERR, text, DUMP_PREFIX_ADDRESS, 16, 1, addr,
485 static struct track *get_track(struct kmem_cache *s, void *object,
486 enum track_item alloc)
491 p = object + s->offset + sizeof(void *);
493 p = object + s->inuse;
498 static void set_track(struct kmem_cache *s, void *object,
499 enum track_item alloc, unsigned long addr)
501 struct track *p = get_track(s, object, alloc);
504 #ifdef CONFIG_STACKTRACE
505 struct stack_trace trace;
508 trace.nr_entries = 0;
509 trace.max_entries = TRACK_ADDRS_COUNT;
510 trace.entries = p->addrs;
512 save_stack_trace(&trace);
514 /* See rant in lockdep.c */
515 if (trace.nr_entries != 0 &&
516 trace.entries[trace.nr_entries - 1] == ULONG_MAX)
519 for (i = trace.nr_entries; i < TRACK_ADDRS_COUNT; i++)
523 p->cpu = smp_processor_id();
524 p->pid = current->pid;
527 memset(p, 0, sizeof(struct track));
530 static void init_tracking(struct kmem_cache *s, void *object)
532 if (!(s->flags & SLAB_STORE_USER))
535 set_track(s, object, TRACK_FREE, 0UL);
536 set_track(s, object, TRACK_ALLOC, 0UL);
539 static void print_track(const char *s, struct track *t)
544 pr_err("INFO: %s in %pS age=%lu cpu=%u pid=%d\n",
545 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid);
546 #ifdef CONFIG_STACKTRACE
549 for (i = 0; i < TRACK_ADDRS_COUNT; i++)
551 pr_err("\t%pS\n", (void *)t->addrs[i]);
558 static void print_tracking(struct kmem_cache *s, void *object)
560 if (!(s->flags & SLAB_STORE_USER))
563 print_track("Allocated", get_track(s, object, TRACK_ALLOC));
564 print_track("Freed", get_track(s, object, TRACK_FREE));
567 static void print_page_info(struct page *page)
569 pr_err("INFO: Slab 0x%p objects=%u used=%u fp=0x%p flags=0x%04lx\n",
570 page, page->objects, page->inuse, page->freelist, page->flags);
574 static void slab_bug(struct kmem_cache *s, char *fmt, ...)
576 struct va_format vaf;
582 pr_err("=============================================================================\n");
583 pr_err("BUG %s (%s): %pV\n", s->name, print_tainted(), &vaf);
584 pr_err("-----------------------------------------------------------------------------\n\n");
586 add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
590 static void slab_fix(struct kmem_cache *s, char *fmt, ...)
592 struct va_format vaf;
598 pr_err("FIX %s: %pV\n", s->name, &vaf);
602 static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p)
604 unsigned int off; /* Offset of last byte */
605 u8 *addr = page_address(page);
607 print_tracking(s, p);
609 print_page_info(page);
611 pr_err("INFO: Object 0x%p @offset=%tu fp=0x%p\n\n",
612 p, p - addr, get_freepointer(s, p));
615 print_section("Bytes b4 ", p - 16, 16);
617 print_section("Object ", p, min_t(unsigned long, s->object_size,
619 if (s->flags & SLAB_RED_ZONE)
620 print_section("Redzone ", p + s->object_size,
621 s->inuse - s->object_size);
624 off = s->offset + sizeof(void *);
628 if (s->flags & SLAB_STORE_USER)
629 off += 2 * sizeof(struct track);
632 /* Beginning of the filler is the free pointer */
633 print_section("Padding ", p + off, s->size - off);
638 static void object_err(struct kmem_cache *s, struct page *page,
639 u8 *object, char *reason)
641 slab_bug(s, "%s", reason);
642 print_trailer(s, page, object);
645 static void slab_err(struct kmem_cache *s, struct page *page,
646 const char *fmt, ...)
652 vsnprintf(buf, sizeof(buf), fmt, args);
654 slab_bug(s, "%s", buf);
655 print_page_info(page);
659 static void init_object(struct kmem_cache *s, void *object, u8 val)
663 if (s->flags & __OBJECT_POISON) {
664 memset(p, POISON_FREE, s->object_size - 1);
665 p[s->object_size - 1] = POISON_END;
668 if (s->flags & SLAB_RED_ZONE)
669 memset(p + s->object_size, val, s->inuse - s->object_size);
672 static void restore_bytes(struct kmem_cache *s, char *message, u8 data,
673 void *from, void *to)
675 slab_fix(s, "Restoring 0x%p-0x%p=0x%x\n", from, to - 1, data);
676 memset(from, data, to - from);
679 static int check_bytes_and_report(struct kmem_cache *s, struct page *page,
680 u8 *object, char *what,
681 u8 *start, unsigned int value, unsigned int bytes)
686 fault = memchr_inv(start, value, bytes);
691 while (end > fault && end[-1] == value)
694 slab_bug(s, "%s overwritten", what);
695 pr_err("INFO: 0x%p-0x%p. First byte 0x%x instead of 0x%x\n",
696 fault, end - 1, fault[0], value);
697 print_trailer(s, page, object);
699 restore_bytes(s, what, value, fault, end);
707 * Bytes of the object to be managed.
708 * If the freepointer may overlay the object then the free
709 * pointer is the first word of the object.
711 * Poisoning uses 0x6b (POISON_FREE) and the last byte is
714 * object + s->object_size
715 * Padding to reach word boundary. This is also used for Redzoning.
716 * Padding is extended by another word if Redzoning is enabled and
717 * object_size == inuse.
719 * We fill with 0xbb (RED_INACTIVE) for inactive objects and with
720 * 0xcc (RED_ACTIVE) for objects in use.
723 * Meta data starts here.
725 * A. Free pointer (if we cannot overwrite object on free)
726 * B. Tracking data for SLAB_STORE_USER
727 * C. Padding to reach required alignment boundary or at mininum
728 * one word if debugging is on to be able to detect writes
729 * before the word boundary.
731 * Padding is done using 0x5a (POISON_INUSE)
734 * Nothing is used beyond s->size.
736 * If slabcaches are merged then the object_size and inuse boundaries are mostly
737 * ignored. And therefore no slab options that rely on these boundaries
738 * may be used with merged slabcaches.
741 static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p)
743 unsigned long off = s->inuse; /* The end of info */
746 /* Freepointer is placed after the object. */
747 off += sizeof(void *);
749 if (s->flags & SLAB_STORE_USER)
750 /* We also have user information there */
751 off += 2 * sizeof(struct track);
756 return check_bytes_and_report(s, page, p, "Object padding",
757 p + off, POISON_INUSE, s->size - off);
760 /* Check the pad bytes at the end of a slab page */
761 static int slab_pad_check(struct kmem_cache *s, struct page *page)
769 if (!(s->flags & SLAB_POISON))
772 start = page_address(page);
773 length = (PAGE_SIZE << compound_order(page)) - s->reserved;
774 end = start + length;
775 remainder = length % s->size;
779 fault = memchr_inv(end - remainder, POISON_INUSE, remainder);
782 while (end > fault && end[-1] == POISON_INUSE)
785 slab_err(s, page, "Padding overwritten. 0x%p-0x%p", fault, end - 1);
786 print_section("Padding ", end - remainder, remainder);
788 restore_bytes(s, "slab padding", POISON_INUSE, end - remainder, end);
792 static int check_object(struct kmem_cache *s, struct page *page,
793 void *object, u8 val)
796 u8 *endobject = object + s->object_size;
798 if (s->flags & SLAB_RED_ZONE) {
799 if (!check_bytes_and_report(s, page, object, "Redzone",
800 endobject, val, s->inuse - s->object_size))
803 if ((s->flags & SLAB_POISON) && s->object_size < s->inuse) {
804 check_bytes_and_report(s, page, p, "Alignment padding",
805 endobject, POISON_INUSE,
806 s->inuse - s->object_size);
810 if (s->flags & SLAB_POISON) {
811 if (val != SLUB_RED_ACTIVE && (s->flags & __OBJECT_POISON) &&
812 (!check_bytes_and_report(s, page, p, "Poison", p,
813 POISON_FREE, s->object_size - 1) ||
814 !check_bytes_and_report(s, page, p, "Poison",
815 p + s->object_size - 1, POISON_END, 1)))
818 * check_pad_bytes cleans up on its own.
820 check_pad_bytes(s, page, p);
823 if (!s->offset && val == SLUB_RED_ACTIVE)
825 * Object and freepointer overlap. Cannot check
826 * freepointer while object is allocated.
830 /* Check free pointer validity */
831 if (!check_valid_pointer(s, page, get_freepointer(s, p))) {
832 object_err(s, page, p, "Freepointer corrupt");
834 * No choice but to zap it and thus lose the remainder
835 * of the free objects in this slab. May cause
836 * another error because the object count is now wrong.
838 set_freepointer(s, p, NULL);
844 static int check_slab(struct kmem_cache *s, struct page *page)
848 VM_BUG_ON(!irqs_disabled());
850 if (!PageSlab(page)) {
851 slab_err(s, page, "Not a valid slab page");
855 maxobj = order_objects(compound_order(page), s->size, s->reserved);
856 if (page->objects > maxobj) {
857 slab_err(s, page, "objects %u > max %u",
858 s->name, page->objects, maxobj);
861 if (page->inuse > page->objects) {
862 slab_err(s, page, "inuse %u > max %u",
863 s->name, page->inuse, page->objects);
866 /* Slab_pad_check fixes things up after itself */
867 slab_pad_check(s, page);
872 * Determine if a certain object on a page is on the freelist. Must hold the
873 * slab lock to guarantee that the chains are in a consistent state.
875 static int on_freelist(struct kmem_cache *s, struct page *page, void *search)
880 unsigned long max_objects;
883 while (fp && nr <= page->objects) {
886 if (!check_valid_pointer(s, page, fp)) {
888 object_err(s, page, object,
889 "Freechain corrupt");
890 set_freepointer(s, object, NULL);
892 slab_err(s, page, "Freepointer corrupt");
893 page->freelist = NULL;
894 page->inuse = page->objects;
895 slab_fix(s, "Freelist cleared");
901 fp = get_freepointer(s, object);
905 max_objects = order_objects(compound_order(page), s->size, s->reserved);
906 if (max_objects > MAX_OBJS_PER_PAGE)
907 max_objects = MAX_OBJS_PER_PAGE;
909 if (page->objects != max_objects) {
910 slab_err(s, page, "Wrong number of objects. Found %d but "
911 "should be %d", page->objects, max_objects);
912 page->objects = max_objects;
913 slab_fix(s, "Number of objects adjusted.");
915 if (page->inuse != page->objects - nr) {
916 slab_err(s, page, "Wrong object count. Counter is %d but "
917 "counted were %d", page->inuse, page->objects - nr);
918 page->inuse = page->objects - nr;
919 slab_fix(s, "Object count adjusted.");
921 return search == NULL;
924 static void trace(struct kmem_cache *s, struct page *page, void *object,
927 if (s->flags & SLAB_TRACE) {
928 pr_info("TRACE %s %s 0x%p inuse=%d fp=0x%p\n",
930 alloc ? "alloc" : "free",
935 print_section("Object ", (void *)object,
943 * Tracking of fully allocated slabs for debugging purposes.
945 static void add_full(struct kmem_cache *s,
946 struct kmem_cache_node *n, struct page *page)
948 if (!(s->flags & SLAB_STORE_USER))
951 lockdep_assert_held(&n->list_lock);
952 list_add(&page->lru, &n->full);
955 static void remove_full(struct kmem_cache *s, struct kmem_cache_node *n, struct page *page)
957 if (!(s->flags & SLAB_STORE_USER))
960 lockdep_assert_held(&n->list_lock);
961 list_del(&page->lru);
964 /* Tracking of the number of slabs for debugging purposes */
965 static inline unsigned long slabs_node(struct kmem_cache *s, int node)
967 struct kmem_cache_node *n = get_node(s, node);
969 return atomic_long_read(&n->nr_slabs);
972 static inline unsigned long node_nr_slabs(struct kmem_cache_node *n)
974 return atomic_long_read(&n->nr_slabs);
977 static inline void inc_slabs_node(struct kmem_cache *s, int node, int objects)
979 struct kmem_cache_node *n = get_node(s, node);
982 * May be called early in order to allocate a slab for the
983 * kmem_cache_node structure. Solve the chicken-egg
984 * dilemma by deferring the increment of the count during
985 * bootstrap (see early_kmem_cache_node_alloc).
988 atomic_long_inc(&n->nr_slabs);
989 atomic_long_add(objects, &n->total_objects);
992 static inline void dec_slabs_node(struct kmem_cache *s, int node, int objects)
994 struct kmem_cache_node *n = get_node(s, node);
996 atomic_long_dec(&n->nr_slabs);
997 atomic_long_sub(objects, &n->total_objects);
1000 /* Object debug checks for alloc/free paths */
1001 static void setup_object_debug(struct kmem_cache *s, struct page *page,
1004 if (!(s->flags & (SLAB_STORE_USER|SLAB_RED_ZONE|__OBJECT_POISON)))
1007 init_object(s, object, SLUB_RED_INACTIVE);
1008 init_tracking(s, object);
1011 static noinline int alloc_debug_processing(struct kmem_cache *s,
1013 void *object, unsigned long addr)
1015 if (!check_slab(s, page))
1018 if (!check_valid_pointer(s, page, object)) {
1019 object_err(s, page, object, "Freelist Pointer check fails");
1023 if (!check_object(s, page, object, SLUB_RED_INACTIVE))
1026 /* Success perform special debug activities for allocs */
1027 if (s->flags & SLAB_STORE_USER)
1028 set_track(s, object, TRACK_ALLOC, addr);
1029 trace(s, page, object, 1);
1030 init_object(s, object, SLUB_RED_ACTIVE);
1034 if (PageSlab(page)) {
1036 * If this is a slab page then lets do the best we can
1037 * to avoid issues in the future. Marking all objects
1038 * as used avoids touching the remaining objects.
1040 slab_fix(s, "Marking all objects used");
1041 page->inuse = page->objects;
1042 page->freelist = NULL;
1047 static noinline struct kmem_cache_node *free_debug_processing(
1048 struct kmem_cache *s, struct page *page, void *object,
1049 unsigned long addr, unsigned long *flags)
1051 struct kmem_cache_node *n = get_node(s, page_to_nid(page));
1053 spin_lock_irqsave(&n->list_lock, *flags);
1056 if (!check_slab(s, page))
1059 if (!check_valid_pointer(s, page, object)) {
1060 slab_err(s, page, "Invalid object pointer 0x%p", object);
1064 if (on_freelist(s, page, object)) {
1065 object_err(s, page, object, "Object already free");
1069 if (!check_object(s, page, object, SLUB_RED_ACTIVE))
1072 if (unlikely(s != page->slab_cache)) {
1073 if (!PageSlab(page)) {
1074 slab_err(s, page, "Attempt to free object(0x%p) "
1075 "outside of slab", object);
1076 } else if (!page->slab_cache) {
1077 pr_err("SLUB <none>: no slab for object 0x%p.\n",
1081 object_err(s, page, object,
1082 "page slab pointer corrupt.");
1086 if (s->flags & SLAB_STORE_USER)
1087 set_track(s, object, TRACK_FREE, addr);
1088 trace(s, page, object, 0);
1089 init_object(s, object, SLUB_RED_INACTIVE);
1093 * Keep node_lock to preserve integrity
1094 * until the object is actually freed
1100 spin_unlock_irqrestore(&n->list_lock, *flags);
1101 slab_fix(s, "Object at 0x%p not freed", object);
1105 static int __init setup_slub_debug(char *str)
1107 slub_debug = DEBUG_DEFAULT_FLAGS;
1108 if (*str++ != '=' || !*str)
1110 * No options specified. Switch on full debugging.
