1 // SPDX-License-Identifier: GPL-2.0
3 * Slab allocator functions that are independent of the allocator strategy
7 #include <linux/slab.h>
10 #include <linux/poison.h>
11 #include <linux/interrupt.h>
12 #include <linux/memory.h>
13 #include <linux/cache.h>
14 #include <linux/compiler.h>
15 #include <linux/kfence.h>
16 #include <linux/module.h>
17 #include <linux/cpu.h>
18 #include <linux/uaccess.h>
19 #include <linux/seq_file.h>
20 #include <linux/dma-mapping.h>
21 #include <linux/swiotlb.h>
22 #include <linux/proc_fs.h>
23 #include <linux/debugfs.h>
24 #include <linux/kmemleak.h>
25 #include <linux/kasan.h>
26 #include <asm/cacheflush.h>
27 #include <asm/tlbflush.h>
29 #include <linux/memcontrol.h>
30 #include <linux/stackdepot.h>
35 #define CREATE_TRACE_POINTS
36 #include <trace/events/kmem.h>
38 enum slab_state slab_state;
39 LIST_HEAD(slab_caches);
40 DEFINE_MUTEX(slab_mutex);
41 struct kmem_cache *kmem_cache;
43 static LIST_HEAD(slab_caches_to_rcu_destroy);
44 static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work);
45 static DECLARE_WORK(slab_caches_to_rcu_destroy_work,
46 slab_caches_to_rcu_destroy_workfn);
49 * Set of flags that will prevent slab merging
51 #define SLAB_NEVER_MERGE (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER | \
52 SLAB_TRACE | SLAB_TYPESAFE_BY_RCU | SLAB_NOLEAKTRACE | \
53 SLAB_FAILSLAB | SLAB_NO_MERGE)
55 #define SLAB_MERGE_SAME (SLAB_RECLAIM_ACCOUNT | SLAB_CACHE_DMA | \
56 SLAB_CACHE_DMA32 | SLAB_ACCOUNT)
59 * Merge control. If this is set then no merging of slab caches will occur.
61 static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT);
63 static int __init setup_slab_nomerge(char *str)
69 static int __init setup_slab_merge(char *str)
75 __setup_param("slub_nomerge", slub_nomerge, setup_slab_nomerge, 0);
76 __setup_param("slub_merge", slub_merge, setup_slab_merge, 0);
78 __setup("slab_nomerge", setup_slab_nomerge);
79 __setup("slab_merge", setup_slab_merge);
82 * Determine the size of a slab object
84 unsigned int kmem_cache_size(struct kmem_cache *s)
86 return s->object_size;
88 EXPORT_SYMBOL(kmem_cache_size);
90 #ifdef CONFIG_DEBUG_VM
91 static int kmem_cache_sanity_check(const char *name, unsigned int size)
93 if (!name || in_interrupt() || size > KMALLOC_MAX_SIZE) {
94 pr_err("kmem_cache_create(%s) integrity check failed\n", name);
98 WARN_ON(strchr(name, ' ')); /* It confuses parsers */
102 static inline int kmem_cache_sanity_check(const char *name, unsigned int size)
109 * Figure out what the alignment of the objects will be given a set of
110 * flags, a user specified alignment and the size of the objects.
112 static unsigned int calculate_alignment(slab_flags_t flags,
113 unsigned int align, unsigned int size)
116 * If the user wants hardware cache aligned objects then follow that
117 * suggestion if the object is sufficiently large.
119 * The hardware cache alignment cannot override the specified
120 * alignment though. If that is greater then use it.
122 if (flags & SLAB_HWCACHE_ALIGN) {
125 ralign = cache_line_size();
126 while (size <= ralign / 2)
128 align = max(align, ralign);
131 align = max(align, arch_slab_minalign());
133 return ALIGN(align, sizeof(void *));
137 * Find a mergeable slab cache
139 int slab_unmergeable(struct kmem_cache *s)
141 if (slab_nomerge || (s->flags & SLAB_NEVER_MERGE))
147 #ifdef CONFIG_HARDENED_USERCOPY
153 * We may have set a slab to be unmergeable during bootstrap.
161 struct kmem_cache *find_mergeable(unsigned int size, unsigned int align,
162 slab_flags_t flags, const char *name, void (*ctor)(void *))
164 struct kmem_cache *s;
172 size = ALIGN(size, sizeof(void *));
173 align = calculate_alignment(flags, align, size);
174 size = ALIGN(size, align);
175 flags = kmem_cache_flags(flags, name);
177 if (flags & SLAB_NEVER_MERGE)
180 list_for_each_entry_reverse(s, &slab_caches, list) {
181 if (slab_unmergeable(s))
187 if ((flags & SLAB_MERGE_SAME) != (s->flags & SLAB_MERGE_SAME))
190 * Check if alignment is compatible.
191 * Courtesy of Adrian Drzewiecki
193 if ((s->size & ~(align - 1)) != s->size)
196 if (s->size - size >= sizeof(void *))
204 static struct kmem_cache *create_cache(const char *name,
205 unsigned int object_size, unsigned int align,
206 slab_flags_t flags, unsigned int useroffset,
207 unsigned int usersize, void (*ctor)(void *),
208 struct kmem_cache *root_cache)
210 struct kmem_cache *s;
213 if (WARN_ON(useroffset + usersize > object_size))
214 useroffset = usersize = 0;
217 s = kmem_cache_zalloc(kmem_cache, GFP_KERNEL);
222 s->size = s->object_size = object_size;
225 #ifdef CONFIG_HARDENED_USERCOPY
226 s->useroffset = useroffset;
227 s->usersize = usersize;
230 err = __kmem_cache_create(s, flags);
235 list_add(&s->list, &slab_caches);
239 kmem_cache_free(kmem_cache, s);
245 * kmem_cache_create_usercopy - Create a cache with a region suitable
246 * for copying to userspace
247 * @name: A string which is used in /proc/slabinfo to identify this cache.