1116 * No options but restriction on slabs. This means full
1117 * debugging for slabs matching a pattern.
1121 if (tolower(*str) == 'o') {
1123 * Avoid enabling debugging on caches if its minimum order
1124 * would increase as a result.
1126 disable_higher_order_debug = 1;
1133 * Switch off all debugging measures.
1138 * Determine which debug features should be switched on
1140 for (; *str && *str != ','; str++) {
1141 switch (tolower(*str)) {
1143 slub_debug |= SLAB_DEBUG_FREE;
1146 slub_debug |= SLAB_RED_ZONE;
1149 slub_debug |= SLAB_POISON;
1152 slub_debug |= SLAB_STORE_USER;
1155 slub_debug |= SLAB_TRACE;
1158 slub_debug |= SLAB_FAILSLAB;
1161 pr_err("slub_debug option '%c' unknown. skipped\n",
1168 slub_debug_slabs = str + 1;
1173 __setup("slub_debug", setup_slub_debug);
1175 static unsigned long kmem_cache_flags(unsigned long object_size,
1176 unsigned long flags, const char *name,
1177 void (*ctor)(void *))
1180 * Enable debugging if selected on the kernel commandline.
1182 if (slub_debug && (!slub_debug_slabs || (name &&
1183 !strncmp(slub_debug_slabs, name, strlen(slub_debug_slabs)))))
1184 flags |= slub_debug;
1189 static inline void setup_object_debug(struct kmem_cache *s,
1190 struct page *page, void *object) {}
1192 static inline int alloc_debug_processing(struct kmem_cache *s,
1193 struct page *page, void *object, unsigned long addr) { return 0; }
1195 static inline struct kmem_cache_node *free_debug_processing(
1196 struct kmem_cache *s, struct page *page, void *object,
1197 unsigned long addr, unsigned long *flags) { return NULL; }
1199 static inline int slab_pad_check(struct kmem_cache *s, struct page *page)
1201 static inline int check_object(struct kmem_cache *s, struct page *page,
1202 void *object, u8 val) { return 1; }
1203 static inline void add_full(struct kmem_cache *s, struct kmem_cache_node *n,
1204 struct page *page) {}
1205 static inline void remove_full(struct kmem_cache *s, struct kmem_cache_node *n,
1206 struct page *page) {}
1207 static inline unsigned long kmem_cache_flags(unsigned long object_size,
1208 unsigned long flags, const char *name,
1209 void (*ctor)(void *))
1213 #define slub_debug 0
1215 #define disable_higher_order_debug 0
1217 static inline unsigned long slabs_node(struct kmem_cache *s, int node)
1219 static inline unsigned long node_nr_slabs(struct kmem_cache_node *n)
1221 static inline void inc_slabs_node(struct kmem_cache *s, int node,
1223 static inline void dec_slabs_node(struct kmem_cache *s, int node,
1226 #endif /* CONFIG_SLUB_DEBUG */
1229 * Hooks for other subsystems that check memory allocations. In a typical
1230 * production configuration these hooks all should produce no code at all.
1232 static inline void kmalloc_large_node_hook(void *ptr, size_t size, gfp_t flags)
1234 kmemleak_alloc(ptr, size, 1, flags);
1237 static inline void kfree_hook(const void *x)
1242 static inline int slab_pre_alloc_hook(struct kmem_cache *s, gfp_t flags)
1244 flags &= gfp_allowed_mask;
1245 lockdep_trace_alloc(flags);
1246 might_sleep_if(flags & __GFP_WAIT);
1248 return should_failslab(s->object_size, flags, s->flags);
1251 static inline void slab_post_alloc_hook(struct kmem_cache *s,
1252 gfp_t flags, void *object)
1254 flags &= gfp_allowed_mask;
1255 kmemcheck_slab_alloc(s, flags, object, slab_ksize(s));
1256 kmemleak_alloc_recursive(object, s->object_size, 1, s->flags, flags);
1259 static inline void slab_free_hook(struct kmem_cache *s, void *x)
1261 kmemleak_free_recursive(x, s->flags);
1264 * Trouble is that we may no longer disable interrupts in the fast path
1265 * So in order to make the debug calls that expect irqs to be
1266 * disabled we need to disable interrupts temporarily.
1268 #if defined(CONFIG_KMEMCHECK) || defined(CONFIG_LOCKDEP)
1270 unsigned long flags;
1272 local_irq_save(flags);
1273 kmemcheck_slab_free(s, x, s->object_size);
1274 debug_check_no_locks_freed(x, s->object_size);
1275 local_irq_restore(flags);
1278 if (!(s->flags & SLAB_DEBUG_OBJECTS))
1279 debug_check_no_obj_freed(x, s->object_size);
1283 * Slab allocation and freeing
1285 static inline struct page *alloc_slab_page(struct kmem_cache *s,
1286 gfp_t flags, int node, struct kmem_cache_order_objects oo)
1289 int order = oo_order(oo);
1291 flags |= __GFP_NOTRACK;
1293 if (memcg_charge_slab(s, flags, order))
1296 if (node == NUMA_NO_NODE)
1297 page = alloc_pages(flags, order);
1299 page = alloc_pages_exact_node(node, flags, order);
1302 memcg_uncharge_slab(s, order);
1307 static struct page *allocate_slab(struct kmem_cache *s, gfp_t flags, int node)
1310 struct kmem_cache_order_objects oo = s->oo;
1313 flags &= gfp_allowed_mask;
1315 if (flags & __GFP_WAIT)
1318 flags |= s->allocflags;
1321 * Let the initial higher-order allocation fail under memory pressure
1322 * so we fall-back to the minimum order allocation.
1324 alloc_gfp = (flags | __GFP_NOWARN | __GFP_NORETRY) & ~__GFP_NOFAIL;
1326 page = alloc_slab_page(s, alloc_gfp, node, oo);
1327 if (unlikely(!page)) {
1331 * Allocation may have failed due to fragmentation.
1332 * Try a lower order alloc if possible
1334 page = alloc_slab_page(s, alloc_gfp, node, oo);
1337 stat(s, ORDER_FALLBACK);
1340 if (kmemcheck_enabled && page
1341 && !(s->flags & (SLAB_NOTRACK | DEBUG_DEFAULT_FLAGS))) {
1342 int pages = 1 << oo_order(oo);
1344 kmemcheck_alloc_shadow(page, oo_order(oo), alloc_gfp, node);
1347 * Objects from caches that have a constructor don't get
1348 * cleared when they're allocated, so we need to do it here.
1351 kmemcheck_mark_uninitialized_pages(page, pages);
1353 kmemcheck_mark_unallocated_pages(page, pages);
1356 if (flags & __GFP_WAIT)
1357 local_irq_disable();
1361 page->objects = oo_objects(oo);
1362 mod_zone_page_state(page_zone(page),
1363 (s->flags & SLAB_RECLAIM_ACCOUNT) ?
1364 NR_SLAB_RECLAIMABLE : NR_SLAB_UNRECLAIMABLE,
1370 static void setup_object(struct kmem_cache *s, struct page *page,
1373 setup_object_debug(s, page, object);
1374 if (unlikely(s->ctor))
1378 static struct page *new_slab(struct kmem_cache *s, gfp_t flags, int node)
1386 BUG_ON(flags & GFP_SLAB_BUG_MASK);
1388 page = allocate_slab(s,
1389 flags & (GFP_RECLAIM_MASK | GFP_CONSTRAINT_MASK), node);
1393 order = compound_order(page);
1394 inc_slabs_node(s, page_to_nid(page), page->objects);
1395 page->slab_cache = s;
1396 __SetPageSlab(page);
1397 if (page->pfmemalloc)
1398 SetPageSlabPfmemalloc(page);
1400 start = page_address(page);
1402 if (unlikely(s->flags & SLAB_POISON))
1403 memset(start, POISON_INUSE, PAGE_SIZE << order);
1406 for_each_object(p, s, start, page->objects) {
1407 setup_object(s, page, last);
1408 set_freepointer(s, last, p);
1411 setup_object(s, page, last);
1412 set_freepointer(s, last, NULL);
1414 page->freelist = start;
1415 page->inuse = page->objects;
1421 static void __free_slab(struct kmem_cache *s, struct page *page)
1423 int order = compound_order(page);
1424 int pages = 1 << order;
1426 if (kmem_cache_debug(s)) {
1429 slab_pad_check(s, page);
1430 for_each_object(p, s, page_address(page),
1432 check_object(s, page, p, SLUB_RED_INACTIVE);
1435 kmemcheck_free_shadow(page, compound_order(page));
1437 mod_zone_page_state(page_zone(page),
1438 (s->flags & SLAB_RECLAIM_ACCOUNT) ?
1439 NR_SLAB_RECLAIMABLE : NR_SLAB_UNRECLAIMABLE,
1442 __ClearPageSlabPfmemalloc(page);
1443 __ClearPageSlab(page);
1445 page_mapcount_reset(page);
1446 if (current->reclaim_state)
1447 current->reclaim_state->reclaimed_slab += pages;
1448 __free_pages(page, order);
1449 memcg_uncharge_slab(s, order);
1452 #define need_reserve_slab_rcu \
1453 (sizeof(((struct page *)NULL)->lru) < sizeof(struct rcu_head))
1455 static void rcu_free_slab(struct rcu_head *h)
1459 if (need_reserve_slab_rcu)
1460 page = virt_to_head_page(h);
1462 page = container_of((struct list_head *)h, struct page, lru);
1464 __free_slab(page->slab_cache, page);
1467 static void free_slab(struct kmem_cache *s, struct page *page)
1469 if (unlikely(s->flags & SLAB_DESTROY_BY_RCU)) {
1470 struct rcu_head *head;
1472 if (need_reserve_slab_rcu) {
1473 int order = compound_order(page);
1474 int offset = (PAGE_SIZE << order) - s->reserved;
1476 VM_BUG_ON(s->reserved != sizeof(*head));
1477 head = page_address(page) + offset;
1480 * RCU free overloads the RCU head over the LRU
1482 head = (void *)&page->lru;
1485 call_rcu(head, rcu_free_slab);
1487 __free_slab(s, page);
1490 static void discard_slab(struct kmem_cache *s, struct page *page)
1492 dec_slabs_node(s, page_to_nid(page), page->objects);
1497 * Management of partially allocated slabs.
1500 __add_partial(struct kmem_cache_node *n, struct page *page, int tail)
1503 if (tail == DEACTIVATE_TO_TAIL)
1504 list_add_tail(&page->lru, &n->partial);
1506 list_add(&page->lru, &n->partial);
1509 static inline void add_partial(struct kmem_cache_node *n,
1510 struct page *page, int tail)
1512 lockdep_assert_held(&n->list_lock);
1513 __add_partial(n, page, tail);
1517 __remove_partial(struct kmem_cache_node *n, struct page *page)
1519 list_del(&page->lru);
1523 static inline void remove_partial(struct kmem_cache_node *n,
1526 lockdep_assert_held(&n->list_lock);
1527 __remove_partial(n, page);
1531 * Remove slab from the partial list, freeze it and
1532 * return the pointer to the freelist.
1534 * Returns a list of objects or NULL if it fails.
1536 static inline void *acquire_slab(struct kmem_cache *s,
1537 struct kmem_cache_node *n, struct page *page,
1538 int mode, int *objects)
1541 unsigned long counters;
1544 lockdep_assert_held(&n->list_lock);
1547 * Zap the freelist and set the frozen bit.
1548 * The old freelist is the list of objects for the
1549 * per cpu allocation list.
1551 freelist = page->freelist;
1552 counters = page->counters;
1553 new.counters = counters;
1554 *objects = new.objects - new.inuse;
1556 new.inuse = page->objects;
1557 new.freelist = NULL;
1559 new.freelist = freelist;
1562 VM_BUG_ON(new.frozen);
1565 if (!__cmpxchg_double_slab(s, page,
1567 new.freelist, new.counters,
1571 remove_partial(n, page);
1576 static void put_cpu_partial(struct kmem_cache *s, struct page *page, int drain);
1577 static inline bool pfmemalloc_match(struct page *page, gfp_t gfpflags);
1580 * Try to allocate a partial slab from a specific node.
1582 static void *get_partial_node(struct kmem_cache *s, struct kmem_cache_node *n,
1583 struct kmem_cache_cpu *c, gfp_t flags)
1585 struct page *page, *page2;
1586 void *object = NULL;
1591 * Racy check. If we mistakenly see no partial slabs then we
1592 * just allocate an empty slab. If we mistakenly try to get a
1593 * partial slab and there is none available then get_partials()
1596 if (!n || !n->nr_partial)
1599 spin_lock(&n->list_lock);
1600 list_for_each_entry_safe(page, page2, &n->partial, lru) {
1603 if (!pfmemalloc_match(page, flags))
1606 t = acquire_slab(s, n, page, object == NULL, &objects);
1610 available += objects;
1613 stat(s, ALLOC_FROM_PARTIAL);
1616 put_cpu_partial(s, page, 0);
1617 stat(s, CPU_PARTIAL_NODE);
1619 if (!kmem_cache_has_cpu_partial(s)
1620 || available > s->cpu_partial / 2)
1624 spin_unlock(&n->list_lock);
1629 * Get a page from somewhere. Search in increasing NUMA distances.
1631 static void *get_any_partial(struct kmem_cache *s, gfp_t flags,
1632 struct kmem_cache_cpu *c)
1635 struct zonelist *zonelist;
1638 enum zone_type high_zoneidx = gfp_zone(flags);
1640 unsigned int cpuset_mems_cookie;
1643 * The defrag ratio allows a configuration of the tradeoffs between
1644 * inter node defragmentation and node local allocations. A lower
1645 * defrag_ratio increases the tendency to do local allocations
1646 * instead of attempting to obtain partial slabs from other nodes.
1648 * If the defrag_ratio is set to 0 then kmalloc() always
1649 * returns node local objects. If the ratio is higher then kmalloc()
1650 * may return off node objects because partial slabs are obtained
1651 * from other nodes and filled up.
1653 * If /sys/kernel/slab/xx/defrag_ratio is set to 100 (which makes
1654 * defrag_ratio = 1000) then every (well almost) allocation will
1655 * first attempt to defrag slab caches on other nodes. This means
1656 * scanning over all nodes to look for partial slabs which may be
1657 * expensive if we do it every time we are trying to find a slab
1658 * with available objects.
1660 if (!s->remote_node_defrag_ratio ||
1661 get_cycles() % 1024 > s->remote_node_defrag_ratio)
1665 cpuset_mems_cookie = read_mems_allowed_begin();
1666 zonelist = node_zonelist(mempolicy_slab_node(), flags);
1667 for_each_zone_zonelist(zone, z, zonelist, high_zoneidx) {
1668 struct kmem_cache_node *n;
1670 n = get_node(s, zone_to_nid(zone));
1672 if (n && cpuset_zone_allowed_hardwall(zone, flags) &&
1673 n->nr_partial > s->min_partial) {
1674 object = get_partial_node(s, n, c, flags);
1677 * Don't check read_mems_allowed_retry()
1678 * here - if mems_allowed was updated in
1679 * parallel, that was a harmless race
1680 * between allocation and the cpuset
1687 } while (read_mems_allowed_retry(cpuset_mems_cookie));
1693 * Get a partial page, lock it and return it.
1695 static void *get_partial(struct kmem_cache *s, gfp_t flags, int node,
1696 struct kmem_cache_cpu *c)
1699 int searchnode = (node == NUMA_NO_NODE) ? numa_mem_id() : node;
1701 object = get_partial_node(s, get_node(s, searchnode), c, flags);
1702 if (object || node != NUMA_NO_NODE)
1705 return get_any_partial(s, flags, c);
1708 #ifdef CONFIG_PREEMPT
1710 * Calculate the next globally unique transaction for disambiguiation
1711 * during cmpxchg. The transactions start with the cpu number and are then
1712 * incremented by CONFIG_NR_CPUS.
1714 #define TID_STEP roundup_pow_of_two(CONFIG_NR_CPUS)
1717 * No preemption supported therefore also no need to check for
1723 static inline unsigned long next_tid(unsigned long tid)
1725 return tid + TID_STEP;
1728 static inline unsigned int tid_to_cpu(unsigned long tid)
1730 return tid % TID_STEP;
1733 static inline unsigned long tid_to_event(unsigned long tid)
1735 return tid / TID_STEP;
1738 static inline unsigned int init_tid(int cpu)
1743 static inline void note_cmpxchg_failure(const char *n,
1744 const struct kmem_cache *s, unsigned long tid)
1746 #ifdef SLUB_DEBUG_CMPXCHG
1747 unsigned long actual_tid = __this_cpu_read(s->cpu_slab->tid);
1749 pr_info("%s %s: cmpxchg redo ", n, s->name);
1751 #ifdef CONFIG_PREEMPT
1752 if (tid_to_cpu(tid) != tid_to_cpu(actual_tid))
1753 pr_warn("due to cpu change %d -> %d\n",
1754 tid_to_cpu(tid), tid_to_cpu(actual_tid));
1757 if (tid_to_event(tid) != tid_to_event(actual_tid))
1758 pr_warn("due to cpu running other code. Event %ld->%ld\n",
1759 tid_to_event(tid), tid_to_event(actual_tid));
1761 pr_warn("for unknown reason: actual=%lx was=%lx target=%lx\n",
1762 actual_tid, tid, next_tid(tid));
1764 stat(s, CMPXCHG_DOUBLE_CPU_FAIL);
1767 static void init_kmem_cache_cpus(struct kmem_cache *s)
1771 for_each_possible_cpu(cpu)
1772 per_cpu_ptr(s->cpu_slab, cpu)->tid = init_tid(cpu);
1776 * Remove the cpu slab
1778 static void deactivate_slab(struct kmem_cache *s, struct page *page,
1781 enum slab_modes { M_NONE, M_PARTIAL, M_FULL, M_FREE };
1782 struct kmem_cache_node *n = get_node(s, page_to_nid(page));
1784 enum slab_modes l = M_NONE, m = M_NONE;
1786 int tail = DEACTIVATE_TO_HEAD;
1790 if (page->freelist) {
1791 stat(s, DEACTIVATE_REMOTE_FREES);
1792 tail = DEACTIVATE_TO_TAIL;
1796 * Stage one: Free all available per cpu objects back
1797 * to the page freelist while it is still frozen. Leave the
1800 * There is no need to take the list->lock because the page
1803 while (freelist && (nextfree = get_freepointer(s, freelist))) {
1805 unsigned long counters;
1808 prior = page->freelist;
1809 counters = page->counters;
1810 set_freepointer(s, freelist, prior);
1811 new.counters = counters;
1813 VM_BUG_ON(!new.frozen);
1815 } while (!__cmpxchg_double_slab(s, page,
1817 freelist, new.counters,
1818 "drain percpu freelist"));
1820 freelist = nextfree;
1824 * Stage two: Ensure that the page is unfrozen while the
1825 * list presence reflects the actual number of objects
1828 * We setup the list membership and then perform a cmpxchg
1829 * with the count. If there is a mismatch then the page
1830 * is not unfrozen but the page is on the wrong list.
1832 * Then we restart the process which may have to remove
1833 * the page from the list that we just put it on again
1834 * because the number of objects in the slab may have
1839 old.freelist = page->freelist;
1840 old.counters = page->counters;
1841 VM_BUG_ON(!old.frozen);
1843 /* Determine target state of the slab */
1844 new.counters = old.counters;
1847 set_freepointer(s, freelist, old.freelist);
1848 new.freelist = freelist;
1850 new.freelist = old.freelist;
1854 if (!new.inuse && n->nr_partial >= s->min_partial)
1856 else if (new.freelist) {
1861 * Taking the spinlock removes the possiblity
1862 * that acquire_slab() will see a slab page that
1865 spin_lock(&n->list_lock);
1869 if (kmem_cache_debug(s) && !lock) {
1872 * This also ensures that the scanning of full
1873 * slabs from diagnostic functions will not see
1876 spin_lock(&n->list_lock);
1884 remove_partial(n, page);
1886 else if (l == M_FULL)
1888 remove_full(s, n, page);
1890 if (m == M_PARTIAL) {
1892 add_partial(n, page, tail);
1895 } else if (m == M_FULL) {
1897 stat(s, DEACTIVATE_FULL);
1898 add_full(s, n, page);
1904 if (!__cmpxchg_double_slab(s, page,
1905 old.freelist, old.counters,
1906 new.freelist, new.counters,
1911 spin_unlock(&n->list_lock);
1914 stat(s, DEACTIVATE_EMPTY);
1915 discard_slab(s, page);
1921 * Unfreeze all the cpu partial slabs.
1923 * This function must be called with interrupts disabled
1924 * for the cpu using c (or some other guarantee must be there
1925 * to guarantee no concurrent accesses).
1927 static void unfreeze_partials(struct kmem_cache *s,
1928 struct kmem_cache_cpu *c)
1930 #ifdef CONFIG_SLUB_CPU_PARTIAL
1931 struct kmem_cache_node *n = NULL, *n2 = NULL;
1932 struct page *page, *discard_page = NULL;
1934 while ((page = c->partial)) {
1938 c->partial = page->next;
1940 n2 = get_node(s, page_to_nid(page));
1943 spin_unlock(&n->list_lock);
1946 spin_lock(&n->list_lock);
1951 old.freelist = page->freelist;
1952 old.counters = page->counters;
1953 VM_BUG_ON(!old.frozen);
1955 new.counters = old.counters;
1956 new.freelist = old.freelist;
1960 } while (!__cmpxchg_double_slab(s, page,
1961 old.freelist, old.counters,
1962 new.freelist, new.counters,
1963 "unfreezing slab"));
1965 if (unlikely(!new.inuse && n->nr_partial >= s->min_partial)) {
1966 page->next = discard_page;
1967 discard_page = page;
1969 add_partial(n, page, DEACTIVATE_TO_TAIL);
1970 stat(s, FREE_ADD_PARTIAL);
1975 spin_unlock(&n->list_lock);
1977 while (discard_page) {
1978 page = discard_page;
1979 discard_page = discard_page->next;
1981 stat(s, DEACTIVATE_EMPTY);
1982 discard_slab(s, page);
1989 * Put a page that was just frozen (in __slab_free) into a partial page
1990 * slot if available. This is done without interrupts disabled and without
1991 * preemption disabled. The cmpxchg is racy and may put the partial page
1992 * onto a random cpus partial slot.
1994 * If we did not find a slot then simply move all the partials to the
1995 * per node partial list.
1997 static void put_cpu_partial(struct kmem_cache *s, struct page *page, int drain)
1999 #ifdef CONFIG_SLUB_CPU_PARTIAL
2000 struct page *oldpage;
2007 oldpage = this_cpu_read(s->cpu_slab->partial);
2010 pobjects = oldpage->pobjects;
2011 pages = oldpage->pages;
2012 if (drain && pobjects > s->cpu_partial) {
2013 unsigned long flags;
2015 * partial array is full. Move the existing
2016 * set to the per node partial list.
2018 local_irq_save(flags);
2019 unfreeze_partials(s, this_cpu_ptr(s->cpu_slab));
2020 local_irq_restore(flags);
2024 stat(s, CPU_PARTIAL_DRAIN);
2029 pobjects += page->objects - page->inuse;
2031 page->pages = pages;
2032 page->pobjects = pobjects;
2033 page->next = oldpage;
2035 } while (this_cpu_cmpxchg(s->cpu_slab->partial, oldpage, page)
2040 static inline void flush_slab(struct kmem_cache *s, struct kmem_cache_cpu *c)
2042 stat(s, CPUSLAB_FLUSH);
2043 deactivate_slab(s, c->page, c->freelist);
2045 c->tid = next_tid(c->tid);
2053 * Called from IPI handler with interrupts disabled.
2055 static inline void __flush_cpu_slab(struct kmem_cache *s, int cpu)
2057 struct kmem_cache_cpu *c = per_cpu_ptr(s->cpu_slab, cpu);
2063 unfreeze_partials(s, c);
2067 static void flush_cpu_slab(void *d)
2069 struct kmem_cache *s = d;
2071 __flush_cpu_slab(s, smp_processor_id());
2074 static bool has_cpu_slab(int cpu, void *info)
2076 struct kmem_cache *s = info;
2077 struct kmem_cache_cpu *c = per_cpu_ptr(s->cpu_slab, cpu);
2079 return c->page || c->partial;
2082 static void flush_all(struct kmem_cache *s)
2084 on_each_cpu_cond(has_cpu_slab, flush_cpu_slab, s, 1, GFP_ATOMIC);
2088 * Check if the objects in a per cpu structure fit numa
2089 * locality expectations.
2091 static inline int node_match(struct page *page, int node)
2094 if (!page || (node != NUMA_NO_NODE && page_to_nid(page) != node))
2100 #ifdef CONFIG_SLUB_DEBUG
2101 static int count_free(struct page *page)
2103 return page->objects - page->inuse;
2106 static inline unsigned long node_nr_objs(struct kmem_cache_node *n)
2108 return atomic_long_read(&n->total_objects);
2110 #endif /* CONFIG_SLUB_DEBUG */
2112 #if defined(CONFIG_SLUB_DEBUG) || defined(CONFIG_SYSFS)
2113 static unsigned long count_partial(struct kmem_cache_node *n,
2114 int (*get_count)(struct page *))
2116 unsigned long flags;
2117 unsigned long x = 0;
2120 spin_lock_irqsave(&n->list_lock, flags);
2121 list_for_each_entry(page, &n->partial, lru)
2122 x += get_count(page);
2123 spin_unlock_irqrestore(&n->list_lock, flags);
2126 #endif /* CONFIG_SLUB_DEBUG || CONFIG_SYSFS */
2128 static noinline void
2129 slab_out_of_memory(struct kmem_cache *s, gfp_t gfpflags, int nid)
2131 #ifdef CONFIG_SLUB_DEBUG
2132 static DEFINE_RATELIMIT_STATE(slub_oom_rs, DEFAULT_RATELIMIT_INTERVAL,
2133 DEFAULT_RATELIMIT_BURST);
2135 struct kmem_cache_node *n;
2137 if ((gfpflags & __GFP_NOWARN) || !__ratelimit(&slub_oom_rs))
2140 pr_warn("SLUB: Unable to allocate memory on node %d (gfp=0x%x)\n",
2142 pr_warn(" cache: %s, object size: %d, buffer size: %d, default order: %d, min order: %d\n",
2143 s->name, s->object_size, s->size, oo_order(s->oo),
2146 if (oo_order(s->min) > get_order(s->object_size))
2147 pr_warn(" %s debugging increased min order, use slub_debug=O to disable.\n",
2150 for_each_kmem_cache_node(s, node, n) {
2151 unsigned long nr_slabs;
2152 unsigned long nr_objs;
2153 unsigned long nr_free;
2155 nr_free = count_partial(n, count_free);
2156 nr_slabs = node_nr_slabs(n);
2157 nr_objs = node_nr_objs(n);
2159 pr_warn(" node %d: slabs: %ld, objs: %ld, free: %ld\n",
2160 node, nr_slabs, nr_objs, nr_free);
2165 static inline void *new_slab_objects(struct kmem_cache *s, gfp_t flags,
2166 int node, struct kmem_cache_cpu **pc)
2169 struct kmem_cache_cpu *c = *pc;
2172 freelist = get_partial(s, flags, node, c);
2177 page = new_slab(s, flags, node);
2179 c = raw_cpu_ptr(s->cpu_slab);
2184 * No other reference to the page yet so we can
2185 * muck around with it freely without cmpxchg
2187 freelist = page->freelist;
2188 page->freelist = NULL;
2190 stat(s, ALLOC_SLAB);
2199 static inline bool pfmemalloc_match(struct page *page, gfp_t gfpflags)
2201 if (unlikely(PageSlabPfmemalloc(page)))
2202 return gfp_pfmemalloc_allowed(gfpflags);
2208 * Check the page->freelist of a page and either transfer the freelist to the
2209 * per cpu freelist or deactivate the page.
2211 * The page is still frozen if the return value is not NULL.
2213 * If this function returns NULL then the page has been unfrozen.
2215 * This function must be called with interrupt disabled.
2217 static inline void *get_freelist(struct kmem_cache *s, struct page *page)
2220 unsigned long counters;
2224 freelist = page->freelist;
2225 counters = page->counters;
2227 new.counters = counters;
2228 VM_BUG_ON(!new.frozen);
2230 new.inuse = page->objects;
2231 new.frozen = freelist != NULL;
2233 } while (!__cmpxchg_double_slab(s, page,
2242 * Slow path. The lockless freelist is empty or we need to perform
2245 * Processing is still very fast if new objects have been freed to the
2246 * regular freelist. In that case we simply take over the regular freelist
2247 * as the lockless freelist and zap the regular freelist.
2249 * If that is not working then we fall back to the partial lists. We take the
2250 * first element of the freelist as the object to allocate now and move the
2251 * rest of the freelist to the lockless freelist.
2253 * And if we were unable to get a new slab from the partial slab lists then
2254 * we need to allocate a new slab. This is the slowest path since it involves
2255 * a call to the page allocator and the setup of a new slab.
2257 static void *__slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
2258 unsigned long addr, struct kmem_cache_cpu *c)
2262 unsigned long flags;
2264 local_irq_save(flags);
2265 #ifdef CONFIG_PREEMPT
2267 * We may have been preempted and rescheduled on a different
2268 * cpu before disabling interrupts. Need to reload cpu area
2271 c = this_cpu_ptr(s->cpu_slab);
2279 if (unlikely(!node_match(page, node))) {
2280 stat(s, ALLOC_NODE_MISMATCH);
2281 deactivate_slab(s, page, c->freelist);
2288 * By rights, we should be searching for a slab page that was
2289 * PFMEMALLOC but right now, we are losing the pfmemalloc
2290 * information when the page leaves the per-cpu allocator
2292 if (unlikely(!pfmemalloc_match(page, gfpflags))) {
2293 deactivate_slab(s, page, c->freelist);
2299 /* must check again c->freelist in case of cpu migration or IRQ */
2300 freelist = c->freelist;
2304 freelist = get_freelist(s, page);
2308 stat(s, DEACTIVATE_BYPASS);
2312 stat(s, ALLOC_REFILL);
2316 * freelist is pointing to the list of objects to be used.
2317 * page is pointing to the page from which the objects are obtained.
2318 * That page must be frozen for per cpu allocations to work.
2320 VM_BUG_ON(!c->page->frozen);
2321 c->freelist = get_freepointer(s, freelist);
2322 c->tid = next_tid(c->tid);
2323 local_irq_restore(flags);
2329 page = c->page = c->partial;
2330 c->partial = page->next;
2331 stat(s, CPU_PARTIAL_ALLOC);
2336 freelist = new_slab_objects(s, gfpflags, node, &c);
2338 if (unlikely(!freelist)) {
2339 slab_out_of_memory(s, gfpflags, node);
2340 local_irq_restore(flags);
2345 if (likely(!kmem_cache_debug(s) && pfmemalloc_match(page, gfpflags)))
2348 /* Only entered in the debug case */
2349 if (kmem_cache_debug(s) &&
2350 !alloc_debug_processing(s, page, freelist, addr))
2351 goto new_slab; /* Slab failed checks. Next slab needed */
2353 deactivate_slab(s, page, get_freepointer(s, freelist));
2356 local_irq_restore(flags);
2361 * Inlined fastpath so that allocation functions (kmalloc, kmem_cache_alloc)
2362 * have the fastpath folded into their functions. So no function call
2363 * overhead for requests that can be satisfied on the fastpath.