248 * @size: The size of objects to be created in this cache.
249 * @align: The required alignment for the objects.
251 * @useroffset: Usercopy region offset
252 * @usersize: Usercopy region size
253 * @ctor: A constructor for the objects.
255 * Cannot be called within a interrupt, but can be interrupted.
256 * The @ctor is run when new pages are allocated by the cache.
260 * %SLAB_POISON - Poison the slab with a known test pattern (a5a5a5a5)
261 * to catch references to uninitialised memory.
263 * %SLAB_RED_ZONE - Insert `Red` zones around the allocated memory to check
264 * for buffer overruns.
266 * %SLAB_HWCACHE_ALIGN - Align the objects in this cache to a hardware
267 * cacheline. This can be beneficial if you're counting cycles as closely
270 * Return: a pointer to the cache on success, NULL on failure.
273 kmem_cache_create_usercopy(const char *name,
274 unsigned int size, unsigned int align,
276 unsigned int useroffset, unsigned int usersize,
277 void (*ctor)(void *))
279 struct kmem_cache *s = NULL;
280 const char *cache_name;
283 #ifdef CONFIG_SLUB_DEBUG
285 * If no slab_debug was enabled globally, the static key is not yet
286 * enabled by setup_slub_debug(). Enable it if the cache is being
287 * created with any of the debugging flags passed explicitly.
288 * It's also possible that this is the first cache created with
289 * SLAB_STORE_USER and we should init stack_depot for it.
291 if (flags & SLAB_DEBUG_FLAGS)
292 static_branch_enable(&slub_debug_enabled);
293 if (flags & SLAB_STORE_USER)
297 mutex_lock(&slab_mutex);
299 err = kmem_cache_sanity_check(name, size);
304 /* Refuse requests with allocator specific flags */
305 if (flags & ~SLAB_FLAGS_PERMITTED) {
311 * Some allocators will constraint the set of valid flags to a subset
312 * of all flags. We expect them to define CACHE_CREATE_MASK in this
313 * case, and we'll just provide them with a sanitized version of the
316 flags &= CACHE_CREATE_MASK;
318 /* Fail closed on bad usersize of useroffset values. */
319 if (!IS_ENABLED(CONFIG_HARDENED_USERCOPY) ||
320 WARN_ON(!usersize && useroffset) ||
321 WARN_ON(size < usersize || size - usersize < useroffset))
322 usersize = useroffset = 0;
325 s = __kmem_cache_alias(name, size, align, flags, ctor);
329 cache_name = kstrdup_const(name, GFP_KERNEL);
335 s = create_cache(cache_name, size,
336 calculate_alignment(flags, align, size),
337 flags, useroffset, usersize, ctor, NULL);
340 kfree_const(cache_name);
344 mutex_unlock(&slab_mutex);
347 if (flags & SLAB_PANIC)
348 panic("%s: Failed to create slab '%s'. Error %d\n",
349 __func__, name, err);
351 pr_warn("%s(%s) failed with error %d\n",
352 __func__, name, err);
359 EXPORT_SYMBOL(kmem_cache_create_usercopy);
362 * kmem_cache_create - Create a cache.
363 * @name: A string which is used in /proc/slabinfo to identify this cache.
364 * @size: The size of objects to be created in this cache.
365 * @align: The required alignment for the objects.
367 * @ctor: A constructor for the objects.
369 * Cannot be called within a interrupt, but can be interrupted.
370 * The @ctor is run when new pages are allocated by the cache.
374 * %SLAB_POISON - Poison the slab with a known test pattern (a5a5a5a5)
375 * to catch references to uninitialised memory.
377 * %SLAB_RED_ZONE - Insert `Red` zones around the allocated memory to check
378 * for buffer overruns.
380 * %SLAB_HWCACHE_ALIGN - Align the objects in this cache to a hardware
381 * cacheline. This can be beneficial if you're counting cycles as closely
384 * Return: a pointer to the cache on success, NULL on failure.
387 kmem_cache_create(const char *name, unsigned int size, unsigned int align,
388 slab_flags_t flags, void (*ctor)(void *))
390 return kmem_cache_create_usercopy(name, size, align, flags, 0, 0,
393 EXPORT_SYMBOL(kmem_cache_create);
395 static struct kmem_cache *kmem_buckets_cache __ro_after_init;
398 * kmem_buckets_create - Create a set of caches that handle dynamic sized
399 * allocations via kmem_buckets_alloc()
400 * @name: A prefix string which is used in /proc/slabinfo to identify this
401 * cache. The individual caches with have their sizes as the suffix.
402 * @flags: SLAB flags (see kmem_cache_create() for details).
403 * @useroffset: Starting offset within an allocation that may be copied
405 * @usersize: How many bytes, starting at @useroffset, may be copied
407 * @ctor: A constructor for the objects, run when new allocations are made.
409 * Cannot be called within an interrupt, but can be interrupted.
411 * Return: a pointer to the cache on success, NULL on failure. When
412 * CONFIG_SLAB_BUCKETS is not enabled, ZERO_SIZE_PTR is returned, and
413 * subsequent calls to kmem_buckets_alloc() will fall back to kmalloc().
414 * (i.e. callers only need to check for NULL on failure.)
416 kmem_buckets *kmem_buckets_create(const char *name, slab_flags_t flags,
417 unsigned int useroffset,
418 unsigned int usersize,
419 void (*ctor)(void *))
425 * When the separate buckets API is not built in, just return
426 * a non-NULL value for the kmem_buckets pointer, which will be
427 * unused when performing allocations.
429 if (!IS_ENABLED(CONFIG_SLAB_BUCKETS))
430 return ZERO_SIZE_PTR;
432 if (WARN_ON(!kmem_buckets_cache))
435 b = kmem_cache_alloc(kmem_buckets_cache, GFP_KERNEL|__GFP_ZERO);
439 flags |= SLAB_NO_MERGE;
441 for (idx = 0; idx < ARRAY_SIZE(kmalloc_caches[KMALLOC_NORMAL]); idx++) {
442 char *short_size, *cache_name;
443 unsigned int cache_useroffset, cache_usersize;
446 if (!kmalloc_caches[KMALLOC_NORMAL][idx])
449 size = kmalloc_caches[KMALLOC_NORMAL][idx]->object_size;
453 short_size = strchr(kmalloc_caches[KMALLOC_NORMAL][idx]->name, '-');
454 if (WARN_ON(!short_size))
457 cache_name = kasprintf(GFP_KERNEL, "%s-%s", name, short_size + 1);
458 if (WARN_ON(!cache_name))
461 if (useroffset >= size) {
462 cache_useroffset = 0;
465 cache_useroffset = useroffset;
466 cache_usersize = min(size - cache_useroffset, usersize);
468 (*b)[idx] = kmem_cache_create_usercopy(cache_name, size,
469 0, flags, cache_useroffset,
470 cache_usersize, ctor);
472 if (WARN_ON(!(*b)[idx]))
479 for (idx = 0; idx < ARRAY_SIZE(kmalloc_caches[KMALLOC_NORMAL]); idx++)
480 kmem_cache_destroy((*b)[idx]);
485 EXPORT_SYMBOL(kmem_buckets_create);
487 #ifdef SLAB_SUPPORTS_SYSFS
489 * For a given kmem_cache, kmem_cache_destroy() should only be called
490 * once or there will be a use-after-free problem. The actual deletion
491 * and release of the kobject does not need slab_mutex or cpu_hotplug_lock
492 * protection. So they are now done without holding those locks.
494 * Note that there will be a slight delay in the deletion of sysfs files
495 * if kmem_cache_release() is called indrectly from a work function.
497 static void kmem_cache_release(struct kmem_cache *s)
499 if (slab_state >= FULL) {
500 sysfs_slab_unlink(s);
501 sysfs_slab_release(s);
503 slab_kmem_cache_release(s);
507 static void kmem_cache_release(struct kmem_cache *s)
509 slab_kmem_cache_release(s);
513 static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work)
515 LIST_HEAD(to_destroy);
516 struct kmem_cache *s, *s2;
519 * On destruction, SLAB_TYPESAFE_BY_RCU kmem_caches are put on the
520 * @slab_caches_to_rcu_destroy list. The slab pages are freed
521 * through RCU and the associated kmem_cache are dereferenced
522 * while freeing the pages, so the kmem_caches should be freed only
523 * after the pending RCU operations are finished. As rcu_barrier()
524 * is a pretty slow operation, we batch all pending destructions
527 mutex_lock(&slab_mutex);
528 list_splice_init(&slab_caches_to_rcu_destroy, &to_destroy);
529 mutex_unlock(&slab_mutex);
531 if (list_empty(&to_destroy))
536 list_for_each_entry_safe(s, s2, &to_destroy, list) {
537 debugfs_slab_release(s);
538 kfence_shutdown_cache(s);
539 kmem_cache_release(s);
543 static int shutdown_cache(struct kmem_cache *s)
545 /* free asan quarantined objects */
546 kasan_cache_shutdown(s);
548 if (__kmem_cache_shutdown(s) != 0)
553 if (s->flags & SLAB_TYPESAFE_BY_RCU) {
554 list_add_tail(&s->list, &slab_caches_to_rcu_destroy);
555 schedule_work(&slab_caches_to_rcu_destroy_work);
557 kfence_shutdown_cache(s);
558 debugfs_slab_release(s);
564 void slab_kmem_cache_release(struct kmem_cache *s)
566 __kmem_cache_release(s);
567 kfree_const(s->name);
568 kmem_cache_free(kmem_cache, s);
571 void kmem_cache_destroy(struct kmem_cache *s)
576 if (unlikely(!s) || !kasan_check_byte(s))
580 mutex_lock(&slab_mutex);
582 rcu_set = s->flags & SLAB_TYPESAFE_BY_RCU;
588 err = shutdown_cache(s);
589 WARN(err, "%s %s: Slab cache still has objects when called from %pS",
590 __func__, s->name, (void *)_RET_IP_);
592 mutex_unlock(&slab_mutex);
594 if (!err && !rcu_set)
595 kmem_cache_release(s);
597 EXPORT_SYMBOL(kmem_cache_destroy);
600 * kmem_cache_shrink - Shrink a cache.
601 * @cachep: The cache to shrink.
603 * Releases as many slabs as possible for a cache.
604 * To help debugging, a zero exit status indicates all slabs were released.