2365 * The fastpath works by first checking if the lockless freelist can be used.
2366 * If not then __slab_alloc is called for slow processing.
2368 * Otherwise we can simply pick the next object from the lockless free list.
2370 static __always_inline void *slab_alloc_node(struct kmem_cache *s,
2371 gfp_t gfpflags, int node, unsigned long addr)
2374 struct kmem_cache_cpu *c;
2378 if (slab_pre_alloc_hook(s, gfpflags))
2381 s = memcg_kmem_get_cache(s, gfpflags);
2384 * Must read kmem_cache cpu data via this cpu ptr. Preemption is
2385 * enabled. We may switch back and forth between cpus while
2386 * reading from one cpu area. That does not matter as long
2387 * as we end up on the original cpu again when doing the cmpxchg.
2389 * Preemption is disabled for the retrieval of the tid because that
2390 * must occur from the current processor. We cannot allow rescheduling
2391 * on a different processor between the determination of the pointer
2392 * and the retrieval of the tid.
2395 c = this_cpu_ptr(s->cpu_slab);
2398 * The transaction ids are globally unique per cpu and per operation on
2399 * a per cpu queue. Thus they can be guarantee that the cmpxchg_double
2400 * occurs on the right processor and that there was no operation on the
2401 * linked list in between.
2406 object = c->freelist;
2408 if (unlikely(!object || !node_match(page, node))) {
2409 object = __slab_alloc(s, gfpflags, node, addr, c);
2410 stat(s, ALLOC_SLOWPATH);
2412 void *next_object = get_freepointer_safe(s, object);
2415 * The cmpxchg will only match if there was no additional
2416 * operation and if we are on the right processor.
2418 * The cmpxchg does the following atomically (without lock
2420 * 1. Relocate first pointer to the current per cpu area.
2421 * 2. Verify that tid and freelist have not been changed
2422 * 3. If they were not changed replace tid and freelist
2424 * Since this is without lock semantics the protection is only
2425 * against code executing on this cpu *not* from access by
2428 if (unlikely(!this_cpu_cmpxchg_double(
2429 s->cpu_slab->freelist, s->cpu_slab->tid,
2431 next_object, next_tid(tid)))) {
2433 note_cmpxchg_failure("slab_alloc", s, tid);
2436 prefetch_freepointer(s, next_object);
2437 stat(s, ALLOC_FASTPATH);
2440 if (unlikely(gfpflags & __GFP_ZERO) && object)
2441 memset(object, 0, s->object_size);
2443 slab_post_alloc_hook(s, gfpflags, object);
2448 static __always_inline void *slab_alloc(struct kmem_cache *s,
2449 gfp_t gfpflags, unsigned long addr)
2451 return slab_alloc_node(s, gfpflags, NUMA_NO_NODE, addr);
2454 void *kmem_cache_alloc(struct kmem_cache *s, gfp_t gfpflags)
2456 void *ret = slab_alloc(s, gfpflags, _RET_IP_);
2458 trace_kmem_cache_alloc(_RET_IP_, ret, s->object_size,
2463 EXPORT_SYMBOL(kmem_cache_alloc);
2465 #ifdef CONFIG_TRACING
2466 void *kmem_cache_alloc_trace(struct kmem_cache *s, gfp_t gfpflags, size_t size)
2468 void *ret = slab_alloc(s, gfpflags, _RET_IP_);
2469 trace_kmalloc(_RET_IP_, ret, size, s->size, gfpflags);
2472 EXPORT_SYMBOL(kmem_cache_alloc_trace);
2476 void *kmem_cache_alloc_node(struct kmem_cache *s, gfp_t gfpflags, int node)
2478 void *ret = slab_alloc_node(s, gfpflags, node, _RET_IP_);
2480 trace_kmem_cache_alloc_node(_RET_IP_, ret,
2481 s->object_size, s->size, gfpflags, node);
2485 EXPORT_SYMBOL(kmem_cache_alloc_node);
2487 #ifdef CONFIG_TRACING
2488 void *kmem_cache_alloc_node_trace(struct kmem_cache *s,
2490 int node, size_t size)
2492 void *ret = slab_alloc_node(s, gfpflags, node, _RET_IP_);
2494 trace_kmalloc_node(_RET_IP_, ret,
2495 size, s->size, gfpflags, node);
2498 EXPORT_SYMBOL(kmem_cache_alloc_node_trace);
2503 * Slow patch handling. This may still be called frequently since objects
2504 * have a longer lifetime than the cpu slabs in most processing loads.
2506 * So we still attempt to reduce cache line usage. Just take the slab
2507 * lock and free the item. If there is no additional partial page
2508 * handling required then we can return immediately.
2510 static void __slab_free(struct kmem_cache *s, struct page *page,
2511 void *x, unsigned long addr)
2514 void **object = (void *)x;
2517 unsigned long counters;
2518 struct kmem_cache_node *n = NULL;
2519 unsigned long uninitialized_var(flags);
2521 stat(s, FREE_SLOWPATH);
2523 if (kmem_cache_debug(s) &&
2524 !(n = free_debug_processing(s, page, x, addr, &flags)))
2529 spin_unlock_irqrestore(&n->list_lock, flags);
2532 prior = page->freelist;
2533 counters = page->counters;
2534 set_freepointer(s, object, prior);
2535 new.counters = counters;
2536 was_frozen = new.frozen;
2538 if ((!new.inuse || !prior) && !was_frozen) {
2540 if (kmem_cache_has_cpu_partial(s) && !prior) {
2543 * Slab was on no list before and will be
2545 * We can defer the list move and instead
2550 } else { /* Needs to be taken off a list */
2552 n = get_node(s, page_to_nid(page));
2554 * Speculatively acquire the list_lock.
2555 * If the cmpxchg does not succeed then we may
2556 * drop the list_lock without any processing.
2558 * Otherwise the list_lock will synchronize with
2559 * other processors updating the list of slabs.
2561 spin_lock_irqsave(&n->list_lock, flags);
2566 } while (!cmpxchg_double_slab(s, page,
2568 object, new.counters,
2574 * If we just froze the page then put it onto the
2575 * per cpu partial list.
2577 if (new.frozen && !was_frozen) {
2578 put_cpu_partial(s, page, 1);
2579 stat(s, CPU_PARTIAL_FREE);
2582 * The list lock was not taken therefore no list
2583 * activity can be necessary.
2586 stat(s, FREE_FROZEN);
2590 if (unlikely(!new.inuse && n->nr_partial >= s->min_partial))
2594 * Objects left in the slab. If it was not on the partial list before
2597 if (!kmem_cache_has_cpu_partial(s) && unlikely(!prior)) {
2598 if (kmem_cache_debug(s))
2599 remove_full(s, n, page);
2600 add_partial(n, page, DEACTIVATE_TO_TAIL);
2601 stat(s, FREE_ADD_PARTIAL);
2603 spin_unlock_irqrestore(&n->list_lock, flags);
2609 * Slab on the partial list.
2611 remove_partial(n, page);
2612 stat(s, FREE_REMOVE_PARTIAL);
2614 /* Slab must be on the full list */
2615 remove_full(s, n, page);
2618 spin_unlock_irqrestore(&n->list_lock, flags);
2620 discard_slab(s, page);
2624 * Fastpath with forced inlining to produce a kfree and kmem_cache_free that
2625 * can perform fastpath freeing without additional function calls.
2627 * The fastpath is only possible if we are freeing to the current cpu slab
2628 * of this processor. This typically the case if we have just allocated
2631 * If fastpath is not possible then fall back to __slab_free where we deal
2632 * with all sorts of special processing.
2634 static __always_inline void slab_free(struct kmem_cache *s,
2635 struct page *page, void *x, unsigned long addr)
2637 void **object = (void *)x;
2638 struct kmem_cache_cpu *c;
2641 slab_free_hook(s, x);
2645 * Determine the currently cpus per cpu slab.
2646 * The cpu may change afterward. However that does not matter since
2647 * data is retrieved via this pointer. If we are on the same cpu
2648 * during the cmpxchg then the free will succedd.
2651 c = this_cpu_ptr(s->cpu_slab);
2656 if (likely(page == c->page)) {
2657 set_freepointer(s, object, c->freelist);
2659 if (unlikely(!this_cpu_cmpxchg_double(
2660 s->cpu_slab->freelist, s->cpu_slab->tid,
2662 object, next_tid(tid)))) {
2664 note_cmpxchg_failure("slab_free", s, tid);
2667 stat(s, FREE_FASTPATH);
2669 __slab_free(s, page, x, addr);
2673 void kmem_cache_free(struct kmem_cache *s, void *x)
2675 s = cache_from_obj(s, x);
2678 slab_free(s, virt_to_head_page(x), x, _RET_IP_);
2679 trace_kmem_cache_free(_RET_IP_, x);
2681 EXPORT_SYMBOL(kmem_cache_free);
2684 * Object placement in a slab is made very easy because we always start at
2685 * offset 0. If we tune the size of the object to the alignment then we can
2686 * get the required alignment by putting one properly sized object after
2689 * Notice that the allocation order determines the sizes of the per cpu
2690 * caches. Each processor has always one slab available for allocations.
2691 * Increasing the allocation order reduces the number of times that slabs
2692 * must be moved on and off the partial lists and is therefore a factor in
2697 * Mininum / Maximum order of slab pages. This influences locking overhead
2698 * and slab fragmentation. A higher order reduces the number of partial slabs
2699 * and increases the number of allocations possible without having to
2700 * take the list_lock.
2702 static int slub_min_order;
2703 static int slub_max_order = PAGE_ALLOC_COSTLY_ORDER;
2704 static int slub_min_objects;
2707 * Merge control. If this is set then no merging of slab caches will occur.
2708 * (Could be removed. This was introduced to pacify the merge skeptics.)
2710 static int slub_nomerge;
2713 * Calculate the order of allocation given an slab object size.
2715 * The order of allocation has significant impact on performance and other
2716 * system components. Generally order 0 allocations should be preferred since
2717 * order 0 does not cause fragmentation in the page allocator. Larger objects
2718 * be problematic to put into order 0 slabs because there may be too much
2719 * unused space left. We go to a higher order if more than 1/16th of the slab
2722 * In order to reach satisfactory performance we must ensure that a minimum
2723 * number of objects is in one slab. Otherwise we may generate too much
2724 * activity on the partial lists which requires taking the list_lock. This is
2725 * less a concern for large slabs though which are rarely used.
2727 * slub_max_order specifies the order where we begin to stop considering the
2728 * number of objects in a slab as critical. If we reach slub_max_order then
2729 * we try to keep the page order as low as possible. So we accept more waste
2730 * of space in favor of a small page order.
2732 * Higher order allocations also allow the placement of more objects in a
2733 * slab and thereby reduce object handling overhead. If the user has
2734 * requested a higher mininum order then we start with that one instead of
2735 * the smallest order which will fit the object.
2737 static inline int slab_order(int size, int min_objects,
2738 int max_order, int fract_leftover, int reserved)
2742 int min_order = slub_min_order;
2744 if (order_objects(min_order, size, reserved) > MAX_OBJS_PER_PAGE)
2745 return get_order(size * MAX_OBJS_PER_PAGE) - 1;
2747 for (order = max(min_order,
2748 fls(min_objects * size - 1) - PAGE_SHIFT);
2749 order <= max_order; order++) {
2751 unsigned long slab_size = PAGE_SIZE << order;
2753 if (slab_size < min_objects * size + reserved)
2756 rem = (slab_size - reserved) % size;
2758 if (rem <= slab_size / fract_leftover)
2766 static inline int calculate_order(int size, int reserved)
2774 * Attempt to find best configuration for a slab. This
2775 * works by first attempting to generate a layout with
2776 * the best configuration and backing off gradually.
2778 * First we reduce the acceptable waste in a slab. Then
2779 * we reduce the minimum objects required in a slab.
2781 min_objects = slub_min_objects;
2783 min_objects = 4 * (fls(nr_cpu_ids) + 1);
2784 max_objects = order_objects(slub_max_order, size, reserved);
2785 min_objects = min(min_objects, max_objects);
2787 while (min_objects > 1) {
2789 while (fraction >= 4) {
2790 order = slab_order(size, min_objects,
2791 slub_max_order, fraction, reserved);
2792 if (order <= slub_max_order)
2800 * We were unable to place multiple objects in a slab. Now
2801 * lets see if we can place a single object there.
2803 order = slab_order(size, 1, slub_max_order, 1, reserved);
2804 if (order <= slub_max_order)
2808 * Doh this slab cannot be placed using slub_max_order.
2810 order = slab_order(size, 1, MAX_ORDER, 1, reserved);
2811 if (order < MAX_ORDER)
2817 init_kmem_cache_node(struct kmem_cache_node *n)
2820 spin_lock_init(&n->list_lock);
2821 INIT_LIST_HEAD(&n->partial);
2822 #ifdef CONFIG_SLUB_DEBUG
2823 atomic_long_set(&n->nr_slabs, 0);
2824 atomic_long_set(&n->total_objects, 0);
2825 INIT_LIST_HEAD(&n->full);
2829 static inline int alloc_kmem_cache_cpus(struct kmem_cache *s)
2831 BUILD_BUG_ON(PERCPU_DYNAMIC_EARLY_SIZE <
2832 KMALLOC_SHIFT_HIGH * sizeof(struct kmem_cache_cpu));
2835 * Must align to double word boundary for the double cmpxchg
2836 * instructions to work; see __pcpu_double_call_return_bool().
2838 s->cpu_slab = __alloc_percpu(sizeof(struct kmem_cache_cpu),
2839 2 * sizeof(void *));
2844 init_kmem_cache_cpus(s);
2849 static struct kmem_cache *kmem_cache_node;
2852 * No kmalloc_node yet so do it by hand. We know that this is the first
2853 * slab on the node for this slabcache. There are no concurrent accesses
2856 * Note that this function only works on the kmem_cache_node
2857 * when allocating for the kmem_cache_node. This is used for bootstrapping
2858 * memory on a fresh node that has no slab structures yet.
2860 static void early_kmem_cache_node_alloc(int node)
2863 struct kmem_cache_node *n;
2865 BUG_ON(kmem_cache_node->size < sizeof(struct kmem_cache_node));
2867 page = new_slab(kmem_cache_node, GFP_NOWAIT, node);
2870 if (page_to_nid(page) != node) {
2871 pr_err("SLUB: Unable to allocate memory from node %d\n", node);
2872 pr_err("SLUB: Allocating a useless per node structure in order to be able to continue\n");
2877 page->freelist = get_freepointer(kmem_cache_node, n);
2880 kmem_cache_node->node[node] = n;
2881 #ifdef CONFIG_SLUB_DEBUG
2882 init_object(kmem_cache_node, n, SLUB_RED_ACTIVE);
2883 init_tracking(kmem_cache_node, n);
2885 init_kmem_cache_node(n);
2886 inc_slabs_node(kmem_cache_node, node, page->objects);
2889 * No locks need to be taken here as it has just been
2890 * initialized and there is no concurrent access.