606 * Return: %0 if all slabs were released, non-zero otherwise
608 int kmem_cache_shrink(struct kmem_cache *cachep)
610 kasan_cache_shrink(cachep);
612 return __kmem_cache_shrink(cachep);
614 EXPORT_SYMBOL(kmem_cache_shrink);
616 bool slab_is_available(void)
618 return slab_state >= UP;
622 static void kmem_obj_info(struct kmem_obj_info *kpp, void *object, struct slab *slab)
624 if (__kfence_obj_info(kpp, object, slab))
626 __kmem_obj_info(kpp, object, slab);
630 * kmem_dump_obj - Print available slab provenance information
631 * @object: slab object for which to find provenance information.
633 * This function uses pr_cont(), so that the caller is expected to have
634 * printed out whatever preamble is appropriate. The provenance information
635 * depends on the type of object and on how much debugging is enabled.
636 * For a slab-cache object, the fact that it is a slab object is printed,
637 * and, if available, the slab name, return address, and stack trace from
638 * the allocation and last free path of that object.
640 * Return: %true if the pointer is to a not-yet-freed object from
641 * kmalloc() or kmem_cache_alloc(), either %true or %false if the pointer
642 * is to an already-freed object, and %false otherwise.
644 bool kmem_dump_obj(void *object)
646 char *cp = IS_ENABLED(CONFIG_MMU) ? "" : "/vmalloc";
649 unsigned long ptroffset;
650 struct kmem_obj_info kp = { };
652 /* Some arches consider ZERO_SIZE_PTR to be a valid address. */
653 if (object < (void *)PAGE_SIZE || !virt_addr_valid(object))
655 slab = virt_to_slab(object);
659 kmem_obj_info(&kp, object, slab);
660 if (kp.kp_slab_cache)
661 pr_cont(" slab%s %s", cp, kp.kp_slab_cache->name);
663 pr_cont(" slab%s", cp);
664 if (is_kfence_address(object))
665 pr_cont(" (kfence)");
667 pr_cont(" start %px", kp.kp_objp);
668 if (kp.kp_data_offset)
669 pr_cont(" data offset %lu", kp.kp_data_offset);
671 ptroffset = ((char *)object - (char *)kp.kp_objp) - kp.kp_data_offset;
672 pr_cont(" pointer offset %lu", ptroffset);
674 if (kp.kp_slab_cache && kp.kp_slab_cache->object_size)
675 pr_cont(" size %u", kp.kp_slab_cache->object_size);
677 pr_cont(" allocated at %pS\n", kp.kp_ret);
680 for (i = 0; i < ARRAY_SIZE(kp.kp_stack); i++) {
683 pr_info(" %pS\n", kp.kp_stack[i]);
686 if (kp.kp_free_stack[0])
687 pr_cont(" Free path:\n");
689 for (i = 0; i < ARRAY_SIZE(kp.kp_free_stack); i++) {
690 if (!kp.kp_free_stack[i])
692 pr_info(" %pS\n", kp.kp_free_stack[i]);
697 EXPORT_SYMBOL_GPL(kmem_dump_obj);
700 /* Create a cache during boot when no slab services are available yet */
701 void __init create_boot_cache(struct kmem_cache *s, const char *name,
702 unsigned int size, slab_flags_t flags,
703 unsigned int useroffset, unsigned int usersize)
706 unsigned int align = ARCH_KMALLOC_MINALIGN;
709 s->size = s->object_size = size;
712 * kmalloc caches guarantee alignment of at least the largest
713 * power-of-two divisor of the size. For power-of-two sizes,
714 * it is the size itself.
716 if (flags & SLAB_KMALLOC)
717 align = max(align, 1U << (ffs(size) - 1));
718 s->align = calculate_alignment(flags, align, size);
720 #ifdef CONFIG_HARDENED_USERCOPY
721 s->useroffset = useroffset;
722 s->usersize = usersize;
725 err = __kmem_cache_create(s, flags);
728 panic("Creation of kmalloc slab %s size=%u failed. Reason %d\n",
731 s->refcount = -1; /* Exempt from merging for now */
734 static struct kmem_cache *__init create_kmalloc_cache(const char *name,
738 struct kmem_cache *s = kmem_cache_zalloc(kmem_cache, GFP_NOWAIT);
741 panic("Out of memory when creating slab %s\n", name);
743 create_boot_cache(s, name, size, flags | SLAB_KMALLOC, 0, size);
744 list_add(&s->list, &slab_caches);
749 kmem_buckets kmalloc_caches[NR_KMALLOC_TYPES] __ro_after_init =
750 { /* initialization for https://llvm.org/pr42570 */ };
751 EXPORT_SYMBOL(kmalloc_caches);
753 #ifdef CONFIG_RANDOM_KMALLOC_CACHES
754 unsigned long random_kmalloc_seed __ro_after_init;
755 EXPORT_SYMBOL(random_kmalloc_seed);
759 * Conversion table for small slabs sizes / 8 to the index in the
760 * kmalloc array. This is necessary for slabs < 192 since we have non power
761 * of two cache sizes there. The size of larger slabs can be determined using
764 u8 kmalloc_size_index[24] __ro_after_init = {
791 size_t kmalloc_size_roundup(size_t size)
793 if (size && size <= KMALLOC_MAX_CACHE_SIZE) {
795 * The flags don't matter since size_index is common to all.
796 * Neither does the caller for just getting ->object_size.
798 return kmalloc_slab(size, NULL, GFP_KERNEL, 0)->object_size;
801 /* Above the smaller buckets, size is a multiple of page size. */
802 if (size && size <= KMALLOC_MAX_SIZE)
803 return PAGE_SIZE << get_order(size);
806 * Return 'size' for 0 - kmalloc() returns ZERO_SIZE_PTR
807 * and very large size - kmalloc() may fail.
812 EXPORT_SYMBOL(kmalloc_size_roundup);
814 #ifdef CONFIG_ZONE_DMA
815 #define KMALLOC_DMA_NAME(sz) .name[KMALLOC_DMA] = "dma-kmalloc-" #sz,
817 #define KMALLOC_DMA_NAME(sz)
821 #define KMALLOC_CGROUP_NAME(sz) .name[KMALLOC_CGROUP] = "kmalloc-cg-" #sz,
823 #define KMALLOC_CGROUP_NAME(sz)
826 #ifndef CONFIG_SLUB_TINY
827 #define KMALLOC_RCL_NAME(sz) .name[KMALLOC_RECLAIM] = "kmalloc-rcl-" #sz,
829 #define KMALLOC_RCL_NAME(sz)
832 #ifdef CONFIG_RANDOM_KMALLOC_CACHES
833 #define __KMALLOC_RANDOM_CONCAT(a, b) a ## b
834 #define KMALLOC_RANDOM_NAME(N, sz) __KMALLOC_RANDOM_CONCAT(KMA_RAND_, N)(sz)
835 #define KMA_RAND_1(sz) .name[KMALLOC_RANDOM_START + 1] = "kmalloc-rnd-01-" #sz,
836 #define KMA_RAND_2(sz) KMA_RAND_1(sz) .name[KMALLOC_RANDOM_START + 2] = "kmalloc-rnd-02-" #sz,
837 #define KMA_RAND_3(sz) KMA_RAND_2(sz) .name[KMALLOC_RANDOM_START + 3] = "kmalloc-rnd-03-" #sz,
838 #define KMA_RAND_4(sz) KMA_RAND_3(sz) .name[KMALLOC_RANDOM_START + 4] = "kmalloc-rnd-04-" #sz,
839 #define KMA_RAND_5(sz) KMA_RAND_4(sz) .name[KMALLOC_RANDOM_START + 5] = "kmalloc-rnd-05-" #sz,
840 #define KMA_RAND_6(sz) KMA_RAND_5(sz) .name[KMALLOC_RANDOM_START + 6] = "kmalloc-rnd-06-" #sz,
841 #define KMA_RAND_7(sz) KMA_RAND_6(sz) .name[KMALLOC_RANDOM_START + 7] = "kmalloc-rnd-07-" #sz,
842 #define KMA_RAND_8(sz) KMA_RAND_7(sz) .name[KMALLOC_RANDOM_START + 8] = "kmalloc-rnd-08-" #sz,
843 #define KMA_RAND_9(sz) KMA_RAND_8(sz) .name[KMALLOC_RANDOM_START + 9] = "kmalloc-rnd-09-" #sz,
844 #define KMA_RAND_10(sz) KMA_RAND_9(sz) .name[KMALLOC_RANDOM_START + 10] = "kmalloc-rnd-10-" #sz,
845 #define KMA_RAND_11(sz) KMA_RAND_10(sz) .name[KMALLOC_RANDOM_START + 11] = "kmalloc-rnd-11-" #sz,
846 #define KMA_RAND_12(sz) KMA_RAND_11(sz) .name[KMALLOC_RANDOM_START + 12] = "kmalloc-rnd-12-" #sz,
847 #define KMA_RAND_13(sz) KMA_RAND_12(sz) .name[KMALLOC_RANDOM_START + 13] = "kmalloc-rnd-13-" #sz,
848 #define KMA_RAND_14(sz) KMA_RAND_13(sz) .name[KMALLOC_RANDOM_START + 14] = "kmalloc-rnd-14-" #sz,
849 #define KMA_RAND_15(sz) KMA_RAND_14(sz) .name[KMALLOC_RANDOM_START + 15] = "kmalloc-rnd-15-" #sz,
850 #else // CONFIG_RANDOM_KMALLOC_CACHES
851 #define KMALLOC_RANDOM_NAME(N, sz)
854 #define INIT_KMALLOC_INFO(__size, __short_size) \
856 .name[KMALLOC_NORMAL] = "kmalloc-" #__short_size, \
857 KMALLOC_RCL_NAME(__short_size) \
858 KMALLOC_CGROUP_NAME(__short_size) \
859 KMALLOC_DMA_NAME(__short_size) \
860 KMALLOC_RANDOM_NAME(RANDOM_KMALLOC_CACHES_NR, __short_size) \
865 * kmalloc_info[] is to make slab_debug=,kmalloc-xx option work at boot time.