2892 __add_partial(n, page, DEACTIVATE_TO_HEAD);
2895 static void free_kmem_cache_nodes(struct kmem_cache *s)
2898 struct kmem_cache_node *n;
2900 for_each_kmem_cache_node(s, node, n) {
2901 kmem_cache_free(kmem_cache_node, n);
2902 s->node[node] = NULL;
2906 static int init_kmem_cache_nodes(struct kmem_cache *s)
2910 for_each_node_state(node, N_NORMAL_MEMORY) {
2911 struct kmem_cache_node *n;
2913 if (slab_state == DOWN) {
2914 early_kmem_cache_node_alloc(node);
2917 n = kmem_cache_alloc_node(kmem_cache_node,
2921 free_kmem_cache_nodes(s);
2926 init_kmem_cache_node(n);
2931 static void set_min_partial(struct kmem_cache *s, unsigned long min)
2933 if (min < MIN_PARTIAL)
2935 else if (min > MAX_PARTIAL)
2937 s->min_partial = min;
2941 * calculate_sizes() determines the order and the distribution of data within
2944 static int calculate_sizes(struct kmem_cache *s, int forced_order)
2946 unsigned long flags = s->flags;
2947 unsigned long size = s->object_size;
2951 * Round up object size to the next word boundary. We can only
2952 * place the free pointer at word boundaries and this determines
2953 * the possible location of the free pointer.
2955 size = ALIGN(size, sizeof(void *));
2957 #ifdef CONFIG_SLUB_DEBUG
2959 * Determine if we can poison the object itself. If the user of
2960 * the slab may touch the object after free or before allocation
2961 * then we should never poison the object itself.
2963 if ((flags & SLAB_POISON) && !(flags & SLAB_DESTROY_BY_RCU) &&
2965 s->flags |= __OBJECT_POISON;
2967 s->flags &= ~__OBJECT_POISON;
2971 * If we are Redzoning then check if there is some space between the
2972 * end of the object and the free pointer. If not then add an
2973 * additional word to have some bytes to store Redzone information.
2975 if ((flags & SLAB_RED_ZONE) && size == s->object_size)
2976 size += sizeof(void *);
2980 * With that we have determined the number of bytes in actual use
2981 * by the object. This is the potential offset to the free pointer.
2985 if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) ||
2988 * Relocate free pointer after the object if it is not
2989 * permitted to overwrite the first word of the object on
2992 * This is the case if we do RCU, have a constructor or
2993 * destructor or are poisoning the objects.
2996 size += sizeof(void *);
2999 #ifdef CONFIG_SLUB_DEBUG
3000 if (flags & SLAB_STORE_USER)
3002 * Need to store information about allocs and frees after
3005 size += 2 * sizeof(struct track);
3007 if (flags & SLAB_RED_ZONE)
3009 * Add some empty padding so that we can catch
3010 * overwrites from earlier objects rather than let
3011 * tracking information or the free pointer be
3012 * corrupted if a user writes before the start
3015 size += sizeof(void *);
3019 * SLUB stores one object immediately after another beginning from
3020 * offset 0. In order to align the objects we have to simply size
3021 * each object to conform to the alignment.
3023 size = ALIGN(size, s->align);
3025 if (forced_order >= 0)
3026 order = forced_order;
3028 order = calculate_order(size, s->reserved);
3035 s->allocflags |= __GFP_COMP;
3037 if (s->flags & SLAB_CACHE_DMA)
3038 s->allocflags |= GFP_DMA;
3040 if (s->flags & SLAB_RECLAIM_ACCOUNT)
3041 s->allocflags |= __GFP_RECLAIMABLE;
3044 * Determine the number of objects per slab
3046 s->oo = oo_make(order, size, s->reserved);
3047 s->min = oo_make(get_order(size), size, s->reserved);
3048 if (oo_objects(s->oo) > oo_objects(s->max))
3051 return !!oo_objects(s->oo);
3054 static int kmem_cache_open(struct kmem_cache *s, unsigned long flags)
3056 s->flags = kmem_cache_flags(s->size, flags, s->name, s->ctor);
3059 if (need_reserve_slab_rcu && (s->flags & SLAB_DESTROY_BY_RCU))
3060 s->reserved = sizeof(struct rcu_head);
3062 if (!calculate_sizes(s, -1))
3064 if (disable_higher_order_debug) {
3066 * Disable debugging flags that store metadata if the min slab
3069 if (get_order(s->size) > get_order(s->object_size)) {
3070 s->flags &= ~DEBUG_METADATA_FLAGS;
3072 if (!calculate_sizes(s, -1))
3077 #if defined(CONFIG_HAVE_CMPXCHG_DOUBLE) && \
3078 defined(CONFIG_HAVE_ALIGNED_STRUCT_PAGE)
3079 if (system_has_cmpxchg_double() && (s->flags & SLAB_DEBUG_FLAGS) == 0)
3080 /* Enable fast mode */
3081 s->flags |= __CMPXCHG_DOUBLE;
3085 * The larger the object size is, the more pages we want on the partial
3086 * list to avoid pounding the page allocator excessively.
3088 set_min_partial(s, ilog2(s->size) / 2);
3091 * cpu_partial determined the maximum number of objects kept in the
3092 * per cpu partial lists of a processor.
3094 * Per cpu partial lists mainly contain slabs that just have one
3095 * object freed. If they are used for allocation then they can be
3096 * filled up again with minimal effort. The slab will never hit the
3097 * per node partial lists and therefore no locking will be required.
3099 * This setting also determines
3101 * A) The number of objects from per cpu partial slabs dumped to the
3102 * per node list when we reach the limit.
3103 * B) The number of objects in cpu partial slabs to extract from the
3104 * per node list when we run out of per cpu objects. We only fetch
3105 * 50% to keep some capacity around for frees.
3107 if (!kmem_cache_has_cpu_partial(s))
3109 else if (s->size >= PAGE_SIZE)
3111 else if (s->size >= 1024)
3113 else if (s->size >= 256)
3114 s->cpu_partial = 13;
3116 s->cpu_partial = 30;
3119 s->remote_node_defrag_ratio = 1000;
3121 if (!init_kmem_cache_nodes(s))
3124 if (alloc_kmem_cache_cpus(s))
3127 free_kmem_cache_nodes(s);
3129 if (flags & SLAB_PANIC)
3130 panic("Cannot create slab %s size=%lu realsize=%u "
3131 "order=%u offset=%u flags=%lx\n",
3132 s->name, (unsigned long)s->size, s->size,
3133 oo_order(s->oo), s->offset, flags);
3137 static void list_slab_objects(struct kmem_cache *s, struct page *page,
3140 #ifdef CONFIG_SLUB_DEBUG
3141 void *addr = page_address(page);
3143 unsigned long *map = kzalloc(BITS_TO_LONGS(page->objects) *
3144 sizeof(long), GFP_ATOMIC);
3147 slab_err(s, page, text, s->name);
3150 get_map(s, page, map);
3151 for_each_object(p, s, addr, page->objects) {
3153 if (!test_bit(slab_index(p, s, addr), map)) {
3154 pr_err("INFO: Object 0x%p @offset=%tu\n", p, p - addr);
3155 print_tracking(s, p);
3164 * Attempt to free all partial slabs on a node.
3165 * This is called from kmem_cache_close(). We must be the last thread
3166 * using the cache and therefore we do not need to lock anymore.
3168 static void free_partial(struct kmem_cache *s, struct kmem_cache_node *n)
3170 struct page *page, *h;
3172 list_for_each_entry_safe(page, h, &n->partial, lru) {
3174 __remove_partial(n, page);
3175 discard_slab(s, page);
3177 list_slab_objects(s, page,
3178 "Objects remaining in %s on kmem_cache_close()");
3184 * Release all resources used by a slab cache.
3186 static inline int kmem_cache_close(struct kmem_cache *s)
3189 struct kmem_cache_node *n;
3192 /* Attempt to free all objects */
3193 for_each_kmem_cache_node(s, node, n) {
3195 if (n->nr_partial || slabs_node(s, node))
3198 free_percpu(s->cpu_slab);
3199 free_kmem_cache_nodes(s);
3203 int __kmem_cache_shutdown(struct kmem_cache *s)
3205 return kmem_cache_close(s);
3208 /********************************************************************
3210 *******************************************************************/
3212 static int __init setup_slub_min_order(char *str)
3214 get_option(&str, &slub_min_order);
3219 __setup("slub_min_order=", setup_slub_min_order);
3221 static int __init setup_slub_max_order(char *str)
3223 get_option(&str, &slub_max_order);
3224 slub_max_order = min(slub_max_order, MAX_ORDER - 1);
3229 __setup("slub_max_order=", setup_slub_max_order);
3231 static int __init setup_slub_min_objects(char *str)
3233 get_option(&str, &slub_min_objects);
3238 __setup("slub_min_objects=", setup_slub_min_objects);
3240 static int __init setup_slub_nomerge(char *str)
3246 __setup("slub_nomerge", setup_slub_nomerge);
3248 void *__kmalloc(size_t size, gfp_t flags)
3250 struct kmem_cache *s;
3253 if (unlikely(size > KMALLOC_MAX_CACHE_SIZE))
3254 return kmalloc_large(size, flags);
3256 s = kmalloc_slab(size, flags);
3258 if (unlikely(ZERO_OR_NULL_PTR(s)))
3261 ret = slab_alloc(s, flags, _RET_IP_);
3263 trace_kmalloc(_RET_IP_, ret, size, s->size, flags);
3267 EXPORT_SYMBOL(__kmalloc);
3270 static void *kmalloc_large_node(size_t size, gfp_t flags, int node)
3275 flags |= __GFP_COMP | __GFP_NOTRACK;
3276 page = alloc_kmem_pages_node(node, flags, get_order(size));
3278 ptr = page_address(page);
3280 kmalloc_large_node_hook(ptr, size, flags);
3284 void *__kmalloc_node(size_t size, gfp_t flags, int node)
3286 struct kmem_cache *s;
3289 if (unlikely(size > KMALLOC_MAX_CACHE_SIZE)) {
3290 ret = kmalloc_large_node(size, flags, node);
3292 trace_kmalloc_node(_RET_IP_, ret,
3293 size, PAGE_SIZE << get_order(size),
3299 s = kmalloc_slab(size, flags);
3301 if (unlikely(ZERO_OR_NULL_PTR(s)))
3304 ret = slab_alloc_node(s, flags, node, _RET_IP_);
3306 trace_kmalloc_node(_RET_IP_, ret, size, s->size, flags, node);
3310 EXPORT_SYMBOL(__kmalloc_node);
3313 size_t ksize(const void *object)
3317 if (unlikely(object == ZERO_SIZE_PTR))
3320 page = virt_to_head_page(object);
3322 if (unlikely(!PageSlab(page))) {
3323 WARN_ON(!PageCompound(page));
3324 return PAGE_SIZE << compound_order(page);
3327 return slab_ksize(page->slab_cache);
3329 EXPORT_SYMBOL(ksize);
3331 void kfree(const void *x)
3334 void *object = (void *)x;
3336 trace_kfree(_RET_IP_, x);
3338 if (unlikely(ZERO_OR_NULL_PTR(x)))
3341 page = virt_to_head_page(x);
3342 if (unlikely(!PageSlab(page))) {
3343 BUG_ON(!PageCompound(page));
3345 __free_kmem_pages(page, compound_order(page));
3348 slab_free(page->slab_cache, page, object, _RET_IP_);
3350 EXPORT_SYMBOL(kfree);
3353 * kmem_cache_shrink removes empty slabs from the partial lists and sorts
3354 * the remaining slabs by the number of items in use. The slabs with the
3355 * most items in use come first. New allocations will then fill those up
3356 * and thus they can be removed from the partial lists.
3358 * The slabs with the least items are placed last. This results in them
3359 * being allocated from last increasing the chance that the last objects
3360 * are freed in them.
3362 int __kmem_cache_shrink(struct kmem_cache *s)
3366 struct kmem_cache_node *n;
3369 int objects = oo_objects(s->max);
3370 struct list_head *slabs_by_inuse =
3371 kmalloc(sizeof(struct list_head) * objects, GFP_KERNEL);
3372 unsigned long flags;
3374 if (!slabs_by_inuse)
3378 for_each_kmem_cache_node(s, node, n) {
3382 for (i = 0; i < objects; i++)
3383 INIT_LIST_HEAD(slabs_by_inuse + i);
3385 spin_lock_irqsave(&n->list_lock, flags);
3388 * Build lists indexed by the items in use in each slab.
3390 * Note that concurrent frees may occur while we hold the
3391 * list_lock. page->inuse here is the upper limit.
3393 list_for_each_entry_safe(page, t, &n->partial, lru) {
3394 list_move(&page->lru, slabs_by_inuse + page->inuse);
3400 * Rebuild the partial list with the slabs filled up most
3401 * first and the least used slabs at the end.
3403 for (i = objects - 1; i > 0; i--)
3404 list_splice(slabs_by_inuse + i, n->partial.prev);
3406 spin_unlock_irqrestore(&n->list_lock, flags);
3408 /* Release empty slabs */
3409 list_for_each_entry_safe(page, t, slabs_by_inuse, lru)
3410 discard_slab(s, page);
3413 kfree(slabs_by_inuse);
3417 static int slab_mem_going_offline_callback(void *arg)
3419 struct kmem_cache *s;
3421 mutex_lock(&slab_mutex);
3422 list_for_each_entry(s, &slab_caches, list)
3423 __kmem_cache_shrink(s);
3424 mutex_unlock(&slab_mutex);
3429 static void slab_mem_offline_callback(void *arg)
3431 struct kmem_cache_node *n;
3432 struct kmem_cache *s;
3433 struct memory_notify *marg = arg;
3436 offline_node = marg->status_change_nid_normal;
3439 * If the node still has available memory. we need kmem_cache_node
3442 if (offline_node < 0)
3445 mutex_lock(&slab_mutex);
3446 list_for_each_entry(s, &slab_caches, list) {
3447 n = get_node(s, offline_node);
3450 * if n->nr_slabs > 0, slabs still exist on the node
3451 * that is going down. We were unable to free them,
3452 * and offline_pages() function shouldn't call this
3453 * callback. So, we must fail.
3455 BUG_ON(slabs_node(s, offline_node));
3457 s->node[offline_node] = NULL;
3458 kmem_cache_free(kmem_cache_node, n);
3461 mutex_unlock(&slab_mutex);
3464 static int slab_mem_going_online_callback(void *arg)
3466 struct kmem_cache_node *n;
3467 struct kmem_cache *s;
3468 struct memory_notify *marg = arg;
3469 int nid = marg->status_change_nid_normal;
3473 * If the node's memory is already available, then kmem_cache_node is
3474 * already created. Nothing to do.
3480 * We are bringing a node online. No memory is available yet. We must
3481 * allocate a kmem_cache_node structure in order to bring the node
3484 mutex_lock(&slab_mutex);
3485 list_for_each_entry(s, &slab_caches, list) {
3487 * XXX: kmem_cache_alloc_node will fallback to other nodes
3488 * since memory is not yet available from the node that
3491 n = kmem_cache_alloc(kmem_cache_node, GFP_KERNEL);
3496 init_kmem_cache_node(n);
3500 mutex_unlock(&slab_mutex);
3504 static int slab_memory_callback(struct notifier_block *self,
3505 unsigned long action, void *arg)
3510 case MEM_GOING_ONLINE:
3511 ret = slab_mem_going_online_callback(arg);
3513 case MEM_GOING_OFFLINE:
3514 ret = slab_mem_going_offline_callback(arg);
3517 case MEM_CANCEL_ONLINE:
3518 slab_mem_offline_callback(arg);
3521 case MEM_CANCEL_OFFLINE:
3525 ret = notifier_from_errno(ret);
3531 static struct notifier_block slab_memory_callback_nb = {
3532 .notifier_call = slab_memory_callback,
3533 .priority = SLAB_CALLBACK_PRI,
3536 /********************************************************************
3537 * Basic setup of slabs
3538 *******************************************************************/
3541 * Used for early kmem_cache structures that were allocated using
3542 * the page allocator. Allocate them properly then fix up the pointers
3543 * that may be pointing to the wrong kmem_cache structure.