866 * kmalloc_index() supports up to 2^21=2MB, so the final entry of the table is
869 const struct kmalloc_info_struct kmalloc_info[] __initconst = {
870 INIT_KMALLOC_INFO(0, 0),
871 INIT_KMALLOC_INFO(96, 96),
872 INIT_KMALLOC_INFO(192, 192),
873 INIT_KMALLOC_INFO(8, 8),
874 INIT_KMALLOC_INFO(16, 16),
875 INIT_KMALLOC_INFO(32, 32),
876 INIT_KMALLOC_INFO(64, 64),
877 INIT_KMALLOC_INFO(128, 128),
878 INIT_KMALLOC_INFO(256, 256),
879 INIT_KMALLOC_INFO(512, 512),
880 INIT_KMALLOC_INFO(1024, 1k),
881 INIT_KMALLOC_INFO(2048, 2k),
882 INIT_KMALLOC_INFO(4096, 4k),
883 INIT_KMALLOC_INFO(8192, 8k),
884 INIT_KMALLOC_INFO(16384, 16k),
885 INIT_KMALLOC_INFO(32768, 32k),
886 INIT_KMALLOC_INFO(65536, 64k),
887 INIT_KMALLOC_INFO(131072, 128k),
888 INIT_KMALLOC_INFO(262144, 256k),
889 INIT_KMALLOC_INFO(524288, 512k),
890 INIT_KMALLOC_INFO(1048576, 1M),
891 INIT_KMALLOC_INFO(2097152, 2M)
895 * Patch up the size_index table if we have strange large alignment
896 * requirements for the kmalloc array. This is only the case for
897 * MIPS it seems. The standard arches will not generate any code here.
899 * Largest permitted alignment is 256 bytes due to the way we
900 * handle the index determination for the smaller caches.
902 * Make sure that nothing crazy happens if someone starts tinkering
903 * around with ARCH_KMALLOC_MINALIGN
905 void __init setup_kmalloc_cache_index_table(void)
909 BUILD_BUG_ON(KMALLOC_MIN_SIZE > 256 ||
910 !is_power_of_2(KMALLOC_MIN_SIZE));
912 for (i = 8; i < KMALLOC_MIN_SIZE; i += 8) {
913 unsigned int elem = size_index_elem(i);
915 if (elem >= ARRAY_SIZE(kmalloc_size_index))
917 kmalloc_size_index[elem] = KMALLOC_SHIFT_LOW;
920 if (KMALLOC_MIN_SIZE >= 64) {
922 * The 96 byte sized cache is not used if the alignment
925 for (i = 64 + 8; i <= 96; i += 8)
926 kmalloc_size_index[size_index_elem(i)] = 7;
930 if (KMALLOC_MIN_SIZE >= 128) {
932 * The 192 byte sized cache is not used if the alignment
933 * is 128 byte. Redirect kmalloc to use the 256 byte cache
936 for (i = 128 + 8; i <= 192; i += 8)
937 kmalloc_size_index[size_index_elem(i)] = 8;
941 static unsigned int __kmalloc_minalign(void)
943 unsigned int minalign = dma_get_cache_alignment();
945 if (IS_ENABLED(CONFIG_DMA_BOUNCE_UNALIGNED_KMALLOC) &&
946 is_swiotlb_allocated())
947 minalign = ARCH_KMALLOC_MINALIGN;
949 return max(minalign, arch_slab_minalign());
953 new_kmalloc_cache(int idx, enum kmalloc_cache_type type)
955 slab_flags_t flags = 0;
956 unsigned int minalign = __kmalloc_minalign();
957 unsigned int aligned_size = kmalloc_info[idx].size;
958 int aligned_idx = idx;
960 if ((KMALLOC_RECLAIM != KMALLOC_NORMAL) && (type == KMALLOC_RECLAIM)) {
961 flags |= SLAB_RECLAIM_ACCOUNT;
962 } else if (IS_ENABLED(CONFIG_MEMCG) && (type == KMALLOC_CGROUP)) {
963 if (mem_cgroup_kmem_disabled()) {
964 kmalloc_caches[type][idx] = kmalloc_caches[KMALLOC_NORMAL][idx];
967 flags |= SLAB_ACCOUNT;
968 } else if (IS_ENABLED(CONFIG_ZONE_DMA) && (type == KMALLOC_DMA)) {
969 flags |= SLAB_CACHE_DMA;
972 #ifdef CONFIG_RANDOM_KMALLOC_CACHES
973 if (type >= KMALLOC_RANDOM_START && type <= KMALLOC_RANDOM_END)
974 flags |= SLAB_NO_MERGE;
978 * If CONFIG_MEMCG is enabled, disable cache merging for
979 * KMALLOC_NORMAL caches.
981 if (IS_ENABLED(CONFIG_MEMCG) && (type == KMALLOC_NORMAL))
982 flags |= SLAB_NO_MERGE;
984 if (minalign > ARCH_KMALLOC_MINALIGN) {
985 aligned_size = ALIGN(aligned_size, minalign);
986 aligned_idx = __kmalloc_index(aligned_size, false);
989 if (!kmalloc_caches[type][aligned_idx])
990 kmalloc_caches[type][aligned_idx] = create_kmalloc_cache(
991 kmalloc_info[aligned_idx].name[type],
992 aligned_size, flags);
993 if (idx != aligned_idx)
994 kmalloc_caches[type][idx] = kmalloc_caches[type][aligned_idx];
998 * Create the kmalloc array. Some of the regular kmalloc arrays
999 * may already have been created because they were needed to
1000 * enable allocations for slab creation.
1002 void __init create_kmalloc_caches(void)
1005 enum kmalloc_cache_type type;
1008 * Including KMALLOC_CGROUP if CONFIG_MEMCG defined
1010 for (type = KMALLOC_NORMAL; type < NR_KMALLOC_TYPES; type++) {
1011 /* Caches that are NOT of the two-to-the-power-of size. */
1012 if (KMALLOC_MIN_SIZE <= 32)
1013 new_kmalloc_cache(1, type);
1014 if (KMALLOC_MIN_SIZE <= 64)
1015 new_kmalloc_cache(2, type);
1017 /* Caches that are of the two-to-the-power-of size. */
1018 for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++)
1019 new_kmalloc_cache(i, type);
1021 #ifdef CONFIG_RANDOM_KMALLOC_CACHES
1022 random_kmalloc_seed = get_random_u64();
1025 /* Kmalloc array is now usable */
1028 if (IS_ENABLED(CONFIG_SLAB_BUCKETS))
1029 kmem_buckets_cache = kmem_cache_create("kmalloc_buckets",
1030 sizeof(kmem_buckets),
1031 0, SLAB_NO_MERGE, NULL);
1035 * __ksize -- Report full size of underlying allocation
1036 * @object: pointer to the object
1038 * This should only be used internally to query the true size of allocations.