3546 static struct kmem_cache * __init bootstrap(struct kmem_cache *static_cache)
3549 struct kmem_cache *s = kmem_cache_zalloc(kmem_cache, GFP_NOWAIT);
3550 struct kmem_cache_node *n;
3552 memcpy(s, static_cache, kmem_cache->object_size);
3555 * This runs very early, and only the boot processor is supposed to be
3556 * up. Even if it weren't true, IRQs are not up so we couldn't fire
3559 __flush_cpu_slab(s, smp_processor_id());
3560 for_each_kmem_cache_node(s, node, n) {
3563 list_for_each_entry(p, &n->partial, lru)
3566 #ifdef CONFIG_SLUB_DEBUG
3567 list_for_each_entry(p, &n->full, lru)
3571 list_add(&s->list, &slab_caches);
3575 void __init kmem_cache_init(void)
3577 static __initdata struct kmem_cache boot_kmem_cache,
3578 boot_kmem_cache_node;
3580 if (debug_guardpage_minorder())
3583 kmem_cache_node = &boot_kmem_cache_node;
3584 kmem_cache = &boot_kmem_cache;
3586 create_boot_cache(kmem_cache_node, "kmem_cache_node",
3587 sizeof(struct kmem_cache_node), SLAB_HWCACHE_ALIGN);
3589 register_hotmemory_notifier(&slab_memory_callback_nb);
3591 /* Able to allocate the per node structures */
3592 slab_state = PARTIAL;
3594 create_boot_cache(kmem_cache, "kmem_cache",
3595 offsetof(struct kmem_cache, node) +
3596 nr_node_ids * sizeof(struct kmem_cache_node *),
3597 SLAB_HWCACHE_ALIGN);
3599 kmem_cache = bootstrap(&boot_kmem_cache);
3602 * Allocate kmem_cache_node properly from the kmem_cache slab.
3603 * kmem_cache_node is separately allocated so no need to
3604 * update any list pointers.
3606 kmem_cache_node = bootstrap(&boot_kmem_cache_node);
3608 /* Now we can use the kmem_cache to allocate kmalloc slabs */
3609 create_kmalloc_caches(0);
3612 register_cpu_notifier(&slab_notifier);
3615 pr_info("SLUB: HWalign=%d, Order=%d-%d, MinObjects=%d, CPUs=%d, Nodes=%d\n",
3617 slub_min_order, slub_max_order, slub_min_objects,
3618 nr_cpu_ids, nr_node_ids);
3621 void __init kmem_cache_init_late(void)
3626 * Find a mergeable slab cache
3628 static int slab_unmergeable(struct kmem_cache *s)
3630 if (slub_nomerge || (s->flags & SLUB_NEVER_MERGE))
3633 if (!is_root_cache(s))
3640 * We may have set a slab to be unmergeable during bootstrap.
3642 if (s->refcount < 0)
3648 static struct kmem_cache *find_mergeable(size_t size, size_t align,
3649 unsigned long flags, const char *name, void (*ctor)(void *))
3651 struct kmem_cache *s;
3653 if (slub_nomerge || (flags & SLUB_NEVER_MERGE))
3659 size = ALIGN(size, sizeof(void *));
3660 align = calculate_alignment(flags, align, size);
3661 size = ALIGN(size, align);
3662 flags = kmem_cache_flags(size, flags, name, NULL);
3664 list_for_each_entry(s, &slab_caches, list) {
3665 if (slab_unmergeable(s))
3671 if ((flags & SLUB_MERGE_SAME) != (s->flags & SLUB_MERGE_SAME))
3674 * Check if alignment is compatible.
3675 * Courtesy of Adrian Drzewiecki
3677 if ((s->size & ~(align - 1)) != s->size)
3680 if (s->size - size >= sizeof(void *))
3689 __kmem_cache_alias(const char *name, size_t size, size_t align,
3690 unsigned long flags, void (*ctor)(void *))
3692 struct kmem_cache *s;
3694 s = find_mergeable(size, align, flags, name, ctor);
3697 struct kmem_cache *c;
3702 * Adjust the object sizes so that we clear
3703 * the complete object on kzalloc.
3705 s->object_size = max(s->object_size, (int)size);
3706 s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *)));
3708 for_each_memcg_cache_index(i) {
3709 c = cache_from_memcg_idx(s, i);
3712 c->object_size = s->object_size;
3713 c->inuse = max_t(int, c->inuse,
3714 ALIGN(size, sizeof(void *)));
3717 if (sysfs_slab_alias(s, name)) {
3726 int __kmem_cache_create(struct kmem_cache *s, unsigned long flags)
3730 err = kmem_cache_open(s, flags);
3734 /* Mutex is not taken during early boot */
3735 if (slab_state <= UP)
3738 memcg_propagate_slab_attrs(s);
3739 err = sysfs_slab_add(s);
3741 kmem_cache_close(s);
3748 * Use the cpu notifier to insure that the cpu slabs are flushed when
3751 static int slab_cpuup_callback(struct notifier_block *nfb,
3752 unsigned long action, void *hcpu)
3754 long cpu = (long)hcpu;
3755 struct kmem_cache *s;
3756 unsigned long flags;
3759 case CPU_UP_CANCELED:
3760 case CPU_UP_CANCELED_FROZEN:
3762 case CPU_DEAD_FROZEN:
3763 mutex_lock(&slab_mutex);
3764 list_for_each_entry(s, &slab_caches, list) {
3765 local_irq_save(flags);
3766 __flush_cpu_slab(s, cpu);
3767 local_irq_restore(flags);
3769 mutex_unlock(&slab_mutex);
3777 static struct notifier_block slab_notifier = {
3778 .notifier_call = slab_cpuup_callback
3783 void *__kmalloc_track_caller(size_t size, gfp_t gfpflags, unsigned long caller)
3785 struct kmem_cache *s;
3788 if (unlikely(size > KMALLOC_MAX_CACHE_SIZE))
3789 return kmalloc_large(size, gfpflags);
3791 s = kmalloc_slab(size, gfpflags);
3793 if (unlikely(ZERO_OR_NULL_PTR(s)))
3796 ret = slab_alloc(s, gfpflags, caller);
3798 /* Honor the call site pointer we received. */
3799 trace_kmalloc(caller, ret, size, s->size, gfpflags);
3805 void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
3806 int node, unsigned long caller)
3808 struct kmem_cache *s;
3811 if (unlikely(size > KMALLOC_MAX_CACHE_SIZE)) {
3812 ret = kmalloc_large_node(size, gfpflags, node);
3814 trace_kmalloc_node(caller, ret,
3815 size, PAGE_SIZE << get_order(size),
3821 s = kmalloc_slab(size, gfpflags);
3823 if (unlikely(ZERO_OR_NULL_PTR(s)))
3826 ret = slab_alloc_node(s, gfpflags, node, caller);
3828 /* Honor the call site pointer we received. */
3829 trace_kmalloc_node(caller, ret, size, s->size, gfpflags, node);
3836 static int count_inuse(struct page *page)
3841 static int count_total(struct page *page)
3843 return page->objects;
3847 #ifdef CONFIG_SLUB_DEBUG
3848 static int validate_slab(struct kmem_cache *s, struct page *page,
3852 void *addr = page_address(page);
3854 if (!check_slab(s, page) ||
3855 !on_freelist(s, page, NULL))
3858 /* Now we know that a valid freelist exists */
3859 bitmap_zero(map, page->objects);
3861 get_map(s, page, map);
3862 for_each_object(p, s, addr, page->objects) {
3863 if (test_bit(slab_index(p, s, addr), map))
3864 if (!check_object(s, page, p, SLUB_RED_INACTIVE))
3868 for_each_object(p, s, addr, page->objects)
3869 if (!test_bit(slab_index(p, s, addr), map))
3870 if (!check_object(s, page, p, SLUB_RED_ACTIVE))
3875 static void validate_slab_slab(struct kmem_cache *s, struct page *page,
3879 validate_slab(s, page, map);
3883 static int validate_slab_node(struct kmem_cache *s,
3884 struct kmem_cache_node *n, unsigned long *map)
3886 unsigned long count = 0;
3888 unsigned long flags;
3890 spin_lock_irqsave(&n->list_lock, flags);
3892 list_for_each_entry(page, &n->partial, lru) {
3893 validate_slab_slab(s, page, map);
3896 if (count != n->nr_partial)
3897 pr_err("SLUB %s: %ld partial slabs counted but counter=%ld\n",
3898 s->name, count, n->nr_partial);
3900 if (!(s->flags & SLAB_STORE_USER))
3903 list_for_each_entry(page, &n->full, lru) {
3904 validate_slab_slab(s, page, map);
3907 if (count != atomic_long_read(&n->nr_slabs))
3908 pr_err("SLUB: %s %ld slabs counted but counter=%ld\n",
3909 s->name, count, atomic_long_read(&n->nr_slabs));
3912 spin_unlock_irqrestore(&n->list_lock, flags);
3916 static long validate_slab_cache(struct kmem_cache *s)
3919 unsigned long count = 0;
3920 unsigned long *map = kmalloc(BITS_TO_LONGS(oo_objects(s->max)) *
3921 sizeof(unsigned long), GFP_KERNEL);
3922 struct kmem_cache_node *n;
3928 for_each_kmem_cache_node(s, node, n)
3929 count += validate_slab_node(s, n, map);
3934 * Generate lists of code addresses where slabcache objects are allocated
3939 unsigned long count;
3946 DECLARE_BITMAP(cpus, NR_CPUS);
3952 unsigned long count;
3953 struct location *loc;
3956 static void free_loc_track(struct loc_track *t)
3959 free_pages((unsigned long)t->loc,
3960 get_order(sizeof(struct location) * t->max));
3963 static int alloc_loc_track(struct loc_track *t, unsigned long max, gfp_t flags)
3968 order = get_order(sizeof(struct location) * max);
3970 l = (void *)__get_free_pages(flags, order);
3975 memcpy(l, t->loc, sizeof(struct location) * t->count);
3983 static int add_location(struct loc_track *t, struct kmem_cache *s,
3984 const struct track *track)
3986 long start, end, pos;
3988 unsigned long caddr;
3989 unsigned long age = jiffies - track->when;
3995 pos = start + (end - start + 1) / 2;
3998 * There is nothing at "end". If we end up there
3999 * we need to add something to before end.
4004 caddr = t->loc[pos].addr;
4005 if (track->addr == caddr) {
4011 if (age < l->min_time)
4013 if (age > l->max_time)
4016 if (track->pid < l->min_pid)
4017 l->min_pid = track->pid;
4018 if (track->pid > l->max_pid)
4019 l->max_pid = track->pid;
4021 cpumask_set_cpu(track->cpu,
4022 to_cpumask(l->cpus));
4024 node_set(page_to_nid(virt_to_page(track)), l->nodes);
4028 if (track->addr < caddr)
4035 * Not found. Insert new tracking element.