1039 * It is not meant to be a way to discover the usable size of an allocation
1040 * after the fact. Instead, use kmalloc_size_roundup(). Using memory beyond
1041 * the originally requested allocation size may trigger KASAN, UBSAN_BOUNDS,
1042 * and/or FORTIFY_SOURCE.
1044 * Return: size of the actual memory used by @object in bytes
1046 size_t __ksize(const void *object)
1048 struct folio *folio;
1050 if (unlikely(object == ZERO_SIZE_PTR))
1053 folio = virt_to_folio(object);
1055 if (unlikely(!folio_test_slab(folio))) {
1056 if (WARN_ON(folio_size(folio) <= KMALLOC_MAX_CACHE_SIZE))
1058 if (WARN_ON(object != folio_address(folio)))
1060 return folio_size(folio);
1063 #ifdef CONFIG_SLUB_DEBUG
1064 skip_orig_size_check(folio_slab(folio)->slab_cache, object);
1067 return slab_ksize(folio_slab(folio)->slab_cache);
1070 gfp_t kmalloc_fix_flags(gfp_t flags)
1072 gfp_t invalid_mask = flags & GFP_SLAB_BUG_MASK;
1074 flags &= ~GFP_SLAB_BUG_MASK;
1075 pr_warn("Unexpected gfp: %#x (%pGg). Fixing up to gfp: %#x (%pGg). Fix your code!\n",
1076 invalid_mask, &invalid_mask, flags, &flags);
1082 #ifdef CONFIG_SLAB_FREELIST_RANDOM
1083 /* Randomize a generic freelist */
1084 static void freelist_randomize(unsigned int *list,
1090 for (i = 0; i < count; i++)
1093 /* Fisher-Yates shuffle */
1094 for (i = count - 1; i > 0; i--) {
1095 rand = get_random_u32_below(i + 1);
1096 swap(list[i], list[rand]);
1100 /* Create a random sequence per cache */
1101 int cache_random_seq_create(struct kmem_cache *cachep, unsigned int count,
1105 if (count < 2 || cachep->random_seq)
1108 cachep->random_seq = kcalloc(count, sizeof(unsigned int), gfp);
1109 if (!cachep->random_seq)
1112 freelist_randomize(cachep->random_seq, count);
1116 /* Destroy the per-cache random freelist sequence */
1117 void cache_random_seq_destroy(struct kmem_cache *cachep)
1119 kfree(cachep->random_seq);
1120 cachep->random_seq = NULL;
1122 #endif /* CONFIG_SLAB_FREELIST_RANDOM */
1124 #ifdef CONFIG_SLUB_DEBUG
1125 #define SLABINFO_RIGHTS (0400)
1127 static void print_slabinfo_header(struct seq_file *m)
1130 * Output format version, so at least we can change it
1131 * without _too_ many complaints.
1133 seq_puts(m, "slabinfo - version: 2.1\n");
1134 seq_puts(m, "# name <active_objs> <num_objs> <objsize> <objperslab> <pagesperslab>");
1135 seq_puts(m, " : tunables <limit> <batchcount> <sharedfactor>");
1136 seq_puts(m, " : slabdata <active_slabs> <num_slabs> <sharedavail>");
1140 static void *slab_start(struct seq_file *m, loff_t *pos)
1142 mutex_lock(&slab_mutex);
1143 return seq_list_start(&slab_caches, *pos);
1146 static void *slab_next(struct seq_file *m, void *p, loff_t *pos)
1148 return seq_list_next(p, &slab_caches, pos);
1151 static void slab_stop(struct seq_file *m, void *p)
1153 mutex_unlock(&slab_mutex);
1156 static void cache_show(struct kmem_cache *s, struct seq_file *m)
1158 struct slabinfo sinfo;
1160 memset(&sinfo, 0, sizeof(sinfo));
1161 get_slabinfo(s, &sinfo);
1163 seq_printf(m, "%-17s %6lu %6lu %6u %4u %4d",
1164 s->name, sinfo.active_objs, sinfo.num_objs, s->size,
1165 sinfo.objects_per_slab, (1 << sinfo.cache_order));
1167 seq_printf(m, " : tunables %4u %4u %4u",
1168 sinfo.limit, sinfo.batchcount, sinfo.shared);
1169 seq_printf(m, " : slabdata %6lu %6lu %6lu",
1170 sinfo.active_slabs, sinfo.num_slabs, sinfo.shared_avail);
1174 static int slab_show(struct seq_file *m, void *p)
1176 struct kmem_cache *s = list_entry(p, struct kmem_cache, list);
1178 if (p == slab_caches.next)
1179 print_slabinfo_header(m);
1184 void dump_unreclaimable_slab(void)
1186 struct kmem_cache *s;
1187 struct slabinfo sinfo;
1190 * Here acquiring slab_mutex is risky since we don't prefer to get
1191 * sleep in oom path. But, without mutex hold, it may introduce a
1193 * Use mutex_trylock to protect the list traverse, dump nothing
1194 * without acquiring the mutex.
1196 if (!mutex_trylock(&slab_mutex)) {
1197 pr_warn("excessive unreclaimable slab but cannot dump stats\n");
1201 pr_info("Unreclaimable slab info:\n");
1202 pr_info("Name Used Total\n");
1204 list_for_each_entry(s, &slab_caches, list) {
1205 if (s->flags & SLAB_RECLAIM_ACCOUNT)
1208 get_slabinfo(s, &sinfo);
1210 if (sinfo.num_objs > 0)
1211 pr_info("%-17s %10luKB %10luKB\n", s->name,
1212 (sinfo.active_objs * s->size) / 1024,
1213 (sinfo.num_objs * s->size) / 1024);
1215 mutex_unlock(&slab_mutex);
1219 * slabinfo_op - iterator that generates /proc/slabinfo
1228 * num-pages-per-slab
1229 * + further values on SMP and with statistics enabled
1231 static const struct seq_operations slabinfo_op = {
1232 .start = slab_start,
1238 static int slabinfo_open(struct inode *inode, struct file *file)
1240 return seq_open(file, &slabinfo_op);
1243 static const struct proc_ops slabinfo_proc_ops = {
1244 .proc_flags = PROC_ENTRY_PERMANENT,
1245 .proc_open = slabinfo_open,
1246 .proc_read = seq_read,
1247 .proc_lseek = seq_lseek,
1248 .proc_release = seq_release,
1251 static int __init slab_proc_init(void)
1253 proc_create("slabinfo", SLABINFO_RIGHTS, NULL, &slabinfo_proc_ops);
1256 module_init(slab_proc_init);
1258 #endif /* CONFIG_SLUB_DEBUG */
1260 static __always_inline __realloc_size(2) void *
1261 __do_krealloc(const void *p, size_t new_size, gfp_t flags)
1266 /* Check for double-free before calling ksize. */
1267 if (likely(!ZERO_OR_NULL_PTR(p))) {
1268 if (!kasan_check_byte(p))
1274 /* If the object still fits, repoison it precisely. */
1275 if (ks >= new_size) {
1276 p = kasan_krealloc((void *)p, new_size, flags);
1280 ret = kmalloc_node_track_caller_noprof(new_size, flags, NUMA_NO_NODE, _RET_IP_);
1282 /* Disable KASAN checks as the object's redzone is accessed. */
1283 kasan_disable_current();
1284 memcpy(ret, kasan_reset_tag(p), ks);
1285 kasan_enable_current();
1292 * krealloc - reallocate memory. The contents will remain unchanged.
1293 * @p: object to reallocate memory for.
1294 * @new_size: how many bytes of memory are required.
1295 * @flags: the type of memory to allocate.
1297 * The contents of the object pointed to are preserved up to the
1298 * lesser of the new and old sizes (__GFP_ZERO flag is effectively ignored).
1299 * If @p is %NULL, krealloc() behaves exactly like kmalloc(). If @new_size
1300 * is 0 and @p is not a %NULL pointer, the object pointed to is freed.
1302 * Return: pointer to the allocated memory or %NULL in case of error
1304 void *krealloc_noprof(const void *p, size_t new_size, gfp_t flags)
1308 if (unlikely(!new_size)) {
1310 return ZERO_SIZE_PTR;
1313 ret = __do_krealloc(p, new_size, flags);
1314 if (ret && kasan_reset_tag(p) != kasan_reset_tag(ret))
1319 EXPORT_SYMBOL(krealloc_noprof);
1322 * kfree_sensitive - Clear sensitive information in memory before freeing
1323 * @p: object to free memory of
1325 * The memory of the object @p points to is zeroed before freed.
1326 * If @p is %NULL, kfree_sensitive() does nothing.
1328 * Note: this function zeroes the whole allocated buffer which can be a good
1329 * deal bigger than the requested buffer size passed to kmalloc(). So be
1330 * careful when using this function in performance sensitive code.
1332 void kfree_sensitive(const void *p)
1335 void *mem = (void *)p;
1339 kasan_unpoison_range(mem, ks);
1340 memzero_explicit(mem, ks);
1344 EXPORT_SYMBOL(kfree_sensitive);
1346 size_t ksize(const void *objp)
1349 * We need to first check that the pointer to the object is valid.
1350 * The KASAN report printed from ksize() is more useful, then when
1351 * it's printed later when the behaviour could be undefined due to
1352 * a potential use-after-free or double-free.
1354 * We use kasan_check_byte(), which is supported for the hardware
1355 * tag-based KASAN mode, unlike kasan_check_read/write().
1357 * If the pointed to memory is invalid, we return 0 to avoid users of
1358 * ksize() writing to and potentially corrupting the memory region.
1360 * We want to perform the check before __ksize(), to avoid potentially
1361 * crashing in __ksize() due to accessing invalid metadata.
1363 if (unlikely(ZERO_OR_NULL_PTR(objp)) || !kasan_check_byte(objp))
1366 return kfence_ksize(objp) ?: __ksize(objp);
1368 EXPORT_SYMBOL(ksize);
1370 /* Tracepoints definitions. */
1371 EXPORT_TRACEPOINT_SYMBOL(kmalloc);
1372 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_alloc);
1373 EXPORT_TRACEPOINT_SYMBOL(kfree);
1374 EXPORT_TRACEPOINT_SYMBOL(kmem_cache_free);
projects / linux.git / blob