4037 if (t->count >= t->max && !alloc_loc_track(t, 2 * t->max, GFP_ATOMIC))
4043 (t->count - pos) * sizeof(struct location));
4046 l->addr = track->addr;
4050 l->min_pid = track->pid;
4051 l->max_pid = track->pid;
4052 cpumask_clear(to_cpumask(l->cpus));
4053 cpumask_set_cpu(track->cpu, to_cpumask(l->cpus));
4054 nodes_clear(l->nodes);
4055 node_set(page_to_nid(virt_to_page(track)), l->nodes);
4059 static void process_slab(struct loc_track *t, struct kmem_cache *s,
4060 struct page *page, enum track_item alloc,
4063 void *addr = page_address(page);
4066 bitmap_zero(map, page->objects);
4067 get_map(s, page, map);
4069 for_each_object(p, s, addr, page->objects)
4070 if (!test_bit(slab_index(p, s, addr), map))
4071 add_location(t, s, get_track(s, p, alloc));
4074 static int list_locations(struct kmem_cache *s, char *buf,
4075 enum track_item alloc)
4079 struct loc_track t = { 0, 0, NULL };
4081 unsigned long *map = kmalloc(BITS_TO_LONGS(oo_objects(s->max)) *
4082 sizeof(unsigned long), GFP_KERNEL);
4083 struct kmem_cache_node *n;
4085 if (!map || !alloc_loc_track(&t, PAGE_SIZE / sizeof(struct location),
4088 return sprintf(buf, "Out of memory\n");
4090 /* Push back cpu slabs */
4093 for_each_kmem_cache_node(s, node, n) {
4094 unsigned long flags;
4097 if (!atomic_long_read(&n->nr_slabs))
4100 spin_lock_irqsave(&n->list_lock, flags);
4101 list_for_each_entry(page, &n->partial, lru)
4102 process_slab(&t, s, page, alloc, map);
4103 list_for_each_entry(page, &n->full, lru)
4104 process_slab(&t, s, page, alloc, map);
4105 spin_unlock_irqrestore(&n->list_lock, flags);
4108 for (i = 0; i < t.count; i++) {
4109 struct location *l = &t.loc[i];
4111 if (len > PAGE_SIZE - KSYM_SYMBOL_LEN - 100)
4113 len += sprintf(buf + len, "%7ld ", l->count);
4116 len += sprintf(buf + len, "%pS", (void *)l->addr);
4118 len += sprintf(buf + len, "<not-available>");
4120 if (l->sum_time != l->min_time) {
4121 len += sprintf(buf + len, " age=%ld/%ld/%ld",
4123 (long)div_u64(l->sum_time, l->count),
4126 len += sprintf(buf + len, " age=%ld",
4129 if (l->min_pid != l->max_pid)
4130 len += sprintf(buf + len, " pid=%ld-%ld",
4131 l->min_pid, l->max_pid);
4133 len += sprintf(buf + len, " pid=%ld",
4136 if (num_online_cpus() > 1 &&
4137 !cpumask_empty(to_cpumask(l->cpus)) &&
4138 len < PAGE_SIZE - 60) {
4139 len += sprintf(buf + len, " cpus=");
4140 len += cpulist_scnprintf(buf + len,
4141 PAGE_SIZE - len - 50,
4142 to_cpumask(l->cpus));
4145 if (nr_online_nodes > 1 && !nodes_empty(l->nodes) &&
4146 len < PAGE_SIZE - 60) {
4147 len += sprintf(buf + len, " nodes=");
4148 len += nodelist_scnprintf(buf + len,
4149 PAGE_SIZE - len - 50,
4153 len += sprintf(buf + len, "\n");
4159 len += sprintf(buf, "No data\n");
4164 #ifdef SLUB_RESILIENCY_TEST
4165 static void __init resiliency_test(void)
4169 BUILD_BUG_ON(KMALLOC_MIN_SIZE > 16 || KMALLOC_SHIFT_HIGH < 10);
4171 pr_err("SLUB resiliency testing\n");
4172 pr_err("-----------------------\n");
4173 pr_err("A. Corruption after allocation\n");
4175 p = kzalloc(16, GFP_KERNEL);
4177 pr_err("\n1. kmalloc-16: Clobber Redzone/next pointer 0x12->0x%p\n\n",
4180 validate_slab_cache(kmalloc_caches[4]);
4182 /* Hmmm... The next two are dangerous */
4183 p = kzalloc(32, GFP_KERNEL);
4184 p[32 + sizeof(void *)] = 0x34;
4185 pr_err("\n2. kmalloc-32: Clobber next pointer/next slab 0x34 -> -0x%p\n",
4187 pr_err("If allocated object is overwritten then not detectable\n\n");
4189 validate_slab_cache(kmalloc_caches[5]);
4190 p = kzalloc(64, GFP_KERNEL);
4191 p += 64 + (get_cycles() & 0xff) * sizeof(void *);
4193 pr_err("\n3. kmalloc-64: corrupting random byte 0x56->0x%p\n",
4195 pr_err("If allocated object is overwritten then not detectable\n\n");
4196 validate_slab_cache(kmalloc_caches[6]);
4198 pr_err("\nB. Corruption after free\n");
4199 p = kzalloc(128, GFP_KERNEL);
4202 pr_err("1. kmalloc-128: Clobber first word 0x78->0x%p\n\n", p);
4203 validate_slab_cache(kmalloc_caches[7]);
4205 p = kzalloc(256, GFP_KERNEL);
4208 pr_err("\n2. kmalloc-256: Clobber 50th byte 0x9a->0x%p\n\n", p);
4209 validate_slab_cache(kmalloc_caches[8]);
4211 p = kzalloc(512, GFP_KERNEL);
4214 pr_err("\n3. kmalloc-512: Clobber redzone 0xab->0x%p\n\n", p);
4215 validate_slab_cache(kmalloc_caches[9]);
4219 static void resiliency_test(void) {};
4224 enum slab_stat_type {
4225 SL_ALL, /* All slabs */
4226 SL_PARTIAL, /* Only partially allocated slabs */
4227 SL_CPU, /* Only slabs used for cpu caches */
4228 SL_OBJECTS, /* Determine allocated objects not slabs */
4229 SL_TOTAL /* Determine object capacity not slabs */
4232 #define SO_ALL (1 << SL_ALL)
4233 #define SO_PARTIAL (1 << SL_PARTIAL)
4234 #define SO_CPU (1 << SL_CPU)
4235 #define SO_OBJECTS (1 << SL_OBJECTS)
4236 #define SO_TOTAL (1 << SL_TOTAL)
4238 static ssize_t show_slab_objects(struct kmem_cache *s,
4239 char *buf, unsigned long flags)
4241 unsigned long total = 0;
4244 unsigned long *nodes;
4246 nodes = kzalloc(sizeof(unsigned long) * nr_node_ids, GFP_KERNEL);
4250 if (flags & SO_CPU) {
4253 for_each_possible_cpu(cpu) {
4254 struct kmem_cache_cpu *c = per_cpu_ptr(s->cpu_slab,
4259 page = ACCESS_ONCE(c->page);
4263 node = page_to_nid(page);
4264 if (flags & SO_TOTAL)
4266 else if (flags & SO_OBJECTS)
4274 page = ACCESS_ONCE(c->partial);
4276 node = page_to_nid(page);
4277 if (flags & SO_TOTAL)
4279 else if (flags & SO_OBJECTS)
4290 #ifdef CONFIG_SLUB_DEBUG
4291 if (flags & SO_ALL) {
4292 struct kmem_cache_node *n;
4294 for_each_kmem_cache_node(s, node, n) {
4296 if (flags & SO_TOTAL)
4297 x = atomic_long_read(&n->total_objects);
4298 else if (flags & SO_OBJECTS)
4299 x = atomic_long_read(&n->total_objects) -
4300 count_partial(n, count_free);
4302 x = atomic_long_read(&n->nr_slabs);
4309 if (flags & SO_PARTIAL) {
4310 struct kmem_cache_node *n;
4312 for_each_kmem_cache_node(s, node, n) {
4313 if (flags & SO_TOTAL)
4314 x = count_partial(n, count_total);
4315 else if (flags & SO_OBJECTS)
4316 x = count_partial(n, count_inuse);
4323 x = sprintf(buf, "%lu", total);
4325 for (node = 0; node < nr_node_ids; node++)
4327 x += sprintf(buf + x, " N%d=%lu",
4332 return x + sprintf(buf + x, "\n");
4335 #ifdef CONFIG_SLUB_DEBUG
4336 static int any_slab_objects(struct kmem_cache *s)
4339 struct kmem_cache_node *n;
4341 for_each_kmem_cache_node(s, node, n)
4342 if (atomic_long_read(&n->total_objects))
4349 #define to_slab_attr(n) container_of(n, struct slab_attribute, attr)
4350 #define to_slab(n) container_of(n, struct kmem_cache, kobj)
4352 struct slab_attribute {
4353 struct attribute attr;
4354 ssize_t (*show)(struct kmem_cache *s, char *buf);
4355 ssize_t (*store)(struct kmem_cache *s, const char *x, size_t count);
4358 #define SLAB_ATTR_RO(_name) \
4359 static struct slab_attribute _name##_attr = \
4360 __ATTR(_name, 0400, _name##_show, NULL)
4362 #define SLAB_ATTR(_name) \
4363 static struct slab_attribute _name##_attr = \
4364 __ATTR(_name, 0600, _name##_show, _name##_store)
4366 static ssize_t slab_size_show(struct kmem_cache *s, char *buf)
4368 return sprintf(buf, "%d\n", s->size);
4370 SLAB_ATTR_RO(slab_size);
4372 static ssize_t align_show(struct kmem_cache *s, char *buf)
4374 return sprintf(buf, "%d\n", s->align);
4376 SLAB_ATTR_RO(align);
4378 static ssize_t object_size_show(struct kmem_cache *s, char *buf)
4380 return sprintf(buf, "%d\n", s->object_size);
4382 SLAB_ATTR_RO(object_size);
4384 static ssize_t objs_per_slab_show(struct kmem_cache *s, char *buf)
4386 return sprintf(buf, "%d\n", oo_objects(s->oo));
4388 SLAB_ATTR_RO(objs_per_slab);
4390 static ssize_t order_store(struct kmem_cache *s,
4391 const char *buf, size_t length)
4393 unsigned long order;
4396 err = kstrtoul(buf, 10, &order);
4400 if (order > slub_max_order || order < slub_min_order)
4403 calculate_sizes(s, order);
4407 static ssize_t order_show(struct kmem_cache *s, char *buf)
4409 return sprintf(buf, "%d\n", oo_order(s->oo));
4413 static ssize_t min_partial_show(struct kmem_cache *s, char *buf)
4415 return sprintf(buf, "%lu\n", s->min_partial);
4418 static ssize_t min_partial_store(struct kmem_cache *s, const char *buf,
4424 err = kstrtoul(buf, 10, &min);
4428 set_min_partial(s, min);
4431 SLAB_ATTR(min_partial);
4433 static ssize_t cpu_partial_show(struct kmem_cache *s, char *buf)
4435 return sprintf(buf, "%u\n", s->cpu_partial);
4438 static ssize_t cpu_partial_store(struct kmem_cache *s, const char *buf,
4441 unsigned long objects;
4444 err = kstrtoul(buf, 10, &objects);
4447 if (objects && !kmem_cache_has_cpu_partial(s))
4450 s->cpu_partial = objects;
4454 SLAB_ATTR(cpu_partial);
4456 static ssize_t ctor_show(struct kmem_cache *s, char *buf)
4460 return sprintf(buf, "%pS\n", s->ctor);
4464 static ssize_t aliases_show(struct kmem_cache *s, char *buf)
4466 return sprintf(buf, "%d\n", s->refcount - 1);
4468 SLAB_ATTR_RO(aliases);
4470 static ssize_t partial_show(struct kmem_cache *s, char *buf)
4472 return show_slab_objects(s, buf, SO_PARTIAL);
4474 SLAB_ATTR_RO(partial);
4476 static ssize_t cpu_slabs_show(struct kmem_cache *s, char *buf)
4478 return show_slab_objects(s, buf, SO_CPU);
4480 SLAB_ATTR_RO(cpu_slabs);
4482 static ssize_t objects_show(struct kmem_cache *s, char *buf)
4484 return show_slab_objects(s, buf, SO_ALL|SO_OBJECTS);
4486 SLAB_ATTR_RO(objects);
4488 static ssize_t objects_partial_show(struct kmem_cache *s, char *buf)
4490 return show_slab_objects(s, buf, SO_PARTIAL|SO_OBJECTS);
4492 SLAB_ATTR_RO(objects_partial);
4494 static ssize_t slabs_cpu_partial_show(struct kmem_cache *s, char *buf)
4501 for_each_online_cpu(cpu) {
4502 struct page *page = per_cpu_ptr(s->cpu_slab, cpu)->partial;
4505 pages += page->pages;
4506 objects += page->pobjects;
4510 len = sprintf(buf, "%d(%d)", objects, pages);
4513 for_each_online_cpu(cpu) {
4514 struct page *page = per_cpu_ptr(s->cpu_slab, cpu) ->partial;
4516 if (page && len < PAGE_SIZE - 20)
4517 len += sprintf(buf + len, " C%d=%d(%d)", cpu,
4518 page->pobjects, page->pages);
4521 return len + sprintf(buf + len, "\n");
4523 SLAB_ATTR_RO(slabs_cpu_partial);
4525 static ssize_t reclaim_account_show(struct kmem_cache *s, char *buf)
4527 return sprintf(buf, "%d\n", !!(s->flags & SLAB_RECLAIM_ACCOUNT));
4530 static ssize_t reclaim_account_store(struct kmem_cache *s,
4531 const char *buf, size_t length)
4533 s->flags &= ~SLAB_RECLAIM_ACCOUNT;
4535 s->flags |= SLAB_RECLAIM_ACCOUNT;
4538 SLAB_ATTR(reclaim_account);
4540 static ssize_t hwcache_align_show(struct kmem_cache *s, char *buf)
4542 return sprintf(buf, "%d\n", !!(s->flags & SLAB_HWCACHE_ALIGN));
4544 SLAB_ATTR_RO(hwcache_align);
4546 #ifdef CONFIG_ZONE_DMA
4547 static ssize_t cache_dma_show(struct kmem_cache *s, char *buf)
4549 return sprintf(buf, "%d\n", !!(s->flags & SLAB_CACHE_DMA));
4551 SLAB_ATTR_RO(cache_dma);
4554 static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf)
4556 return sprintf(buf, "%d\n", !!(s->flags & SLAB_DESTROY_BY_RCU));
4558 SLAB_ATTR_RO(destroy_by_rcu);
4560 static ssize_t reserved_show(struct kmem_cache *s, char *buf)
4562 return sprintf(buf, "%d\n", s->reserved);
4564 SLAB_ATTR_RO(reserved);
4566 #ifdef CONFIG_SLUB_DEBUG
4567 static ssize_t slabs_show(struct kmem_cache *s, char *buf)
4569 return show_slab_objects(s, buf, SO_ALL);
4571 SLAB_ATTR_RO(slabs);
4573 static ssize_t total_objects_show(struct kmem_cache *s, char *buf)
4575 return show_slab_objects(s, buf, SO_ALL|SO_TOTAL);
4577 SLAB_ATTR_RO(total_objects);
4579 static ssize_t sanity_checks_show(struct kmem_cache *s, char *buf)
4581 return sprintf(buf, "%d\n", !!(s->flags & SLAB_DEBUG_FREE));
4584 static ssize_t sanity_checks_store(struct kmem_cache *s,
4585 const char *buf, size_t length)
4587 s->flags &= ~SLAB_DEBUG_FREE;
4588 if (buf[0] == '1') {
4589 s->flags &= ~__CMPXCHG_DOUBLE;
4590 s->flags |= SLAB_DEBUG_FREE;
4594 SLAB_ATTR(sanity_checks);
4596 static ssize_t trace_show(struct kmem_cache *s, char *buf)
4598 return sprintf(buf, "%d\n", !!(s->flags & SLAB_TRACE));
4601 static ssize_t trace_store(struct kmem_cache *s, const char *buf,
4604 s->flags &= ~SLAB_TRACE;
4605 if (buf[0] == '1') {
4606 s->flags &= ~__CMPXCHG_DOUBLE;
4607 s->flags |= SLAB_TRACE;
4613 static ssize_t red_zone_show(struct kmem_cache *s, char *buf)
4615 return sprintf(buf, "%d\n", !!(s->flags & SLAB_RED_ZONE));
4618 static ssize_t red_zone_store(struct kmem_cache *s,
4619 const char *buf, size_t length)
4621 if (any_slab_objects(s))
4624 s->flags &= ~SLAB_RED_ZONE;
4625 if (buf[0] == '1') {
4626 s->flags &= ~__CMPXCHG_DOUBLE;
4627 s->flags |= SLAB_RED_ZONE;
4629 calculate_sizes(s, -1);
4632 SLAB_ATTR(red_zone);
4634 static ssize_t poison_show(struct kmem_cache *s, char *buf)
4636 return sprintf(buf, "%d\n", !!(s->flags & SLAB_POISON));
4639 static ssize_t poison_store(struct kmem_cache *s,
4640 const char *buf, size_t length)
4642 if (any_slab_objects(s))
4645 s->flags &= ~SLAB_POISON;
4646 if (buf[0] == '1') {
4647 s->flags &= ~__CMPXCHG_DOUBLE;
4648 s->flags |= SLAB_POISON;
4650 calculate_sizes(s, -1);
4655 static ssize_t store_user_show(struct kmem_cache *s, char *buf)
4657 return sprintf(buf, "%d\n", !!(s->flags & SLAB_STORE_USER));
4660 static ssize_t store_user_store(struct kmem_cache *s,
4661 const char *buf, size_t length)
4663 if (any_slab_objects(s))
4666 s->flags &= ~SLAB_STORE_USER;
4667 if (buf[0] == '1') {
4668 s->flags &= ~__CMPXCHG_DOUBLE;
4669 s->flags |= SLAB_STORE_USER;
4671 calculate_sizes(s, -1);
4674 SLAB_ATTR(store_user);
4676 static ssize_t validate_show(struct kmem_cache *s, char *buf)
4681 static ssize_t validate_store(struct kmem_cache *s,
4682 const char *buf, size_t length)
4686 if (buf[0] == '1') {
4687 ret = validate_slab_cache(s);
4693 SLAB_ATTR(validate);
4695 static ssize_t alloc_calls_show(struct kmem_cache *s, char *buf)
4697 if (!(s->flags & SLAB_STORE_USER))
4699 return list_locations(s, buf, TRACK_ALLOC);
4701 SLAB_ATTR_RO(alloc_calls);
4703 static ssize_t free_calls_show(struct kmem_cache *s, char *buf)
4705 if (!(s->flags & SLAB_STORE_USER))
4707 return list_locations(s, buf, TRACK_FREE);
4709 SLAB_ATTR_RO(free_calls);
4710 #endif /* CONFIG_SLUB_DEBUG */
4712 #ifdef CONFIG_FAILSLAB
4713 static ssize_t failslab_show(struct kmem_cache *s, char *buf)
4715 return sprintf(buf, "%d\n", !!(s->flags & SLAB_FAILSLAB));
4718 static ssize_t failslab_store(struct kmem_cache *s, const char *buf,
4721 s->flags &= ~SLAB_FAILSLAB;
4723 s->flags |= SLAB_FAILSLAB;
4726 SLAB_ATTR(failslab);
4729 static ssize_t shrink_show(struct kmem_cache *s, char *buf)
4734 static ssize_t shrink_store(struct kmem_cache *s,
4735 const char *buf, size_t length)
4737 if (buf[0] == '1') {
4738 int rc = kmem_cache_shrink(s);
4749 static ssize_t remote_node_defrag_ratio_show(struct kmem_cache *s, char *buf)
4751 return sprintf(buf, "%d\n", s->remote_node_defrag_ratio / 10);
4754 static ssize_t remote_node_defrag_ratio_store(struct kmem_cache *s,
4755 const char *buf, size_t length)
4757 unsigned long ratio;
4760 err = kstrtoul(buf, 10, &ratio);
4765 s->remote_node_defrag_ratio = ratio * 10;
4769 SLAB_ATTR(remote_node_defrag_ratio);
4772 #ifdef CONFIG_SLUB_STATS
4773 static int show_stat(struct kmem_cache *s, char *buf, enum stat_item si)
4775 unsigned long sum = 0;
4778 int *data = kmalloc(nr_cpu_ids * sizeof(int), GFP_KERNEL);
4783 for_each_online_cpu(cpu) {
4784 unsigned x = per_cpu_ptr(s->cpu_slab, cpu)->stat[si];
4790 len = sprintf(buf, "%lu", sum);
4793 for_each_online_cpu(cpu) {
4794 if (data[cpu] && len < PAGE_SIZE - 20)
4795 len += sprintf(buf + len, " C%d=%u", cpu, data[cpu]);
4799 return len + sprintf(buf + len, "\n");
4802 static void clear_stat(struct kmem_cache *s, enum stat_item si)
4806 for_each_online_cpu(cpu)
4807 per_cpu_ptr(s->cpu_slab, cpu)->stat[si] = 0;
4810 #define STAT_ATTR(si, text) \
4811 static ssize_t text##_show(struct kmem_cache *s, char *buf) \
4813 return show_stat(s, buf, si); \
4815 static ssize_t text##_store(struct kmem_cache *s, \
4816 const char *buf, size_t length) \
4818 if (buf[0] != '0') \
4820 clear_stat(s, si); \
4825 STAT_ATTR(ALLOC_FASTPATH, alloc_fastpath);
4826 STAT_ATTR(ALLOC_SLOWPATH, alloc_slowpath);
4827 STAT_ATTR(FREE_FASTPATH, free_fastpath);
4828 STAT_ATTR(FREE_SLOWPATH, free_slowpath);
4829 STAT_ATTR(FREE_FROZEN, free_frozen);
4830 STAT_ATTR(FREE_ADD_PARTIAL, free_add_partial);
4831 STAT_ATTR(FREE_REMOVE_PARTIAL, free_remove_partial);
4832 STAT_ATTR(ALLOC_FROM_PARTIAL, alloc_from_partial);
4833 STAT_ATTR(ALLOC_SLAB, alloc_slab);
4834 STAT_ATTR(ALLOC_REFILL, alloc_refill);
4835 STAT_ATTR(ALLOC_NODE_MISMATCH, alloc_node_mismatch);
4836 STAT_ATTR(FREE_SLAB, free_slab);
4837 STAT_ATTR(CPUSLAB_FLUSH, cpuslab_flush);
4838 STAT_ATTR(DEACTIVATE_FULL, deactivate_full);
4839 STAT_ATTR(DEACTIVATE_EMPTY, deactivate_empty);
4840 STAT_ATTR(DEACTIVATE_TO_HEAD, deactivate_to_head);
4841 STAT_ATTR(DEACTIVATE_TO_TAIL, deactivate_to_tail);
4842 STAT_ATTR(DEACTIVATE_REMOTE_FREES, deactivate_remote_frees);
4843 STAT_ATTR(DEACTIVATE_BYPASS, deactivate_bypass);
4844 STAT_ATTR(ORDER_FALLBACK, order_fallback);
4845 STAT_ATTR(CMPXCHG_DOUBLE_CPU_FAIL, cmpxchg_double_cpu_fail);
4846 STAT_ATTR(CMPXCHG_DOUBLE_FAIL, cmpxchg_double_fail);
4847 STAT_ATTR(CPU_PARTIAL_ALLOC, cpu_partial_alloc);
4848 STAT_ATTR(CPU_PARTIAL_FREE, cpu_partial_free);
4849 STAT_ATTR(CPU_PARTIAL_NODE, cpu_partial_node);
4850 STAT_ATTR(CPU_PARTIAL_DRAIN, cpu_partial_drain);
4853 static struct attribute *slab_attrs[] = {
4854 &slab_size_attr.attr,
4855 &object_size_attr.attr,
4856 &objs_per_slab_attr.attr,
4858 &min_partial_attr.attr,
4859 &cpu_partial_attr.attr,
4861 &objects_partial_attr.attr,
4863 &cpu_slabs_attr.attr,
4867 &hwcache_align_attr.attr,
4868 &reclaim_account_attr.attr,
4869 &destroy_by_rcu_attr.attr,
4871 &reserved_attr.attr,
4872 &slabs_cpu_partial_attr.attr,
4873 #ifdef CONFIG_SLUB_DEBUG
4874 &total_objects_attr.attr,
4876 &sanity_checks_attr.attr,
4878 &red_zone_attr.attr,
4880 &store_user_attr.attr,
4881 &validate_attr.attr,
4882 &alloc_calls_attr.attr,
4883 &free_calls_attr.attr,
4885 #ifdef CONFIG_ZONE_DMA
4886 &cache_dma_attr.attr,
4889 &remote_node_defrag_ratio_attr.attr,
4891 #ifdef CONFIG_SLUB_STATS
4892 &alloc_fastpath_attr.attr,
4893 &alloc_slowpath_attr.attr,
4894 &free_fastpath_attr.attr,
4895 &free_slowpath_attr.attr,
4896 &free_frozen_attr.attr,
4897 &free_add_partial_attr.attr,
4898 &free_remove_partial_attr.attr,
4899 &alloc_from_partial_attr.attr,
4900 &alloc_slab_attr.attr,
4901 &alloc_refill_attr.attr,
4902 &alloc_node_mismatch_attr.attr,
4903 &free_slab_attr.attr,
4904 &cpuslab_flush_attr.attr,
4905 &deactivate_full_attr.attr,
4906 &deactivate_empty_attr.attr,
4907 &deactivate_to_head_attr.attr,
4908 &deactivate_to_tail_attr.attr,
4909 &deactivate_remote_frees_attr.attr,
4910 &deactivate_bypass_attr.attr,
4911 &order_fallback_attr.attr,
4912 &cmpxchg_double_fail_attr.attr,
4913 &cmpxchg_double_cpu_fail_attr.attr,
4914 &cpu_partial_alloc_attr.attr,
4915 &cpu_partial_free_attr.attr,
4916 &cpu_partial_node_attr.attr,
4917 &cpu_partial_drain_attr.attr,
4919 #ifdef CONFIG_FAILSLAB
4920 &failslab_attr.attr,
4926 static struct attribute_group slab_attr_group = {
4927 .attrs = slab_attrs,
4930 static ssize_t slab_attr_show(struct kobject *kobj,
4931 struct attribute *attr,
4934 struct slab_attribute *attribute;
4935 struct kmem_cache *s;
4938 attribute = to_slab_attr(attr);
4941 if (!attribute->show)
4944 err = attribute->show(s, buf);
4949 static ssize_t slab_attr_store(struct kobject *kobj,
4950 struct attribute *attr,
4951 const char *buf, size_t len)
4953 struct slab_attribute *attribute;
4954 struct kmem_cache *s;
4957 attribute = to_slab_attr(attr);
4960 if (!attribute->store)
4963 err = attribute->store(s, buf, len);
4964 #ifdef CONFIG_MEMCG_KMEM
4965 if (slab_state >= FULL && err >= 0 && is_root_cache(s)) {
4968 mutex_lock(&slab_mutex);
4969 if (s->max_attr_size < len)
4970 s->max_attr_size = len;
4973 * This is a best effort propagation, so this function's return
4974 * value will be determined by the parent cache only. This is
4975 * basically because not all attributes will have a well
4976 * defined semantics for rollbacks - most of the actions will
4977 * have permanent effects.
4979 * Returning the error value of any of the children that fail
4980 * is not 100 % defined, in the sense that users seeing the
4981 * error code won't be able to know anything about the state of
4984 * Only returning the error code for the parent cache at least
4985 * has well defined semantics. The cache being written to
4986 * directly either failed or succeeded, in which case we loop
4987 * through the descendants with best-effort propagation.
4989 for_each_memcg_cache_index(i) {
4990 struct kmem_cache *c = cache_from_memcg_idx(s, i);
4992 attribute->store(c, buf, len);
4994 mutex_unlock(&slab_mutex);
5000 static void memcg_propagate_slab_attrs(struct kmem_cache *s)
5002 #ifdef CONFIG_MEMCG_KMEM
5004 char *buffer = NULL;
5005 struct kmem_cache *root_cache;
5007 if (is_root_cache(s))
5010 root_cache = s->memcg_params->root_cache;
5013 * This mean this cache had no attribute written. Therefore, no point
5014 * in copying default values around
5016 if (!root_cache->max_attr_size)
5019 for (i = 0; i < ARRAY_SIZE(slab_attrs); i++) {
5022 struct slab_attribute *attr = to_slab_attr(slab_attrs[i]);
5024 if (!attr || !attr->store || !attr->show)
5028 * It is really bad that we have to allocate here, so we will
5029 * do it only as a fallback. If we actually allocate, though,
5030 * we can just use the allocated buffer until the end.
5032 * Most of the slub attributes will tend to be very small in
5033 * size, but sysfs allows buffers up to a page, so they can
5034 * theoretically happen.
5038 else if (root_cache->max_attr_size < ARRAY_SIZE(mbuf))
5041 buffer = (char *) get_zeroed_page(GFP_KERNEL);
5042 if (WARN_ON(!buffer))
5047 attr->show(root_cache, buf);
5048 attr->store(s, buf, strlen(buf));
5052 free_page((unsigned long)buffer);
5056 static void kmem_cache_release(struct kobject *k)
5058 slab_kmem_cache_release(to_slab(k));
5061 static const struct sysfs_ops slab_sysfs_ops = {
5062 .show = slab_attr_show,
5063 .store = slab_attr_store,
5066 static struct kobj_type slab_ktype = {
5067 .sysfs_ops = &slab_sysfs_ops,
5068 .release = kmem_cache_release,
5071 static int uevent_filter(struct kset *kset, struct kobject *kobj)
5073 struct kobj_type *ktype = get_ktype(kobj);
5075 if (ktype == &slab_ktype)
5080 static const struct kset_uevent_ops slab_uevent_ops = {
5081 .filter = uevent_filter,
5084 static struct kset *slab_kset;
5086 static inline struct kset *cache_kset(struct kmem_cache *s)
5088 #ifdef CONFIG_MEMCG_KMEM
5089 if (!is_root_cache(s))
5090 return s->memcg_params->root_cache->memcg_kset;
5095 #define ID_STR_LENGTH 64
5097 /* Create a unique string id for a slab cache:
5099 * Format :[flags-]size
5101 static char *create_unique_id(struct kmem_cache *s)
5103 char *name = kmalloc(ID_STR_LENGTH, GFP_KERNEL);
5110 * First flags affecting slabcache operations. We will only
5111 * get here for aliasable slabs so we do not need to support
5112 * too many flags. The flags here must cover all flags that
5113 * are matched during merging to guarantee that the id is
5116 if (s->flags & SLAB_CACHE_DMA)
5118 if (s->flags & SLAB_RECLAIM_ACCOUNT)
5120 if (s->flags & SLAB_DEBUG_FREE)
5122 if (!(s->flags & SLAB_NOTRACK))
5126 p += sprintf(p, "%07d", s->size);
5128 #ifdef CONFIG_MEMCG_KMEM
5129 if (!is_root_cache(s))
5130 p += sprintf(p, "-%08d",
5131 memcg_cache_id(s->memcg_params->memcg));
5134 BUG_ON(p > name + ID_STR_LENGTH - 1);
5138 static int sysfs_slab_add(struct kmem_cache *s)
5142 int unmergeable = slab_unmergeable(s);
5146 * Slabcache can never be merged so we can use the name proper.
5147 * This is typically the case for debug situations. In that
5148 * case we can catch duplicate names easily.
5150 sysfs_remove_link(&slab_kset->kobj, s->name);
5154 * Create a unique name for the slab as a target
5157 name = create_unique_id(s);
5160 s->kobj.kset = cache_kset(s);
5161 err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name);
5165 err = sysfs_create_group(&s->kobj, &slab_attr_group);
5169 #ifdef CONFIG_MEMCG_KMEM
5170 if (is_root_cache(s)) {
5171 s->memcg_kset = kset_create_and_add("cgroup", NULL, &s->kobj);
5172 if (!s->memcg_kset) {
5179 kobject_uevent(&s->kobj, KOBJ_ADD);
5181 /* Setup first alias */
5182 sysfs_slab_alias(s, s->name);
5189 kobject_del(&s->kobj);
5191 kobject_put(&s->kobj);
5195 void sysfs_slab_remove(struct kmem_cache *s)
5197 if (slab_state < FULL)
5199 * Sysfs has not been setup yet so no need to remove the
5204 #ifdef CONFIG_MEMCG_KMEM
5205 kset_unregister(s->memcg_kset);
5207 kobject_uevent(&s->kobj, KOBJ_REMOVE);
5208 kobject_del(&s->kobj);
5209 kobject_put(&s->kobj);
5213 * Need to buffer aliases during bootup until sysfs becomes
5214 * available lest we lose that information.
5216 struct saved_alias {
5217 struct kmem_cache *s;
5219 struct saved_alias *next;
5222 static struct saved_alias *alias_list;
5224 static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
5226 struct saved_alias *al;
5228 if (slab_state == FULL) {
5230 * If we have a leftover link then remove it.
5232 sysfs_remove_link(&slab_kset->kobj, name);
5233 return sysfs_create_link(&slab_kset->kobj, &s->kobj, name);
5236 al = kmalloc(sizeof(struct saved_alias), GFP_KERNEL);
5242 al->next = alias_list;
5247 static int __init slab_sysfs_init(void)
5249 struct kmem_cache *s;
5252 mutex_lock(&slab_mutex);
5254 slab_kset = kset_create_and_add("slab", &slab_uevent_ops, kernel_kobj);
5256 mutex_unlock(&slab_mutex);
5257 pr_err("Cannot register slab subsystem.\n");
5263 list_for_each_entry(s, &slab_caches, list) {
5264 err = sysfs_slab_add(s);
5266 pr_err("SLUB: Unable to add boot slab %s to sysfs\n",
5270 while (alias_list) {
5271 struct saved_alias *al = alias_list;
5273 alias_list = alias_list->next;
5274 err = sysfs_slab_alias(al->s, al->name);
5276 pr_err("SLUB: Unable to add boot slab alias %s to sysfs\n",
5281 mutex_unlock(&slab_mutex);
5286 __initcall(slab_sysfs_init);
5287 #endif /* CONFIG_SYSFS */
5290 * The /proc/slabinfo ABI
5292 #ifdef CONFIG_SLABINFO
5293 void get_slabinfo(struct kmem_cache *s, struct slabinfo *sinfo)
5295 unsigned long nr_slabs = 0;
5296 unsigned long nr_objs = 0;
5297 unsigned long nr_free = 0;
5299 struct kmem_cache_node *n;
5301 for_each_kmem_cache_node(s, node, n) {
5302 nr_slabs += node_nr_slabs(n);
5303 nr_objs += node_nr_objs(n);
5304 nr_free += count_partial(n, count_free);
5307 sinfo->active_objs = nr_objs - nr_free;
5308 sinfo->num_objs = nr_objs;
5309 sinfo->active_slabs = nr_slabs;
5310 sinfo->num_slabs = nr_slabs;
5311 sinfo->objects_per_slab = oo_objects(s->oo);
5312 sinfo->cache_order = oo_order(s->oo);
5315 void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *s)
5319 ssize_t slabinfo_write(struct file *file, const char __user *buffer,
5320 size_t count, loff_t *ppos)
5324 #endif /* CONFIG_SLABINFO */
projects / firefly-linux-kernel-4.4.55.git / blob